Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-1999-1229

    Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.... Read more

    Affected Products : quake_2_server
    • Published: Feb. 25, 1998
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1294

    Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permiss... Read more

    Affected Products : windows_nt
    • Published: Dec. 31, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0806

    Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.... Read more

    Affected Products : bugzilla
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2100

    The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash).... Read more

    • Published: Oct. 25, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2240

    xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file.... Read more

    Affected Products : xpvm
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0714

    Vulnerability in Compaq Tru64 UNIX edauth command.... Read more

    Affected Products : unix
    • Published: Feb. 15, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1689

    sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.... Read more

    Affected Products : sudo
    • Published: Sep. 16, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0089

    The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.... Read more

    Affected Products : windows_nt
    • Published: Feb. 04, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0757

    The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates.... Read more

    Affected Products : coldfusion_server
    • Published: Mar. 12, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-3123

    Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery p... Read more

    Affected Products : nextcellent_gallery
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2001-0715

    Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode.... Read more

    Affected Products : sendmail
    • Published: Oct. 30, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0921

    Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext.... Read more

    Affected Products : communicator
    • Published: Nov. 21, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1795

    Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI.... Read more

    Affected Products : surfnet
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1430

    PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as... Read more

    Affected Products : davinci
    • Published: Jan. 01, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0928

    WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares.... Read more

    Affected Products : diskadvisor
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1099

    shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack.... Read more

    Affected Products : hp-ux
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1334

    Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow.... Read more

    Affected Products : linux_kernel linux fedora_core
    • Published: Dec. 15, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1259

    Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.... Read more

    Affected Products : office
    • Published: Dec. 31, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1193

    tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files.... Read more

    Affected Products : tkmail
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0970

    The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.... Read more

    Affected Products : gzip
    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293649 Results