Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 26–50 of 31,027 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2002-0391 | CRITICAL | Patched | 9.8 | 2002-08-12 | Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers … |
| CVE-2002-1347 | CRITICAL | Patched | 9.8 | 2002-12-18 | Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long input… |
| CVE-2002-1798 | CRITICAL | 9.1 | 2002-12-31 | MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information … | |
| CVE-2002-1816 | CRITICAL | Patched | 9.8 | 2002-12-31 | Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ATPhttpd 0.4b and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. |
| CVE-2002-1820 | CRITICAL | 9.8 | 2002-12-31 | register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator… | |
| CVE-2002-2119 | CRITICAL | 9.8 | 2002-12-31 | Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing. | |
| CVE-2002-1484 | CRITICAL | 9.8 | 2003-04-22 | DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via … | |
| CVE-2003-0174 | CRITICAL | Patched | 9.8 | 2003-05-12 | The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attacke… |
| CVE-2003-0356 | CRITICAL | Patched | 9.8 | 2003-06-09 | Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, … |
| CVE-2003-0252 | CRITICAL | Patched | 9.8 | 2003-08-18 | Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly ex… |
| CVE-2003-0466 | CRITICAL | Patched | 9.8 | 2003-08-27 | Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.… |
| CVE-2003-0791 | CRITICAL | Patched | 9.8 | 2003-10-07 | The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.tha… |
| CVE-2003-0899 | CRITICAL | Patched | 9.8 | 2003-11-03 | Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which t… |
| CVE-2003-0545 | CRITICAL | 9.8 | 2003-11-17 | Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate wi… | |
| CVE-2003-1233 | CRITICAL | Patched | 9.8 | 2003-12-31 | Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel … |
| CVE-2004-0030 | CRITICAL | 9.8 | 2004-01-20 | PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute… | |
| CVE-2004-0005 | CRITICAL | 9.8 | 2004-03-03 | Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that c… | |
| CVE-2004-0434 | CRITICAL | Patched | 9.8 | 2004-07-07 | k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, … |
| CVE-2004-2061 | CRITICAL | 9.8 | 2004-07-27 | RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a… | |
| CVE-2004-1363 | CRITICAL | 9.8 | 2004-08-04 | Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the lengt… | |
| CVE-2004-0772 | CRITICAL | Patched | 9.8 | 2004-10-20 | Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code. |
| CVE-2004-0847 | CRITICAL | Patched | 9.8 | 2004-11-03 | The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request cont… |
| CVE-2004-0285 | CRITICAL | 9.8 | 2004-11-23 | PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PH… | |
| CVE-2004-2154 | CRITICAL | Patched | 9.8 | 2004-12-31 | CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or… |
| CVE-2004-2214 | CRITICAL | Patched | 9.8 | 2004-12-31 | Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters. |