Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2002-1032

    Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed HTTP header.... Read more

    Affected Products : kf_web_server
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1028

    Multiple buffer overflows in the CGI programs for Oddsock Song Requester WinAmp plugin 2.1 allow remote attackers to cause a denial of service (crash) via long arguments.... Read more

    Affected Products : song_requester
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-0940

    domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module pr... Read more

    Affected Products : mscapi_csp
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0900

    Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability.... Read more

    Affected Products : pgp_public_key_server
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1004

    Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL.... Read more

    Affected Products : argosoft_mail_server
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1021

    BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte.... Read more

    Affected Products : badblue
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1012

    Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.... Read more

    Affected Products : tivoli_management_framework
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0664

    The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts.... Read more

    Affected Products : zmerge
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0880

    Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attackers to cause a denial of service (crash) via malformed packets as demonstrated by (1) "jolt", (2) "jolt2", (3) "raped", (4) "hping2", (5) "bloop", (6) "bubonic", (7) "mutant", (8) "trash... Read more

    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1096

    Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code.... Read more

    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0884

    Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the fun... Read more

    Affected Products : sunos unixware openunix
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2002-1006

    Cross-site scripting (XSS) vulnerability in BBC Education Text to Speech Internet Enhancer (Betsie) 1.5.11 and earlier allows remote attackers to execute arbitrary web script via parserl.pl.... Read more

    Affected Products : betsie
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1019

    The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp.... Read more

    Affected Products : adobe_content_server
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0921

    CGIScript.net csNews.cgi allows remote attackers to obtain potentially sensitive information, such as the full server pathname and other configuration settings, via the viewnews command with an invalid database, which leaks the information in error messag... Read more

    Affected Products : csnews
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1018

    The library feature for Adobe Content Server 3.0 does not verify if a customer has already checked out an eBook, which allows remote attackers to cause a denial of service (resource exhaustion) by checking out the same book multiple times.... Read more

    Affected Products : adobe_content_server
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-0905

    Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable.... Read more

    Affected Products : informix
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2002-0934

    Directory traversal vulnerability in Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. (dot dot) sequence in the parameters (1) _... Read more

    Affected Products : alienform2
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-0911

    Caldera Volution Manager 1.1 stores the Directory Administrator password in cleartext in the slapd.conf file, which could allow local users to gain privileges.... Read more

    Affected Products : volution_manager
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-1030

    Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.... Read more

    Affected Products : weblogic_server
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0922

    CGIScript.net csNews.cgi allows remote attackers to obtain database files via a direct URL-encoded request to (1) default%2edb or (2) default%2edb.style, or remote authenticated users to perform administrative actions via (3) a database parameter set to d... Read more

    Affected Products : csnews
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 293639 Results