Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-06 | CVE-2015-0857 | Command Injection vulnerability in multiple products Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. | 9.8 |
| 2016-05-05 | CVE-2016-1387 | Improper Authentication vulnerability in Cisco Telepresence TC Software The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935. | 9.8 |
| 2016-05-05 | CVE-2016-4351 | SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.8 |
| 2016-05-05 | CVE-2016-2108 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. | 9.8 |
| 2016-04-30 | CVE-2016-1343 | Unspecified vulnerability in Cisco Information Server 6.2Base The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059. | 10.0 |
| 2016-04-27 | CVE-2015-8812 | drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets. | 9.8 |
| 2016-04-26 | CVE-2016-4002 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. | 9.8 |
| 2016-04-26 | CVE-2016-3082 | Improper Input Validation vulnerability in Apache Struts XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter. | 9.8 |
| 2016-04-26 | CVE-2016-3074 | Incorrect Conversion between Numeric Types vulnerability in multiple products Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. | 9.8 |
| 2016-04-26 | CVE-2016-1601 | Credentials Management vulnerability in Suse Yast2 yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors. | 9.8 |