Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-0175

    Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.... Read more

    Affected Products : squid
    • Published: Feb. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0226

    Format string vulnerability in the Log_Resolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code.... Read more

    Affected Products : ngircd
    • Published: Feb. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0152

    PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."... Read more

    Affected Products : squirrelmail
    • Published: Feb. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0245

    Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005... Read more

    Affected Products : postgresql
    • Published: Feb. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0101

    Buffer overflow in the socket_getline function in Newspost 2.1.1 and earlier allows remote malicious NNTP servers to execute arbitrary code via a long string without a newline character.... Read more

    Affected Products : newspost
    • Published: Feb. 01, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0224

    Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 through 4.7, when running the TGA daemon, allows remote attackers to cause a denial of service via certain network traffic.... Read more

    Affected Products : hp-ux virtualvault
    • Published: Jan. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0104

    Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.... Read more

    Affected Products : enterprise_linux squirrelmail
    • Published: Jan. 29, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0075

    prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.... Read more

    Affected Products : enterprise_linux squirrelmail
    • Published: Jan. 29, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0320

    Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add... Read more

    Affected Products : web_mail
    • Published: Jan. 28, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0318

    useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter.... Read more

    Affected Products : webadmin
    • Published: Jan. 28, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0319

    Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilita... Read more

    Affected Products : webadmin
    • Published: Jan. 28, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0317

    Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.... Read more

    Affected Products : webadmin
    • Published: Jan. 28, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0316

    WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.... Read more

    Affected Products : webwasher_classic
    • Published: Jan. 28, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0925

    Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Jan. 27, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0932

    McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which doe... Read more

    • Published: Jan. 27, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0933

    Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remot... Read more

    • Published: Jan. 27, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0917

    The default installation of Vignette Application Portal installs the diagnostic utility without authentication requirements, which allows remote attackers to gain sensitive information, such as server and OS version, and conduct unauthorized activities vi... Read more

    Affected Products : application_portal
    • Published: Jan. 27, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0887

    SUSE Linux Enterprise Server 9 on the S/390 platform does not properly handle a certain privileged instruction, which allows local users to gain root privileges.... Read more

    Affected Products : linux_kernel suse_linux
    • Published: Jan. 27, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0935

    Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system... Read more

    • Published: Jan. 27, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0922

    AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows att... Read more

    Affected Products : quicktime mac_os_x mac_os_x_server
    • Published: Jan. 27, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294307 Results