Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2002-2036

    Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client.... Read more

    Affected Products : ray_server_software
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-2016

    User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel address space, which allows local users to execute arbitrary code.... Read more

    Affected Products : user-mode_linux
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1985

    iSMTP 5.0.1 allows remote attackers to cause a denial of service via a long "MAIL FROM" command, possibly triggering a buffer overflow.... Read more

    Affected Products : ismtp_gateway
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1958

    Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b allows remote attackers to inject arbitrary web script or HTML via (1) javascript in onmouseover or other attributes in "safe" HTML tags such as the "b" tag, or (2) the Subject field.... Read more

    Affected Products : kmmail
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1989

    Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp.... Read more

    Affected Products : resin
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1972

    Unknown vulnerability in Parallel port powerSwitch (aka pp_powerSwitch) 0.1 does not properly enforce access controls, which allows local users to access arbitrary ports.... Read more

    Affected Products : pp_powerswitch
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1986

    Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot (".").... Read more

    Affected Products : liteserve
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2002-1975

    Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.... Read more

    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1957

    Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and 0.9.2 allows remote attackers to execute arbitrary commands via malformed log messages.... Read more

    Affected Products : pen
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1991

    PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php.... Read more

    Affected Products : oscommerce
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1955

    Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack.... Read more

    Affected Products : nas
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1790

    The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.... Read more

    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1817

    Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors.... Read more

    Affected Products : cluster_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1782

    The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.... Read more

    Affected Products : uw-imap
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-1813

    Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link.... Read more

    Affected Products : instant_messenger
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1830

    Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to bypass authentication and access modifier options via a direct request to moderator.php with the action and ismod parameters.... Read more

    Affected Products : openbb
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1954

    Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.... Read more

    Affected Products : php
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1977

    Network Associates PGP 7.0.4 and 7.1 does not time out according to the value set in the "Passphrase Cache" option, which could allow attackers to open encrypted files without providing a passphrase.... Read more

    Affected Products : pgp
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1793

    HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.... Read more

    Affected Products : virtualvault vvos
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1822

    IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP).... Read more

    Affected Products : http_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 292768 Results