Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2004-0807

    Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.... Read more

    Affected Products : samba suse_linux linux mandrake_linux samba
    • EPSS Score: %9.85
    • Published: Sep. 13, 2004
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2004-1683

    A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap.... Read more

    Affected Products : rtos
    • EPSS Score: %0.07
    • Published: Sep. 13, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1680

    application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.... Read more

    Affected Products : xpressa
    • EPSS Score: %1.00
    • Published: Sep. 13, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1684

    Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ARP request, which allows remote attackers to obtain sensitive information by sniffing the network.... Read more

    Affected Products : prestige zynos
    • EPSS Score: %0.40
    • Published: Sep. 13, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1678

    Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can lea... Read more

    Affected Products : perldesk
    • EPSS Score: %5.10
    • Published: Sep. 13, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1677

    pdesk.cgi in PerlDesk allows remote attackers to gain sensitive information via an invalid lang parameter, which includes pathname information in an error message.... Read more

    Affected Products : perldesk
    • EPSS Score: %0.46
    • Published: Sep. 12, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1676

    Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message.... Read more

    Affected Products : gadu-gadu_instant_messenger
    • EPSS Score: %6.17
    • Published: Sep. 12, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1675

    Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.... Read more

    Affected Products : serv-u_file_server
    • EPSS Score: %10.74
    • Published: Sep. 11, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1669

    Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the (1) User name parameter to accountsettings.html or (2) Sear... Read more

    Affected Products : web_mail mail_server
    • EPSS Score: %0.38
    • Published: Sep. 10, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1670

    Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) re... Read more

    Affected Products : web_mail mail_server
    • EPSS Score: %1.03
    • Published: Sep. 10, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1668

    Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQL commands via the (1) pageid, (2) subid, or (3) catid parameters.... Read more

    Affected Products : factory_subjects_module
    • EPSS Score: %0.93
    • Published: Sep. 10, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0830

    The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchange 6.21 and earlier, F-Secure Anti-Virus for Microsoft Exchange 6.01 and earlier, and F-Secure Internet Gatekeeper 6.32 and earlier allow remote attackers to cause a denial of service (... Read more

    • EPSS Score: %1.08
    • Published: Sep. 09, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1667

    Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote attackers to cause a denial of service (server crash) via a long client response.... Read more

    Affected Products : halo_combat_evolved
    • EPSS Score: %1.48
    • Published: Sep. 09, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0851

    The (1) write_list and (2) dump_curr_list functions in Net-Acct before 0.71 allows local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : net-acct
    • EPSS Score: %0.07
    • Published: Sep. 08, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0822

    Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.11
    • Published: Sep. 07, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0823

    OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which ... Read more

    • EPSS Score: %0.61
    • Published: Sep. 07, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1348

    Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash).... Read more

    Affected Products : solaris sunos
    • EPSS Score: %1.50
    • Published: Sep. 06, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1665

    Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 allows remote attackers to inject arbitrary web script or HTML via the no parameter.... Read more

    Affected Products : psnews
    • EPSS Score: %0.72
    • Published: Sep. 05, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1664

    Call of Duty 1.4 and earlier allows remote attackers to cause a denial of service (game end) via a large (1) query or (2) reply packet, which is not properly handled by the buffer overflow protection mechanism. NOTE: this issue might overlap CVE-2005-0430... Read more

    • EPSS Score: %5.74
    • Published: Sep. 05, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1663

    Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TC... Read more

    • EPSS Score: %0.40
    • Published: Sep. 04, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291625 Results