Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2005-1797

    The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.... Read more

    Affected Products : openssl
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1408

    Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary files via the keynote: URI handler in a crafted Keynote presentation.... Read more

    Affected Products : keynote
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1522

    The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.... Read more

    Affected Products : mailutils
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1521

    Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which l... Read more

    Affected Products : mailutils
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1152

    popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions.... Read more

    Affected Products : qpopper qpopper
    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-1151

    qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root.... Read more

    Affected Products : qpopper qpopper
    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2005-1751

    Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.... Read more

    Affected Products : shtool
    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1249

    The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.... Read more

    Affected Products : ipswitch_collaboration_suite
    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-1255

    Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a lon... Read more

    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1786

    SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password parameter.... Read more

    Affected Products : funkyasp_ad_system
    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1543

    Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attacker... Read more

    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1254

    Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument.... Read more

    Affected Products : imail
    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1252

    Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argume... Read more

    Affected Products : imail imail_server
    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1750

    SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.... Read more

    Affected Products : newsletterez
    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-1256

    Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a ... Read more

    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1703

    Warrior Kings: Battles 1.23 and earlier allows remote attackers to cause a denial of service (server crash) via a partial join packet that triggers a NULL pointer dereference.... Read more

    Affected Products : warrior_kings_battles
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1710

    Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in t... Read more

    Affected Products : reporter
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1746

    The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown)... Read more

    Affected Products : weblogic_server weblogic_portal
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1698

    PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, ... Read more

    Affected Products : postnuke
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-1738

    Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled ... Read more

    Affected Products : iron_bars_shell
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294704 Results