Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 151–175 of 31,034 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2009-2367 | CRITICAL | 9.8 | 2009-07-08 | cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force … | |
| CVE-2009-2382 | CRITICAL | 9.8 | 2009-07-08 | admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN. | |
| CVE-2009-2422 | CRITICAL | Patched | 9.8 | 2009-07-10 | The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest bloc… |
| CVE-2009-2494 | CRITICAL | 9.8 | 2009-08-12 | The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attac… | |
| CVE-2009-2512 | CRITICAL | 9.8 | 2009-11-11 | The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allow… | |
| CVE-2009-3421 | CRITICAL | 9.8 | 2009-09-25 | login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting th… | |
| CVE-2009-3555 | CRITICAL | Patched | 9.8 | 2009-11-09 | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and … |
| CVE-2009-3616 | CRITICAL | Patched | 9.9 | 2009-10-23 | Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establi… |
| CVE-2009-3887 | CRITICAL | 9.8 | 2019-10-29 | ytnef has directory traversal | |
| CVE-2009-4013 | CRITICAL | Patched | 9.8 | 2010-02-02 | Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary … |
| CVE-2009-4488 | CRITICAL | 9.8 | 2010-01-13 | Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbi… | |
| CVE-2009-4491 | CRITICAL | 9.8 | 2010-01-13 | thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbi… | |
| CVE-2009-4581 | CRITICAL | Patched | 9.8 | 2010-01-06 | Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execut… |
| CVE-2009-4899 | CRITICAL | 9.8 | 2019-10-28 | pixelpost 1.7.1 has SQL injection | |
| CVE-2009-5041 | CRITICAL | Patched | 9.8 | 2019-10-31 | overkill has buffer overflow via long player names that can corrupt data on the server machine |
| CVE-2009-5042 | CRITICAL | 9.1 | 2019-10-31 | python-docutils allows insecure usage of temporary files | |
| CVE-2009-5043 | CRITICAL | 9.8 | 2019-10-31 | burn allows file names to escape via mishandled quotation marks | |
| CVE-2009-5153 | CRITICAL | Patched | 9.8 | 2018-11-21 | In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attac… |
| CVE-2009-5154 | CRITICAL | 9.8 | 2019-02-09 | An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account. | |
| CVE-2009-5156 | CRITICAL | 9.8 | 2019-06-11 | An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string. | |
| CVE-2010-0211 | CRITICAL | Patched | 9.8 | 2010-07-28 | The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause… |
| CVE-2010-0748 | CRITICAL | Patched | 9.8 | 2019-10-30 | Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. |
| CVE-2010-0840 | CRITICAL | 9.8 | 2010-04-01 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers… | |
| CVE-2010-1205 | CRITICAL | Patched | 9.8 | 2010-06-30 | Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code vi… |
| CVE-2010-1378 | CRITICAL | Patched | 9.8 | 2010-11-15 | OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitra… |