CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2016 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-5840 20 Exec Code 2016-06-30 2016-11-28
9.0
None Remote Low Single system Complete Complete Complete
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
2 CVE-2016-5829 119 DoS Overflow 2016-06-27 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
3 CVE-2016-5828 20 DoS 2016-06-27 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.
4 CVE-2016-5723 264 +Priv 2016-06-24 2016-06-27
7.2
Admin Local Low Not required Complete Complete Complete
Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors.
5 CVE-2016-5722 200 +Info 2016-06-24 2016-09-29
7.5
None Remote Low Not required Partial Partial Partial
Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.
6 CVE-2016-5435 399 DoS 2016-06-24 2016-06-27
7.1
None Remote Medium Not required None None Complete
Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet.
7 CVE-2016-5368 399 DoS 2016-06-30 2016-11-28
7.8
None Remote Low Not required None None Complete
Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS) packets.
8 CVE-2016-5365 264 Exec Code Overflow 2016-06-14 2016-06-14
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWPSIRT-2016-05051.
9 CVE-2016-5302 284 2016-06-13 2016-06-20
7.5
None Remote Low Not required Partial Partial Partial
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.
10 CVE-2016-5300 399 DoS 2016-06-16 2019-01-23
7.8
None Remote Low Not required None None Complete
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.
11 CVE-2016-5234 119 Exec Code Overflow 2016-06-13 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a crafted packet, aka HWPSIRT-2016-05054.
12 CVE-2016-5232 119 DoS Overflow 2016-06-30 2016-11-28
7.1
None Remote Medium Not required None None Complete
Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (system crash) via a crafted app.
13 CVE-2016-5118 284 Exec Code 2016-06-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
14 CVE-2016-5108 119 DoS Exec Code Overflow 2016-06-08 2017-06-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.
15 CVE-2016-5101 284 Exec Code 2016-06-29 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message.
16 CVE-2016-5020 264 +Priv 2016-06-30 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script.
17 CVE-2016-4823 DoS 2016-06-25 2016-06-27
7.8
None Remote Low Not required None None Complete
Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors.
18 CVE-2016-4819 Exec Code 2016-06-18 2016-06-23
7.5
None Remote Low Not required Partial Partial Partial
The printfDx function in Takumi Yamada DX Library for Borland C++ 3.13f through 3.16b, DX Library for Gnu C++ 3.13f through 3.16b, and DX Library for Visual C++ 3.13f through 3.16b allows remote attackers to execute arbitrary code via a crafted string.
19 CVE-2016-4813 284 +Priv 2016-06-18 2016-06-21
9.0
None Remote Low Single system Complete Complete Complete
NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account.
20 CVE-2016-4564 119 DoS Overflow 2016-06-04 2016-09-22
7.5
None Remote Low Not required Partial Partial Partial
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
21 CVE-2016-4519 119 Exec Code Overflow 2016-06-24 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file.
22 CVE-2016-4448 134 2016-06-09 2019-09-25
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
23 CVE-2016-4440 264 DoS Exec Code 2016-06-27 2016-06-27
7.2
None Local Low Not required Complete Complete Complete
arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode.
24 CVE-2016-4429 20 DoS Overflow 2016-06-10 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
25 CVE-2016-4368 20 Exec Code 2016-06-08 2016-06-10
7.5
None Remote Low Not required Partial Partial Partial
HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
26 CVE-2016-4366 DoS +Info 2016-06-08 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
27 CVE-2016-4364 +Priv 2016-06-08 2016-08-23
7.2
None Local Low Not required Complete Complete Complete
HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors.
28 CVE-2016-4359 119 Exec Code Overflow 2016-06-08 2017-11-02
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516.
29 CVE-2016-4357 +Info 2016-06-08 2016-08-23
7.5
None Remote Low Single system Partial Complete None
HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.
30 CVE-2016-4328 +Info 2016-06-09 2016-06-10
10.0
None Remote Low Not required Complete Complete Complete
MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server.
31 CVE-2016-4326 Exec Code 2016-06-09 2016-06-10
7.5
None Remote Low Not required Partial Partial Partial
The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie.
32 CVE-2016-4309 362 2016-06-30 2018-10-09
7.6
None Remote High Not required Complete Complete Complete
Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.
33 CVE-2016-4171 Exec Code 2016-06-16 2017-01-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
34 CVE-2016-4167 119 DoS Exec Code Overflow Mem. Corr. 2016-06-16 2016-06-17
7.5
None Remote Low Not required Partial Partial Partial
Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
35 CVE-2016-4166 2016-06-16 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
36 CVE-2016-4165 20 2016-06-16 2016-06-17
10.0
None Remote Low Not required Complete Complete Complete
The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact via invalid input.
37 CVE-2016-4163 119 DoS Exec Code Overflow Mem. Corr. 2016-06-16 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4162.
38 CVE-2016-4162 119 DoS Exec Code Overflow Mem. Corr. 2016-06-16 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4163.
39 CVE-2016-4161 119 DoS Exec Code Overflow Mem. Corr. 2016-06-16 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4162, and CVE-2016-4163.
40 CVE-2016-4160 119 DoS Exec Code Overflow Mem. Corr. 2016-06-16 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163.
41 CVE-2016-4156 2016-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
42 CVE-2016-4155 2016-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
43 CVE-2016-4154 2016-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
44 CVE-2016-4153 2016-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
45 CVE-2016-4152 2016-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
46 CVE-2016-4151 2016-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
47 CVE-2016-4150 2016-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
48 CVE-2016-4149 2016-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
49 CVE-2016-4148 2016-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
50 CVE-2016-4147 2016-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Total number of vulnerabilities : 191   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.