Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 251–275 of 31,034 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2011-3583 | CRITICAL | Patched | 9.8 | 2019-11-26 | It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerab… |
| CVE-2011-3584 | CRITICAL | Patched | 9.8 | 2019-11-26 | The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input. |
| CVE-2011-3614 | CRITICAL | Patched | 9.8 | 2020-01-22 | An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9. |
| CVE-2011-3621 | CRITICAL | Patched | 9.8 | 2020-01-22 | A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled. |
| CVE-2011-3642 | CRITICAL | Patched | 9.6 | 2020-02-08 | Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers… |
| CVE-2011-3923 | CRITICAL | Patched | 9.8 | 2019-11-01 | Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. |
| CVE-2011-4068 | CRITICAL | Patched | 9.8 | 2018-02-01 | The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password. |
| CVE-2011-4069 | CRITICAL | Patched | 9.8 | 2018-02-01 | html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username. |
| CVE-2011-4094 | CRITICAL | 9.8 | 2020-01-21 | Jara 1.6 has a SQL injection vulnerability. | |
| CVE-2011-4119 | CRITICAL | Patched | 9.8 | 2021-10-26 | caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install. |
| CVE-2011-4120 | CRITICAL | Patched | 9.8 | 2019-11-26 | Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the… |
| CVE-2011-4121 | CRITICAL | Patched | 9.8 | 2019-11-26 | The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A … |
| CVE-2011-4124 | CRITICAL | 9.8 | 2021-10-27 | Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges. | |
| CVE-2011-4125 | CRITICAL | 9.8 | 2021-10-27 | A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root. | |
| CVE-2011-4372 | CRITICAL | Patched | 9.8 | 2012-01-10 | Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corrupti… |
| CVE-2011-4373 | CRITICAL | Patched | 9.8 | 2012-01-10 | Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corrupti… |
| CVE-2011-4574 | CRITICAL | Patched | 9.8 | 2021-10-27 | PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer… |
| CVE-2011-4628 | CRITICAL | Patched | 9.8 | 2019-11-06 | TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. |
| CVE-2011-4889 | CRITICAL | Patched | 9.8 | 2018-02-08 | The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, a… |
| CVE-2011-4906 | CRITICAL | Patched | 9.8 | 2020-02-12 | Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. |
| CVE-2011-4908 | CRITICAL | Patched | 9.8 | 2020-02-12 | TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. |
| CVE-2011-4943 | CRITICAL | Patched | 9.8 | 2020-01-22 | ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13) |
| CVE-2011-4973 | CRITICAL | 9.8 | 2018-02-15 | Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as th… | |
| CVE-2011-5020 | CRITICAL | 9.8 | 2020-01-10 | An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011. | |
| CVE-2011-5266 | CRITICAL | Patched | 9.8 | 2020-01-08 | Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. |