Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2004-0622

    Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive inform... Read more

    Affected Products : mac_os_x
    • EPSS Score: %0.12
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0617

    Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows remote attackers to inject arbitrary script or HTML via the rawURL parameter.... Read more

    Affected Products : arbitroweb
    • EPSS Score: %1.79
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0616

    The BT Voyager 2000 Wireless ADSL Router has a default public SNMP community name, which allows remote attackers to obtain sensitive information such as the password, which is stored in plaintext.... Read more

    Affected Products : voyager_2000_wireless_adsl_router
    • EPSS Score: %3.57
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0477

    Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router allows remote attackers to bypass authentication via repeated attempts using any username and password. NOTE: this identifier was inadvertently re-used for another issue due to a typo; th... Read more

    Affected Products : 3cp4144
    • EPSS Score: %0.31
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0480

    Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe.... Read more

    Affected Products : lotus_notes
    • EPSS Score: %19.50
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0468

    Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets.... Read more

    Affected Products : junos junos
    • EPSS Score: %1.00
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0611

    Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.... Read more

    Affected Products : fvs318
    • EPSS Score: %0.65
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0624

    PHP remote file inclusion vulnerability in index.php for Artmedic links 5.0 (artmedic_links5) allows remote attackers to execute arbitrary PHP code by modifying the id parameter to reference a URL on a remote web server that contains the code.... Read more

    Affected Products : artmedic_links
    • EPSS Score: %0.75
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0613

    osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory.... Read more

    Affected Products : osticket_sts
    • EPSS Score: %6.78
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0603

    gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.... Read more

    Affected Products : gzip
    • EPSS Score: %2.50
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0602

    The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic.... Read more

    Affected Products : freebsd
    • EPSS Score: %0.06
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0619

    Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflo... Read more

    • EPSS Score: %0.07
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0455

    Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql.... Read more

    Affected Products : debian_linux www-sql
    • EPSS Score: %0.14
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1582

    compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in netw... Read more

    Affected Products : mailreader.com
    • EPSS Score: %1.48
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0395

    The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call.... Read more

    Affected Products : gatos
    • EPSS Score: %0.06
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0628

    Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.... Read more

    Affected Products : mysql
    • EPSS Score: %6.38
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0605

    Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ircd-ratbox 1.5.1 and earlier, or (3) ircd-ratbox 2.0rc6 and earlier do not have a rate-limit imposed, which could allow remote attackers to cause a denial of service by repeatedly maki... Read more

    Affected Products : ircd-hybrid ircd-ratbox
    • EPSS Score: %5.17
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-0614

    osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote attackers to upload a file of any size.... Read more

    Affected Products : osticket_sts
    • EPSS Score: %0.64
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0634

    The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.... Read more

    • EPSS Score: %10.55
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0625

    SQL injection vulnerability in Infinity WEB 1.0 allows remote attackers to bypass authentication and gain privileges via the login page.... Read more

    Affected Products : infinity_web
    • EPSS Score: %0.81
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291617 Results