Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2002-0440

    Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP clients.... Read more

    Affected Products : interscan_viruswall
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0405

    Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters.... Read more

    Affected Products : broker_ftp_server
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-0443

    Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.... Read more

    Affected Products : windows_2000
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0717

    PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and... Read more

    Affected Products : php
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0450

    Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe.... Read more

    Affected Products : web\+_server
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0714

    FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.... Read more

    Affected Products : squid
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0713

    Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (... Read more

    Affected Products : squid
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0703

    An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data.... Read more

    Affected Products : digest-md5
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0715

    Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.... Read more

    Affected Products : squid
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0436

    sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.... Read more

    Affected Products : solaris sunos
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-0716

    Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument.... Read more

    Affected Products : openserver
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-0031

    Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend.... Read more

    Affected Products : messenger
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0680

    Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been r... Read more

    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0701

    ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was runni... Read more

    Affected Products : freebsd openbsd
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0683

    Directory traversal vulnerability in Carello 1.3 allows remote attackers to execute programs on the server via a .. (dot dot) in the VBEXE parameter.... Read more

    Affected Products : carello
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0624

    Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, ... Read more

    Affected Products : sql_server sql_server msde
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-0643

    The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encr... Read more

    Affected Products : sql_server sql_server data_engine
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0686

    Buffer overflow in the search component for iPlanet Web Server (iWS) 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to the NS-rel-doc-name parameter.... Read more

    Affected Products : iplanet_web_server
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0682

    Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.... Read more

    Affected Products : tomcat
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-0673

    The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perfo... Read more

    Affected Products : xpressa
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 294848 Results