Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2004-1012

    The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increme... Read more

    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1074

    The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary.... Read more

    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1272

    Buffer overflow in the save_embedded_address function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message.... Read more

    Affected Products : filter
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1291

    Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a long HELO command, which overwrites the adjacent localIP data buffer.... Read more

    Affected Products : qwik_smtpd
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1229

    Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410.... Read more

    Affected Products : gadu-gadu_instant_messenger
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0139

    Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5.22 through 6.5.25, and possibly earlier versions, in which "t_unbind changes t_bind's behavior," has unknown impact and attack vectors.... Read more

    Affected Products : irix
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2004-1066

    The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel me... Read more

    Affected Products : freebsd
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1218

    Remote Execute 2.30 allows remote attackers to cause a denial of service (application crash) by making 7 simultaneous connections.... Read more

    Affected Products : remote_execute
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1279

    Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 allows remote attackers to execute arbitrary code via a crafted set of JPEG files and filenames.... Read more

    Affected Products : jpegtoavi
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1313

    The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before invoking help, which allows local users to gain privileges.... Read more

    Affected Products : my_firewall_plus
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1054

    Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has be... Read more

    Affected Products : aix
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1266

    Buffer overflow in the get_field_headers function in csv2xml.cpp for csv2xml 0.5.1 allows remote attackers to execute arbitrary code via a crafted CSV file.... Read more

    Affected Products : csv2xml
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2004-1125

    Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and poss... Read more

    Affected Products : xpdf cups kde
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1023

    Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, in... Read more

    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1028

    Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.... Read more

    Affected Products : aix
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1301

    Buffer overflow in the book_format_sql function in format.c for xlreader 0.9.0 allows remote attackers to execute arbitrary code via a crafted Excel (XLS) file.... Read more

    Affected Products : xlreader
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1220

    Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and earlier, allows a remote master server to cause a denial of service (client crash) via a server reply that contains a large numplayers value, which triggers a null dereference.... Read more

    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-1228

    The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing datab... Read more

    Affected Products : sugar_sales
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0953

    Buffer overflow in the C2S module in the open source Jabber 2.x server (Jabberd) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long username.... Read more

    Affected Products : jabber_server
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1314

    Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window i... Read more

    Affected Products : safari
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293568 Results