Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-11-29 CVE-2016-9480 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libdwarf Project Libdwarf 20161021
libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006.
network
low complexity
libdwarf-project CWE-119
critical
 9.1
9.1
2016-11-28 CVE-2016-9555 Out-of-bounds Read vulnerability in Linux Kernel
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.
network
low complexity
linux CWE-125
critical
 9.8
9.8
2016-11-25 CVE-2016-6725 Improper Access Control vulnerability in Google Android
A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel.
network
low complexity
google CWE-284
critical
 9.8
9.8
2016-11-25 CVE-2016-5788 Improper Authorization vulnerability in GE products
General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors.
network
low complexity
ge CWE-285
critical
 10.0
10
2016-11-25 CVE-2016-3028 OS Command Injection vulnerability in IBM products
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
network
low complexity
ibm CWE-78
critical
 9.1
9.1
2016-11-22 CVE-2016-9540 Out-of-bounds Write vulnerability in Libtiff 4.0.6
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width.
network
low complexity
libtiff CWE-787
critical
 9.8
9.8
2016-11-22 CVE-2016-9539 Out-of-bounds Read vulnerability in Libtiff 4.0.6
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer().
network
low complexity
libtiff CWE-125
critical
 9.8
9.8
2016-11-22 CVE-2016-9538 Integer Overflow or Wraparound vulnerability in Libtiff 4.0.6
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow.
network
low complexity
libtiff CWE-190
critical
 9.8
9.8
2016-11-22 CVE-2016-9537 Out-of-bounds Write vulnerability in Libtiff 4.0.6
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers.
network
low complexity
libtiff CWE-787
critical
 9.8
9.8
2016-11-22 CVE-2016-9536 Out-of-bounds Write vulnerability in Libtiff 4.0.6
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip().
network
low complexity
libtiff CWE-787
critical
 9.8
9.8