Vulnerabilities > Improper Restriction of Operations within the Bounds of a Memory Buffer

DATE CVE VULNERABILITY TITLE RISK
2016-01-14 CVE-2016-0931 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products
Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FileAttachment annotation, a different vulnerability than CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.
network
low complexity
adobe CWE-119
8.8
2016-01-13 CVE-2016-0035 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-119
7.8
2016-01-13 CVE-2016-0024 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Scripting Engine Memory Corruption Vulnerability."
network
low complexity
microsoft CWE-119
8.8
2016-01-13 CVE-2016-0015 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "DirectShow Heap Corruption Remote Code Execution Vulnerability."
local
low complexity
microsoft CWE-119
7.8
2016-01-13 CVE-2016-0010 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, Excel 2016 for Mac, PowerPoint 2016 for Mac, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-119
7.8
2016-01-13 CVE-2016-0003 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability."
network
low complexity
microsoft CWE-119
critical
9.6
2016-01-13 CVE-2016-0002 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Jscript and Vbscript
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
network
high complexity
microsoft CWE-119
7.5
2016-01-12 CVE-2015-8659 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
network
low complexity
apple nghttp2 CWE-119
critical
10.0
2016-01-12 CVE-2015-8306 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei P8 Firmware
Buffer overflow in the HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) or execute arbitrary code via an unspecified parameter.
local
low complexity
huawei CWE-119
7.8
2016-01-12 CVE-2015-8098 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in F5 Big-Ip Access Policy Manager
F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors related to processing a Citrix Remote Desktop connection through a virtual server configured with a remote desktop profile, aka an "Out-of-bounds memory vulnerability."
network
low complexity
f5 CWE-119
critical
9.8