Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2004-0488

    Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN... Read more

    • EPSS Score: %58.16
    • Published: Jul. 07, 2004
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2004-0431

    Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allows attackers to execute arbitrary code via a large "number of entries" field in the sample-to-chunk table data for a .mov movie file, which leads to a heap-based buffer overflow.... Read more

    Affected Products : quicktime
    • EPSS Score: %0.96
    • Published: Jul. 07, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0479

    Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference.... Read more

    Affected Products : ie
    • EPSS Score: %21.83
    • Published: Jul. 07, 2004
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2004-0475

    The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this ... Read more

    Affected Products : ie
    • EPSS Score: %9.90
    • Published: Jul. 07, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1345

    Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) 2.1 for Solaris 8 and Solaris 9 allows local users with the "ESMUser" role to gain root access.... Read more

    • EPSS Score: %0.06
    • Published: Jun. 21, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1346

    The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.... Read more

    Affected Products : solaris
    • EPSS Score: %0.09
    • Published: Jun. 19, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1754

    The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records.... Read more

    • EPSS Score: %5.10
    • Published: Jun. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0392

    racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" f... Read more

    Affected Products : racoon
    • EPSS Score: %0.93
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2004-0199

    Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvd... Read more

    Affected Products : windows_2003_server windows_xp
    • EPSS Score: %39.02
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0154

    rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name.... Read more

    Affected Products : nfs-utils
    • EPSS Score: %1.04
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0050

    Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others.... Read more

    Affected Products : ultraseek
    • EPSS Score: %0.36
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1041

    Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does ... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %70.95
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1580

    Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.... Read more

    Affected Products : cyrus_imap_server
    • EPSS Score: %48.54
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0038

    McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81.... Read more

    Affected Products : epolicy_orchestrator
    • EPSS Score: %1.78
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0227

    Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string.... Read more

    Affected Products : zoneminder
    • EPSS Score: %3.42
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0396

    Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.... Read more

    Affected Products : cvs
    • EPSS Score: %86.79
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0385

    Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vaguen... Read more

    • EPSS Score: %38.82
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-0157

    x11.c in xonix 1.4 and earlier uses the current working directory to find and execute the rmail program, which allows local users to execute arbitrary code by modifying the path to point to a malicious rmail program.... Read more

    Affected Products : xonix
    • EPSS Score: %0.09
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0405

    CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.... Read more

    Affected Products : cvs
    • EPSS Score: %0.98
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0388

    The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : mysql
    • EPSS Score: %0.11
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291419 Results