Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-16 | CVE-2015-8962 | Double Free vulnerability in Linux Kernel Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call. | 7.3 |
| 2016-11-16 | CVE-2015-8961 | Use After Free vulnerability in Linux Kernel The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field. | 7.8 |
| 2016-11-15 | CVE-2016-0909 | Improper Input Validation vulnerability in EMC Avamar Data Store and Avamar Server Virtual Edition EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users. | 8.4 |
| 2016-11-15 | CVE-2016-8661 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Obdev Little Snitch Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. | 8.4 |
| 2016-11-14 | CVE-2016-8908 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | 8.8 |
| 2016-11-14 | CVE-2016-8907 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | 8.8 |
| 2016-11-14 | CVE-2016-8906 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | 8.8 |
| 2016-11-14 | CVE-2016-8905 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. | 8.8 |
| 2016-11-14 | CVE-2016-8904 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | 8.8 |
| 2016-11-14 | CVE-2016-8903 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | 8.8 |