Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-12 | CVE-2015-8396 | Numeric Errors vulnerability in Grassroots Dicom Project Grassroots Dicom Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow. | 10.0 |
| 2016-01-12 | CVE-2015-8659 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. | 10.0 |
| 2016-01-12 | CVE-2015-8098 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in F5 Big-Ip Access Policy Manager F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors related to processing a Citrix Remote Desktop connection through a virtual server configured with a remote desktop profile, aka an "Out-of-bounds memory vulnerability." | 9.8 |
| 2016-01-09 | CVE-2015-7939 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unitronics Visilogic Oplc IDE 9.8.0.00 Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename. | 9.6 |
| 2016-01-09 | CVE-2015-7938 | Improper Authentication vulnerability in Advantech Eki-1321 Series Firmware and Eki-1322 Series Firmware Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors. | 9.8 |
| 2016-01-08 | CVE-2015-7541 | Command Injection vulnerability in Colorscore Project Colorscore The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable. | 10.0 |
| 2016-01-08 | CVE-2015-7512 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. | 9.0 |
| 2016-01-08 | CVE-2015-8557 | OS Command Injection vulnerability in multiple products The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. | 9.0 |
| 2016-01-08 | CVE-2015-8761 | Code Injection vulnerability in Values Project Values 7.X1.0/7.X1.1 The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import. | 9.0 |
| 2016-01-08 | CVE-2015-8753 | Permissions, Privileges, and Access Controls vulnerability in SAP Afaria 7.0.6001.5 SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905. | 9.1 |