Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2002-1405

    CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters... Read more

    Affected Products : linux lynx elinks links
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2002-1508

    slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.... Read more

    Affected Products : openldap
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2003-0018

    Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.... Read more

    Affected Products : linux_kernel linux
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0059

    Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.... Read more

    Affected Products : kerberos_5
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0060

    Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos p... Read more

    Affected Products : kerberos_5
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0062

    Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name.... Read more

    Affected Products : nod32_antivirus
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0074

    Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog.... Read more

    Affected Products : plptools
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0075

    Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk.... Read more

    Affected Products : bladeenc
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1326

    Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."... Read more

    Affected Products : internet_explorer ie
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0036

    Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.... Read more

    Affected Products : kerberos_5
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1079

    Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allo... Read more

    Affected Products : solaris sunos
    • Published: Feb. 18, 2003
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2003-1080

    Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users.... Read more

    Affected Products : solaris sunos
    • Published: Feb. 11, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2003-0002

    Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.... Read more

    Affected Products : content_management_server
    • Published: Feb. 07, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1252

    The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the Sim... Read more

    Affected Products : peopletools
    • Published: Feb. 07, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-0038

    Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.... Read more

    Affected Products : mailman
    • Published: Feb. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0037

    Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code.... Read more

    Affected Products : noffle
    • Published: Feb. 07, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0045

    Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.... Read more

    Affected Products : tomcat
    • Published: Feb. 07, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0042

    Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.... Read more

    Affected Products : tomcat
    • Published: Feb. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0035

    Buffer overflow in escputil, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long printer-name command line argument.... Read more

    Affected Products : escputil
    • Published: Feb. 07, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0007

    Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certif... Read more

    Affected Products : outlook
    • Published: Feb. 07, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293671 Results