Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-04 | CVE-2016-9935 | Out-of-bounds Read vulnerability in PHP The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. | 9.8 |
| 2017-01-04 | CVE-2016-9138 | Use After Free vulnerability in PHP PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup. | 9.8 |
| 2017-01-04 | CVE-2016-9137 | Use After Free vulnerability in PHP Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. | 9.8 |
| 2017-01-04 | CVE-2016-8670 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libgd Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call. | 9.8 |
| 2017-01-04 | CVE-2014-9912 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument. | 9.8 |
| 2017-01-04 | CVE-2014-9911 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Icu-Project International Components for Unicode Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call. | 9.8 |
| 2017-01-04 | CVE-2016-10115 | Use of Hard-coded Credentials vulnerability in Netgear products NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration. | 9.8 |
| 2017-01-04 | CVE-2016-10114 | SQL Injection vulnerability in Awebsupport Aweb Cart Watching System for Virtuemart 2.6.0 SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch. | 9.8 |
| 2017-01-03 | CVE-2016-10108 | Command Injection vulnerability in Western Digital Mycloud NAS 2.11.142 Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data. | 9.8 |
| 2017-01-03 | CVE-2016-10107 | Command Injection vulnerability in Western Digital Mycloud NAS 2.11.142 Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header. | 9.8 |