Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 326–350 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2015-8772 | CRITICAL | 9.1 | 2016-01-29 | McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service … | |
| CVE-2015-7923 | CRITICAL | Patched | 9.0 | 2016-01-30 | Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptog… |
| CVE-2016-1985 | CRITICAL | 10.0 | 2016-01-30 | HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Coll… | |
| CVE-2016-1930 | CRITICAL | Patched | 9.8 | 2016-01-31 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of servi… |
| CVE-2016-1931 | CRITICAL | Patched | 10.0 | 2016-01-31 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and applica… |
| CVE-2016-1944 | CRITICAL | Patched | 9.8 | 2016-01-31 | The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) o… |
| CVE-2016-1946 | CRITICAL | Patched | 9.8 | 2016-01-31 | The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow r… |
| CVE-2015-5344 | CRITICAL | Patched | 9.8 | 2016-02-03 | The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object… |
| CVE-2015-8747 | CRITICAL | Patched | 10.0 | 2016-02-03 | The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. |
| CVE-2016-1505 | CRITICAL | Patched | 10.0 | 2016-02-03 | The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore. |
| CVE-2016-1906 | CRITICAL | 9.8 | 2016-02-03 | Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. | |
| CVE-2015-7915 | CRITICAL | Patched | 9.8 | 2016-02-06 | Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. |
| CVE-2016-0801 | CRITICAL | Patched | 9.8 | 2016-02-07 | The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or… |
| CVE-2016-0803 | CRITICAL | Patched | 9.8 | 2016-02-07 | libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a d… |
| CVE-2016-0804 | CRITICAL | Patched | 9.8 | 2016-02-07 | The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G a… |
| CVE-2015-8787 | CRITICAL | Patched | 9.8 | 2016-02-08 | The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer deref… |
| CVE-2016-2230 | CRITICAL | 9.8 | 2016-02-08 | OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session. | |
| CVE-2014-9757 | CRITICAL | Patched | 9.8 | 2016-02-08 | The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code … |
| CVE-2015-3252 | CRITICAL | Patched | 9.8 | 2016-02-08 | Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to t… |
| CVE-2015-8360 | CRITICAL | Patched | 9.8 | 2016-02-08 | An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. |
| CVE-2015-8361 | CRITICAL | Patched | 9.1 | 2016-02-08 | Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive inf… |
| CVE-2016-0949 | CRITICAL | Patched | 9.8 | 2016-02-10 | Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL. |
| CVE-2016-0951 | CRITICAL | Patched | 9.8 | 2016-02-10 | Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (mem… |
| CVE-2016-0952 | CRITICAL | Patched | 9.8 | 2016-02-10 | Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (mem… |
| CVE-2016-0953 | CRITICAL | Patched | 9.8 | 2016-02-10 | Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (mem… |