Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2016-5873 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP Pecl Http 3.0.1 Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL. | 9.8 |
| 2017-01-23 | CVE-2016-5742 | SQL Injection vulnerability in Sixapart Movable Type and Movable Type Open Source SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.8 |
| 2017-01-23 | CVE-2016-4010 | Injection vulnerability in Magento Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data. | 9.8 |
| 2017-01-23 | CVE-2016-3177 | Use After Free vulnerability in Giflib Project Giflib 5.1.2 Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors. | 9.8 |
| 2017-01-23 | CVE-2016-3147 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ivanti Landesk Management Suite 10.0.0.271/9.60.0.244 Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet. | 9.8 |
| 2017-01-23 | CVE-2016-2783 | Data Processing Errors vulnerability in Avaya VSP Operating System Software 4.2.2.0/5.0.0.0 Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames. | 9.8 |
| 2017-01-23 | CVE-2016-2242 | Code Injection vulnerability in Exponentcms Exponent CMS Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php. | 9.8 |
| 2017-01-23 | CVE-2016-1925 | Integer Underflow (Wrap or Wraparound) vulnerability in LHA for Unix Project LHA for Unix Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the (1) level0 or (2) level1 header in a lha archive, which triggers a buffer overflow. | 9.8 |
| 2017-01-23 | CVE-2015-8972 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Chess Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode. | 9.8 |
| 2017-01-23 | CVE-2015-8857 | 7PK - Security Features vulnerability in Uglifyjs Project Uglifyjs The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript. | 9.8 |