CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5601 CVE-2017-0144 20 Exec Code 2017-03-17 2018-06-21
9.3
None Remote Medium Not required Complete Complete Complete
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
5602 CVE-2017-0143 20 Exec Code 2017-03-17 2018-06-21
9.3
None Remote Medium Not required Complete Complete Complete
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
5603 CVE-2017-0108 119 Exec Code Overflow 2017-03-17 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.
5604 CVE-2017-0106 119 DoS Exec Code Overflow Mem. Corr. 2017-04-12 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
5605 CVE-2017-0104 190 Overflow Mem. Corr. 2017-03-17 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overflow, aka "iSNS Server Memory Corruption Vulnerability."
5606 CVE-2017-0090 119 Exec Code Overflow 2017-03-17 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0089.
5607 CVE-2017-0089 119 Exec Code Overflow 2017-03-17 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0090.
5608 CVE-2017-0088 119 Exec Code Overflow 2017-03-17 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."
5609 CVE-2017-0087 119 Exec Code Overflow 2017-03-17 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
5610 CVE-2017-0086 119 Exec Code Overflow 2017-03-17 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
5611 CVE-2017-0084 119 Exec Code Overflow 2017-03-17 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
5612 CVE-2017-0083 119 Exec Code Overflow 2017-03-17 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
5613 CVE-2017-0072 119 Exec Code Overflow 2017-03-17 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
5614 CVE-2017-0053 119 DoS Exec Code Overflow Mem. Corr. 2017-03-17 2017-07-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052.
5615 CVE-2017-0052 119 DoS Exec Code Overflow Mem. Corr. 2017-03-17 2017-07-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0053.
5616 CVE-2017-0039 Exec Code +Priv 2017-03-17 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle dynamic link library (DLL) loading, which allows local users to gain privileges via a crafted application, aka "Library Loading Input Validation Remote Code Execution Vulnerability."
5617 CVE-2017-0031 119 DoS Exec Code Overflow Mem. Corr. 2017-03-17 2017-07-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0052, and CVE-2017-0053.
5618 CVE-2017-0030 119 DoS Exec Code Overflow Mem. Corr. 2017-03-17 2017-07-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
5619 CVE-2017-0028 119 Exec Code Overflow Mem. Corr. 2017-07-17 2017-08-04
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability."
5620 CVE-2017-0020 119 DoS Exec Code Overflow Mem. Corr. 2017-03-17 2017-07-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
5621 CVE-2017-0019 119 DoS Exec Code Overflow Mem. Corr. 2017-03-17 2017-07-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
5622 CVE-2017-0006 119 DoS Exec Code Overflow Mem. Corr. 2017-03-17 2017-07-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
5623 CVE-2017-0003 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
5624 CVE-2016-1000216 78 2016-10-10 2017-07-07
9.0
None Remote Low ??? Complete Complete Complete
Ruckus Wireless H500 web management interface authenticated command injection
5625 CVE-2016-1000112 22 Dir. Trav. 2016-10-06 2020-04-29
9.4
None Remote Low Not required Complete Complete None
Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin
5626 CVE-2016-11061 78 Exec Code 2020-04-29 2020-05-06
10.0
None Remote Low Not required Complete Complete Complete
Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.
5627 CVE-2016-11056 2020-04-28 2020-05-05
9.0
None Remote Low ??? Complete Complete Complete
Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier.
5628 CVE-2016-11054 78 Exec Code 2020-04-28 2020-05-04
9.0
None Remote Low ??? Complete Complete Complete
NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory.
5629 CVE-2016-11021 78 Exec Code 2020-03-09 2021-04-23
9.0
None Remote Low ??? Complete Complete Complete
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.
5630 CVE-2016-11017 78 Exec Code 2020-01-06 2020-01-14
10.0
None Remote Low Not required Complete Complete Complete
The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6.
5631 CVE-2016-10858 20 Exec Code 2019-08-01 2019-08-09
9.3
None Remote Medium Not required Complete Complete Complete
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).
5632 CVE-2016-10855 20 Exec Code 2019-08-01 2019-08-06
10.0
None Remote Low Not required Complete Complete Complete
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
5633 CVE-2016-10850 20 Exec Code 2019-08-01 2019-08-06
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).
5634 CVE-2016-10848 285 2019-08-01 2019-08-08
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).
5635 CVE-2016-10840 668 Exec Code 2019-08-01 2019-08-12
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).
5636 CVE-2016-10828 22 Exec Code Dir. Trav. 2019-08-01 2019-08-07
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).
5637 CVE-2016-10824 20 Exec Code 2019-08-01 2019-08-07
9.3
None Remote Medium Not required Complete Complete Complete
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).
5638 CVE-2016-10823 20 Exec Code 2019-08-01 2019-08-07
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).
5639 CVE-2016-10820 284 2019-08-01 2019-08-06
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).
5640 CVE-2016-10817 89 Sql 2019-08-01 2019-08-06
10.0
None Remote Low Not required Complete Complete Complete
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
5641 CVE-2016-10812 20 2019-08-07 2019-08-12
9.0
None Remote Low ??? Complete Complete Complete
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).
5642 CVE-2016-10811 200 +Info 2019-08-07 2019-08-09
9.0
None Remote Low ??? Complete Complete Complete
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).
5643 CVE-2016-10810 200 +Info 2019-08-07 2019-08-09
9.0
None Remote Low ??? Complete Complete Complete
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).
5644 CVE-2016-10809 200 +Info 2019-08-07 2019-08-09
9.0
None Remote Low ??? Complete Complete Complete
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).
5645 CVE-2016-10808 20 2019-08-07 2019-08-12
9.0
None Remote Low ??? Complete Complete Complete
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).
5646 CVE-2016-10788 20 Exec Code 2019-08-06 2019-08-09
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188).
5647 CVE-2016-10760 77 2019-06-11 2019-06-12
10.0
None Remote Low Not required Complete Complete Complete
On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter.
5648 CVE-2016-10709 78 Exec Code 2018-01-22 2018-02-09
9.0
None Remote Low ??? Complete Complete Complete
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
5649 CVE-2016-10698 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
5650 CVE-2016-10697 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.