Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2004-0362

    Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI respon... Read more

    • EPSS Score: %83.40
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0364

    The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.... Read more

    Affected Products : norton_internet_security
    • EPSS Score: %2.88
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0592

    Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outsid... Read more

    Affected Products : konqueror konqueror_embedded
    • EPSS Score: %0.83
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0905

    Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets.... Read more

    Affected Products : windows_2000 windows_media_services
    • EPSS Score: %27.22
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0514

    Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. t... Read more

    Affected Products : safari
    • EPSS Score: %2.71
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-1576

    lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver prog... Read more

    Affected Products : sap_db
    • EPSS Score: %0.32
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1039

    Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server.... Read more

    Affected Products : mysap_business_suite
    • EPSS Score: %3.47
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-1034

    The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs.... Read more

    Affected Products : sap_db
    • EPSS Score: %0.05
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1038

    The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames.... Read more

    Affected Products : internet_transaction_server
    • EPSS Score: %0.35
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1036

    Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header.... Read more

    Affected Products : internet_transaction_server
    • EPSS Score: %3.08
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1579

    SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error.... Read more

    Affected Products : sapgui
    • EPSS Score: %0.74
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1578

    The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is no... Read more

    Affected Products : sap_r_3
    • EPSS Score: %1.26
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.0

    HIGH
    CVE-2004-0217

    The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.... Read more

    Affected Products : linux antivirus_scan_engine
    • EPSS Score: %0.13
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0593

    Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vuln... Read more

    Affected Products : opera_browser
    • EPSS Score: %0.15
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1934

    PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter.... Read more

    Affected Products : gemitel
    • EPSS Score: %7.57
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0202

    The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : metrics
    • EPSS Score: %0.07
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0594

    Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a ... Read more

    Affected Products : mozilla
    • EPSS Score: %0.52
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0152

    Multiple stack-based buffer overflows in (1) the encode_mime function, (2) the encode_uuencode function, (3) or the decode_uuencode function for emil 2.1.0 and earlier allow remote attackers to execute arbitrary code via e-mail messages containing attachm... Read more

    Affected Products : emil
    • EPSS Score: %3.42
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1939

    Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter.... Read more

    Affected Products : zaep_antispam
    • EPSS Score: %0.88
    • Published: Apr. 14, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1944

    Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message.... Read more

    Affected Products : eudora
    • EPSS Score: %3.92
    • Published: Apr. 14, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291293 Results