Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-03 | CVE-2015-5344 | Data Processing Errors vulnerability in Apache Camel The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. | 9.8 |
| 2016-01-31 | CVE-2016-1946 | Numeric Errors vulnerability in multiple products The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata. | 9.8 |
| 2016-01-31 | CVE-2016-1944 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 9.8 |
| 2016-01-31 | CVE-2016-1931 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors. | 10.0 |
| 2016-01-31 | CVE-2016-1930 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.8 |
| 2016-01-30 | CVE-2016-1985 | Code Injection vulnerability in HP Operations Manager HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 10.0 |
| 2016-01-30 | CVE-2015-7923 | Cryptographic Issues vulnerability in Westermo Weos 4.18.0 Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key. | 9.0 |
| 2016-01-29 | CVE-2015-8772 | Data Processing Errors vulnerability in Mcafee File Lock 5.0 McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ioctl call. | 9.1 |
| 2016-01-29 | CVE-2015-8789 | Unspecified vulnerability in Matroska Libebml Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document. | 9.6 |
| 2016-01-28 | CVE-2016-0868 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request. | 9.8 |