Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2005-0192

    Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.... Read more

    Affected Products : realplayer realone_player
    • Published: Oct. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0189

    Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.... Read more

    Affected Products : realplayer realone_player
    • Published: Oct. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0188

    Format string vulnerability in the SetBaseURL function in AtHoc toolbar allows remote attackers to execute arbitrary code via format string specifiers in an invalid URL that is recorded in the debug log.... Read more

    Affected Products : athoc_toolbar
    • Published: Oct. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0928

    The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".... Read more

    • Published: Oct. 05, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1349

    gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.... Read more

    Affected Products : solaris solaris gzip
    • Published: Oct. 04, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1604

    cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.... Read more

    Affected Products : cpanel
    • Published: Sep. 30, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0190

    Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ?... Read more

    Affected Products : realplayer realone_player
    • Published: Sep. 29, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0929

    Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy.... Read more

    Affected Products : mailsweeper
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-1051

    Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.... Read more

    Affected Products : db2
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0931

    Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial of service (service hang) by replaying a malformed discovery packet to UDP port 39999.... Read more

    Affected Products : enforcer
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0163

    Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the key used to encrypt data, which allows remote attackers to cause a denial of service (resource exhaustion) by capturing a session and repeatedly replaying the session.... Read more

    Affected Products : secure_enterprise
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-1583

    Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument.... Read more

    Affected Products : db2_universal_database
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0458

    mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.... Read more

    Affected Products : debian_linux mah-jong
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0644

    The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.... Read more

    Affected Products : kerberos_5
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-1049

    IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files.... Read more

    Affected Products : db2_universal_database
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0691

    Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.... Read more

    Affected Products : qt
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-0457

    The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : mysql
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-0643

    Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.... Read more

    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-1050

    Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.... Read more

    Affected Products : db2
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0928

    Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy.... Read more

    Affected Products : mailsweeper
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293611 Results