Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2003-0525

    The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demon... Read more

    Affected Products : windows_nt
    • EPSS Score: %4.45
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0353

    Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.... Read more

    Affected Products : data_access_components
    • EPSS Score: %18.26
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0426

    The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator.... Read more

    Affected Products : darwin_streaming_server
    • EPSS Score: %0.90
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0423

    parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter.... Read more

    Affected Products : darwin_streaming_server
    • EPSS Score: %0.59
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0421

    Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502.... Read more

    Affected Products : darwin_streaming_server
    • EPSS Score: %1.51
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0550

    The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology.... Read more

    Affected Products : linux
    • EPSS Score: %0.71
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0619

    Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %5.93
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0466

    Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger... Read more

    • EPSS Score: %90.82
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-0461

    /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.... Read more

    Affected Products : linux
    • EPSS Score: %0.09
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-0656

    eroaster before 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile.... Read more

    Affected Products : eroaster
    • EPSS Score: %0.12
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0605

    The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interfac... Read more

    Affected Products : windows_2000
    • EPSS Score: %76.11
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-0614

    Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.... Read more

    Affected Products : gallery
    • EPSS Score: %6.04
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1566

    netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284.... Read more

    Affected Products : netris
    • EPSS Score: %5.82
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0613

    Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows local users to execute arbitrary code via the high score file.... Read more

    Affected Products : zblast
    • EPSS Score: %0.09
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0654

    Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail.... Read more

    Affected Products : autorespond
    • EPSS Score: %2.04
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0540

    The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To ... Read more

    Affected Products : linux postfix
    • EPSS Score: %57.49
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-0603

    Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.09
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0636

    Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites.... Read more

    Affected Products : ichain
    • EPSS Score: %0.23
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2003-0602

    Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attr... Read more

    Affected Products : bugzilla
    • EPSS Score: %1.01
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0685

    Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response.... Read more

    Affected Products : netris
    • EPSS Score: %1.56
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 292516 Results