Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-01-09 CVE-2015-7938 Improper Authentication vulnerability in Advantech Eki-1321 Series Firmware and Eki-1322 Series Firmware
Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors.
network
low complexity
advantech CWE-287
critical
10.0
2016-01-08 CVE-2015-7541 Command Injection vulnerability in Colorscore Project Colorscore 0.0.4
The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.
network
low complexity
colorscore-project CWE-77
critical
10.0
2016-01-08 CVE-2015-7512 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
network
high complexity
qemu redhat debian oracle CWE-120
critical
9.0
2016-01-08 CVE-2015-8557 OS Command Injection vulnerability in multiple products
The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.
network
canonical pygments CWE-78
critical
9.3
2016-01-08 CVE-2014-8886 Cryptographic Issues vulnerability in AVM Fritz! OS 6.23
AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and consequently execute arbitrary code, via a crafted firmware image.
network
avm CWE-310
critical
9.3
2016-01-08 CVE-2015-8753 Permissions, Privileges, and Access Controls vulnerability in SAP Afaria 7.0.6001.5
SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905.
network
low complexity
sap CWE-264
critical
9.4
2016-01-08 CVE-2015-8668 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.
network
low complexity
libtiff oracle redhat CWE-787
critical
9.8
2016-01-08 CVE-2015-7754 Improper Input Validation vulnerability in Juniper Screenos 6.3.0
Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.
network
juniper CWE-20
critical
9.3
2016-01-08 CVE-2015-5259 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Subversion 1.9.0/1.9.1/1.9.2
Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.
network
low complexity
apache CWE-119
critical
9.0
2016-01-08 CVE-2015-5254 Improper Input Validation vulnerability in multiple products
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
network
low complexity
redhat apache fedoraproject CWE-20
critical
9.8