Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2003-0845

    Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL state... Read more

    Affected Products : jboss
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0660

    The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval.... Read more

    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-0712

    Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.... Read more

    Affected Products : exchange_server
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0847

    SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file.... Read more

    Affected Products : suse_linux
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2003-0813

    A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread ... Read more

    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0543

    Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.... Read more

    Affected Products : openssl
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0861

    Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.... Read more

    Affected Products : php
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0717

    The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.... Read more

    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0659

    Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.... Read more

    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-0793

    GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).... Read more

    Affected Products : gdm
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-0794

    GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading ... Read more

    Affected Products : gdm
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0843

    Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in... Read more

    Affected Products : mod_gzip
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0787

    The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.... Read more

    Affected Products : openssh
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0786

    The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.... Read more

    Affected Products : openssh
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2001-1411

    Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs.... Read more

    Affected Products : mac_os_x
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0836

    Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with "Connect" privileges to execute arbitrary code via a LOAD command.... Read more

    Affected Products : db2_universal_database
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0809

    Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.... Read more

    Affected Products : internet_explorer ie
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0852

    Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message.... Read more

    Affected Products : sylpheed sylpheed-claws
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0864

    Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10.3p3 allows remote attackers to cause a denial of service.... Read more

    Affected Products : ircnet_ircd
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0894

    Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument.... Read more

    Affected Products : database_server oracle9i
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293609 Results