Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 126–150 of 31,027 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2009-3421 | CRITICAL | 9.8 | 2009-09-25 | login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting th… | |
| CVE-2009-3616 | CRITICAL | Patched | 9.9 | 2009-10-23 | Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establi… |
| CVE-2009-3555 | CRITICAL | Patched | 9.8 | 2009-11-09 | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and … |
| CVE-2009-2512 | CRITICAL | 9.8 | 2009-11-11 | The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allow… | |
| CVE-2009-4581 | CRITICAL | Patched | 9.8 | 2010-01-06 | Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execut… |
| CVE-2009-4488 | CRITICAL | 9.8 | 2010-01-13 | Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbi… | |
| CVE-2009-4491 | CRITICAL | 9.8 | 2010-01-13 | thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbi… | |
| CVE-2009-4013 | CRITICAL | Patched | 9.8 | 2010-02-02 | Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary … |
| CVE-2010-0840 | CRITICAL | 9.8 | 2010-04-01 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers… | |
| CVE-2010-1866 | CRITICAL | Patched | 9.8 | 2010-05-07 | The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and poss… |
| CVE-2010-1573 | CRITICAL | Patched | 9.8 | 2010-06-10 | Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote … |
| CVE-2010-1205 | CRITICAL | Patched | 9.8 | 2010-06-30 | Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code vi… |
| CVE-2010-0211 | CRITICAL | Patched | 9.8 | 2010-07-28 | The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause… |
| CVE-2010-2965 | CRITICAL | Patched | 9.8 | 2010-08-05 | The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and othe… |
| CVE-2010-2861 | CRITICAL | Patched | 9.8 | 2010-08-11 | Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the local… |
| CVE-2010-2076 | CRITICAL | Patched | 9.8 | 2010-08-19 | Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, an… |
| CVE-2010-3416 | CRITICAL | Patched | 9.8 | 2010-09-16 | Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or pos… |
| CVE-2010-3729 | CRITICAL | Patched | 9.8 | 2010-10-05 | The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspe… |
| CVE-2010-4039 | CRITICAL | Patched | 9.8 | 2010-10-21 | Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors. |
| CVE-2010-4041 | CRITICAL | Patched | 9.8 | 2010-10-21 | The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended a… |
| CVE-2010-4042 | CRITICAL | Patched | 9.8 | 2010-10-21 | Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact … |
| CVE-2010-3765 | CRITICAL | Patched | 9.8 | 2010-10-28 | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is e… |
| CVE-2010-2941 | CRITICAL | Patched | 9.8 | 2010-11-05 | ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a den… |
| CVE-2010-4197 | CRITICAL | Patched | 9.8 | 2010-11-06 | Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of… |
| CVE-2010-4201 | CRITICAL | Patched | 9.8 | 2010-11-06 | Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors i… |