Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2015-5989 | CRITICAL | Patched | 9.8 | 2015-12-31 | Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via … |
| CVE-2015-7426 | CRITICAL | Patched | 10.0 | 2016-01-02 | The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environ… |
| CVE-2015-7450 | CRITICAL | Patched | 9.8 | 2016-01-02 | Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute ar… |
| CVE-2016-1283 | CRITICAL | Patched | 9.8 | 2016-01-03 | The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'… |
| CVE-2015-6636 | CRITICAL | Patched | 9.8 | 2016-01-06 | mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) … |
| CVE-2015-6642 | CRITICAL | Patched | 9.8 | 2016-01-06 | The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mech… |
| CVE-2015-8261 | CRITICAL | Patched | 9.8 | 2016-01-08 | The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to condu… |
| CVE-2015-5254 | CRITICAL | Patched | 9.8 | 2016-01-08 | Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted … |
| CVE-2015-7554 | CRITICAL | 9.8 | 2016-01-08 | The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other … | |
| CVE-2015-8668 | CRITICAL | Patched | 9.8 | 2016-01-08 | Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or… |
| CVE-2015-8753 | CRITICAL | 9.1 | 2016-01-08 | SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP… | |
| CVE-2015-8761 | CRITICAL | Patched | 9.0 | 2016-01-08 | The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execu… |
| CVE-2015-8557 | CRITICAL | 9.0 | 2016-01-08 | The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharact… | |
| CVE-2015-7512 | CRITICAL | Patched | 9.0 | 2016-01-08 | Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS c… |
| CVE-2015-7541 | CRITICAL | Patched | 10.0 | 2016-01-08 | The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitr… |
| CVE-2015-7938 | CRITICAL | Patched | 9.8 | 2016-01-09 | Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors. |
| CVE-2015-7939 | CRITICAL | Patched | 9.6 | 2016-01-09 | Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename. |
| CVE-2015-8098 | CRITICAL | Patched | 9.8 | 2016-01-12 | F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via… |
| CVE-2015-8659 | CRITICAL | Patched | 10.0 | 2016-01-12 | The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. |
| CVE-2015-8396 | CRITICAL | Patched | 10.0 | 2016-01-12 | Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows… |
| CVE-2015-8611 | CRITICAL | 9.8 | 2016-01-12 | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords… | |
| CVE-2016-0003 | CRITICAL | 9.6 | 2016-01-13 | Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability." | |
| CVE-2016-0933 | CRITICAL | Patched | 9.8 | 2016-01-14 | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Wind… |
| CVE-2016-0940 | CRITICAL | Patched | 9.8 | 2016-01-14 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Contin… |
| CVE-2016-0942 | CRITICAL | Patched | 9.8 | 2016-01-14 | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Wind… |