CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6001 CVE-2017-0362 352 CSRF 2018-04-13 2018-05-15
6.8
None Remote Medium Not required Partial Partial Partial
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.
6002 CVE-2017-0343 362 DoS 2017-05-09 2017-05-17
6.9
None Local Medium Not required Complete Complete Complete
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two functions leading to a denial of service or potential escalation of privileges.
6003 CVE-2017-0317 275 Exec Code 2017-02-15 2017-02-23
6.9
None Local Medium Not required Complete Complete Complete
All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges via code execution.
6004 CVE-2017-0279 19 Exec Code 2017-05-12 2018-03-27
6.8
None Remote Medium Not required Partial Partial Partial
The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278.
6005 CVE-2017-0278 19 Exec Code 2017-05-12 2018-03-27
6.8
None Remote Medium Not required Partial Partial Partial
The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0279.
6006 CVE-2017-0277 19 Exec Code 2017-05-12 2018-03-27
6.8
None Remote Medium Not required Partial Partial Partial
The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0278, and CVE-2017-0279.
6007 CVE-2017-0246 264 DoS +Priv 2017-05-12 2017-07-07
6.9
None Local Medium Not required Complete Complete Complete
The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka "Win32k Elevation of Privilege Vulnerability."
6008 CVE-2017-0244 264 DoS +Priv 2017-05-12 2017-07-07
6.9
None Local Medium Not required Complete Complete Complete
The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause denial of service, aka "Windows Kernel Elevation of Privilege Vulnerability."
6009 CVE-2017-0186 20 DoS 2017-04-12 2017-04-18
6.3
None Remote Medium Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0185.
6010 CVE-2017-0185 20 DoS 2017-04-12 2017-07-10
6.3
None Remote Medium Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0186.
6011 CVE-2017-0183 20 DoS 2017-04-12 2017-04-18
6.3
None Remote Medium Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.
6012 CVE-2017-0182 20 DoS 2017-04-12 2017-04-18
6.3
None Remote Medium Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.
6013 CVE-2017-0179 20 DoS 2017-04-12 2017-04-18
6.3
None Remote Medium Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.
6014 CVE-2017-0174 19 DoS 2017-08-08 2017-08-14
6.1
None Local Network Low Not required None None Complete
Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka "Windows NetBIOS Denial of Service Vulnerability".
6015 CVE-2017-0168 200 +Info 2017-04-12 2017-07-10
6.3
None Remote Medium Single system Complete None None
An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0169.
6016 CVE-2017-0161 362 Exec Code 2017-09-12 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability".
6017 CVE-2017-0156 264 2017-04-12 2017-07-10
6.9
None Local Medium Not required Complete Complete Complete
An elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when the Microsoft Graphics Component fails to properly handle objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability."
6018 CVE-2017-0155 264 +Priv 2017-04-12 2017-07-10
6.9
None Local Medium Not required Complete Complete Complete
The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Graphics Elevation of Privilege Vulnerability."
6019 CVE-2017-0101 119 Overflow +Priv 2017-03-16 2018-04-18
6.8
None Remote Medium Not required Partial Partial Partial
The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
6020 CVE-2017-0005 264 +Priv 2017-03-16 2017-07-11
6.9
None Local Medium Not required Complete Complete Complete
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047.
6021 CVE-2017-0002 264 Bypass 2017-01-10 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability."
6022 CVE-2016-1000218 352 CSRF 2017-06-16 2017-07-05
6.8
None Remote Medium Not required Partial Partial Partial
Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page.
6023 CVE-2016-1000213 352 CSRF 2016-10-25 2017-07-06
6.8
None Remote Medium Not required Partial Partial Partial
Ruckus Wireless H500 web management interface CSRF
6024 CVE-2016-1000122 89 Sql XSS 2016-10-27 2016-12-22
6.5
None Remote Low Single system Partial Partial Partial
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
6025 CVE-2016-1000120 89 Sql XSS 2016-10-27 2016-12-22
6.5
None Remote Low Single system Partial Partial Partial
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
6026 CVE-2016-1000119 79 XSS 2016-10-21 2018-05-02
6.5
None Remote Low Single system Partial Partial Partial
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
6027 CVE-2016-1000118 79 XSS 2016-10-21 2018-05-02
6.5
None Remote Low Single system Partial Partial Partial
XSS & SQLi in HugeIT slideshow v1.0.4
6028 CVE-2016-1000117 79 XSS 2016-10-21 2017-01-05
6.5
None Remote Low Single system Partial Partial Partial
XSS & SQLi in HugeIT slideshow v1.0.4
6029 CVE-2016-1000116 79 Sql XSS 2016-10-21 2017-03-27
6.5
None Remote Low Single system Partial Partial Partial
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
6030 CVE-2016-1000115 79 Sql XSS 2016-10-21 2017-11-13
6.5
None Remote Low Single system Partial Partial Partial
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
6031 CVE-2016-1000000 89 Sql 2016-10-06 2017-11-02
6.5
None Remote Low Single system Partial Partial Partial
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
6032 CVE-2016-10951 89 Sql 2019-09-13 2019-09-16
6.5
None Remote Low Single system Partial Partial Partial
The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.
6033 CVE-2016-10950 89 Sql 2019-09-13 2019-09-16
6.5
None Remote Low Single system Partial Partial Partial
The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.
6034 CVE-2016-10949 89 Sql 2019-09-13 2019-09-16
6.8
None Remote Medium Not required Partial Partial Partial
The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.
6035 CVE-2016-10948 20 2019-09-13 2019-09-13
6.8
None Remote Medium Not required Partial Partial Partial
The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function.
6036 CVE-2016-10947 89 Sql 2019-09-13 2019-09-13
6.5
None Remote Low Single system Partial Partial Partial
The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin.
6037 CVE-2016-10946 352 CSRF 2019-09-13 2019-09-13
6.8
None Remote Medium Not required Partial Partial Partial
The wp-d3 plugin before 2.4.1 for WordPress has CSRF.
6038 CVE-2016-10945 352 CSRF 2019-09-13 2019-09-16
6.8
None Remote Medium Not required Partial Partial Partial
The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.
6039 CVE-2016-10944 352 CSRF 2019-09-13 2019-09-13
6.8
None Remote Medium Not required Partial Partial Partial
The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF.
6040 CVE-2016-10943 89 Sql 2019-09-13 2019-09-13
6.5
None Remote Low Single system Partial Partial Partial
The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter.
6041 CVE-2016-10940 89 Sql 2019-09-13 2019-09-13
6.5
None Remote Low Single system Partial Partial Partial
The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.
6042 CVE-2016-10939 89 Sql 2019-09-13 2019-09-13
6.5
None Remote Low Single system Partial Partial Partial
The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter.
6043 CVE-2016-10931 295 2019-08-26 2019-09-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.
6044 CVE-2016-10927 918 2019-08-22 2019-08-26
6.4
None Remote Low Not required Partial Partial None
The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.
6045 CVE-2016-10926 918 2019-08-22 2019-08-26
6.4
None Remote Low Not required Partial Partial None
The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.
6046 CVE-2016-10918 352 CSRF 2019-08-22 2019-08-26
6.8
None Remote Medium Not required Partial Partial Partial
The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF.
6047 CVE-2016-10915 352 CSRF 2019-08-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.
6048 CVE-2016-10914 352 CSRF 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.
6049 CVE-2016-10905 416 2019-08-18 2019-08-23
6.1
None Local Low Not required Partial Partial Complete
An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry.
6050 CVE-2016-10903 352 CSRF 2019-08-21 2019-08-23
6.8
None Remote Medium Not required Partial Partial Partial
The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.