Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2002-1361

    overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter.... Read more

    Affected Products : cobalt_raq_4
    • EPSS Score: %20.76
    • Published: Dec. 23, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1373

    Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.... Read more

    Affected Products : mysql
    • EPSS Score: %3.12
    • Published: Dec. 23, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1357

    Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH prot... Read more

    • EPSS Score: %18.47
    • Published: Dec. 23, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1325

    Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."... Read more

    • EPSS Score: %5.68
    • Published: Dec. 23, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1358

    Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.... Read more

    • EPSS Score: %4.13
    • Published: Dec. 23, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1377

    vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.... Read more

    Affected Products : vim
    • EPSS Score: %0.08
    • Published: Dec. 23, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1375

    The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.... Read more

    • EPSS Score: %15.03
    • Published: Dec. 23, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1350

    The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash).... Read more

    Affected Products : tcpdump
    • EPSS Score: %2.46
    • Published: Dec. 23, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1359

    Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH prot... Read more

    • EPSS Score: %87.00
    • Published: Dec. 23, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1380

    Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.... Read more

    Affected Products : linux_kernel linux
    • EPSS Score: %0.18
    • Published: Dec. 23, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1256

    The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the sess... Read more

    • EPSS Score: %23.93
    • Published: Dec. 23, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1257

    Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.... Read more

    • EPSS Score: %7.88
    • Published: Dec. 23, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1355

    Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages.... Read more

    Affected Products : linux ethereal
    • EPSS Score: %0.74
    • Published: Dec. 23, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1643

    Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simu... Read more

    Affected Products : helix_universal_server
    • EPSS Score: %81.94
    • Published: Dec. 19, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1339

    The "XMLURL" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files.... Read more

    Affected Products : office_web_components
    • EPSS Score: %14.07
    • Published: Dec. 18, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1342

    Unknown vulnerability in smb2www 980804-16 and earlier allows remote attackers to execute arbitrary commands.... Read more

    Affected Products : smb2www
    • EPSS Score: %0.98
    • Published: Dec. 18, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1338

    The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files.... Read more

    Affected Products : office_web_components
    • EPSS Score: %24.40
    • Published: Dec. 18, 2002
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2002-1347

    Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during ... Read more

    • EPSS Score: %9.98
    • Published: Dec. 18, 2002
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2002-1159

    Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.... Read more

    Affected Products : linux canna
    • EPSS Score: %1.27
    • Published: Dec. 18, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1255

    Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 20... Read more

    Affected Products : outlook
    • EPSS Score: %14.02
    • Published: Dec. 18, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 291946 Results