Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 476–500 of 31,027 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2016-2008 | CRITICAL | Patched | 9.8 | 2016-04-21 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2016-3427 | CRITICAL | Patched | 9.8 | 2016-04-21 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, … |
| CVE-2016-3443 | CRITICAL | 9.6 | 2016-04-21 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. … | |
| CVE-2016-3454 | CRITICAL | 9.0 | 2016-04-21 | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, … | |
| CVE-2016-3466 | CRITICAL | 9.1 | 2016-04-21 | Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and … | |
| CVE-2016-2331 | CRITICAL | Patched | 9.8 | 2016-04-25 | The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote at… |
| CVE-2016-1601 | CRITICAL | Patched | 9.8 | 2016-04-26 | yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the prof… |
| CVE-2016-3074 | CRITICAL | Patched | 9.8 | 2016-04-26 | Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary co… |
| CVE-2016-3082 | CRITICAL | Patched | 9.8 | 2016-04-26 | XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet… |
| CVE-2016-4002 | CRITICAL | Patched | 9.8 | 2016-04-26 | Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a de… |
| CVE-2015-8812 | CRITICAL | Patched | 9.8 | 2016-04-27 | drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or… |
| CVE-2016-1343 | CRITICAL | 10.0 | 2016-04-30 | The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an extern… | |
| CVE-2016-2108 | CRITICAL | Patched | 9.8 | 2016-05-05 | The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow a… |
| CVE-2016-4351 | CRITICAL | Patched | 9.8 | 2016-05-05 | SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arb… |
| CVE-2016-1387 | CRITICAL | 9.8 | 2016-05-05 | The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePrese… | |
| CVE-2015-0857 | CRITICAL | 9.8 | 2016-05-06 | Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. | |
| CVE-2015-8863 | CRITICAL | Patched | 9.8 | 2016-05-06 | Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a … |
| CVE-2016-4422 | CRITICAL | 9.8 | 2016-05-06 | The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account. | |
| CVE-2013-7455 | CRITICAL | Patched | 9.8 | 2016-05-07 | Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a m… |
| CVE-2015-6550 | CRITICAL | Patched | 9.8 | 2016-05-07 | bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x throu… |
| CVE-2015-6552 | CRITICAL | Patched | 9.8 | 2016-05-07 | The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBa… |
| CVE-2016-2351 | CRITICAL | Patched | 9.8 | 2016-05-07 | SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbi… |
| CVE-2016-2428 | CRITICAL | Patched | 9.8 | 2016-05-09 | libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the numbe… |
| CVE-2016-2429 | CRITICAL | Patched | 9.8 | 2016-05-09 | libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on u… |
| CVE-2016-4350 | CRITICAL | Patched | 9.8 | 2016-05-09 | Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 al… |