Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2003-0209

    Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.... Read more

    Affected Products : snort smoothwall
    • Published: May. 05, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-0208

    Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field.... Read more

    Affected Products : flash
    • Published: May. 05, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0211

    Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections.... Read more

    Affected Products : xinetd
    • Published: May. 05, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0110

    The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malform... Read more

    Affected Products : isa_server proxy_server
    • Published: May. 05, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0201

    Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.... Read more

    • Published: May. 05, 2003
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2003-0198

    Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: May. 05, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-0207

    ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files.... Read more

    Affected Products : gs-common
    • Published: May. 05, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0171

    DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: May. 05, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0196

    Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.... Read more

    • Published: May. 05, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0163

    decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a... Read more

    Affected Products : gaim-encryption
    • Published: May. 05, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0111

    The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in ... Read more

    • Published: May. 05, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0133

    GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.... Read more

    Affected Products : linux gtkhtml
    • Published: May. 05, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1072

    Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption).... Read more

    Affected Products : solaris sunos
    • Published: Apr. 28, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1070

    Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash).... Read more

    Affected Products : solaris sunos
    • Published: Apr. 28, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1465

    SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable.... Read more

    Affected Products : b2
    • Published: Apr. 22, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1471

    The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-mi... Read more

    Affected Products : evolution
    • Published: Apr. 22, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1478

    Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.... Read more

    Affected Products : cacti
    • Published: Apr. 22, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1483

    db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absolute/path (double-slash), or (3) .. (dot-dot).... Read more

    Affected Products : db4web
    • Published: Apr. 22, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1479

    Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.... Read more

    Affected Products : cacti
    • Published: Apr. 22, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1476

    Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 element... Read more

    Affected Products : netbsd
    • Published: Apr. 22, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293414 Results