Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2002-1970

    SnortCenter 0.9.5, when configured to push Snort rules, stores the rules in a temporary file with world-readable and world-writable permissions, which allows local users to obtain usernames and passwords for the alert database servers.... Read more

    Affected Products : snortcenter
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-2050

    Directory traversal vulnerability in processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a .. (dot dot) in the hostname of a log entry.... Read more

    Affected Products : modlogan
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1976

    ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demo... Read more

    Affected Products : linux_kernel
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1939

    FlashFXP 1.4 prints FTP passwords in plaintext when there are transfers in the queue, which allows attackers to obtain FTP passwords of other users by editing the queue properties.... Read more

    Affected Products : flashfxp
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0345

    The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.... Read more

    • Published: May. 03, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1392

    faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges.... Read more

    Affected Products : mgetty
    • Published: Jan. 17, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0569

    Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.... Read more

    Affected Products : zope
    • Published: Aug. 22, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1281

    cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files.... Read more

    Affected Products : cgihtml
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0584

    IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE commands.... Read more

    Affected Products : mdaemon
    • Published: Aug. 22, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0076

    nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.... Read more

    Affected Products : debian_linux nvi
    • Published: Dec. 30, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1246

    NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command.... Read more

    Affected Products : integrity_protection_driver
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0461

    The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.... Read more

    Affected Products : freebsd netbsd
    • Published: May. 29, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0624

    QNX 2.4 allows a local user to read arbitrary files by directly accessing the mount point for the FAT disk partition, e.g. /fs-dos.... Read more

    Affected Products : qnx
    • Published: Aug. 02, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0474

    Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.... Read more

    Affected Products : mandrake_linux mesa
    • Published: Jun. 27, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1545

    Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users.... Read more

    Affected Products : joe
    • Published: Jul. 14, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0234

    NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which consume... Read more

    Affected Products : netscreen_screenos
    • Published: May. 29, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0402

    The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.... Read more

    Affected Products : sql_server
    • Published: May. 30, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0275

    CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN.... Read more

    Affected Products : cryptoadmin
    • Published: Apr. 10, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1409

    ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."... Read more

    Affected Products : hp-ux
    • Published: Apr. 11, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0310

    sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.... Read more

    Affected Products : freebsd
    • Published: Jun. 02, 2001
    • Modified: Apr. 03, 2025
Showing 20 of 292803 Results