Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2006-0323

    Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value ... Read more

    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-1368

    Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be all... Read more

    Affected Products : linux_kernel
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2006-1366

    Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other Motorola P2K-based phones, allows remote attackers to cause a denial of service (device shutdown), and possibly execute arbitrary code, via a long OBEX setpath to the OBEX File Transfer... Read more

    Affected Products : pebl_u6
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 9.0

    HIGH
    CVE-2006-1371

    Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.... Read more

    Affected Products : cms
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-1370

    Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious... Read more

    Affected Products : realplayer realone_player
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1365

    The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a target device's list of trusted devices (aka Device History), and possibly obtain ... Read more

    Affected Products : e398 pebl_u6 v600
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-1367

    The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Motorola E398 and other Motorola P2K-based phones does not require pairing for a connection related to the Headset Audio Gateway service, which allows user-assisted remote attackers to ob... Read more

    Affected Products : pebl_u6 v600
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-1283

    opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root acco... Read more

    Affected Products : freebsd
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0999

    The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote... Read more

    Affected Products : netware open_enterprise_server
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1363

    images.php in Justin White (aka YTZ) Free Web Publishing System (FreeWPS) 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct reques... Read more

    Affected Products : freewps
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1361

    Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the username field to (1) list.rhtml or (2) show.rhtml.... Read more

    Affected Products : oswiki
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1360

    Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) type, or (3) show parameter to (a) index.php; or the (4) message1 or (5) message parameter to (b) cart.php.... Read more

    Affected Products : musicbox
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0997

    The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing ... Read more

    Affected Products : netware open_enterprise_server
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0905

    A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote... Read more

    Affected Products : freebsd netbsd
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2006-0050

    snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.... Read more

    Affected Products : debian_linux
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2006-1364

    Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting... Read more

    Affected Products : asp.net
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1362

    Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter in (a) members.asp, the (2) catid parameter in (b) articles.asp and (c) programs.asp, and t... Read more

    Affected Products : mini-nuke_cms
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0998

    The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protect... Read more

    Affected Products : netware open_enterprise_server
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-1359

    Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.... Read more

    Affected Products : internet_explorer ie
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.6

    HIGH
    CVE-2006-0058

    Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.... Read more

    Affected Products : sendmail
    • Published: Mar. 22, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293527 Results