Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2004-0699

    Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed A... Read more

    Affected Products : vpn-1 firewall-1 vpn-1_firewall-1
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0745

    LHA 1.14 and earlier allows attackers to execute arbitrary commands via a directory with shell metacharacters in its name.... Read more

    Affected Products : lha
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0593

    Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before authentication, which could allow remote attackers to bypass filtering rules.... Read more

    Affected Products : enforcer secure_enterprise
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0644

    The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.... Read more

    Affected Products : kerberos_5
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-1049

    IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files.... Read more

    Affected Products : db2_universal_database
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-0457

    The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : mysql
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-0643

    Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.... Read more

    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-1050

    Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.... Read more

    Affected Products : db2
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-1052

    IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.... Read more

    Affected Products : db2 db2_universal_database
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0642

    Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.... Read more

    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0500

    Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy ca... Read more

    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0692

    The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693.... Read more

    Affected Products : qt
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0573

    Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.... Read more

    Affected Products : office word works publisher frontpage
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-0690

    The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.... Read more

    Affected Products : kde kde
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1698

    The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and earlier allows remote attackers to cause a denial of service (application crash) via invalid characters in a message, which causes several alert dialogs to be displayed and leads to a crash... Read more

    Affected Products : popmessenger
    • Published: Sep. 24, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1696

    EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to cause a denial of service (application crash) via a sequence of carriage returns sent to TCP port 66.... Read more

    Affected Products : server4
    • Published: Sep. 21, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1697

    The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.... Read more

    Affected Products : unicenter_management
    • Published: Sep. 21, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1378

    The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket th... Read more

    Affected Products : jabberd jadc2s
    • Published: Sep. 21, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1694

    Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access.... Read more

    Affected Products : on_command_ccm on_icommand
    • Published: Sep. 21, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1699

    SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers to cause a denial of service (web interface errors) via an invalid Skin parameter.... Read more

    Affected Products : showcenter
    • Published: Sep. 21, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293568 Results