Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-1152

    popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions.... Read more

    Affected Products : qpopper qpopper
    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0966

    The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.... Read more

    Affected Products : ubuntu_linux gettext
    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-6116

    modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.... Read more

    Affected Products : katello katello-configure
    • Published: Mar. 01, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-0876

    Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x before 6.4.2 on Windows and OS X allows local users to c... Read more

    • Published: Aug. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-4537

    Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion f... Read more

    Affected Products : xen
    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-6402

    base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.... Read more

    • Published: Jan. 05, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1766

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than... Read more

    Affected Products : fusion_middleware
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-3228

    The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to ob... Read more

    • Published: Oct. 19, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-6497

    clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.... Read more

    Affected Products : clamav
    • Published: Dec. 01, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-5872

    Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD).... Read more

    Affected Products : sunos solaris sunos
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-1378

    IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2009-1969

    Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Jul. 14, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-6493

    The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.... Read more

    Affected Products : icedtea-web
    • Published: Mar. 03, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-7421

    The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.... Read more

    • Published: Mar. 02, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-3745

    Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.... Read more

    Affected Products : sunos solaris
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-1022

    The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypa... Read more

    Affected Products : libcgroup
    • Published: Mar. 22, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-1834

    mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.... Read more

    Affected Products : http_server
    • Published: Mar. 20, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-5380

    IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : maximo_asset_management
    • Published: Oct. 01, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4969

    Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.... Read more

    • Published: Jan. 07, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-1279

    Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data.... Read more

    Affected Products : tvos apple_tv
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293496 Results