Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-12 | CVE-2016-8439 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel 3.18 Possible buffer overflow in trust zone access control API. | 9.8 |
| 2017-01-12 | CVE-2016-8438 | Integer Overflow or Wraparound vulnerability in Linux Kernel 3.18 Integer overflow leading to a TOCTOU condition in hypervisor PIL. | 9.8 |
| 2017-01-12 | CVE-2016-8437 | Improper Input Validation vulnerability in Linux Kernel 3.18 Improper input validation in Access Control APIs. | 9.8 |
| 2017-01-12 | CVE-2016-8398 | 7PK - Security Features vulnerability in Linux Kernel 3.18 Unauthenticated messages processed by the UE. | 9.8 |
| 2017-01-12 | CVE-2017-5225 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.7 LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. | 9.8 |
| 2017-01-12 | CVE-2016-10131 | Injection vulnerability in Codeigniter system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. | 9.8 |
| 2017-01-12 | CVE-2016-7479 | Use After Free vulnerability in PHP In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. | 9.8 |
| 2017-01-11 | CVE-2017-5209 | Out-of-bounds Read vulnerability in Libimobiledevice Libplist The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data. | 9.1 |
| 2017-01-11 | CVE-2016-7480 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. | 9.8 |
| 2017-01-11 | CVE-2017-5340 | Integer Overflow or Wraparound vulnerability in multiple products Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. | 9.8 |