Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-09 | CVE-2016-4448 | Use of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | 9.8 |
| 2016-06-09 | CVE-2016-0749 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow. | 9.8 |
| 2016-06-09 | CVE-2016-4532 | Path Traversal vulnerability in Trihedral Vtscada Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. | 9.1 |
| 2016-06-09 | CVE-2016-4510 | Improper Authentication vulnerability in Trihedral Vtscada The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors. | 9.1 |
| 2016-06-09 | CVE-2016-2310 | Use of Hard-coded Credentials vulnerability in GE Multilink Firmware 5.4.1/5.5.0 General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface. | 9.8 |
| 2016-06-08 | CVE-2016-5108 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | 9.8 |
| 2016-06-08 | CVE-2016-4368 | Improper Input Validation vulnerability in HP products HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 9.8 |
| 2016-06-08 | CVE-2016-4366 | Unspecified vulnerability in HP Systems Insight Manager HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. | 9.8 |
| 2016-06-08 | CVE-2016-4360 | Unspecified vulnerability in HP Loadrunner and Performance Center web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555. | 9.1 |
| 2016-06-08 | CVE-2016-4359 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP Loadrunner and Performance Center Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516. | 9.8 |