Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 401–425 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2016-1997 | CRITICAL | Patched | 9.8 | 2016-03-22 | HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serializ… |
| CVE-2016-1998 | CRITICAL | Patched | 9.8 | 2016-03-22 | HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to … |
| CVE-2015-6853 | CRITICAL | 9.1 | 2016-03-24 | The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52… | |
| CVE-2015-6854 | CRITICAL | 9.1 | 2016-03-24 | The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attacker… | |
| CVE-2016-1741 | CRITICAL | Patched | 9.8 | 2016-03-24 | The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of ser… |
| CVE-2016-1761 | CRITICAL | Patched | 9.8 | 2016-03-24 | libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupti… |
| CVE-2016-3141 | CRITICAL | Patched | 9.8 | 2016-03-31 | Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corru… |
| CVE-2016-2343 | CRITICAL | 9.8 | 2016-04-01 | Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL s… | |
| CVE-2015-8519 | CRITICAL | Patched | 9.8 | 2016-04-05 | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, … |
| CVE-2015-8520 | CRITICAL | Patched | 9.8 | 2016-04-05 | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, … |
| CVE-2015-8521 | CRITICAL | Patched | 9.8 | 2016-04-05 | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, … |
| CVE-2015-8522 | CRITICAL | Patched | 9.8 | 2016-04-05 | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, … |
| CVE-2016-2000 | CRITICAL | 9.8 | 2016-04-05 | HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java obje… | |
| CVE-2015-7921 | CRITICAL | Patched | 9.1 | 2016-04-06 | The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, w… |
| CVE-2016-1291 | CRITICAL | 9.8 | 2016-04-06 | Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deser… | |
| CVE-2016-1313 | CRITICAL | 9.8 | 2016-04-06 | Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which… | |
| CVE-2016-1019 | CRITICAL | Patched | 9.8 | 2016-04-07 | Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vector… |
| CVE-2016-3974 | CRITICAL | Patched | 9.1 | 2016-04-07 | XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct S… |
| CVE-2016-0729 | CRITICAL | Patched | 9.8 | 2016-04-07 | Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote… |
| CVE-2016-0788 | CRITICAL | Patched | 9.8 | 2016-04-07 | The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. |
| CVE-2016-0791 | CRITICAL | Patched | 9.8 | 2016-04-07 | Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protecti… |
| CVE-2016-2563 | CRITICAL | Patched | 9.8 | 2016-04-07 | Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack me… |
| CVE-2016-2851 | CRITICAL | Patched | 9.8 | 2016-04-07 | Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or exe… |
| CVE-2016-2315 | CRITICAL | Patched | 9.8 | 2016-04-08 | revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees… |
| CVE-2016-2324 | CRITICAL | Patched | 9.8 | 2016-04-08 | Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer … |