Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2004-1010

    Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.... Read more

    Affected Products : zip
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1002

    Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.... Read more

    Affected Products : ubuntu_linux ppp
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0990

    Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based... Read more

    Affected Products : suse_linux linux secure_linux openpkg gdlib
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1031

    fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is... Read more

    Affected Products : linux fcron
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2004-1029

    The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe ... Read more

    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0613

    Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files.... Read more

    Affected Products : fckeditor
    • Published: Feb. 28, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0616

    Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (... Read more

    Affected Products : postnuke_phoenix
    • Published: Feb. 28, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0619

    Einstein 1.0.1 stores sensitive information such as usernames and passwords in plaintext in the registry, which allows local users to gain privileges.... Read more

    Affected Products : einstein
    • Published: Feb. 28, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0624

    reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords.... Read more

    Affected Products : reportbug
    • Published: Feb. 28, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0603

    viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.... Read more

    Affected Products : phpbb
    • Published: Feb. 28, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0945

    The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 allows remote authenticated users to cause a denial of service (resource exhaustion) via a large number of active sessions, which exceeds ICP's maximum.... Read more

    • Published: Feb. 28, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0625

    reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive information such as smtpuser and smtppasswd.... Read more

    Affected Products : reportbug
    • Published: Feb. 28, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0608

    Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a POST request with a Content-Length that is less than the amount of data that is actually sent.... Read more

    Affected Products : webmod
    • Published: Feb. 28, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0107

    bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, which allows remote attackers to execute arbitrary commands.... Read more

    Affected Products : bsmtpd
    • Published: Feb. 25, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-0579

    nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTHORITY environment variable is not set, which allows local users to access the X server without X authentication.... Read more

    Affected Products : freenx
    • Published: Feb. 25, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0580

    cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file.... Read more

    Affected Products : cmd5checkpw
    • Published: Feb. 25, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0598

    The RealServer RealSubscriber on Cisco devices running Application and Content Networking System (ACNS) 5.1 allow remote attackers to cause a denial of service (CPU consumption) via malformed packets.... Read more

    • Published: Feb. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0600

    Cisco devices running Application and Content Networking System (ACNS) 5.0, 5.1 before 5.1.13.7, or 5.2 before 5.2.3.9 allow remote attackers to cause a denial of service (bandwidth consumption) via "crafted IP packets" that are continuously forwarded.... Read more

    • Published: Feb. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0543

    Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no paramet... Read more

    Affected Products : phpmyadmin
    • Published: Feb. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-0547

    Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files."... Read more

    Affected Products : hp-ux
    • Published: Feb. 24, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293612 Results