Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-14 | CVE-2016-2298 | Information Exposure vulnerability in Meteocontrol products Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors. | 9.8 |
| 2016-05-14 | CVE-2016-2297 | Unspecified vulnerability in Meteocontrol products Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature." | 9.4 |
| 2016-05-14 | CVE-2016-2296 | 7PK - Security Features vulnerability in Meteocontrol products Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | 9.4 |
| 2016-05-14 | CVE-2016-1209 | Improper Input Validation vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. | 9.8 |
| 2016-05-13 | CVE-2016-4024 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation. | 9.8 |
| 2016-05-13 | CVE-2016-2196 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Botan Project Botan Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (memory overwrite and crash) or execute arbitrary code via unspecified vectors. | 9.8 |
| 2016-05-13 | CVE-2016-2195 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow. | 9.8 |
| 2016-05-13 | CVE-2016-2099 | Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. | 9.8 |
| 2016-05-13 | CVE-2016-1580 | Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu-Core-Launcher 1.0.27 The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core." | 9.8 |
| 2016-05-13 | CVE-2016-1578 | Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests. | 9.8 |