Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2005-4843

    The SmartConnect Class control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.... Read more

    Affected Products : internet_explorer
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.1

    HIGH
    CVE-2005-4841

    The Outlook Progress Ctl control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.... Read more

    Affected Products : internet_explorer
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4609

    index.php in BugPort 1.147 and earlier allows remote attackers to obtain sensitive information such as full path and system configuration via an invalid action parameter.... Read more

    Affected Products : bugport
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4611

    SQL injection vulnerability in search.php in Free ClickBank 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the keywords parameter.... Read more

    Affected Products : free_clickbank
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-2454

    IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder.... Read more

    Affected Products : lotus_notes notes
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 1.7

    LOW
    CVE-2005-1976

    Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files.... Read more

    Affected Products : netmail
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 6.9

    MEDIUM
    CVE-2005-4790

    Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or... Read more

    Affected Products : suse_linux suse_linux
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-4803

    graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. ... Read more

    Affected Products : graphviz
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2005-4667

    Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vul... Read more

    Affected Products : unzip
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4605

    The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4745

    SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.... Read more

    Affected Products : enterprise_linux freeradius
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4794

    Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrec... Read more

    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2005-3357

    mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NU... Read more

    Affected Products : http_server
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3624

    The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer ... Read more

    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4593

    PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary code via a URL in the (1) FORUM[LIB] parameter in Documentation/tests/bug-559668.php and (2) the... Read more

    Affected Products : phpdocumentor
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4601

    The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.... Read more

    Affected Products : imagemagick
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-4744

    Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the externa... Read more

    Affected Products : freeradius
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4821

    Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 and earlier allow remote attackers to execute arbitrary SQL commands via parameters including (1) the m parameter in auth.php, (2) the f parameter in events.php, or (3) the e parameter i... Read more

    Affected Products : land_down_under
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-4636

    OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings.... Read more

    Affected Products : openoffice
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-4799

    Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Homepage field (aka the Website field) in an "image-related comment" a... Read more

    Affected Products : yapig
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294796 Results