Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2000-0982

    Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Crede... Read more

    Affected Products : internet_explorer
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2000-0975

    Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a .. (dot dot) attack.... Read more

    Affected Products : foundation_directory
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2000-0992

    Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.... Read more

    Affected Products : openssh ssh
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2000-0915

    fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name.... Read more

    Affected Products : freebsd
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2000-0886

    IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.... Read more

    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0952

    global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters.... Read more

    Affected Products : global
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2000-0960

    The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse.... Read more

    Affected Products : messaging_server
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0917

    Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.... Read more

    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2000-0948

    GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.... Read more

    Affected Products : gnorpm
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0941

    Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter.... Read more

    Affected Products : kootenay_web_inc_whois
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2000-1212

    Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.... Read more

    Affected Products : zope
    • Published: Dec. 18, 2000
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2000-1211

    Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.... Read more

    Affected Products : zope
    • Published: Dec. 16, 2000
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-1999-1579

    The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the ... Read more

    Affected Products : windows_nt
    • Published: Dec. 14, 2000
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2000-1015

    The default configuration of Slashcode before version 2.0 Alpha has a default administrative password, which allows remote attackers to gain Slashcode privileges and possibly execute arbitrary commands.... Read more

    Affected Products : slashcode
    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2000-1007

    I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors.... Read more

    Affected Products : i-gear
    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2000-1057

    Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions.... Read more

    Affected Products : openview_network_node_manager
    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-1043

    Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.... Read more

    Affected Products : mandrake_linux
    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2000-1066

    The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname.... Read more

    Affected Products : freebsd
    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-1029

    Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query.... Read more

    Affected Products : bind
    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2000-1037

    Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.... Read more

    Affected Products : firewall-1
    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025
Showing 20 of 293973 Results