Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2001-1496

    Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.... Read more

    Affected Products : thttpd
    • EPSS Score: %19.07
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 5.3

    MEDIUM
    CVE-2001-1533

    Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the se... Read more

    Affected Products : isa_server
    • EPSS Score: %26.89
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1564

    setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause a denial of service by exhausting available d... Read more

    Affected Products : hp-ux
    • EPSS Score: %0.10
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2001-1576

    Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument.... Read more

    Affected Products : unixware
    • EPSS Score: %0.09
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2001-1515

    Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.... Read more

    Affected Products : windows_2000
    • EPSS Score: %0.78
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-1491

    Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.... Read more

    Affected Products : opera_web_browser
    • EPSS Score: %4.72
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-1511

    JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570".... Read more

    Affected Products : jrun
    • EPSS Score: %0.59
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2001-1568

    CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.... Read more

    Affected Products : wap_gateway
    • EPSS Score: %0.18
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2001-1487

    popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option.... Read more

    Affected Products : qpopper
    • EPSS Score: %0.11
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-1554

    IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets.... Read more

    Affected Products : aix
    • EPSS Score: %0.79
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2001-1585

    SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows ... Read more

    Affected Products : openssh
    • EPSS Score: %0.26
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2001-1507

    OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.... Read more

    Affected Products : openssh
    • EPSS Score: %0.74
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2001-1530

    run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands.... Read more

    Affected Products : webmin
    • EPSS Score: %0.04
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1534

    mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session I... Read more

    Affected Products : http_server
    • EPSS Score: %0.12
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-1545

    Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.... Read more

    Affected Products : jrun
    • EPSS Score: %0.39
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-1528

    AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.... Read more

    Affected Products : homebet
    • EPSS Score: %7.86
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2001-1522

    Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.... Read more

    Affected Products : php-nuke
    • EPSS Score: %0.02
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2001-1495

    network_query.php in Network Query Tool 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the target parameter.... Read more

    • EPSS Score: %0.98
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-1483

    One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist.... Read more

    Affected Products : one-time_passwords_in_everything
    • EPSS Score: %1.47
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2001-1577

    Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 allows an xterm session to gain privileges when the session is reused.... Read more

    Affected Products : unixware openunix
    • EPSS Score: %0.53
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025
Showing 20 of 291305 Results