Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2001-0486

    Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353.... Read more

    Affected Products : bordermanager
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2001-0405

    ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the f... Read more

    Affected Products : linux_kernel linux
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-0437

    upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.... Read more

    Affected Products : dcforum dcforum_2000
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2001-0262

    Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.... Read more

    Affected Products : smartdownload
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-0327

    iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request, which reveals memory in the Location: ... Read more

    Affected Products : iplanet_web_server
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2001-1084

    Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error ... Read more

    Affected Products : jrun
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0438

    Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu.... Read more

    Affected Products : timbuktu_mac
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2001-0421

    FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could rel... Read more

    Affected Products : solaris sunos
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0432

    Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands.... Read more

    Affected Products : interscan_viruswall
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2001-1159

    load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary co... Read more

    Affected Products : squirrelmail
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2001-0387

    Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument.... Read more

    Affected Products : hylafax
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-0429

    Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.... Read more

    Affected Products : catos
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-0389

    IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument.... Read more

    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-0396

    The pre-login mode in the System Administrator interface of Lightwave ConsoleServer 3200 allows remote attackers to obtain sensitive information such as system status, configuration, and users.... Read more

    Affected Products : consoleserver
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-0390

    IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters.... Read more

    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-0430

    Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.... Read more

    Affected Products : debian_linux
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-0428

    Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option.... Read more

    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-0391

    Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory.... Read more

    Affected Products : xitami
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2001-1441

    Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message.... Read more

    Affected Products : visualage_for_java
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2001-0435

    The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate.... Read more

    Affected Products : pgp
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025
Showing 20 of 293557 Results