CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3101 CVE-2017-0108 119 Exec Code Overflow 2017-03-16 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.
3102 CVE-2017-0106 119 DoS Exec Code Overflow Mem. Corr. 2017-04-12 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
3103 CVE-2017-0104 190 Overflow Mem. Corr. 2017-03-16 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overflow, aka "iSNS Server Memory Corruption Vulnerability."
3104 CVE-2017-0090 119 Exec Code Overflow 2017-03-16 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0089.
3105 CVE-2017-0089 119 Exec Code Overflow 2017-03-16 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0090.
3106 CVE-2017-0088 119 Exec Code Overflow 2017-03-16 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."
3107 CVE-2017-0087 119 Exec Code Overflow 2017-03-16 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
3108 CVE-2017-0086 119 Exec Code Overflow 2017-03-16 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
3109 CVE-2017-0084 119 Exec Code Overflow 2017-03-16 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
3110 CVE-2017-0083 119 Exec Code Overflow 2017-03-16 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
3111 CVE-2017-0072 19 Exec Code 2017-03-16 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
3112 CVE-2017-0053 119 DoS Exec Code Overflow Mem. Corr. 2017-03-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052.
3113 CVE-2017-0052 119 DoS Exec Code Overflow Mem. Corr. 2017-03-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0053.
3114 CVE-2017-0039 264 Exec Code +Priv 2017-03-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle dynamic link library (DLL) loading, which allows local users to gain privileges via a crafted application, aka "Library Loading Input Validation Remote Code Execution Vulnerability."
3115 CVE-2017-0031 119 DoS Exec Code Overflow Mem. Corr. 2017-03-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0052, and CVE-2017-0053.
3116 CVE-2017-0030 119 DoS Exec Code Overflow Mem. Corr. 2017-03-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
3117 CVE-2017-0028 119 Exec Code Overflow Mem. Corr. 2017-07-17 2017-08-04
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability."
3118 CVE-2017-0020 119 DoS Exec Code Overflow Mem. Corr. 2017-03-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
3119 CVE-2017-0019 119 DoS Exec Code Overflow Mem. Corr. 2017-03-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
3120 CVE-2017-0006 119 DoS Exec Code Overflow Mem. Corr. 2017-03-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
3121 CVE-2017-0003 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
3122 CVE-2016-1000216 78 2016-10-10 2017-07-06
9.0
None Remote Low Single system Complete Complete Complete
Ruckus Wireless H500 web management interface authenticated command injection
3123 CVE-2016-1000112 22 Dir. Trav. 2016-10-06 2017-01-15
9.4
None Remote Low Not required Complete Complete None
Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin
3124 CVE-2016-10858 20 Exec Code 2019-08-01 2019-08-09
9.3
None Remote Medium Not required Complete Complete Complete
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).
3125 CVE-2016-10855 20 Exec Code 2019-08-01 2019-08-05
10.0
None Remote Low Not required Complete Complete Complete
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
3126 CVE-2016-10850 20 Exec Code 2019-08-01 2019-08-05
9.0
None Remote Low Single system Complete Complete Complete
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).
3127 CVE-2016-10848 285 2019-08-01 2019-08-08
9.0
None Remote Low Single system Complete Complete Complete
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).
3128 CVE-2016-10840 668 Exec Code 2019-08-01 2019-08-12
9.0
None Remote Low Single system Complete Complete Complete
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).
3129 CVE-2016-10828 22 Exec Code Dir. Trav. 2019-08-01 2019-08-07
9.0
None Remote Low Single system Complete Complete Complete
cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).
3130 CVE-2016-10824 20 Exec Code 2019-08-01 2019-08-07
9.3
None Remote Medium Not required Complete Complete Complete
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).
3131 CVE-2016-10823 20 Exec Code 2019-08-01 2019-08-07
9.0
None Remote Low Single system Complete Complete Complete
cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).
3132 CVE-2016-10820 284 2019-08-01 2019-08-05
9.0
None Remote Low Single system Complete Complete Complete
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).
3133 CVE-2016-10817 89 Sql 2019-08-01 2019-08-05
10.0
None Remote Low Not required Complete Complete Complete
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
3134 CVE-2016-10812 20 2019-08-07 2019-08-12
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).
3135 CVE-2016-10811 200 +Info 2019-08-07 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).
3136 CVE-2016-10810 200 +Info 2019-08-07 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).
3137 CVE-2016-10809 200 +Info 2019-08-07 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).
3138 CVE-2016-10808 20 2019-08-07 2019-08-12
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).
3139 CVE-2016-10788 20 Exec Code 2019-08-06 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188).
3140 CVE-2016-10760 77 2019-06-11 2019-06-12
10.0
None Remote Low Not required Complete Complete Complete
On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter.
3141 CVE-2016-10709 78 Exec Code 2018-01-21 2018-02-09
9.0
None Remote Low Single system Complete Complete Complete
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
3142 CVE-2016-10698 310 Exec Code 2018-05-29 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3143 CVE-2016-10697 310 Exec Code 2018-06-04 2018-07-11
9.3
None Remote Medium Not required Complete Complete Complete
react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3144 CVE-2016-10696 310 Exec Code 2018-06-04 2018-07-11
9.3
None Remote Medium Not required Complete Complete Complete
windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3145 CVE-2016-10695 310 Exec Code 2018-06-04 2018-07-11
9.3
None Remote Medium Not required Complete Complete Complete
The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3146 CVE-2016-10694 310 Exec Code 2018-06-04 2018-07-12
9.3
None Remote Medium Not required Complete Complete Complete
alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3147 CVE-2016-10693 310 Exec Code 2018-06-04 2018-07-11
9.3
None Remote Medium Not required Complete Complete Complete
pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3148 CVE-2016-10692 310 Exec Code 2018-06-04 2018-07-11
9.3
None Remote Medium Not required Complete Complete Complete
haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3149 CVE-2016-10691 310 Exec Code 2018-06-04 2018-07-11
9.3
None Remote Medium Not required Complete Complete Complete
windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3150 CVE-2016-10690 310 Exec Code 2018-06-04 2018-07-11
9.3
None Remote Medium Not required Complete Complete Complete
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.