Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-1979

    Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transa... Read more

    • Published: Oct. 12, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1980

    Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number ... Read more

    • Published: Oct. 12, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2128

    QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.... Read more

    Affected Products : windows_media_player
    • Published: Oct. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2925

    runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin.... Read more

    Affected Products : irix
    • Published: Oct. 12, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3181

    The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory... Read more

    • Published: Oct. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1978

    COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.... Read more

    • Published: Oct. 12, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2119

    The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorr... Read more

    • Published: Oct. 12, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3119

    Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Oct. 12, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3179

    drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to enable DRM debugging and obtain sensitive information.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2337

    Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).... Read more

    Affected Products : ruby
    • Published: Oct. 07, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1764

    Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard page for the 47-bit address page to protect against an AMD K8 bug, which allows local users to cause a denial of service.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2104

    sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a temporary directory.... Read more

    Affected Products : sysreport
    • Published: Oct. 07, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-3178

    Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assisted attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations.... Read more

    Affected Products : xli xloadimage
    • Published: Oct. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3118

    Mason before 1.0.0 does not install the init script after the user uses Mason to configure a firewall, which causes the system to run without a firewall after a reboot.... Read more

    Affected Products : mason
    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-3175

    Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.... Read more

    Affected Products : windows_2000
    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3176

    Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.... Read more

    Affected Products : windows_2000
    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-3170

    The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that t... Read more

    Affected Products : windows_2000
    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3160

    Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusion allow remote attackers to execute arbitrary SQL commands via the (1) album and (2) photo parameters.... Read more

    Affected Products : php_fusion
    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-3177

    CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors d... Read more

    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3158

    SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and 6.00.107 allows remote attackers to execute arbitrary SQL commands via the (1) pm_email_notify and (2) pm_save_sent parameters, a different vulnerability than CVE-2005-3157 and CVE-200... Read more

    Affected Products : php_fusion
    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292801 Results