CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5201 CVE-2016-4677 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
5202 CVE-2016-4673 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.
5203 CVE-2016-4667 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
5204 CVE-2016-4666 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
5205 CVE-2016-4657 119 DoS Exec Code Overflow Mem. Corr. 2016-08-25 2018-06-07
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
5206 CVE-2016-4637 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.
5207 CVE-2016-4633 264 DoS Exec Code Mem. Corr. 2016-07-21 2017-08-31
6.9
None Local Medium Not required Complete Complete Complete
Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
5208 CVE-2016-4631 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
5209 CVE-2016-4630 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression.
5210 CVE-2016-4624 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623.
5211 CVE-2016-4623 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4624.
5212 CVE-2016-4622 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.
5213 CVE-2016-4611 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.
5214 CVE-2016-4602 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4600.
5215 CVE-2016-4601 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SGI image.
5216 CVE-2016-4600 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602.
5217 CVE-2016-4599 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document.
5218 CVE-2016-4598 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.
5219 CVE-2016-4597 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602.
5220 CVE-2016-4596 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602.
5221 CVE-2016-4589 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.
5222 CVE-2016-4588 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
5223 CVE-2016-4586 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
5224 CVE-2016-4584 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
5225 CVE-2016-4577 119 DoS Exec Code Overflow 2016-05-23 2016-11-28
6.8
None Local Network High Not required Complete Complete Complete
Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."
5226 CVE-2016-4563 119 DoS Overflow 2016-06-04 2016-09-22
6.8
None Remote Medium Not required Partial Partial Partial
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
5227 CVE-2016-4562 119 DoS Overflow 2016-06-04 2016-09-22
6.8
None Remote Medium Not required Partial Partial Partial
The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
5228 CVE-2016-4558 DoS 2016-05-23 2016-08-02
6.9
None Local Medium Not required Complete Complete Complete
The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference count or (2) a 1 Tb system, related to the map reference count.
5229 CVE-2016-4533 119 Exec Code Overflow 2016-07-11 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.
5230 CVE-2016-4532 22 Dir. Trav. 2016-06-09 2016-11-28
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.
5231 CVE-2016-4526 427 +Priv 2016-09-18 2016-11-28
6.9
None Local Medium Not required Complete Complete Complete
ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory.
5232 CVE-2016-4510 287 Bypass 2016-06-09 2016-11-28
6.4
None Remote Low Not required Partial Partial None
The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors.
5233 CVE-2016-4509 119 Exec Code Overflow 2016-07-03 2016-11-28
6.0
None Remote Medium Single system Partial Partial Partial
Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file.
5234 CVE-2016-4506 352 CSRF 2016-05-30 2016-06-07
6.0
None Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users.
5235 CVE-2016-4504 352 CSRF 2017-03-21 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.
5236 CVE-2016-4501 284 Bypass 2016-05-30 2016-06-07
6.4
None Remote Low Not required Partial Partial None
Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors.
5237 CVE-2016-4498 20 DoS 2016-05-11 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors.
5238 CVE-2016-4497 20 DoS 2016-05-11 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
5239 CVE-2016-4494 352 CSRF 2016-06-09 2016-06-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file.
5240 CVE-2016-4475 254 Bypass 2016-08-19 2018-01-04
6.5
None Remote Low Single system Partial Partial Partial
The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.
5241 CVE-2016-4472 119 DoS Exec Code Overflow 2016-06-30 2017-11-02
6.8
None Remote Medium Not required Partial Partial Partial
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
5242 CVE-2016-4471 264 Exec Code 2017-06-08 2017-06-15
6.5
None Remote Low Single system Partial Partial Partial
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.
5243 CVE-2016-4469 352 CSRF 2016-07-28 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter to admin/addProxyConnector_commit.action, (2) new repositories via the token parameter to admin/addRepository_commit.action, (3) edit existing repositories via the token parameter to admin/editRepository_commit.action, (4) add legacy artifact paths via the token parameter to admin/addLegacyArtifactPath_commit.action, (5) change the organizational appearance via the token parameter to admin/saveAppearance.action, or (6) upload new artifacts via the token parameter to upload_submit.action.
5244 CVE-2016-4468 89 Exec Code Sql 2017-04-11 2017-04-17
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
5245 CVE-2016-4462 20 Exec Code 2017-08-30 2017-09-12
6.5
None Remote Low Single system Partial Partial Partial
By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz 16.11.01
5246 CVE-2016-4451 254 Bypass 2016-08-19 2018-02-22
6.0
None Remote Medium Single system Partial Partial Partial
The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.
5247 CVE-2016-4446 77 Exec Code 2017-04-11 2017-04-17
6.9
None Local Medium Not required Complete Complete Complete
The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.
5248 CVE-2016-4445 77 Exec Code 2017-04-11 2017-04-17
6.9
None Local Medium Not required Complete Complete Complete
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.
5249 CVE-2016-4444 77 Exec Code 2017-04-11 2017-04-17
6.9
None Local Medium Not required Complete Complete Complete
The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.
5250 CVE-2016-4437 284 Exec Code Bypass 2016-06-07 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.