Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-0149

    Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail message... Read more

    Affected Products : thunderbird mozilla
    • Published: Feb. 15, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0447

    Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets.... Read more

    Affected Products : solaris sunos
    • Published: Feb. 15, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-0444

    VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code.... Read more

    Affected Products : workstation
    • Published: Feb. 14, 2005
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2005-0406

    A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.... Read more

    Affected Products : image_processing
    • Published: Feb. 14, 2005
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2005-0408

    CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boog... Read more

    Affected Products : citrusdb
    • Published: Feb. 14, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0411

    Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and local users to include arbitrary PHP files via .. (dot dot) sequences in the load parameter.... Read more

    Affected Products : citrusdb
    • Published: Feb. 14, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-0409

    CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit c... Read more

    Affected Products : citrusdb
    • Published: Feb. 14, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0410

    SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file.... Read more

    Affected Products : citrusdb
    • Published: Feb. 14, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0430

    The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow.... Read more

    Affected Products : quake_3_engine
    • Published: Feb. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-0074

    Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to execute arbitrary code.... Read more

    Affected Products : xpcd
    • Published: Feb. 11, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0114

    vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort funct... Read more

    • Published: Feb. 11, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0261

    lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.... Read more

    Affected Products : aix
    • Published: Feb. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0364

    Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to cause a denial of service.... Read more

    Affected Products : hp-ux
    • Published: Feb. 10, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0969

    The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.... Read more

    Affected Products : ubuntu_linux linux groff
    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0975

    The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.... Read more

    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0963

    Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc... Read more

    Affected Products : word windows_2000
    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0957

    Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized acti... Read more

    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0978

    Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData para... Read more

    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0968

    The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.... Read more

    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0972

    The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.... Read more

    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293559 Results