Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-09 | CVE-2016-1007 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1009. | 9.8 |
| 2016-03-09 | CVE-2016-0954 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Digital Editions Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 9.8 |
| 2016-03-09 | CVE-2016-0132 | Improper Input Validation vulnerability in Microsoft .Net Framework Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass." | 9.8 |
| 2016-03-06 | CVE-2016-2843 | Unspecified vulnerability in Google Chrome Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 9.8 |
| 2016-03-06 | CVE-2016-1642 | Unspecified vulnerability in Google Chrome Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 9.8 |
| 2016-03-06 | CVE-2016-1639 | Unspecified vulnerability in Google Chrome Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer. | 9.8 |
| 2016-03-06 | CVE-2016-1636 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource. | 9.8 |
| 2016-03-06 | CVE-2016-1635 | Unspecified vulnerability in Google Chrome extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | 9.8 |
| 2016-03-06 | CVE-2016-1633 | Unspecified vulnerability in Google Chrome Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 9.8 |
| 2016-03-03 | CVE-2016-2842 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openssl The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. | 9.8 |