Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-06 | CVE-2017-5548 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | 7.8 |
| 2017-02-06 | CVE-2017-5547 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | 7.8 |
| 2017-02-06 | CVE-2017-5546 | Unspecified vulnerability in Linux Kernel The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number. | 7.8 |
| 2017-02-06 | CVE-2017-2583 | Unspecified vulnerability in Linux Kernel The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. | 8.4 |
| 2017-02-06 | CVE-2016-10153 | Resource Management Errors vulnerability in Linux Kernel The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code. | 7.8 |
| 2017-02-05 | CVE-2017-5136 | Missing Authorization vulnerability in Sendquick products An issue was discovered on SendQuick Entera and Avera devices before 2HF16. | 7.5 |
| 2017-02-03 | CVE-2016-6500 | Improper Input Validation vulnerability in Forgerock Racf Connector 1.1.0.0 Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning. | 8.1 |
| 2017-02-03 | CVE-2016-10165 | Out-of-bounds Read vulnerability in multiple products The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. | 7.1 |
| 2017-02-03 | CVE-2016-9108 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. | 7.5 |
| 2017-02-03 | CVE-2016-9871 | Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system. | 7.2 |