Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 126–150 of 31,034 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2008-1511 | CRITICAL | 9.8 | 2008-03-25 | Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) c… | |
| CVE-2008-2108 | CRITICAL | Patched | 9.8 | 2008-05-07 | The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during… |
| CVE-2008-2369 | CRITICAL | Patched | 9.1 | 2008-08-14 | manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitiv… |
| CVE-2008-2374 | CRITICAL | Patched | 9.8 | 2008-07-07 | src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which a… |
| CVE-2008-2433 | CRITICAL | Patched | 9.8 | 2008-08-27 | The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random sessi… |
| CVE-2008-3465 | CRITICAL | 9.8 | 2008-12-10 | Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-depen… | |
| CVE-2008-3604 | CRITICAL | 9.8 | 2008-08-12 | SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter. | |
| CVE-2008-3612 | CRITICAL | Patched | 9.8 | 2008-09-11 | The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers t… |
| CVE-2008-3738 | CRITICAL | Patched | 9.1 | 2008-08-27 | Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors. |
| CVE-2008-4250 | CRITICAL | 9.8 | 2008-10-23 | The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execut… | |
| CVE-2008-4835 | CRITICAL | 9.8 | 2009-01-14 | SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arb… | |
| CVE-2008-5038 | CRITICAL | Patched | 9.8 | 2008-11-12 | Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attacke… |
| CVE-2008-5784 | CRITICAL | 9.8 | 2008-12-31 | V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | |
| CVE-2008-7109 | CRITICAL | 9.8 | 2009-08-28 | The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a m… | |
| CVE-2008-7291 | CRITICAL | Patched | 9.8 | 2019-11-08 | gri before 2.12.18 generates temporary files in an insecure way. |
| CVE-2008-7313 | CRITICAL | Patched | 9.8 | 2017-03-31 | The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. |
| CVE-2008-7315 | CRITICAL | 9.8 | 2017-10-10 | UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands. | |
| CVE-2008-7319 | CRITICAL | Patched | 9.8 | 2017-11-07 | The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backtic… |
| CVE-2009-0947 | CRITICAL | Patched | 9.8 | 2021-06-02 | Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02. |
| CVE-2009-0948 | CRITICAL | Patched | 9.8 | 2021-06-02 | Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02. |
| CVE-2009-1048 | CRITICAL | Patched | 9.8 | 2009-08-14 | The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 all… |
| CVE-2009-1120 | CRITICAL | Patched | 9.8 | 2020-01-15 | EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the… |
| CVE-2009-1151 | CRITICAL | Patched | 9.8 | 2009-03-26 | Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a con… |
| CVE-2009-1936 | CRITICAL | Patched | 9.8 | 2009-06-05 | _functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a prote… |
| CVE-2009-2168 | CRITICAL | Patched | 9.8 | 2009-06-22 | cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allo… |