Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-13 | CVE-2016-2056 | Command Injection vulnerability in multiple products xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c. | 8.8 |
| 2016-04-13 | CVE-2016-2055 | Information Exposure vulnerability in multiple products xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command. | 7.5 |
| 2016-04-13 | CVE-2015-8843 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Foxitsoftware Foxit Reader The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Reader 6.1 through 6.2.x and 7.x before 7.2.2, when an update to the Cloud plugin is available, allows local users to gain privileges by writing crafted data to a shared memory region, which triggers memory corruption. | 7.4 |
| 2016-04-13 | CVE-2015-8555 | Information Exposure vulnerability in multiple products Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors. | 8.6 |
| 2016-04-13 | CVE-2015-8080 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. | 7.5 |
| 2016-04-13 | CVE-2016-2780 | Unspecified vulnerability in Huawei Utps Firmware 23.009.09.00.983 Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R003B015D15SP00C983 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2016-04-13 | CVE-2016-1577 | Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137. | 7.6 |
| 2016-04-13 | CVE-2016-1495 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Mate S Firmware Integer overflow in the graphics drivers in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, which triggers a heap-based buffer overflow. | 7.8 |
| 2016-04-13 | CVE-2015-8620 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avast products Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request. | 7.8 |
| 2016-04-13 | CVE-2015-8304 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei P7 Firmware P7L07V100R001C01B606 Integer overflow in Huawei P7 phones with software before P7-L07 V100R001C01B606 allows remote attackers to gain privileges via a crafted application with the system or camera permission. | 7.8 |