Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2004-0110

    Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.... Read more

    Affected Products : libxml2 propack libxml
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0159

    Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command.... Read more

    Affected Products : hsftp
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0192

    Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the result... Read more

    Affected Products : gateway_security_5400
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0169

    QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function.... Read more

    Affected Products : darwin_streaming_server
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0186

    smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.... Read more

    Affected Products : linux_kernel samba
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0171

    FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from ... Read more

    Affected Products : freebsd openbsd
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0191

    Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using o... Read more

    Affected Products : mozilla
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0190

    Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.... Read more

    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0094

    Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).... Read more

    Affected Products : enterprise_linux x11r6
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1358

    The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.... Read more

    Affected Products : solaris
    • Published: Mar. 12, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2003-1199

    Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL.... Read more

    Affected Products : myproxy
    • Published: Mar. 11, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1770

    The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.... Read more

    Affected Products : cpanel
    • Published: Mar. 11, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1769

    The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.... Read more

    Affected Products : cpanel
    • Published: Mar. 11, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-1359

    Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.... Read more

    Affected Products : solaris sunos
    • Published: Mar. 04, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0008

    Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.... Read more

    Affected Products : linux gaim ultramagnetic
    • Published: Mar. 03, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0132

    Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[languag... Read more

    Affected Products : ezcontents
    • Published: Mar. 03, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0096

    Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973.... Read more

    Affected Products : mod_python
    • Published: Mar. 03, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1990

    Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive information via an arbitrary character, which reveals the full path and the user running the aweb process, possibly due to a malformed request.... Read more

    Affected Products : aldos_web_server
    • Published: Mar. 03, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1575

    cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email messa... Read more

    Affected Products : cgiemail
    • Published: Mar. 03, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0991

    Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.... Read more

    Affected Products : mailman propack
    • Published: Mar. 03, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293609 Results