Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2004-0661

    Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thi... Read more

    Affected Products : di-604 di-614\+ di-624
    • EPSS Score: %1.41
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0658

    Integer overflow in the hpsb_alloc_packet function (incorrectly reported as alloc_hpsb_packet) in IEEE 1394 (Firewire) driver 2.4 and 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via the functions (1) raw... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.07
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0525

    HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero.... Read more

    Affected Products : integrated_lights-out_firmware
    • EPSS Score: %0.80
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0669

    Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command.... Read more

    Affected Products : lotus_domino
    • EPSS Score: %0.64
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0657

    Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.... Read more

    Affected Products : ntp tru64_unix
    • EPSS Score: %4.54
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-0678

    Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in 12Planet Chat Server 2.9 allows remote attackers to execute arbitrary script as other users via the page parameter.... Read more

    Affected Products : chat_server
    • EPSS Score: %0.42
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0650

    UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL.... Read more

    Affected Products : servletexec
    • EPSS Score: %1.38
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0529

    The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such a... Read more

    Affected Products : suexec.patch
    • EPSS Score: %0.55
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0215

    Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.... Read more

    • EPSS Score: %44.46
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0580

    DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.... Read more

    • EPSS Score: %7.65
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0648

    Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.... Read more

    Affected Products : firefox thunderbird mozilla
    • EPSS Score: %22.51
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0414

    CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code... Read more

    Affected Products : openbsd propack linux openpkg cvs
    • EPSS Score: %5.25
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0583

    The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.... Read more

    Affected Products : debian_linux webmin usermin
    • EPSS Score: %1.12
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1712

    Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter.... Read more

    Affected Products : typepad
    • EPSS Score: %0.34
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0540

    Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.... Read more

    Affected Products : windows_2000
    • EPSS Score: %22.68
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1710

    page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter.... Read more

    Affected Products : page_cgi
    • EPSS Score: %0.98
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0543

    Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries.... Read more

    Affected Products : e-business_suite applications
    • EPSS Score: %6.03
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0716

    Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data.... Read more

    Affected Products : hp-ux
    • EPSS Score: %4.29
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0666

    Off-by-one error in the POP3_readmsg function in popclient 3.0b6 allows remote attackers to cause a denial of service (application crash) via an e-mail message with a certain line length, which leads to a buffer overflow.... Read more

    Affected Products : popclient
    • EPSS Score: %0.99
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0596

    The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291712 Results