Search
31,035 CVEs · Critical severity
CVEs (31,035, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 301–325 of 31,035 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2012-1516 | CRITICAL | 9.9 | 2012-05-04 | The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memo… | |
| CVE-2012-1577 | CRITICAL | 9.8 | 2019-12-10 | lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. | |
| CVE-2012-1622 | CRITICAL | Patched | 9.8 | 2017-10-26 | Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2012-1710 | CRITICAL | 9.8 | 2012-05-03 | Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integr… | |
| CVE-2012-1723 | CRITICAL | Patched | 9.8 | 2012-06-16 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.… |
| CVE-2012-1823 | CRITICAL | Patched | 9.8 | 2012-05-11 | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equal… |
| CVE-2012-1891 | CRITICAL | 9.8 | 2012-07-10 | Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbit… | |
| CVE-2012-2087 | CRITICAL | 9.8 | 2020-01-23 | ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. | |
| CVE-2012-2166 | CRITICAL | Patched | 9.8 | 2018-02-08 | IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified … |
| CVE-2012-2226 | CRITICAL | Patched | 9.8 | 2020-01-09 | Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uplo… |
| CVE-2012-2239 | CRITICAL | Patched | 9.1 | 2012-11-24 | Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack… |
| CVE-2012-2576 | CRITICAL | Patched | 9.8 | 2017-12-20 | SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler be… |
| CVE-2012-2666 | CRITICAL | 9.8 | 2021-07-09 | golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. | |
| CVE-2012-2714 | CRITICAL | Patched | 9.8 | 2020-01-09 | The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier. |
| CVE-2012-2771 | CRITICAL | Patched | 9.8 | 2017-08-09 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE… |
| CVE-2012-2773 | CRITICAL | Patched | 9.8 | 2017-08-09 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE… |
| CVE-2012-2778 | CRITICAL | Patched | 9.8 | 2017-08-09 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE… |
| CVE-2012-2780 | CRITICAL | Patched | 9.8 | 2017-08-09 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE… |
| CVE-2012-2781 | CRITICAL | Patched | 9.8 | 2017-08-09 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE… |
| CVE-2012-2926 | CRITICAL | Patched | 9.1 | 2012-05-22 | Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; … |
| CVE-2012-3152 | CRITICAL | 9.1 | 2012-10-16 | Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confident… | |
| CVE-2012-3363 | CRITICAL | Patched | 9.1 | 2013-02-13 | Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary… |
| CVE-2012-3460 | CRITICAL | 9.8 | 2019-11-21 | cumin: At installation postgresql database user created without password | |
| CVE-2012-3503 | CRITICAL | Patched | 9.8 | 2012-08-25 | The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the … |
| CVE-2012-3807 | CRITICAL | Patched | 9.8 | 2020-01-09 | Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. |