Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-22 | CVE-2016-0239 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Guardium Database Activity Monitor IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors. | 8.8 |
| 2016-10-21 | CVE-2016-0236 | Command Injection vulnerability in IBM Security Guardium Database Activity Monitor IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field. | 8.8 |
| 2016-10-21 | CVE-2016-1000119 | SQL Injection vulnerability in Huge-It Catalog 1.0.4 SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | 7.2 |
| 2016-10-21 | CVE-2016-1000118 | SQL Injection vulnerability in Huge-It Slideshow 1.0.4 XSS & SQLi in HugeIT slideshow v1.0.4 | 7.2 |
| 2016-10-21 | CVE-2016-1000117 | SQL Injection vulnerability in Huge-It Slideshow 1.0.4 XSS & SQLi in HugeIT slideshow v1.0.4 | 7.2 |
| 2016-10-21 | CVE-2016-1000116 | SQL Injection vulnerability in Huge-It Portfolio Gallery Manager 1.1.5 Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | 7.2 |
| 2016-10-21 | CVE-2016-1000115 | SQL Injection vulnerability in Huge-It Portfolio Gallery Manager 1.1.0 Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | 7.2 |
| 2016-10-21 | CVE-2016-2848 | Improper Input Validation vulnerability in ISC Bind ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record. | 7.5 |
| 2016-10-16 | CVE-2016-8666 | Resource Exhaustion vulnerability in Linux Kernel The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039. | 7.5 |
| 2016-10-16 | CVE-2016-7425 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. | 7.8 |