Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2004-0849

    Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP r... Read more

    Affected Products : radius
    • EPSS Score: %0.74
    • Published: Dec. 23, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0867

    Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was la... Read more

    • EPSS Score: %3.64
    • Published: Dec. 23, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0873

    Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program.... Read more

    Affected Products : ichat ichat_av
    • EPSS Score: %0.64
    • Published: Dec. 23, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1337

    The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.... Read more

    • EPSS Score: %0.05
    • Published: Dec. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0749

    The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and oth... Read more

    Affected Products : linux subversion
    • EPSS Score: %0.62
    • Published: Dec. 23, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0834

    Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.... Read more

    • EPSS Score: %0.05
    • Published: Dec. 23, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-1778

    Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks.... Read more

    Affected Products : skype
    • EPSS Score: %0.06
    • Published: Dec. 22, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0066

    The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP acknowledgement number ... Read more

    Affected Products : tcp
    • EPSS Score: %1.23
    • Published: Dec. 22, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0068

    The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blin... Read more

    Affected Products : tcp
    • EPSS Score: %2.24
    • Published: Dec. 22, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0067

    The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated usi... Read more

    Affected Products : tcp
    • EPSS Score: %1.23
    • Published: Dec. 22, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0441

    Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a cr... Read more

    Affected Products : adaptive_server_enterprise
    • EPSS Score: %21.28
    • Published: Dec. 22, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0452

    Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink at... Read more

    Affected Products : perl
    • EPSS Score: %0.05
    • Published: Dec. 21, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1307

    Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be alloca... Read more

    • EPSS Score: %5.11
    • Published: Dec. 21, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0852

    Buffer overflow in htget 0.93 allows remote attackers to execute arbitrary code via a crafted URL.... Read more

    Affected Products : htget
    • EPSS Score: %3.42
    • Published: Dec. 20, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1326

    Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute arbitrary code via a long -setup parameter.... Read more

    Affected Products : dxterm
    • EPSS Score: %0.14
    • Published: Dec. 20, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1329

    Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a... Read more

    Affected Products : aix
    • EPSS Score: %0.42
    • Published: Dec. 20, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1325

    The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local... Read more

    • EPSS Score: %44.55
    • Published: Dec. 18, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1324

    The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.... Read more

    • EPSS Score: %16.72
    • Published: Dec. 18, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1374

    Multiple buffer overflows in NetBSD kernel may allow local users to execute arbitrary code and gain privileges.... Read more

    Affected Products : netbsd
    • EPSS Score: %0.06
    • Published: Dec. 18, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1768

    The character converters in the Spamhunter and Language ID modules for Symantec Brightmail AntiSpam 6.0.1 before patch 132 allow remote attackers to cause a denial of service (crash) via messages with the ISO-8859-10 character set, which is not recognized... Read more

    Affected Products : brightmail_antispam
    • EPSS Score: %1.65
    • Published: Dec. 17, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291751 Results