Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 251–275 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2015-8389 | CRITICAL | Patched | 9.8 | 2015-12-02 | PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly ha… |
| CVE-2015-8390 | CRITICAL | Patched | 9.8 | 2015-12-02 | PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibl… |
| CVE-2015-8391 | CRITICAL | Patched | 9.8 | 2015-12-02 | The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) … |
| CVE-2015-8394 | CRITICAL | Patched | 9.8 | 2015-12-02 | PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have un… |
| CVE-2015-6764 | CRITICAL | Patched | 9.8 | 2015-12-06 | The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loa… |
| CVE-2015-6420 | CRITICAL | Patched | 9.8 | 2015-12-15 | Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network … |
| CVE-2015-7755 | CRITICAL | Patched | 9.8 | 2015-12-19 | Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.… |
| CVE-2015-7919 | CRITICAL | Patched | 10.0 | 2015-12-21 | SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors. |
| CVE-2015-7911 | CRITICAL | Patched | 9.1 | 2015-12-23 | Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and P… |
| CVE-2015-7926 | CRITICAL | Patched | 9.9 | 2015-12-23 | eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unsp… |
| CVE-2015-8267 | CRITICAL | Patched | 10.0 | 2015-12-24 | The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to… |
| CVE-2015-7930 | CRITICAL | 10.0 | 2015-12-24 | Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | |
| CVE-2015-6792 | CRITICAL | Patched | 9.8 | 2015-12-24 | The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a de… |
| CVE-2015-6537 | CRITICAL | 9.8 | 2015-12-27 | SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL. | |
| CVE-2015-6538 | CRITICAL | 9.8 | 2015-12-27 | The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and conseque… | |
| CVE-2015-8459 | CRITICAL | Patched | 10.0 | 2015-12-28 | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK be… |
| CVE-2015-7251 | CRITICAL | Patched | 9.8 | 2015-12-30 | ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative a… |
| CVE-2015-7792 | CRITICAL | 9.8 | 2015-12-30 | Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors. | |
| CVE-2015-2874 | CRITICAL | Patched | 9.8 | 2015-12-31 | Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default passwo… |
| CVE-2015-5995 | CRITICAL | Patched | 9.8 | 2015-12-31 | Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain adm… |
| CVE-2015-6016 | CRITICAL | Patched | 9.8 | 2015-12-31 | ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the adm… |
| CVE-2015-6018 | CRITICAL | Patched | 9.8 | 2015-12-31 | The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAdd… |
| CVE-2015-7277 | CRITICAL | Patched | 9.8 | 2015-12-31 | The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attacker… |
| CVE-2015-7280 | CRITICAL | Patched | 9.8 | 2015-12-31 | The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to… |
| CVE-2015-5988 | CRITICAL | Patched | 9.8 | 2015-12-31 | The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by le… |