Input Validation に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
2002 年に公開され、Input Validation に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2002-2423 | Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response. | 6.4 | 0.27% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2421 | acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2. | 7.8 | 0.46% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2420 | site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. | 7.5 | 8.75% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2415 | Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service. | 6.8 | 0.85% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2406 | Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request. | 5.0 | 1.59% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2393 | Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands. | 5.0 | 7.29% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2371 | Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header. | 7.8 | 1.00% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2365 | Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character. | 10.0 | 1.94% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2354 | Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests. | 7.8 | 0.98% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2338 | The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. | 5.0 | 7.42% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2329 | ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons. | 7.8 | 1.00% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2328 | Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request. | 7.1 | 37.66% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2325 | The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field. | 7.8 | 6.26% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2322 | Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords. | 5.0 | 0.48% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2314 | Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. | 5.0 | 13.17% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2239 | The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet. | 7.8 | 0.71% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2237 | tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a denial of service via a GET request with a DOS device name such as com1 or aux. | 5.0 | 1.80% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2236 | Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code. | 10.0 | 4.29% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2228 | MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner. | 6.4 | 0.23% | 2002-12-31 | 2026-04-16 |
| CVE-2002-1979 | WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server. | 7.5 | 0.22% | 2002-12-31 | 2026-04-16 |