Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2004-1108

    qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory.... Read more

    Affected Products : linux
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1201

    Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.... Read more

    Affected Products : opera_browser
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1311

    Integer overflow in the real_setup_and_get_header function in real.c for Unix MPlayer 1.0pre5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a Real RTSP streaming media file with a -1 conte... Read more

    Affected Products : mplayer
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1302

    The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag.... Read more

    Affected Products : yamt
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1274

    The DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a filename with shell metacharacters.... Read more

    Affected Products : greed
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1285

    Buffer overflow in the get_header function in asf_mmst_streaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream.... Read more

    Affected Products : mplayer
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1192

    Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote attackers to execute arbitrary code via format string specifiers sent to the server.... Read more

    Affected Products : ux
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1161

    rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.... Read more

    Affected Products : rssh linux
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1157

    Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window ... Read more

    Affected Products : opera_browser
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1136

    Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands.... Read more

    Affected Products : cuteftp
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1149

    Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.ex... Read more

    Affected Products : etrust_ez_antivirus
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1113

    SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses.... Read more

    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1222

    weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the TextFile parameter.... Read more

    Affected Products : weblibs
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-1100

    Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter.... Read more

    Affected Products : mailpost
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1169

    MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference.... Read more

    Affected Products : maxdb
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1158

    Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a ... Read more

    Affected Products : konqueror mandrake_linux fedora_core
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2004-1058

    Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1165

    Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using ... Read more

    Affected Products : konqueror kdelibs
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1072

    The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that ... Read more

    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-0883

    Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested... Read more

    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293676 Results