Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2002-0420

    Vulnerability in PureTLS before 0.9b2 related to injection attacks, which could possibly allow remote attackers to corrupt or hijack user sessions.... Read more

    Affected Products : puretls
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-0486

    Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges.... Read more

    Affected Products : xpede
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0451

    filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter.... Read more

    Affected Products : phpprojekt
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0815

    The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain nam... Read more

    Affected Products : internet_explorer mozilla navigator
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0507

    An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous u... Read more

    Affected Products : exchange_server securid
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0650

    The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system,... Read more

    Affected Products : sql_server sql_server
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0744

    namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow.... Read more

    Affected Products : aix
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0741

    psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC.... Read more

    Affected Products : psybnc
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0733

    Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.... Read more

    Affected Products : thttpd
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-0820

    FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid... Read more

    Affected Products : freebsd
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0807

    Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.... Read more

    Affected Products : bugzilla
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0485

    Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.... Read more

    Affected Products : norton_antivirus
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0845

    Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding.... Read more

    Affected Products : one_web_server iplanet_web_server
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2002-0481

    An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files... Read more

    Affected Products : outlook
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0494

    Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.... Read more

    Affected Products : websight_directory_system
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-0829

    Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system.... Read more

    Affected Products : freebsd
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0644

    Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.... Read more

    Affected Products : sql_server sql_server data_engine
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0806

    Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.... Read more

    Affected Products : bugzilla
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0810

    Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.... Read more

    Affected Products : bugzilla
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 6.2

    MEDIUM
    CVE-2002-0529

    HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_imaging_connectivity.app directory with world-writable permissions, which allows local users to gain privileges of other Photosmart users by replacing hp_ima... Read more

    Affected Products : photosmart_print_driver
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 294860 Results