Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2012-1698

    Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD.... Read more

    Affected Products : sunos solaris
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-3825

    The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication.... Read more

    Affected Products : solaris
    • Published: Jul. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-3094

    Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxono... Read more

    Affected Products : drupal
    • Published: Sep. 21, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2002-1956

    ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, which allows local users to write to arbitrary files.... Read more

    Affected Products : filer
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-2280

    syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server.... Read more

    Affected Products : openbsd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-4271

    Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE:... Read more

    Affected Products : db2_universal_database
    • Published: Aug. 18, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2002-2244

    Akfingerd 0.5 and earlier versions allow local users to cause a denial of service (crash) via a .plan with a symlink to /dev/urandom or other device, then disconnecting while data is being transferred, which causes a SIGPIPE error that Akfingerd cannot ha... Read more

    Affected Products : akfingerd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1968

    Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and possibly other versions before 2.1.1.108.003, downloads a DOCSIS configuration file from a TFTP server running on the internal network, which allows local users to modify configuration ... Read more

    Affected Products : doxport_1100
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-3216

    The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-6953

    The virtual keyboard implementation in GlobeTrotter Mobility Manager changes the color of a key as it is pressed, which allows local users to capture arbitrary keystrokes, such as for passwords, by shoulder surfing or grabbing periodic screenshots.... Read more

    Affected Products : mobility_manager
    • Published: Jan. 29, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-0859

    The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information (memory contents) by doing (1) text searches or (2) paste operations after pressing certai... Read more

    Affected Products : treo
    • Published: Feb. 16, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-6131

    buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files.... Read more

    Affected Products : fedora_core
    • Published: Nov. 26, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-0710

    The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.... Read more

    Affected Products : mac_os_x ichat
    • Published: Feb. 16, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-7129

    ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files.... Read more

    Affected Products : blackice_pc_protection
    • Published: Mar. 06, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-0296

    Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02.... Read more

    Affected Products : peoplesoft_enterprise enterpriseone
    • Published: Jan. 17, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-6921

    Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-5770

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.... Read more

    Affected Products : mysql
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-5851

    The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack.... Read more

    Affected Products : mac_os_x iphone_os
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-2679

    Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive information about the rhncfg-client actions by reading t... Read more

    Affected Products : rhncfg
    • Published: Oct. 22, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0963

    Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an ... Read more

    Affected Products : iphone_os
    • Published: Jan. 29, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293654 Results