Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2002-1269

    Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem.... Read more

    Affected Products : mac_os_x
    • Published: Dec. 11, 2002
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2002-1334

    Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi.... Read more

    Affected Products : imagefolio
    • Published: Dec. 11, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1267

    Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible."... Read more

    Affected Products : mac_os_x
    • Published: Dec. 11, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1186

    Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has... Read more

    Affected Products : internet_explorer ie
    • Published: Dec. 11, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1183

    Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).... Read more

    Affected Products : windows_98 windows_nt windows_98se
    • Published: Dec. 11, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1185

    Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during de... Read more

    Affected Products : internet_explorer ie
    • Published: Dec. 11, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1587

    The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.... Read more

    Affected Products : solaris sunos
    • Published: Dec. 04, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1586

    Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.... Read more

    Affected Products : solaris sunos
    • Published: Dec. 03, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1588

    Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers to cause a denial of service (mailtool segmentation violation and crash) via a malformed mail attachment.... Read more

    Affected Products : solaris openwindows
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1292

    The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityMan... Read more

    Affected Products : java_virtual_machine
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2002-1307

    Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.... Read more

    Affected Products : mhonarc
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1306

    Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan:... Read more

    Affected Products : linux kde
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1313

    nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users.... Read more

    Affected Products : nullmailer
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1281

    Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL.... Read more

    Affected Products : linux kde
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1286

    The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an a... Read more

    Affected Products : java_virtual_machine
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2002-1315

    Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating... Read more

    Affected Products : iplanet_web_server
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1310

    Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name.... Read more

    Affected Products : jrun
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1210

    Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes t... Read more

    Affected Products : eudora
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1282

    Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL.... Read more

    Affected Products : linux kde
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1291

    The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" (null character) URL.... Read more

    Affected Products : java_virtual_machine
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 292803 Results