Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2003-0704

    KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enab... Read more

    Affected Products : kismac
    • EPSS Score: %0.05
    • Published: Sep. 17, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0765

    The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.... Read more

    Affected Products : winamp
    • EPSS Score: %4.45
    • Published: Sep. 17, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1352

    Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter.... Read more

    Affected Products : cartman
    • EPSS Score: %0.54
    • Published: Sep. 17, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0715

    Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a differ... Read more

    • EPSS Score: %61.98
    • Published: Sep. 17, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0705

    Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code.... Read more

    Affected Products : mah-jong
    • EPSS Score: %4.58
    • Published: Sep. 17, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-0763

    Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter.... Read more

    Affected Products : escapade
    • EPSS Score: %0.40
    • Published: Sep. 17, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0541

    gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference.... Read more

    Affected Products : linux gtkhtml
    • EPSS Score: %1.11
    • Published: Sep. 17, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0720

    Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.... Read more

    Affected Products : pine
    • EPSS Score: %19.29
    • Published: Sep. 17, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0706

    Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote attackers to cause a denial of service (tight loop).... Read more

    Affected Products : mah-jong
    • EPSS Score: %3.93
    • Published: Sep. 17, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0766

    Multiple heap-based buffer overflows in FTP Desktop client 3.5, and possibly earlier versions, allow remote malicious servers to execute arbitrary code via (1) a long FTP banner, (2) a long response to a USER command, or (3) a long response to a PASS comm... Read more

    Affected Products : ftp_desktop
    • EPSS Score: %6.73
    • Published: Sep. 17, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0760

    Blubster 2.5 allows remote attackers to cause a denial of service (crash) via a flood of connections to UDP port 701.... Read more

    Affected Products : blubster
    • EPSS Score: %4.72
    • Published: Sep. 17, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0761

    Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests... Read more

    Affected Products : asterisk
    • EPSS Score: %0.13
    • Published: Sep. 17, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0764

    Escapade Scripting Engine (ESP) allows remote attackers to obtain sensitive path information via a malformed request, which leaks the information in an error message, as demonstrated using the PAGE parameter.... Read more

    Affected Products : escapade
    • EPSS Score: %0.50
    • Published: Sep. 17, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-1081

    Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file.... Read more

    Affected Products : solaris sunos
    • EPSS Score: %2.20
    • Published: Sep. 09, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0644

    Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands.... Read more

    Affected Products : enterprise_linux kdbg
    • EPSS Score: %0.04
    • Published: Sep. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0148

    The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the e... Read more

    Affected Products : epolicy_orchestrator
    • EPSS Score: %0.01
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0459

    KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.... Read more

    • EPSS Score: %1.52
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0468

    Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Post... Read more

    Affected Products : linux postfix
    • EPSS Score: %1.82
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0511

    The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL.... Read more

    Affected Products : ios
    • EPSS Score: %15.40
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0460

    The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.... Read more

    Affected Products : http_server
    • EPSS Score: %11.83
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 291219 Results