Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2002-1472

    Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.... Read more

    Affected Products : linux x11r6
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0049

    Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-0079

    The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.... Read more

    Affected Products : hanterm-xf
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0021

    The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.... Read more

    Affected Products : eterm
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0088

    TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information.... Read more

    Affected Products : mac_os_x
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0087

    Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm.... Read more

    Affected Products : aix libim
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0022

    The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.... Read more

    Affected Products : rxvt
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0095

    Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authen... Read more

    Affected Products : database_server oracle8i oracle9i
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0064

    The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which c... Read more

    Affected Products : aix solaris hp-ux sunos irix
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 9.0

    HIGH
    CVE-2003-0096

    Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_... Read more

    Affected Products : database_server oracle8i oracle9i
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1511

    The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.... Read more

    Affected Products : tightvnc linux vnc
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1078

    The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.... Read more

    Affected Products : solaris sunos
    • Published: Feb. 28, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0047

    SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal... Read more

    Affected Products : entunnel securecrt securefx
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2003-0018

    Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.... Read more

    Affected Products : linux_kernel linux
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0074

    Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog.... Read more

    Affected Products : plptools
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0073

    Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.... Read more

    Affected Products : mysql
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0036

    Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.... Read more

    Affected Products : kerberos_5
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0058

    MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.... Read more

    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0004

    Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter.... Read more

    Affected Products : windows_xp
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0046

    AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.... Read more

    Affected Products : absolutetelnet
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293339 Results