Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-02-20 CVE-2016-4671 Out-of-bounds Write vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-787
7.8
7.8
2017-02-20 CVE-2016-4669 Improper Input Validation vulnerability in Apple products
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-20
7.8
7.8
2017-02-20 CVE-2016-4667 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-119
8.8
8.8
2017-02-20 CVE-2016-4666 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-119
8.8
8.8
2017-02-20 CVE-2016-4662 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-119
7.8
7.8
2017-02-20 CVE-2016-4660 Information Exposure vulnerability in Apple products
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-200
7.1
7.1
2017-02-20 CVE-2016-4617 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-264
8.8
8.8
2017-02-18 CVE-2017-6074 Double Free vulnerability in multiple products
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
local
low complexity
linux debian CWE-415
7.8
7.8
2017-02-18 CVE-2017-6001 Race Condition vulnerability in Linux Kernel
Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context.
local
high complexity
linux CWE-362
7.0
7.0
2017-02-17 CVE-2017-6065 SQL Injection vulnerability in Metalgenix Genixcms
SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter.
network
low complexity
metalgenix CWE-89
8.8
8.8