Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2005-0408

    CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boog... Read more

    Affected Products : citrusdb
    • Published: Feb. 14, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0411

    Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and local users to include arbitrary PHP files via .. (dot dot) sequences in the load parameter.... Read more

    Affected Products : citrusdb
    • Published: Feb. 14, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0410

    SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file.... Read more

    Affected Products : citrusdb
    • Published: Feb. 14, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0430

    The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow.... Read more

    Affected Products : quake_3_engine
    • Published: Feb. 12, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0114

    vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort funct... Read more

    • Published: Feb. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-0074

    Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to execute arbitrary code.... Read more

    Affected Products : xpcd
    • Published: Feb. 11, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0261

    lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.... Read more

    Affected Products : aix
    • Published: Feb. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0364

    Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to cause a denial of service.... Read more

    Affected Products : hp-ux
    • Published: Feb. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0941

    Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vu... Read more

    Affected Products : secure_linux gdlib
    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0971

    The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.... Read more

    Affected Products : kerberos_5
    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0947

    Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.... Read more

    Affected Products : suse_linux linux unarj
    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0961

    Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.... Read more

    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0980

    Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.... Read more

    Affected Products : debian_linux linux ez-ipupdate
    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0981

    Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.... Read more

    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0957

    Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized acti... Read more

    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0982

    Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.... Read more

    Affected Products : mpg123
    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0977

    The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.... Read more

    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0970

    The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.... Read more

    Affected Products : gzip
    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0960

    FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.... Read more

    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0967

    The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.... Read more

    Affected Products : ghostscript
    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293634 Results