CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3401 CVE-2016-8591 264 Exec Code 2017-04-28 2017-05-10
9.0
Admin Remote Low Single system Complete Complete Complete
log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
3402 CVE-2016-8590 264 Exec Code 2017-04-28 2017-05-10
9.0
Admin Remote Low Single system Complete Complete Complete
log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
3403 CVE-2016-8589 264 Exec Code 2017-04-28 2017-05-10
9.0
Admin Remote Low Single system Complete Complete Complete
log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
3404 CVE-2016-8586 264 Exec Code 2017-04-28 2017-05-11
9.0
Admin Remote Low Single system Complete Complete Complete
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
3405 CVE-2016-8585 264 Exec Code 2017-04-28 2017-05-10
9.0
Admin Remote Low Single system Complete Complete Complete
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
3406 CVE-2016-8523 77 Exec Code 2018-02-15 2018-03-05
9.0
None Remote Low Single system Complete Complete Complete
A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.
3407 CVE-2016-8519 502 Exec Code 2018-02-15 2018-03-05
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found.
3408 CVE-2016-8497 264 +Priv 2017-05-26 2017-06-06
10.0
None Remote Low Not required Complete Complete Complete
An escalation of privilege vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.3 and below allows an attacker to gain root privilege via the subproc file.
3409 CVE-2016-8493 264 2017-06-26 2018-01-17
9.0
None Remote Low Single system Complete Complete Complete
In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.
3410 CVE-2016-8491 798 2017-02-01 2017-02-24
9.4
None Remote Low Not required Complete Complete None
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
3411 CVE-2016-8488 264 2018-04-04 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-31625756.
3412 CVE-2016-8487 264 2018-04-04 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823724.
3413 CVE-2016-8484 264 2018-04-04 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823575.
3414 CVE-2016-8479 264 Exec Code 2017-03-07 2017-07-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31824853. References: QC-CR#1093687.
3415 CVE-2016-8459 119 Overflow 2017-01-12 2017-01-17
10.0
None Remote Low Not required Complete Complete Complete
Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462.
3416 CVE-2016-8455 264 Exec Code 2017-01-12 2017-01-23
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32219121. References: B-RB#106311.
3417 CVE-2016-8440 119 Overflow 2017-01-12 2017-01-23
10.0
None Remote Low Not required Complete Complete Complete
Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR#1036747.
3418 CVE-2016-8439 119 Overflow 2017-01-12 2017-01-17
10.0
None Remote Low Not required Complete Complete Complete
Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804.
3419 CVE-2016-8438 190 Overflow Bypass 2017-01-12 2017-01-17
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638.
3420 CVE-2016-8437 20 2017-01-12 2017-01-17
10.0
None Remote Low Not required Complete Complete Complete
Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695.
3421 CVE-2016-8436 264 Exec Code 2017-01-12 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32450261. References: QC-CR#1007860.
3422 CVE-2016-8435 284 Exec Code 2017-01-12 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32700935. References: N-CVE-2016-8435.
3423 CVE-2016-8434 284 Exec Code 2017-01-12 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32125137. References: QC-CR#1081855.
3424 CVE-2016-8433 264 Exec Code 2017-01-12 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31750190. References: MT-ALPS02974192.
3425 CVE-2016-8432 264 Exec Code 2017-01-12 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32447738. References: N-CVE-2016-8432.
3426 CVE-2016-8431 264 Exec Code 2017-01-12 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. References: N-CVE-2016-8431.
3427 CVE-2016-8430 264 Exec Code 2017-01-12 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32225180. References: N-CVE-2016-8430.
3428 CVE-2016-8429 264 Exec Code 2017-01-12 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32160775. References: N-CVE-2016-8429.
3429 CVE-2016-8428 264 Exec Code 2017-01-12 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31993456. References: N-CVE-2016-8428.
3430 CVE-2016-8427 264 Exec Code 2017-01-12 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799885. References: N-CVE-2016-8427.
3431 CVE-2016-8426 264 Exec Code 2017-01-12 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799206. References: N-CVE-2016-8426.
3432 CVE-2016-8425 264 Exec Code 2017-01-12 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31797770. References: N-CVE-2016-8425.
3433 CVE-2016-8424 264 Exec Code 2017-01-12 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31606947. References: N-CVE-2016-8424.
3434 CVE-2016-8423 264 Exec Code 2017-01-12 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31399736. References: QC-CR#1000546.
3435 CVE-2016-8422 264 Exec Code 2017-01-12 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31471220. References: QC-CR#979426.
3436 CVE-2016-8418 284 Exec Code 2017-02-08 2017-07-24
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457.
3437 CVE-2016-8411 119 Overflow 2017-01-27 2017-02-07
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775.
3438 CVE-2016-8398 254 2017-01-12 2017-01-17
10.0
None Remote Low Not required Complete Complete Complete
Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705.
3439 CVE-2016-8389 190 Exec Code Overflow 2017-02-28 2017-03-01
9.3
None Remote Medium Not required Complete Complete Complete
An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the application attempts to iterate through the rows and initializing the polygon shape in the buffer, it will write outside of the bounds of said buffer. This can lead to code execution under the context of the account running it.
3440 CVE-2016-8388 125 2017-02-28 2017-03-01
9.3
None Remote Medium Not required Complete Complete Complete
An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single object within an array of objects.
3441 CVE-2016-8387 119 Exec Code Overflow 2017-02-27 2017-03-02
9.3
None Remote Medium Not required Complete Complete Complete
An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to code execution under the context of the account of the user running it.
3442 CVE-2016-8386 119 Exec Code Overflow 2017-02-27 2017-03-01
9.3
None Remote Medium Not required Complete Complete Complete
An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signedness issue, a buffer smaller than the requested size will be returned. Later when the tool tries to populate this buffer, the overflow will occur which can lead to code execution under the context of the user running the tool.
3443 CVE-2016-8385 119 Exec Code Overflow 2017-02-27 2017-03-01
9.3
None Remote Medium Not required Complete Complete Complete
An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In most cases this will allow an aggressor to write outside the bounds of a stack buffer which is used to contain colors. This can lead to code execution under the context of the account running the tool.
3444 CVE-2016-8364 119 Overflow 2017-02-13 2017-02-28
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow.
3445 CVE-2016-8355 306 2017-02-13 2017-02-28
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates.
3446 CVE-2016-8276 119 DoS Exec Code Overflow 2016-10-03 2016-10-04
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication.
3447 CVE-2016-8237 264 Exec Code 2017-04-10 2017-04-17
9.3
None Remote Medium Not required Complete Complete Complete
Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.
3448 CVE-2016-8205 22 Dir. Trav. 2017-01-14 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
3449 CVE-2016-8204 22 Dir. Trav. 2017-01-14 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
3450 CVE-2016-8202 264 +Priv 2017-05-08 2018-03-15
9.0
None Remote Low Single system Complete Complete Complete
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.