Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-01 | CVE-2016-4432 | Improper Authentication vulnerability in Apache Qpid Broker-J 6.0.0/6.0.1/6.0.2 The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging. | 9.1 |
| 2016-06-01 | CVE-2016-3088 | Unrestricted Upload of File with Dangerous Type vulnerability in Apache Activemq The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. | 9.8 |
| 2016-05-31 | CVE-2016-4521 | Information Exposure vulnerability in Sixnet products Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors. | 9.8 |
| 2016-05-31 | CVE-2016-4501 | Improper Access Control vulnerability in Envirosys ESC 8832 Data Controller 3.02 Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors. | 9.1 |
| 2016-05-30 | CVE-2016-1999 | Improper Access Control vulnerability in HP Release Control 9.13/9.20/9.21 The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 9.8 |
| 2016-05-26 | CVE-2016-0718 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | 9.8 |
| 2016-05-26 | CVE-2016-4787 | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors. | 10.0 |
| 2016-05-23 | CVE-2016-4576 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters." | 9.8 |
| 2016-05-22 | CVE-2016-4544 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | 9.8 |
| 2016-05-22 | CVE-2016-4543 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | 9.8 |