Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 176–200 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2012-3503 | CRITICAL | Patched | 9.8 | 2012-08-25 | The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the … |
| CVE-2012-4681 | CRITICAL | 9.8 | 2012-08-28 | Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a cra… | |
| CVE-2012-5376 | CRITICAL | Patched | 9.6 | 2012-10-11 | The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbit… |
| CVE-2012-5076 | CRITICAL | 9.8 | 2012-10-16 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integr… | |
| CVE-2012-3152 | CRITICAL | 9.1 | 2012-10-16 | Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confident… | |
| CVE-2012-4406 | CRITICAL | Patched | 9.8 | 2012-10-22 | OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remo… |
| CVE-2012-2239 | CRITICAL | Patched | 9.1 | 2012-11-24 | Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack… |
| CVE-2012-4787 | CRITICAL | 9.0 | 2012-12-12 | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an obj… | |
| CVE-2013-0625 | CRITICAL | 9.8 | 2013-01-09 | Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecif… | |
| CVE-2013-0422 | CRITICAL | Patched | 9.8 | 2013-01-10 | Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMB… |
| CVE-2013-0632 | CRITICAL | 9.8 | 2013-01-17 | administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RD… | |
| CVE-2012-6068 | CRITICAL | 9.8 | 2013-01-21 | The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interf… | |
| CVE-2012-6069 | CRITICAL | 10.0 | 2013-01-21 | The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended… | |
| CVE-2012-6437 | CRITICAL | Patched | 9.8 | 2013-01-24 | The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or l… |
| CVE-2013-1591 | CRITICAL | Patched | 9.8 | 2013-01-31 | Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: … |
| CVE-2013-1465 | CRITICAL | Patched | 9.8 | 2013-02-08 | The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shippi… |
| CVE-2013-0022 | CRITICAL | 9.0 | 2013-02-13 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted obj… | |
| CVE-2012-3363 | CRITICAL | Patched | 9.1 | 2013-02-13 | Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary… |
| CVE-2013-2729 | CRITICAL | Patched | 9.8 | 2013-05-16 | Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vector… |
| CVE-2011-1180 | CRITICAL | Patched | 9.8 | 2013-06-08 | Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause… |
| CVE-2013-2465 | CRITICAL | 9.8 | 2013-06-18 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier,… | |
| CVE-2013-2251 | CRITICAL | Patched | 9.8 | 2013-07-20 | Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectA… |
| CVE-2013-3346 | CRITICAL | Patched | 9.8 | 2013-08-30 | Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corrup… |
| CVE-2013-4810 | CRITICAL | 9.8 | 2013-09-16 | HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitra… | |
| CVE-2013-6014 | CRITICAL | Patched | 9.3 | 2013-10-28 | Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12… |