Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2005-3203

    The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges.... Read more

    Affected Products : html_db
    • Published: Oct. 14, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-3208

    Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS at... Read more

    Affected Products : aenovo aenovoshop aenovowysi
    • Published: Oct. 14, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-3197

    Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list.... Read more

    Affected Products : desktop_firewall
    • Published: Oct. 14, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-3224

    Multiple interpretation error in unspecified versions of AntiVir Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by ... Read more

    Affected Products : antivir_personal
    • Published: Oct. 14, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-3194

    Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive.... Read more

    Affected Products : alzip
    • Published: Oct. 14, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2943

    Stack-based buffer overflow in sendmail in XMail before 1.22 allows remote attackers to execute arbitrary code via a long -t command line option.... Read more

    Affected Products : xmail
    • Published: Oct. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3185

    Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code vi... Read more

    Affected Products : curl curl libcurl wget
    • Published: Oct. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2933

    Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a clos... Read more

    Affected Products : uw-imap
    • Published: Oct. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3190

    Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.... Read more

    Affected Products : igateway
    • Published: Oct. 13, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2992

    arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.... Read more

    Affected Products : arc
    • Published: Oct. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2963

    The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote auth... Read more

    Affected Products : mod_auth_shadow
    • Published: Oct. 13, 2005
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2005-2120

    Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a... Read more

    Affected Products : windows_2000 windows_xp
    • Published: Oct. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1987

    Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated u... Read more

    • Published: Oct. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1985

    The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.... Read more

    • Published: Oct. 13, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3183

    The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read.... Read more

    Affected Products : libwww
    • Published: Oct. 12, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2715

    Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code... Read more

    • Published: Oct. 12, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1980

    Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number ... Read more

    • Published: Oct. 12, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3181

    The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory... Read more

    • Published: Oct. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2925

    runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin.... Read more

    Affected Products : irix
    • Published: Oct. 12, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2119

    The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorr... Read more

    • Published: Oct. 12, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292818 Results