Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.2

    LOW
    CVE-2010-3718

    Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demo... Read more

    Affected Products : tomcat
    • EPSS Score: %0.25
    • Published: Feb. 10, 2011
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2013-2217

    cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.... Read more

    Affected Products : enterprise_linux opensuse suds
    • EPSS Score: %0.07
    • Published: Sep. 23, 2013
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2005-2666

    SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a lis... Read more

    Affected Products : openssh
    • EPSS Score: %0.15
    • Published: Aug. 23, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2005-3011

    The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : texinfo
    • EPSS Score: %0.04
    • Published: Sep. 21, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2012-2678

    389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#pas... Read more

    • EPSS Score: %0.24
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2012-2313

    The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.... Read more

    • EPSS Score: %0.22
    • Published: Jun. 13, 2012
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2006-0741

    Linux kernel before 2.6.15.5, when running on Intel processors, allows local users to cause a denial of service ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address."... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.09
    • Published: Mar. 07, 2006
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2011-3163

    HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors.... Read more

    • EPSS Score: %0.19
    • Published: Oct. 23, 2011
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2011-2724

    The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of ... Read more

    Affected Products : samba
    • EPSS Score: %0.93
    • Published: Sep. 06, 2011
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2003-0120

    adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.... Read more

    Affected Products : mhc-utils
    • EPSS Score: %0.18
    • Published: Mar. 07, 2003
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2006-5757

    Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data s... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.60
    • Published: Nov. 06, 2006
    • Modified: Apr. 09, 2025

  • 1.2

    LOW
    CVE-2011-1781

    SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs s... Read more

    Affected Products : systemtap
    • EPSS Score: %0.06
    • Published: Aug. 29, 2011
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2007-3108

    The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.... Read more

    Affected Products : openssl
    • EPSS Score: %0.10
    • Published: Aug. 08, 2007
    • Modified: Apr. 09, 2025

  • 1.2

    LOW
    CVE-2001-0116

    gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : linux mandrake_linux immunix
    • EPSS Score: %0.07
    • Published: Mar. 12, 2001
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2009-1707

    Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.... Read more

    Affected Products : safari
    • EPSS Score: %0.07
    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 1.2

    LOW
    CVE-2005-2527

    Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.... Read more

    Affected Products : java
    • EPSS Score: %0.04
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2005-2449

    Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files via symlink attack on sandboxpids.tmp.... Read more

    Affected Products : sandbox
    • EPSS Score: %0.10
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2005-3342

    noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm.... Read more

    Affected Products : noweb
    • EPSS Score: %0.06
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2012-0645

    Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.09
    • Published: Mar. 08, 2012
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2011-3440

    The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.... Read more

    Affected Products : iphone_os ipad2
    • EPSS Score: %0.06
    • Published: Nov. 11, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 291258 Results