Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-31 | CVE-2016-3141 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. | 9.8 |
| 2016-03-24 | CVE-2016-1761 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Watchos libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | 9.8 |
| 2016-03-24 | CVE-2016-1741 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 9.8 |
| 2016-03-24 | CVE-2015-6854 | Insufficient Verification of Data Authenticity vulnerability in Broadcom Single Sign-On The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | 9.1 |
| 2016-03-24 | CVE-2015-6853 | Insufficient Verification of Data Authenticity vulnerability in Broadcom Single Sign-On The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | 9.1 |
| 2016-03-22 | CVE-2016-1998 | Improper Input Validation vulnerability in HP Service Manager HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 9.8 |
| 2016-03-22 | CVE-2016-1997 | Improper Input Validation vulnerability in HP products HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 9.8 |
| 2016-03-19 | CVE-2016-2245 | Improper Authentication vulnerability in HP Support Assistant 8.1.40.3 HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors. | 9.8 |
| 2016-03-18 | CVE-2016-1995 | Unspecified vulnerability in HP System Management Homepage HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2016-03-17 | CVE-2016-3191 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pcre and Pcre2 The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. | 9.8 |