Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.2

    LOW
    CVE-2012-6095

    ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.... Read more

    Affected Products : proftpd
    • Published: Jan. 24, 2013
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2003-0120

    adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.... Read more

    Affected Products : mhc-utils
    • Published: Mar. 07, 2003
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2015-4822

    Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4831.... Read more

    Affected Products : solaris
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 1.2

    LOW
    CVE-2014-3537

    The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.... Read more

    Affected Products : cups ubuntu_linux fedora
    • Published: Jul. 23, 2014
    • Modified: Apr. 12, 2025

  • 1.2

    LOW
    CVE-2004-0814

    Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attack... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Dec. 23, 2004
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2003-0462

    A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).... Read more

    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2001-0116

    gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : linux mandrake_linux immunix
    • Published: Mar. 12, 2001
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2012-4676

    The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.... Read more

    Affected Products : tunnelblick
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2006-0741

    Linux kernel before 2.6.15.5, when running on Intel processors, allows local users to cause a denial of service ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address."... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2006
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2012-3487

    Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process.... Read more

    Affected Products : tunnelblick
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2012-3500

    scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.... Read more

    Affected Products : devscripts rpmdevtools
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2008-7256

    mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECURITY is disabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer derefer... Read more

    Affected Products : linux_kernel
    • Published: Jun. 03, 2010
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2011-3163

    HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors.... Read more

    • Published: Oct. 23, 2011
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2024-49751

    Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Prior to commit 5d118a902872d7941f099ad1fb918e2421e79ccd, a user could inject HTML through SaaS signup inputs. The user... Read more

    Affected Products :
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 1.2

    LOW
    CVE-2015-4823

    Unspecified vulnerability in the Hyperion Installation Technology component in Oracle Hyperion 11.1.2.3 allows local users to affect confidentiality via unknown vectors related to Essbase Rapid Deploy.... Read more

    Affected Products : hyperion
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 1.2

    LOW
    CVE-2000-0210

    The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files.... Read more

    Affected Products : workshop
    • Published: Feb. 21, 2000
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2014-6134

    IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sens... Read more

    • Published: Mar. 25, 2015
    • Modified: Apr. 12, 2025

  • 1.2

    LOW
    CVE-2006-6306

    Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window.... Read more

    Affected Products : client
    • Published: Dec. 05, 2006
    • Modified: Apr. 09, 2025

  • 1.2

    LOW
    CVE-2008-4593

    Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device ... Read more

    Affected Products : iphone
    • Published: Oct. 17, 2008
    • Modified: Apr. 09, 2025

  • 1.2

    LOW
    CVE-2003-1080

    Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users.... Read more

    Affected Products : solaris sunos
    • Published: Feb. 11, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293693 Results