Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2004-1597

    RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote attackers to cause a denial of service (device reboot and possibly data corruption) via a calendar message with a long Location field, which triggers a watchdog while the message is being... Read more

    Affected Products : blackberry
    • Published: Oct. 13, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1671

    Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to gain sensitive information via a direct request to (1) accountsettings_add.html or (2) topmenu.html.... Read more

    Affected Products : web_mail
    • Published: Oct. 12, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1672

    attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request.... Read more

    Affected Products : web_mail
    • Published: Oct. 12, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1598

    Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read arbitrary files via a PDF file that contains an embedded Shockwave (swf) file that references files outside of the temporary directory.... Read more

    Affected Products : acrobat acrobat_reader
    • Published: Oct. 12, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1673

    accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid parameter.... Read more

    Affected Products : web_mail
    • Published: Oct. 12, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1674

    viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter.... Read more

    Affected Products : web_mail mail_server
    • Published: Oct. 12, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0373

    Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.... Read more

    • Published: Oct. 07, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0192

    Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.... Read more

    Affected Products : realplayer realone_player
    • Published: Oct. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0189

    Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.... Read more

    Affected Products : realplayer realone_player
    • Published: Oct. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0188

    Format string vulnerability in the SetBaseURL function in AtHoc toolbar allows remote attackers to execute arbitrary code via format string specifiers in an invalid URL that is recorded in the debug log.... Read more

    Affected Products : athoc_toolbar
    • Published: Oct. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0928

    The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".... Read more

    • Published: Oct. 05, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1349

    gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.... Read more

    Affected Products : solaris solaris gzip
    • Published: Oct. 04, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1604

    cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.... Read more

    Affected Products : cpanel
    • Published: Sep. 30, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0190

    Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ?... Read more

    Affected Products : realplayer realone_player
    • Published: Sep. 29, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0930

    Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy.... Read more

    Affected Products : mailsweeper
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0691

    Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.... Read more

    Affected Products : qt
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0458

    mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.... Read more

    Affected Products : debian_linux mah-jong
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0644

    The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.... Read more

    Affected Products : kerberos_5
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0745

    LHA 1.14 and earlier allows attackers to execute arbitrary commands via a directory with shell metacharacters in its name.... Read more

    Affected Products : lha
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-0643

    Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.... Read more

    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 294858 Results