Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 226–250 of 31,034 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2011-1151 | CRITICAL | 9.1 | 2020-02-05 | Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. | |
| CVE-2011-1180 | CRITICAL | Patched | 9.8 | 2013-06-08 | Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause… |
| CVE-2011-1460 | CRITICAL | Patched | 9.8 | 2019-11-05 | WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks. |
| CVE-2011-1517 | CRITICAL | 9.8 | 2020-02-05 | SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker c… | |
| CVE-2011-1889 | CRITICAL | 9.8 | 2011-06-16 | The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors in… | |
| CVE-2011-1930 | CRITICAL | Patched | 9.8 | 2019-11-14 | In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially cra… |
| CVE-2011-1933 | CRITICAL | Patched | 9.8 | 2019-11-26 | SQL injection vulnerability in Jifty::DBI before 0.68. |
| CVE-2011-1935 | CRITICAL | Patched | 9.8 | 2017-10-20 | pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send ar… |
| CVE-2011-1939 | CRITICAL | Patched | 9.8 | 2019-11-26 | SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. |
| CVE-2011-2013 | CRITICAL | 9.8 | 2011-11-08 | Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to… | |
| CVE-2011-2195 | CRITICAL | 9.8 | 2021-10-26 | A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a … | |
| CVE-2011-2337 | CRITICAL | Patched | 9.8 | 2019-11-07 | A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms. |
| CVE-2011-2462 | CRITICAL | Patched | 9.8 | 2011-12-07 | Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows re… |
| CVE-2011-2523 | CRITICAL | 9.8 | 2019-11-27 | vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp. | |
| CVE-2011-2715 | CRITICAL | 9.8 | 2020-01-14 | An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names. | |
| CVE-2011-2717 | CRITICAL | Patched | 9.8 | 2019-11-27 | The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname … |
| CVE-2011-2767 | CRITICAL | Patched | 9.8 | 2018-08-26 | mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is n… |
| CVE-2011-2897 | CRITICAL | Patched | 9.8 | 2019-11-12 | gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw |
| CVE-2011-2921 | CRITICAL | Patched | 9.8 | 2019-11-19 | ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with ro… |
| CVE-2011-2936 | CRITICAL | Patched | 9.8 | 2019-11-12 | Elgg through 1.7.10 has a SQL injection vulnerability |
| CVE-2011-3188 | CRITICAL | Patched | 9.1 | 2012-05-24 | The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which… |
| CVE-2011-3203 | CRITICAL | Patched | 9.8 | 2020-01-14 | A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2. |
| CVE-2011-3350 | CRITICAL | Patched | 9.8 | 2019-11-19 | masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping. |
| CVE-2011-3428 | CRITICAL | Patched | 9.8 | 2017-04-24 | Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code. |
| CVE-2011-3544 | CRITICAL | Patched | 9.8 | 2011-10-19 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start appli… |