Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2002-1859

    Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-IN... Read more

    Affected Products : orion_application_server
    • EPSS Score: %0.35
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2314

    Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.... Read more

    Affected Products : mozilla
    • EPSS Score: %12.46
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2002-1796

    ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.... Read more

    • EPSS Score: %0.06
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1636

    Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print.... Read more

    Affected Products : application_server
    • EPSS Score: %0.29
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2009

    Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.... Read more

    Affected Products : tomcat
    • EPSS Score: %3.22
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2153

    Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : application_server
    • EPSS Score: %2.54
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1730

    ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary messages accessing the delete.asp administrative script with certain cookie values set to "true".... Read more

    Affected Products : aspjar_guestbook
    • EPSS Score: %0.39
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2164

    Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.... Read more

    Affected Products : outlook_express
    • EPSS Score: %35.77
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2300

    Buffer overflow in ftpd 5.4 in 3Com NBX 4.0.17 or ftpd 5.4.2 in 3Com NBX 4.1.4 allows remote attackers to cause a denial of service (crash) via a long CEL command.... Read more

    Affected Products : webbngss3nbxnts
    • EPSS Score: %19.84
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2261

    Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.... Read more

    Affected Products : sendmail
    • EPSS Score: %0.65
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1631

    SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter.... Read more

    Affected Products : application_server
    • EPSS Score: %5.94
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2029

    PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.... Read more

    Affected Products : http_server
    • EPSS Score: %36.64
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-2248

    Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConve... Read more

    Affected Products : communicator
    • EPSS Score: %4.87
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2243

    Akfingerd 0.5 and possibly earlier versions only allows one connection at a time and does not time out connections, which allows remote attackers to cause a denial of service (refused connections) by opening a connection and not closing it.... Read more

    Affected Products : akfingerd
    • EPSS Score: %0.60
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2229

    Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request.... Read more

    Affected Products : webreflex
    • EPSS Score: %0.13
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-2244

    Akfingerd 0.5 and earlier versions allow local users to cause a denial of service (crash) via a .plan with a symlink to /dev/urandom or other device, then disconnecting while data is being transferred, which causes a SIGPIPE error that Akfingerd cannot ha... Read more

    Affected Products : akfingerd
    • EPSS Score: %0.05
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1917

    CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header.... Read more

    Affected Products : geeklog
    • EPSS Score: %0.39
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2002-2239

    The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet.... Read more

    Affected Products : ios catalyst_6500 catalyst_7600
    • EPSS Score: %0.54
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1912

    SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel panic) via a large number of packets.... Read more

    Affected Products : emr5000
    • EPSS Score: %1.64
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2002-2223

    Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field,... Read more

    • EPSS Score: %1.74
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 292510 Results