Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-07-11 CVE-2016-3741 Improper Input Validation vulnerability in Google Android 6.0/6.0.1
The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661.
network
low complexity
google CWE-20
critical
 9.8
9.8
2016-07-11 CVE-2016-2506 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28175045.
network
low complexity
google CWE-119
critical
 9.8
9.8
2016-07-04 CVE-2016-4438 Improper Input Validation vulnerability in Apache Struts
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
network
low complexity
apache CWE-20
critical
 9.8
9.8
2016-07-03 CVE-2016-3955 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.
network
low complexity
canonical linux debian CWE-119
critical
 9.8
9.8
2016-07-03 CVE-2016-2074 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.
network
low complexity
openvswitch redhat CWE-119
critical
 9.8
9.8
2016-07-03 CVE-2016-5734 Code Injection vulnerability in PHPmyadmin
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
network
low complexity
phpmyadmin CWE-94
critical
 9.8
9.8
2016-07-03 CVE-2016-5703 SQL Injection vulnerability in multiple products
SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.
network
low complexity
opensuse phpmyadmin CWE-89
critical
 9.8
9.8
2016-07-03 CVE-2016-5228 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Rumba 9.4
Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument.
network
low complexity
microfocus CWE-119
critical
 9.8
9.8
2016-07-03 CVE-2016-1606 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Rumba 9.4
Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client.
network
low complexity
microfocus CWE-119
critical
 9.8
9.8
2016-07-03 CVE-2015-7029 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Airport Base Station Firmware
Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
network
low complexity
apple CWE-119
critical
 9.8
9.8