Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2000-0929

    Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability.... Read more

    Affected Products : windows_media_player
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2000-0987

    Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter.... Read more

    Affected Products : internet_directory oracle8i
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2000-0989

    Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username.... Read more

    Affected Products : inbusiness_email_station
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2000-0923

    authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.... Read more

    Affected Products : aplio_phone
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0945

    The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.... Read more

    Affected Products : catalyst_3500_xl
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0803

    GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.... Read more

    Affected Products : groff
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0818

    The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands.... Read more

    Affected Products : listener
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2000-0906

    Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters.... Read more

    Affected Products : cached_feed.cgi_script
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2000-0888

    named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."... Read more

    Affected Products : debian_linux bind
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2000-0925

    The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information.... Read more

    Affected Products : cyberoffice_shopping_cart
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2000-0993

    Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.... Read more

    Affected Products : freebsd netbsd openbsd
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2000-0978

    bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter.... Read more

    Affected Products : big_brother_network_monitor
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2000-0927

    WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.... Read more

    Affected Products : quotaadvisor
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2000-0810

    Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.... Read more

    Affected Products : auction_weaver
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2000-0996

    Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.... Read more

    Affected Products : openbsd
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2000-0817

    Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability.... Read more

    Affected Products : network_monitor
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0961

    Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command.... Read more

    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2000-0909

    Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.... Read more

    Affected Products : linux pine
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2000-0919

    Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.... Read more

    Affected Products : phpix
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2000-1212

    Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.... Read more

    Affected Products : zope
    • Published: Dec. 18, 2000
    • Modified: Apr. 03, 2025
Showing 20 of 294742 Results