Vulnerabilities > Microfocus > Rumba > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-11-04 CVE-2016-9176 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Rumba 7.4.0/9.4/9.4.0
Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code.
network
low complexity
microfocus CWE-119
critical
9.8
2016-07-03 CVE-2016-1606 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Rumba 9.4
Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client.
network
low complexity
microfocus CWE-119
critical
9.8
2016-07-03 CVE-2016-5228 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Rumba 9.4
Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument.
network
low complexity
microfocus CWE-119
critical
9.8