Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.2

    LOW
    CVE-2006-5214

    Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed... Read more

    Affected Products : solaris sunos netbsd
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 1.2

    LOW
    CVE-2001-0143

    vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : linux immunix
    • Published: Mar. 12, 2001
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2012-6095

    ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.... Read more

    Affected Products : proftpd
    • Published: Jan. 24, 2013
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2006-5757

    Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data s... Read more

    Affected Products : linux_kernel
    • Published: Nov. 06, 2006
    • Modified: Apr. 09, 2025

  • 1.2

    LOW
    CVE-2015-4822

    Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4831.... Read more

    Affected Products : solaris
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 1.2

    LOW
    CVE-2003-0120

    adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.... Read more

    Affected Products : mhc-utils
    • Published: Mar. 07, 2003
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2011-3163

    HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors.... Read more

    • Published: Oct. 23, 2011
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2011-4028

    The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.... Read more

    Affected Products : x_server
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2004-0404

    logcheck before 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary directory in /var/tmp.... Read more

    Affected Products : logcheck
    • Published: Jul. 07, 2004
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2005-3011

    The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : texinfo
    • Published: Sep. 21, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2006-1066

    Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems with preemption enabled, allows local users to cause a denial of service (oops) via multiple ptrace tasks that perform single steps, which can cause corruption of the DEBUG_STACK stack du... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2006
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2005-2666

    SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a lis... Read more

    Affected Products : openssh
    • Published: Aug. 23, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2007-3108

    The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.... Read more

    Affected Products : openssl
    • Published: Aug. 08, 2007
    • Modified: Apr. 09, 2025

  • 1.2

    LOW
    CVE-2011-2724

    The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of ... Read more

    Affected Products : samba
    • Published: Sep. 06, 2011
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2004-0880

    getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.... Read more

    Affected Products : linux slackware_linux getmail
    • Published: Jan. 27, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2014-3537

    The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.... Read more

    Affected Products : cups ubuntu_linux fedora
    • Published: Jul. 23, 2014
    • Modified: Apr. 12, 2025

  • 1.2

    LOW
    CVE-2003-0462

    A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).... Read more

    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2004-0814

    Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attack... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Dec. 23, 2004
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2010-3718

    Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demo... Read more

    Affected Products : tomcat
    • Published: Feb. 10, 2011
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2004-1058

    Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294336 Results