Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-22 | CVE-2016-5270 | Out-of-bounds Write vulnerability in Mozilla Firefox Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion. | 9.8 |
| 2016-09-22 | CVE-2016-5257 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.8 |
| 2016-09-22 | CVE-2016-5256 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.8 |
| 2016-09-22 | CVE-2016-6525 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array. | 9.8 |
| 2016-09-21 | CVE-2016-4464 | Improper Access Control vulnerability in Apache CXF Fediz The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature. | 9.8 |
| 2016-09-21 | CVE-2016-6354 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. | 9.8 |
| 2016-09-21 | CVE-2015-8871 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors. | 9.8 |
| 2016-09-21 | CVE-2016-6530 | Use of Hard-coded Credentials vulnerability in Dentsply Sirona CDR Dicom 5.0 Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords. | 9.8 |
| 2016-09-21 | CVE-2016-0917 | Permissions, Privileges, and Access Controls vulnerability in EMC products The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231. | 9.8 |
| 2016-09-21 | CVE-2016-0903 | Information Exposure vulnerability in EMC Avamar Server Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent. | 9.1 |