Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2003-0692

    KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.... Read more

    Affected Products : kde
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0759

    Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument.... Read more

    Affected Products : db2_universal_database
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0680

    Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow an NFS client to bypass read-only restrictions.... Read more

    Affected Products : irix
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0784

    Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers.... Read more

    Affected Products : aix
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0742

    SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicio... Read more

    Affected Products : openserver
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-0801

    Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script.... Read more

    Affected Products : electronic_documentation
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0802

    Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot).... Read more

    Affected Products : electronic_documentation
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0690

    KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5... Read more

    Affected Products : kde
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2002-1567

    Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.... Read more

    Affected Products : tomcat
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-1053

    Multiple buffer overflows in XShisen allow attackers to execute arbitrary code via a long (1) -KCONV command line option or (2) XSHISENLIB environment variable.... Read more

    Affected Products : xshisen
    • Published: Oct. 03, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0775

    saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).... Read more

    Affected Products : sane sane-backend
    • Published: Sep. 22, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0771

    Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.... Read more

    Affected Products : apache_gallery
    • Published: Sep. 22, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0778

    saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).... Read more

    Affected Products : sane sane-backend
    • Published: Sep. 22, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0772

    Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments.... Read more

    Affected Products : ws_ftp_server ws_ftp_server
    • Published: Sep. 22, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0770

    FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.... Read more

    Affected Products : ikonboard
    • Published: Sep. 22, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0777

    saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).... Read more

    Affected Products : sane sane-backend
    • Published: Sep. 22, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0722

    The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.... Read more

    Affected Products : solaris
    • Published: Sep. 22, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0773

    saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.... Read more

    Affected Products : sane sane-backend
    • Published: Sep. 22, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-0769

    Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field.... Read more

    Affected Products : icq
    • Published: Sep. 22, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0779

    SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.... Read more

    Affected Products : asterisk
    • Published: Sep. 22, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293289 Results