Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-11 | CVE-2016-9282 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter. | 7.5 |
| 2016-11-11 | CVE-2016-9277 | Integer Overflow or Wraparound vulnerability in Samsung Mobile 4.4/5.0/5.1 Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906. | 7.5 |
| 2016-11-11 | CVE-2016-9274 | Untrusted Search Path vulnerability in GIT for Windows Project GIT for Windows Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. | 7.8 |
| 2016-11-10 | CVE-2016-5195 | Race Condition vulnerability in multiple products Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." | 7.0 |
| 2016-11-10 | CVE-2016-9268 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotclear Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors. | 7.2 |
| 2016-11-10 | CVE-2016-7490 | Link Following vulnerability in Teradata Studio Express 15.12.00.00 The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. | 7.8 |
| 2016-11-10 | CVE-2016-7488 | Permissions, Privileges, and Access Controls vulnerability in Teradata Virtual Machine 15.10 Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. | 7.8 |
| 2016-11-10 | CVE-2016-7256 | Unspecified vulnerability in Microsoft products atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Open Type Font Remote Code Execution Vulnerability." | 8.8 |
| 2016-11-10 | CVE-2016-7255 | Unspecified vulnerability in Microsoft products The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | 7.8 |
| 2016-11-10 | CVE-2016-7254 | Permissions, Privileges, and Access Controls vulnerability in Microsoft SQL Server 2012 Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability." | 8.8 |