Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2004-0111

    gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.... Read more

    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1039

    Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server.... Read more

    Affected Products : mysap_business_suite
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0514

    Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. t... Read more

    Affected Products : safari
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1036

    Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header.... Read more

    Affected Products : internet_transaction_server
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0224

    Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."... Read more

    Affected Products : linux courier_mta courier-imap sqwebmail
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0202

    The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : metrics
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1040

    kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod.... Read more

    Affected Products : linux_kernel
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0372

    xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts.... Read more

    Affected Products : xine
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1037

    Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level."... Read more

    Affected Products : internet_transaction_server
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1038

    The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames.... Read more

    Affected Products : internet_transaction_server
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-1034

    The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs.... Read more

    Affected Products : sap_db
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1934

    PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter.... Read more

    Affected Products : gemitel
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0592

    Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outsid... Read more

    Affected Products : konqueror konqueror_embedded
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0364

    The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.... Read more

    Affected Products : norton_internet_security
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1936

    ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote attackers to bypass e-mail protection via attachments whose names contain certain non-English characters.... Read more

    Affected Products : zonealarm
    • Published: Apr. 14, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1939

    Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter.... Read more

    Affected Products : zaep_antispam
    • Published: Apr. 14, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1944

    Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message.... Read more

    Affected Products : eudora
    • Published: Apr. 14, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-1758

    BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.... Read more

    Affected Products : weblogic_server
    • Published: Apr. 13, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1756

    BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other user... Read more

    Affected Products : weblogic_server
    • Published: Apr. 13, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1929

    SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter.... Read more

    Affected Products : php-nuke
    • Published: Apr. 13, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293329 Results