CVE-2005-3625 — CVSS 10.0 (critical): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-2005-2700 — CVSS 10.0 (critical): ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not…
CVE-2015-2788 — CVSS 10.0 (critical): Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have…
CVE-2015-2740 — CVSS 10.0 (critical): Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and…
CVE-2004-1052 — CVSS 10.0 (critical): Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary…
CVE-2004-0994 — CVSS 10.0 (critical): Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height…
CVE-2015-2739 — CVSS 10.0 (critical): The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird…
CVE-2004-0981 — CVSS 10.0 (critical): Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain…
CVE-2004-0980 — CVSS 10.0 (critical): Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service…
CVE-2002-1235 — CVSS 10.0 (critical): The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and…
CVE-2004-0964 — CVSS 10.0 (critical): Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary…
CVE-2004-0889 — CVSS 10.0 (critical): Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of…
CVE-2004-0888 — CVSS 10.0 (critical): Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote…
CVE-2004-0836 — CVSS 10.0 (critical): Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a…
CVE-2003-0098 — CVSS 10.0 (critical): Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via…
CVE-2004-0522 — CVSS 10.0 (critical): Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.
CVE-2004-0451 — CVSS 10.0 (critical): Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows…
CVE-2003-0648 — CVSS 10.0 (critical): Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.
CVE-2015-8104 — CVSS 10.0 (critical): The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host…
CVE-2018-18505 — CVSS 10.0 (critical): An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC…
CVE-2015-2738 — CVSS 10.0 (critical): The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x…
CVE-2015-2737 — CVSS 10.0 (critical): The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and…
CVE-2015-2734 — CVSS 10.0 (critical): The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x…
CVE-2015-4473 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote…
CVE-2015-4335 — CVSS 10.0 (critical): Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
CVE-2015-2724 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before…
CVE-2015-1421 — CVSS 10.0 (critical): Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote…
CVE-2015-0408 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and…
CVE-2015-0235 — CVSS 10.0 (critical): Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows…
CVE-2017-16845 — CVSS 10.0 (critical): hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
CVE-2024-42472 — CVSS 10.0 (critical): Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised…
CVE-2014-6601 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and…
CVE-2014-2421 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to…
CVE-2020-13753 — CVSS 10.0 (critical): The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI…
CVE-2014-1512 — CVSS 10.0 (critical): Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4…
CVE-2014-0457 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows…
CVE-2014-0456 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect…
CVE-2014-0429 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote…
CVE-2013-2863 — CVSS 10.0 (critical): Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a…
CVE-2012-3959 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2012-2750 — CVSS 10.0 (critical): Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533…
CVE-2000-0584 — CVSS 10.0 (critical): Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or…
CVE-2012-1975 — CVSS 10.0 (critical): Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2012-1974 — CVSS 10.0 (critical): Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2000-0666 — CVSS 10.0 (critical): rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote…
CVE-2000-0844 — CVSS 10.0 (critical): Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local…
CVE-2015-2806 — CVSS 10.0 (critical): Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown…
CVE-2012-1973 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2012-1972 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x…
CVE-2000-1221 — CVSS 10.0 (critical): The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved…
CVE-2012-1970 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird…
CVE-2012-0444 — CVSS 10.0 (critical): Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly…
CVE-2011-4862 — CVSS 10.0 (critical): Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and…
CVE-2011-0474 — CVSS 10.0 (critical): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in…
CVE-2010-2901 — CVSS 10.0 (critical): The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption)…
CVE-2021-38503 — CVSS 10.0 (critical): The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing…
CVE-2010-0159 — CVSS 10.0 (critical): The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3…
CVE-2009-4538 — CVSS 10.0 (critical): drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet…
CVE-2008-5500 — CVSS 10.0 (critical): The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before…
CVE-2008-5018 — CVSS 10.0 (critical): The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x…
CVE-2001-0233 — CVSS 10.0 (critical): Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary…
CVE-2008-5017 — CVSS 10.0 (critical): Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18…
CVE-2008-5014 — CVSS 10.0 (critical): jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before…
CVE-2008-4796 — CVSS 10.0 (critical): The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara…
CVE-2008-4062 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey…
CVE-2008-4061 — CVSS 10.0 (critical): Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and…
CVE-2008-3529 — CVSS 10.0 (critical): Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers…
CVE-2008-2663 — CVSS 10.0 (critical): Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and…
CVE-2001-0554 — CVSS 10.0 (critical): Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a…
CVE-2008-2662 — CVSS 10.0 (critical): Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230…
CVE-2008-1673 — CVSS 10.0 (critical): The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic…
CVE-1999-0730 — CVSS 10.0 (critical): The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.
CVE-2022-24884 — CVSS 10.0 (critical): ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether…
CVE-2007-2442 — CVSS 10.0 (critical): The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute…
CVE-2022-30123 — CVSS 10.0 (critical): A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint…
CVE-2007-0956 — CVSS 10.0 (critical): The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username…
CVE-2018-12892 — CVSS 9.9 (critical): An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what…
CVE-2021-31872 — CVSS 9.8 (critical): An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a…
CVE-2017-0357 — CVSS 9.8 (critical): A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap…
CVE-2017-0359 — CVSS 9.8 (critical): diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.
CVE-2017-1000501 — CVSS 9.8 (critical): Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting…
CVE-2017-0372 — CVSS 9.8 (critical): Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple…
CVE-2017-1000487 — CVSS 9.8 (critical): Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
CVE-2017-0899 — CVSS 9.8 (critical): RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters…
CVE-2017-0903 — CVSS 9.8 (critical): RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem…
CVE-2017-0915 — CVSS 9.8 (critical): Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote…
CVE-2017-0916 — CVSS 9.8 (critical): Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component…
CVE-2017-1000421 — CVSS 9.8 (critical): Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution
CVE-2017-1000158 — CVSS 9.8 (critical): CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting…
CVE-2017-1000116 — CVSS 9.8 (critical): Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
CVE-2024-25714 — CVSS 9.8 (critical): In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops…
CVE-2024-25189 — CVSS 9.8 (critical): libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a…
CVE-2024-0808 — CVSS 9.8 (critical): Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2023-6816 — CVSS 9.8 (critical): A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down…
CVE-2023-5730 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory…
CVE-2023-5176 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory…
CVE-2023-51714 — CVSS 9.8 (critical): An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x…
CVE-2023-46850 — CVSS 9.8 (critical): Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending…
CVE-2004-0434 — CVSS 9.8 (critical): k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request…
CVE-2023-42464 — CVSS 9.8 (critical): A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC…
CVE-2023-41361 — CVSS 9.8 (critical): An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
CVE-2023-4056 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these…
CVE-2004-0772 — CVSS 9.8 (critical): Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to…
CVE-2023-28879 — CVSS 9.8 (critical): In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript…
CVE-2023-27372 — CVSS 9.8 (critical): SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions…
CVE-2005-0102 — CVSS 9.8 (critical): Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute…
CVE-2005-1513 — CVSS 9.8 (critical): Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory…
CVE-2005-1689 — CVSS 9.8 (critical): Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute…
CVE-2022-48565 — CVSS 9.8 (critical): An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML…
CVE-2022-48337 — CVSS 9.8 (critical): GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because…
CVE-2022-48174 — CVSS 9.8 (critical): There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this…
CVE-2022-45062 — CVSS 9.8 (critical): In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.
CVE-2005-3120 — CVSS 9.8 (critical): Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via…
CVE-2022-41838 — CVSS 9.8 (critical): A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A…
CVE-2022-41837 — CVSS 9.8 (critical): An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO…
CVE-2022-41794 — CVSS 9.8 (critical): A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted…
CVE-2022-41639 — CVSS 9.8 (critical): A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and…
CVE-2022-37616 — CVSS 9.8 (critical): A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3…
CVE-2022-37601 — CVSS 9.8 (critical): Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js…
CVE-2022-37454 — CVSS 9.8 (critical): The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers…
CVE-2022-37452 — CVSS 9.8 (critical): Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
CVE-2022-37434 — CVSS 9.8 (critical): zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE…
CVE-2022-36227 — CVSS 9.8 (critical): In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if…
CVE-2022-33980 — CVSS 9.8 (critical): Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard…
CVE-2022-32292 — CVSS 9.8 (critical): In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow…
CVE-2022-32221 — CVSS 9.8 (critical): When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when…
CVE-2022-32207 — CVSS 9.8 (critical): When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a…
CVE-2022-31031 — CVSS 9.8 (critical): PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP…
CVE-2022-29599 — CVSS 9.8 (critical): In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping…
CVE-2022-29155 — CVSS 9.8 (critical): In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd…
CVE-2022-28347 — CVSS 9.8 (critical): A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This…
CVE-2022-28346 — CVSS 9.8 (critical): An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra()…
CVE-2022-28044 — CVSS 9.8 (critical): Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.
CVE-2007-3798 — CVSS 9.8 (critical): Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via…
CVE-2022-26651 — CVSS 9.8 (critical): An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly…
CVE-2022-26520 — CVSS 9.8 (critical): In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary…
CVE-2022-26496 — CVSS 9.8 (critical): In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the…
CVE-2022-26495 — CVSS 9.8 (critical): In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the…
CVE-2022-25236 — CVSS 9.8 (critical): xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVE-2022-25235 — CVSS 9.8 (critical): xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is…
CVE-2022-24786 — CVSS 9.8 (critical): PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP…
CVE-2022-24720 — CVSS 9.8 (critical): image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply`…
CVE-2008-0062 — CVSS 9.8 (critical): KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial…
CVE-2022-24300 — CVSS 9.8 (critical): Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack…
CVE-2022-23943 — CVSS 9.8 (critical): Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker…
CVE-2022-23852 — CVSS 9.8 (critical): Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
CVE-2008-2108 — CVSS 9.8 (critical): The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that…
CVE-2022-23221 — CVSS 9.8 (critical): H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the…
CVE-2022-23219 — CVSS 9.8 (critical): The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname…
CVE-2022-23218 — CVSS 9.8 (critical): The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path…
CVE-2022-23125 — CVSS 9.8 (critical): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required…
CVE-2022-23124 — CVSS 9.8 (critical): This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not…
CVE-2022-23123 — CVSS 9.8 (critical): This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not…
CVE-2022-23122 — CVSS 9.8 (critical): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required…
CVE-2022-23121 — CVSS 9.8 (critical): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required…
CVE-2022-22817 — CVSS 9.8 (critical): PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A…
CVE-2022-22720 — CVSS 9.8 (critical): Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing…
CVE-2022-21831 — CVSS 9.8 (critical): A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing…
CVE-2022-1664 — CVSS 9.8 (critical): Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a…
CVE-2022-0547 — CVSS 9.8 (critical): OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes…
CVE-2022-0194 — CVSS 9.8 (critical): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required…
CVE-2021-44790 — CVSS 9.8 (critical): A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The…
CVE-2021-44732 — CVSS 9.8 (critical): Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
CVE-2021-44538 — CVSS 9.8 (critical): The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a…
CVE-2021-44143 — CVSS 9.8 (critical): A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a…
CVE-2021-43303 — CVSS 9.8 (critical): Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since…
CVE-2021-43301 — CVSS 9.8 (critical): Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow…
CVE-2021-43300 — CVSS 9.8 (critical): Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow…
CVE-2021-43299 — CVSS 9.8 (critical): Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since…
CVE-2021-43113 — CVSS 9.8 (critical): iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs…
CVE-2021-42392 — CVSS 9.8 (critical): The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database…
CVE-2021-40874 — CVSS 9.8 (critical): An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation…
CVE-2009-3555 — CVSS 9.8 (critical): The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in…
CVE-2009-4013 — CVSS 9.8 (critical): Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote…
CVE-2021-40394 — CVSS 9.8 (critical): An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit…