Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2002-1617

    Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to execute arbitrary code via (1) a long -contextDir argument to dtaction, (2) a long -p argument to dtprintinfo, (3) a long -customization argument to dxterm, or (4) a long DISPLAY environm... Read more

    Affected Products : tru64
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1573

    Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors, related to "wrap handling."... Read more

    Affected Products : linux_kernel
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1932

    Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users an... Read more

    Affected Products : windows_2000 windows_xp
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1868

    Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields.... Read more

    Affected Products : dispair
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1934

    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information.... Read more

    Affected Products : xpressa
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1927

    Aquonics File Manager 1.5 allows users with edit privileges to modify user accounts by editing the userlist.cgi file.... Read more

    Affected Products : aquonics_file_manager
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1965

    Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent ... Read more

    Affected Products : xitami
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.9

    MEDIUM
    CVE-2002-2203

    Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information.... Read more

    Affected Products : solaris sunos
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2240

    Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP GET request.... Read more

    Affected Products : myserver
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.3

    LOW
    CVE-2002-1869

    Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Vie... Read more

    Affected Products : eventsave eventsave\+
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2002-2284

    Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes.... Read more

    Affected Products : communicator
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1905

    Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.... Read more

    Affected Products : viavideo
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2006

    The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.... Read more

    Affected Products : tomcat
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1893

    Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1.8.1.9 allows remote attackers to inject arbitrary web script or HTML via the e-mail message.... Read more

    Affected Products : argosoft_mail_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.9

    MEDIUM
    CVE-2002-2188

    OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error.... Read more

    Affected Products : openbsd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2249

    PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php.... Read more

    Affected Products : news_evolution
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2190

    ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext under the web document root, which allows remote attackers to obtain the passwords via an HTTP request to a .user file.... Read more

    Affected Products : cutecast_forum
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-2177

    BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other... Read more

    Affected Products : weblogic_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2118

    Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remote attackers to cause a denial of service via a long URL.... Read more

    Affected Products : lasso_web_data_engine
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-2257

    Stack-based buffer overflow in the parse_field function in cgi_lib.c for LIBCGI 1.0.2 and 1.0.3 allows remote attackers to execute arbitrary code via a long argument.... Read more

    Affected Products : libcgi
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 294133 Results