Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2004-0084

    Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a differ... Read more

    Affected Products : openbsd x11r6
    • Published: Mar. 03, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0944

    The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie.... Read more

    • Published: Feb. 28, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1360

    Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files.... Read more

    Affected Products : solaris sunos
    • Published: Feb. 27, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-0322

    Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php... Read more

    Affected Products : xmb
    • Published: Feb. 23, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0324

    Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $.... Read more

    Affected Products : confirm
    • Published: Feb. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0466

    WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote attackers to cause a denial of service (hang) via a URL containing an MS-DOS device name such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.... Read more

    Affected Products : webconnect
    • Published: Feb. 21, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2136

    dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.... Read more

    Affected Products : linux_kernel
    • Published: Feb. 19, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0989

    tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.... Read more

    Affected Products : linux tcpdump
    • Published: Feb. 17, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1031

    Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation."... Read more

    Affected Products : vbulletin
    • Published: Feb. 17, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0072

    Directory traversal vulnerability in Accipiter Direct Server 6.0 allows remote attackers to read arbitrary files via encoded \.. (backslash .., "%5c%2e%2e") sequences in an HTTP request.... Read more

    Affected Products : accipiter_direct_server
    • Published: Feb. 17, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0004

    The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trus... Read more

    Affected Products : openca
    • Published: Feb. 17, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0903

    Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.... Read more

    Affected Products : data_access_components
    • Published: Feb. 17, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0062

    Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity.... Read more

    Affected Products : fishcart
    • Published: Feb. 17, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0060

    WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request.... Read more

    Affected Products : www_file_share_pro
    • Published: Feb. 17, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-0067

    Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7... Read more

    Affected Products : phpgedview
    • Published: Feb. 17, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0049

    Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port.... Read more

    • Published: Feb. 17, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1029

    The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when c... Read more

    Affected Products : tcpdump
    • Published: Feb. 17, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0070

    PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code.... Read more

    Affected Products : ezcontents
    • Published: Feb. 17, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0966

    Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line.... Read more

    Affected Products : elm
    • Published: Feb. 17, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0071

    Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php.... Read more

    Affected Products : php
    • Published: Feb. 17, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293608 Results