Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-01-13 CVE-2016-0010 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, Excel 2016 for Mac, PowerPoint 2016 for Mac, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
network
microsoft CWE-119
critical
9.3
2016-01-13 CVE-2016-0009 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via unspecified vectors, aka "Win32k Remote Code Execution Vulnerability."
network
microsoft CWE-264
critical
9.3
2016-01-13 CVE-2016-0003 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability."
network
microsoft CWE-119
critical
9.3
2016-01-12 CVE-2015-8611 Credentials Management vulnerability in F5 products
BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access to AOM via an (1) expired or (2) default password.
network
low complexity
f5 CWE-255
critical
10.0
2016-01-12 CVE-2015-8396 Numeric Errors vulnerability in Grassroots Dicom Project Grassroots Dicom 2.6.0/2.6.1
Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.
network
low complexity
grassroots-dicom-project CWE-189
critical
10.0
2016-01-12 CVE-2015-8659 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
network
low complexity
apple nghttp2 CWE-119
critical
10.0
2016-01-12 CVE-2015-8306 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei P8 Firmware
Buffer overflow in the HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) or execute arbitrary code via an unspecified parameter.
network
huawei CWE-119
critical
9.3
2016-01-12 CVE-2015-8098 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in F5 Big-Ip Access Policy Manager
F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors related to processing a Citrix Remote Desktop connection through a virtual server configured with a remote desktop profile, aka an "Out-of-bounds memory vulnerability."
network
low complexity
f5 CWE-119
critical
10.0
2016-01-12 CVE-2015-8088 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Mate 7 Firmware and P8 Firmware
Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 and P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, and GRA-UL10 before GRA-UL10C00B220 allows attackers to cause a denial of service (reboot) or execute arbitrary code via a crafted application.
network
huawei CWE-119
critical
9.3
2016-01-09 CVE-2015-7939 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unitronics Visilogic Oplc IDE 9.8.0.00
Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.
network
unitronics CWE-119
critical
9.3