Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-0189

    Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.... Read more

    Affected Products : realplayer realone_player
    • Published: Oct. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0928

    The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".... Read more

    • Published: Oct. 05, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1349

    gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.... Read more

    Affected Products : solaris solaris gzip
    • Published: Oct. 04, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1604

    cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.... Read more

    Affected Products : cpanel
    • Published: Sep. 30, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0190

    Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ?... Read more

    Affected Products : realplayer realone_player
    • Published: Sep. 29, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0929

    Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy.... Read more

    Affected Products : mailsweeper
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0408

    Buffer overflow in the child_service function in the ident2 ident daemon allows remote attackers to execute arbitrary code.... Read more

    Affected Products : ident2
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0931

    Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial of service (service hang) by replaying a malformed discovery packet to UDP port 39999.... Read more

    Affected Products : enforcer
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-1051

    Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.... Read more

    Affected Products : db2
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-1052

    IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.... Read more

    Affected Products : db2 db2_universal_database
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.1

    HIGH
    CVE-2004-0689

    KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.... Read more

    Affected Products : debian_linux kde
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-0690

    The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.... Read more

    Affected Products : kde kde
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0573

    Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.... Read more

    Affected Products : office word works publisher frontpage
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0928

    Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy.... Read more

    Affected Products : mailsweeper
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0558

    The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (service hang) via a certain UDP packet to the IPP port.... Read more

    Affected Products : cups
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0745

    LHA 1.14 and earlier allows attackers to execute arbitrary commands via a directory with shell metacharacters in its name.... Read more

    Affected Products : lha
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0691

    Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.... Read more

    Affected Products : qt
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0930

    Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy.... Read more

    Affected Products : mailsweeper
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0642

    Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.... Read more

    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0692

    The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693.... Read more

    Affected Products : qt
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293509 Results