Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2002-1175

    The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to re... Read more

    Affected Products : linux fetchmail
    • Published: Oct. 11, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1149

    The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.... Read more

    Affected Products : invision_board
    • Published: Oct. 11, 2002
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2002-0840

    Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page vis... Read more

    • Published: Oct. 11, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1141

    An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "D... Read more

    Affected Products : services
    • Published: Oct. 11, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1189

    The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding.... Read more

    Affected Products : unity_server
    • Published: Oct. 11, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-0839

    The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that woul... Read more

    Affected Products : debian_linux http_server
    • Published: Oct. 11, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1166

    Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows remote attackers to execute arbitrary code via a long GET request.... Read more

    Affected Products : wn_server
    • Published: Oct. 11, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1146

    The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read pas... Read more

    Affected Products : glibc
    • Published: Oct. 11, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1139

    The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location... Read more

    • Published: Oct. 11, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1140

    The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size chec... Read more

    Affected Products : services
    • Published: Oct. 11, 2002
    • Modified: Apr. 03, 2025

  • 7.1

    HIGH
    CVE-2002-1147

    The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of servic... Read more

    Affected Products : procurve_switch_4000m
    • Published: Oct. 11, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-1165

    Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or... Read more

    Affected Products : netbsd sendmail
    • Published: Oct. 11, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1153

    IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".... Read more

    Affected Products : websphere_application_server
    • Published: Oct. 11, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1152

    Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.... Read more

    Affected Products : linux kde
    • Published: Oct. 11, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1138

    Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overw... Read more

    Affected Products : sql_server sql_server data_engine
    • Published: Oct. 11, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1178

    Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.... Read more

    Affected Products : jetty_http_server
    • Published: Oct. 11, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0694

    The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files fol... Read more

    • Published: Oct. 10, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-0838

    Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript fi... Read more

    Affected Products : linux ghostview gv ggv
    • Published: Oct. 10, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0370

    Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Window... Read more

    • Published: Oct. 10, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0705

    The Web Reports Server for SurfControl SuperScout WebFilter stores the "scwebusers" username and password file in a web-accessible directory, which allows remote attackers to obtain valid usernames and crack the passwords.... Read more

    Affected Products : superscout_web_filter web_filter
    • Published: Oct. 10, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 293609 Results