Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2003-0079

    The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.... Read more

    Affected Products : hanterm-xf
    • EPSS Score: %0.08
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1511

    The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.... Read more

    Affected Products : tightvnc linux vnc
    • EPSS Score: %0.95
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1078

    The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.... Read more

    Affected Products : solaris sunos
    • EPSS Score: %0.60
    • Published: Feb. 28, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0019

    uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode.... Read more

    Affected Products : linux
    • EPSS Score: %0.66
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0047

    SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal... Read more

    Affected Products : entunnel securecrt securefx
    • EPSS Score: %0.08
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1405

    CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters... Read more

    Affected Products : linux lynx elinks links
    • EPSS Score: %14.08
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1348

    w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.... Read more

    Affected Products : w3m
    • EPSS Score: %1.16
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0073

    Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.... Read more

    Affected Products : mysql
    • EPSS Score: %1.30
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0062

    Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name.... Read more

    Affected Products : nod32_antivirus
    • EPSS Score: %0.20
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2003-0076

    Unknown vulnerability in the directory parser for Direct Connect 4 Linux (dcgui) before 0.2.2 allows remote attackers to read files outside the sharelist.... Read more

    Affected Products : dcgui qt-dcgui
    • EPSS Score: %0.71
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0040

    SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.... Read more

    Affected Products : courier_mta courier-imap
    • EPSS Score: %0.49
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0048

    PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.... Read more

    Affected Products : putty
    • EPSS Score: %0.08
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0075

    Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk.... Read more

    Affected Products : bladeenc
    • EPSS Score: %3.56
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1326

    Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %11.11
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2003-0018

    Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.... Read more

    Affected Products : linux_kernel linux
    • EPSS Score: %0.07
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0059

    Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.... Read more

    Affected Products : kerberos_5
    • EPSS Score: %3.22
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0060

    Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos p... Read more

    Affected Products : kerberos_5
    • EPSS Score: %9.13
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0669

    The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify th... Read more

    Affected Products : xpressa
    • EPSS Score: %0.44
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0074

    Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog.... Read more

    Affected Products : plptools
    • EPSS Score: %0.85
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1328

    The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security V... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %43.56
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 291170 Results