Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-01 | CVE-2016-10096 | SQL Injection vulnerability in Genixcms SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter. | 7.3 |
| 2016-12-30 | CVE-2016-10088 | Use After Free vulnerability in Linux Kernel The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. | 7.0 |
| 2016-12-30 | CVE-2016-10085 | Improper Access Control vulnerability in Piwigo admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter. | 7.2 |
| 2016-12-30 | CVE-2016-10084 | Improper Access Control vulnerability in Piwigo admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter). | 7.2 |
| 2016-12-29 | CVE-2015-8743 | Out-of-bounds Write vulnerability in multiple products QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. | 7.1 |
| 2016-12-29 | CVE-2016-10081 | Data Processing Errors vulnerability in Shutter-Project Shutter 0.93/0.93.1 /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action. | 7.8 |
| 2016-12-29 | CVE-2015-0854 | Data Processing Errors vulnerability in Shutter-Project Shutter 0.93/0.93.1 App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action. | 7.8 |
| 2016-12-29 | CVE-2016-9878 | Path Traversal vulnerability in multiple products An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. | 7.5 |
| 2016-12-29 | CVE-2016-7462 | Exposed Dangerous Method or Function vulnerability in VMWare Vrealize Operations The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization. | 8.5 |
| 2016-12-29 | CVE-2016-7461 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare products The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors. | 8.8 |