Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2006-2660

    Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents ... Read more

    Affected Products : php
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-0883

    Unspecified vulnerability in the Sun Cluster component in Oracle Sun Product Suite 3.1 and 3.2 allows local users to affect confidentiality via unknown vectors related to Data Service for Oracle E-Business Suite, a different vulnerability than CVE-2010-08... Read more

    Affected Products : sun_products_suite
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-3856

    IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors.... Read more

    Affected Products : informix_dynamic_server
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-4110

    The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully... Read more

    Affected Products : linux_kernel
    • Published: Jan. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2002-0389

    Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.... Read more

    Affected Products : mailman
    • Published: Jun. 18, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-5461

    Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.... Read more

    Affected Products : avahi
    • Published: Nov. 14, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-5619

    The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabel... Read more

    Affected Products : linux_kernel
    • Published: Oct. 31, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2002-0080

    rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.... Read more

    Affected Products : rsync linux
    • Published: Mar. 15, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1397

    The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory.... Read more

    Affected Products : linux_kernel linux
    • Published: Apr. 17, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1394

    Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.... Read more

    Affected Products : linux_kernel linux
    • Published: Apr. 17, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0809

    Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.... Read more

    Affected Products : hp-ux
    • Published: Dec. 06, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0235

    Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.... Read more

    Affected Products : debian_linux
    • Published: Mar. 26, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-0200

    The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows local users to obtain sensitive information by reading the f... Read more

    Affected Products : rhevm-reports
    • Published: May. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-1999-0524

    ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.... Read more

    Affected Products : linux_kernel aix ios macos hp-ux mac_os_x solaris netware windows tru64 +4 more products
    • Published: Aug. 01, 1997
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0741

    Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets.... Read more

    Affected Products : hsrp
    • Published: Oct. 18, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-0216

    The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty fr... Read more

    Affected Products : freebsd
    • Published: Jan. 16, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-0221

    Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows ... Read more

    • Published: Jan. 07, 2010
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2001-1271

    Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames.... Read more

    Affected Products : rar
    • Published: Jul. 12, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-3929

    Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter.... Read more

    Affected Products : cms_made_simple
    • Published: Dec. 09, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-3696

    filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows local users to cause a denial of service (crash) via long arguments to mshta.exe.... Read more

    Affected Products : outpost_firewall
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293559 Results