Search
31,026 CVEs · Critical severity
CVEs (31,026, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 31,026 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-1999-0066 | CRITICAL | 9.8 | 1995-07-31 | AnyForm CGI remote execution. | |
| CVE-1999-0043 | CRITICAL | 9.8 | 1996-12-04 | Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. | |
| CVE-1999-0511 | CRITICAL | 9.1 | 1997-01-01 | IP forwarding is enabled on a machine which is not a router or firewall. | |
| CVE-1999-0006 | CRITICAL | 9.8 | 1998-07-14 | Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command. | |
| CVE-1999-0426 | CRITICAL | Patched | 9.8 | 1999-03-01 | The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing. |
| CVE-1999-1324 | CRITICAL | Patched | 9.8 | 1999-12-31 | VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for fai… |
| CVE-1999-1588 | CRITICAL | 9.8 | 1999-12-31 | Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:0… | |
| CVE-2000-1218 | CRITICAL | 9.8 | 2000-04-14 | The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accep… | |
| CVE-2000-0944 | CRITICAL | 9.8 | 2000-12-19 | CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to … | |
| CVE-2001-1339 | CRITICAL | 9.8 | 2001-05-24 | Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to cond… | |
| CVE-2001-0248 | CRITICAL | 9.8 | 2001-06-18 | Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to … | |
| CVE-2001-0249 | CRITICAL | Patched | 9.8 | 2001-06-18 | Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to … |
| CVE-2001-0395 | CRITICAL | 9.8 | 2001-07-02 | Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing. | |
| CVE-2001-1291 | CRITICAL | 9.8 | 2001-07-12 | The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it e… | |
| CVE-2001-0609 | CRITICAL | Patched | 9.8 | 2001-08-02 | Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the … |
| CVE-2001-1155 | CRITICAL | Patched | 9.8 | 2001-08-23 | TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow … |
| CVE-2001-0967 | CRITICAL | Patched | 9.8 | 2001-08-31 | Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to con… |
| CVE-2001-1125 | CRITICAL | Patched | 9.8 | 2001-10-05 | Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing… |
| CVE-2001-0766 | CRITICAL | 9.8 | 2001-10-18 | Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not ma… | |
| CVE-2001-1481 | CRITICAL | Patched | 9.8 | 2001-12-31 | Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attacker… |
| CVE-2001-1496 | CRITICAL | Patched | 9.8 | 2001-12-31 | Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
| CVE-2002-0059 | CRITICAL | Patched | 9.8 | 2002-03-15 | The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "doub… |
| CVE-2002-0083 | CRITICAL | Patched | 9.8 | 2002-03-15 | Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. |
| CVE-2002-0639 | CRITICAL | Patched | 9.8 | 2002-07-03 | Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentic… |
| CVE-2002-0671 | CRITICAL | 9.8 | 2002-07-23 | Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which… |