Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-1191

    The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constru... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.9

    MEDIUM
    CVE-2005-0210

    Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of service (memory consumption) via certain packet fragments that are reassembled twice, which causes a data structure to be allocated twice.... Read more

    Affected Products : linux_kernel
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0008

    Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause "memory corruption."... Read more

    Affected Products : ethereal
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0048

    Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation... Read more

    Affected Products : windows_2000 windows_xp
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0135

    The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in Linux kernel 2.6 allows local users to cause a denial of service (system crash).... Read more

    Affected Products : linux_kernel
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0158

    Format string vulnerability in bidwatcher before 1.3.17 allows remote malicious web servers from eBay, or a spoofed eBay server, to cause a denial of service and possibly execute arbitrary code via certain responses.... Read more

    Affected Products : bidwatcher
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0173

    squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.... Read more

    Affected Products : squid
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0194

    Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if... Read more

    Affected Products : squid
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0198

    A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication... Read more

    Affected Products : uw-imap
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0237

    The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other ... Read more

    Affected Products : enterprise_linux konqueror kde
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0327

    pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php.... Read more

    Affected Products : pafiledb
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0365

    The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : enterprise_linux kde
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0428

    The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes.... Read more

    Affected Products : powerdns
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0437

    Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter.... Read more

    Affected Products : awstats
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0469

    Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.... Read more

    Affected Products : telnet
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0366

    The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are know... Read more

    Affected Products : gnupg
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1326

    Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote authenticated attackers to cause a denial of service (client crash) via a crafted packet.... Read more

    Affected Products : voodoo_circle
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-0021

    Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2... Read more

    Affected Products : enterprise_linux exim
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0828

    highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by ... Read more

    Affected Products : runcms e-xoops ciamos
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0002

    poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.... Read more

    Affected Products : poppassd_pam
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294522 Results