Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2002-0666

    IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packe... Read more

    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1209

    Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request.... Read more

    Affected Products : tftp_server
    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2002-1167

    Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.... Read more

    Affected Products : websphere_caching_proxy_server
    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-1233

    A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on te... Read more

    Affected Products : http_server
    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1235

    The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.... Read more

    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0386

    The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request wi... Read more

    Affected Products : application_server
    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1231

    SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.... Read more

    Affected Products : unixware openunix
    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1157

    Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on ... Read more

    Affected Products : mod_ssl
    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1232

    Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.... Read more

    Affected Products : debian_linux linux secure_os
    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1169

    IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.... Read more

    Affected Products : websphere_caching_proxy_server
    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1230

    NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrat... Read more

    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2002-1168

    Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequ... Read more

    Affected Products : websphere_caching_proxy_server
    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-1590

    The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users ... Read more

    Affected Products : solaris sunos
    • Published: Oct. 29, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1223

    Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.... Read more

    Affected Products : linux kde
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1195

    Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page.... Read more

    Affected Products : ht_check
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1197

    bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail.... Read more

    Affected Products : bugzilla
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1203

    IBM SecureWay Firewall before 4.2.2 performs extra processing before determining that a packet is invalid and dropping it, which allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed TCP packets without any fl... Read more

    Affected Products : secureway_firewall
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1213

    Directory traversal vulnerability in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to read arbitrary files via an HTTP request with ".." (dot-dot) sequences containing URL-encoded forward sl... Read more

    Affected Products : webserver_4_all
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1118

    TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.... Read more

    Affected Products : database_server oracle8i oracle9i
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1196

    editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to user... Read more

    Affected Products : bugzilla
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 293633 Results