Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2002-1222

    Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request.... Read more

    Affected Products : catos
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1227

    PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.... Read more

    Affected Products : pam
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1228

    Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon.... Read more

    Affected Products : solaris sunos
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1145

    The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updati... Read more

    Affected Products : sql_server sql_server data_engine
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1118

    TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.... Read more

    Affected Products : database_server oracle8i oracle9i
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1195

    Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page.... Read more

    Affected Products : ht_check
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1197

    bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail.... Read more

    Affected Products : bugzilla
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1203

    IBM SecureWay Firewall before 4.2.2 performs extra processing before determining that a packet is invalid and dropping it, which allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed TCP packets without any fl... Read more

    Affected Products : secureway_firewall
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1213

    Directory traversal vulnerability in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to read arbitrary files via an HTTP request with ".." (dot-dot) sequences containing URL-encoded forward sl... Read more

    Affected Products : webserver_4_all
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1223

    Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.... Read more

    Affected Products : linux kde
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1224

    Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter.... Read more

    Affected Products : linux kde
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0990

    The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple c... Read more

    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1200

    Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a... Read more

    Affected Products : syslog-ng
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1201

    IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers.... Read more

    Affected Products : aix
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1179

    Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or preview... Read more

    Affected Products : outlook_express
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1215

    Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources).... Read more

    Affected Products : heartbeat
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1226

    Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225).... Read more

    Affected Products : heimdal
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1198

    Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack.... Read more

    Affected Products : bugzilla
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1193

    tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files.... Read more

    Affected Products : tkmail
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1225

    Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.... Read more

    Affected Products : heimdal
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 293589 Results