Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2009-4557

    Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated u... Read more

    Affected Products : drupal img_assist
    • Published: Jan. 04, 2010
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-0013

    dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Feb. 13, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-3341

    DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh.... Read more

    Affected Products : dns_package
    • Published: Dec. 27, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-5191

    The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-3575

    Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) "Process name", (2) "Module name", or (3) "API name" fields.... Read more

    Affected Products : virusscan
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0990

    unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.... Read more

    Affected Products : sharutils
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-3669

    Mercury Messenger, possibly 1.7.1.1 and other versions, when running on a multi-user Mac OS X platform, stores chat logs with world-readable permissions within the /Users directory, which allows local users to read the chat logs from other users.... Read more

    Affected Products : mercury_messenger
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-1342

    net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Mar. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-1549

    PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected.... Read more

    Affected Products : php
    • Published: Apr. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2723

    NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.... Read more

    Affected Products : nessuswx
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1476

    Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access.... Read more

    Affected Products : ftp_server
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3250

    Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference.... Read more

    Affected Products : solaris
    • Published: Oct. 17, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2991

    ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.... Read more

    Affected Products : ncompress
    • Published: Sep. 20, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-2122

    Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in plaintext, which allows a local attacker who steals an unlocked Palm to retrieve the PIN by dumping memory.... Read more

    Affected Products : pointsec
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1917

    kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file.... Read more

    Affected Products : kpopper
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2759

    Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilization Suite 4.0 through 4.1 and Performance Suite 4.0 through 4.1, might allow local users to read portions of deleted files by accessing data within sparse files.... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-2132

    Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.... Read more

    Affected Products : windows_2000 windows_xp
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0077

    The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-2274

    akfingerd 0.5 allows local users to read arbitrary files as the akfingerd user (nobody) via a symlink attack on the .plan file.... Read more

    Affected Products : akfingerd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0184

    Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request.... Read more

    Affected Products : vacation_plugin
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293517 Results