Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-08 | CVE-2015-8967 | Permissions, Privileges, and Access Controls vulnerability in multiple products arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access. | 7.8 |
| 2016-12-08 | CVE-2015-8966 | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call. | 7.8 |
| 2016-12-08 | CVE-2016-9920 | Improper Access Control vulnerability in Roundcube Webmail steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message. | 7.5 |
| 2016-12-08 | CVE-2016-9919 | Improper Input Validation vulnerability in Linux Kernel The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet. | 7.5 |
| 2016-12-08 | CVE-2016-8102 | Permissions, Privileges, and Access Controls vulnerability in Intel Wireless Bluetooth Drivers Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges. | 7.8 |
| 2016-12-08 | CVE-2016-9918 | Out-of-bounds Read vulnerability in Bluez Project Bluez 5.42 In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. | 7.5 |
| 2016-12-08 | CVE-2016-9917 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bluez 5.42 In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. | 7.5 |
| 2016-12-08 | CVE-2016-9839 | Information Exposure vulnerability in Osgeo Mapserver In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails. | 7.5 |
| 2016-12-08 | CVE-2016-8655 | Use After Free vulnerability in multiple products Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions. | 7.8 |
| 2016-12-06 | CVE-2015-8870 | Integer Overflow or Wraparound vulnerability in Libtiff Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. | 7.4 |