Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2002-1311

    Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.... Read more

    Affected Products : courier_mta
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1142

    Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stu... Read more

    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2002-1307

    Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.... Read more

    Affected Products : mhonarc
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1289

    The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instanc... Read more

    Affected Products : java_virtual_machine
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1294

    The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other una... Read more

    Affected Products : java_virtual_machine
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1284

    The wizard in KGPG 0.6 through 0.8.2 does not properly provide the passphrase to gpg when creating new keys, which causes secret keys to be created with an empty passphrase and allows local attackers to steal the keys if they can be read.... Read more

    Affected Products : kgpg
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1309

    Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name.... Read more

    Affected Products : coldfusion
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0029

    Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) ... Read more

    Affected Products : bind security_linux
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1204

    Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing... Read more

    Affected Products : communicator
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1287

    Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass.... Read more

    Affected Products : java_virtual_machine
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1220

    BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.... Read more

    Affected Products : freebsd bind openbsd
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1221

    BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.... Read more

    Affected Products : freebsd bind openbsd
    • Published: Nov. 29, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1645

    Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to execute arbitrary code via a long URL.... Read more

    Affected Products : ssh2
    • Published: Nov. 25, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-1644

    SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain priv... Read more

    Affected Products : ssh2
    • Published: Nov. 25, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1312

    Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers to cause a... Read more

    • Published: Nov. 20, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0869

    Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out... Read more

    • Published: Nov. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1182

    IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.... Read more

    Affected Products : internet_information_services iis
    • Published: Nov. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0711

    Unknown vulnerability in Cluster Interconnect for HP TruCluster Server 5.0A, 5.1, and 5.1A may allow local and remote attackers to cause a denial of service.... Read more

    Affected Products : trucluster_server
    • Published: Nov. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1278

    The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail rel... Read more

    Affected Products : linuxconf
    • Published: Nov. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1180

    A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vuln... Read more

    Affected Products : internet_information_services iis
    • Published: Nov. 12, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 293592 Results