Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2003-0940

    Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB before 7.4.03.30 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL.... Read more

    Affected Products : sap_db
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0975

    Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.... Read more

    Affected Products : mac_os_x mac_os_x_server safari
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0937

    SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which lea... Read more

    Affected Products : unixware open_unix
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0976

    NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host.... Read more

    Affected Products : netware
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0972

    Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.... Read more

    Affected Products : screen
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0820

    Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.... Read more

    Affected Products : word works
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0812

    Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated usin... Read more

    Affected Products : windows_2000 windows_xp
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0795

    The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to th... Read more

    Affected Products : quagga linux propack zebra
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0962

    Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.... Read more

    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0824

    Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain reque... Read more

    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0961

    Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0941

    web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa.... Read more

    Affected Products : sap_db
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0939

    eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port 7269, which ... Read more

    Affected Products : sap_db
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0945

    The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities.... Read more

    Affected Products : sap_db
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0944

    Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a URL with a long requestURI.... Read more

    Affected Products : sap_db
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0948

    Buffer overflow in iwconfig allows local users to execute arbitrary code via a long HOME environment variable.... Read more

    Affected Products : wireless_tools
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0974

    Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using ... Read more

    Affected Products : applied_watch_command_center
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0973

    Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.... Read more

    Affected Products : mod_python
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0960

    OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates.... Read more

    Affected Products : openca
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0971

    GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.... Read more

    Affected Products : privacy_guard
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293643 Results