Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.2

    LOW
    CVE-2012-0645

    Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient... Read more

    Affected Products : iphone_os
    • Published: Mar. 08, 2012
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2002-0271

    Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files.... Read more

    Affected Products : gnat_pro_native
    • Published: May. 29, 2002
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2000-0718

    A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.... Read more

    Affected Products : mandrake_linux
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2006-1231

    CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, allows local users to modify arbitrary files via a symlink attack on the c2faxrecv_dbgdatafile.sff temporary file.... Read more

    Affected Products : capi4hylafax
    • Published: Mar. 14, 2006
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2005-2449

    Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files via symlink attack on sandboxpids.tmp.... Read more

    Affected Products : sandbox
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2002-0435

    Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it ... Read more

    Affected Products : linux fileutils
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2001-1146

    AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.... Read more

    Affected Products : allcommerce
    • Published: Jul. 11, 2001
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2000-0959

    glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.... Read more

    Affected Products : glibc
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2000-0723

    Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config.... Read more

    Affected Products : gnome_installer
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2001-0222

    webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.... Read more

    Affected Products : webmin
    • Published: Mar. 26, 2001
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2005-1066

    Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : enterprise_linux pine
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2000-0210

    The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files.... Read more

    Affected Products : workshop
    • Published: Feb. 21, 2000
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2024-49751

    Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Prior to commit 5d118a902872d7941f099ad1fb918e2421e79ccd, a user could inject HTML through SaaS signup inputs. The user... Read more

    Affected Products :
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 1.2

    LOW
    CVE-2003-1080

    Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users.... Read more

    Affected Products : solaris sunos
    • Published: Feb. 11, 2003
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2014-6134

    IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sens... Read more

    • Published: Mar. 25, 2015
    • Modified: Apr. 12, 2025

  • 1.2

    LOW
    CVE-2000-0154

    The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack.... Read more

    Affected Products : unixware
    • Published: Feb. 16, 2000
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2004-0880

    getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.... Read more

    Affected Products : linux slackware_linux getmail
    • Published: Jan. 27, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2011-4415

    The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a d... Read more

    Affected Products : http_server
    • Published: Nov. 08, 2011
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2011-1781

    SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs s... Read more

    Affected Products : systemtap
    • Published: Aug. 29, 2011
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2003-0120

    adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.... Read more

    Affected Products : mhc-utils
    • Published: Mar. 07, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 294119 Results