Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2004-1035

    Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, (3) request.c, and (4) select.c for up-imapproxy IMAP proxy 1.2.2 allow remote attackers to cause a denial of service (server crash) and possibly leak sensitive information via certain li... Read more

    Affected Products : imap_proxy
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0992

    Format string vulnerability in the -a option (daemon mode) in Proxytunnel before 1.2.3 allows remote attackers to execute arbitrary code via format string specifiers in an invalid proxy answer.... Read more

    Affected Products : proxytunnel
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0986

    Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.... Read more

    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1006

    Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.... Read more

    Affected Products : enterprise_linux dhcpd
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0623

    Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to execute arbitrary code via a long URL.... Read more

    Affected Products : raidenhttpd
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1003

    Trend ScanMail allows remote attackers to obtain potentially sensitive information or disable the anti-virus capability via the smency.nsf file.... Read more

    Affected Products : scanmail_domino
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0628

    Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in search.php or the (2) body or (3) subject of a forum message.... Read more

    Affected Products : forumwa
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0629

    Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters.... Read more

    Affected Products : fourtwosevenbb
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1033

    Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.... Read more

    Affected Products : linux fcron
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-1036

    Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.... Read more

    Affected Products : squirrelmail linux change_passwd
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-1055

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form,... Read more

    Affected Products : phpmyadmin linux
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0989

    Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL ... Read more

    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-1001

    Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.... Read more

    Affected Products : shadow
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0988

    Integer overflow on Apple QuickTime before 6.5.2, when running on Windows systems, allows remote attackers to cause a denial of service (memory consumption) via certain inputs that cause a large memory operation.... Read more

    Affected Products : quicktime
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1027

    Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.... Read more

    Affected Products : debian_linux linux unarj
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1038

    A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degre... Read more

    Affected Products : firewire_ieee
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1037

    The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.... Read more

    Affected Products : twiki linux
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1021

    iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms.... Read more

    Affected Products : ical
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1052

    Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.... Read more

    Affected Products : debian_linux linux bnc
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0990

    Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based... Read more

    Affected Products : suse_linux linux secure_linux openpkg gdlib
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293660 Results