Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2002-1580

    Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.... Read more

    Affected Products : cyrus_imap_server
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0392

    racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" f... Read more

    Affected Products : racoon
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0396

    Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.... Read more

    Affected Products : cvs
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0050

    Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others.... Read more

    Affected Products : ultraseek
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0227

    Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string.... Read more

    Affected Products : zoneminder
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1041

    Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does ... Read more

    Affected Products : internet_explorer ie
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0038

    McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81.... Read more

    Affected Products : epolicy_orchestrator
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2004-0199

    Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvd... Read more

    Affected Products : windows_2003_server windows_xp
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0154

    rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name.... Read more

    Affected Products : nfs-utils
    • Published: Jun. 14, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0119

    The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit r... Read more

    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0197

    Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query.... Read more

    Affected Products : jet
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0177

    The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions... Read more

    Affected Products : linux_kernel
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0133

    The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0123

    Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.... Read more

    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0178

    The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of b... Read more

    Affected Products : linux_kernel
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0124

    The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."... Read more

    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0182

    Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field.... Read more

    Affected Products : mailman
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0118

    The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.... Read more

    Affected Products : windows_2000 windows_nt
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0116

    An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.... Read more

    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0155

    The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middl... Read more

    Affected Products : enterprise_linux racoon
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293612 Results