CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6301 CVE-2016-5411 255 2017-06-13 2017-07-05
10.0
None Remote Low Not required Complete Complete Complete
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.
6302 CVE-2016-5402 94 Exec Code 2018-10-31 2019-10-09
9.0
None Remote Low ??? Complete Complete Complete
A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.
6303 CVE-2016-5397 77 2018-02-12 2020-06-04
9.0
None Remote Low ??? Complete Complete Complete
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
6304 CVE-2016-5365 264 Exec Code Overflow 2016-06-14 2016-06-14
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWPSIRT-2016-05051.
6305 CVE-2016-5333 798 2016-08-31 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
6306 CVE-2016-5313 78 Exec Code 2017-04-12 2017-04-20
9.0
None Remote Low ??? Complete Complete Complete
Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.
6307 CVE-2016-5234 119 Exec Code Overflow 2016-06-13 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a crafted packet, aka HWPSIRT-2016-05054.
6308 CVE-2016-5228 119 Exec Code Overflow 2016-07-03 2017-09-03
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability.
6309 CVE-2016-5194 2019-11-20 2019-11-21
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.
6310 CVE-2016-5179 119 Exec Code Overflow 2018-03-07 2018-03-27
10.0
None Remote Low Not required Complete Complete Complete
Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.
6311 CVE-2016-5118 284 Exec Code 2016-06-10 2019-12-27
10.0
None Remote Low Not required Complete Complete Complete
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
6312 CVE-2016-5101 284 Exec Code 2016-06-29 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message.
6313 CVE-2016-5086 287 Bypass 2016-10-05 2016-12-24
9.3
None Remote Medium Not required Complete Complete Complete
Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks.
6314 CVE-2016-5081 798 2016-08-24 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session.
6315 CVE-2016-5080 DoS Exec Code Overflow 2016-07-19 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.
6316 CVE-2016-5071 264 2017-04-10 2017-04-14
10.0
None Remote Low Not required Complete Complete Complete
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
6317 CVE-2016-5067 77 2017-04-10 2017-04-14
9.0
None Remote Low ??? Complete Complete Complete
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
6318 CVE-2016-5066 255 2017-04-10 2017-04-14
10.0
None Remote Low Not required Complete Complete Complete
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
6319 CVE-2016-5062 669 Exec Code 2016-09-29 2017-04-10
9.3
None Remote Medium Not required Complete Complete Complete
The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.
6320 CVE-2016-5020 264 +Priv 2016-06-30 2019-06-06
9.0
None Remote Low ??? Complete Complete Complete
F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script.
6321 CVE-2016-5002 611 2017-10-27 2018-12-05
9.3
None Remote Medium Not required Complete Complete Complete
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
6322 CVE-2016-4965 78 Exec Code 2016-09-21 2016-09-21
9.0
None Remote Low ??? Complete Complete Complete
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.
6323 CVE-2016-4929 77 Exec Code 2017-03-20 2017-03-22
9.0
None Remote Low ??? Complete Complete Complete
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.
6324 CVE-2016-4902 426 +Priv 2017-06-09 2017-06-22
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier and The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
6325 CVE-2016-4899 20 Exec Code 2017-04-13 2017-04-19
10.0
None Remote Low Not required Complete Complete Complete
The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.
6326 CVE-2016-4898 20 Exec Code 2017-04-13 2017-04-19
10.0
None Remote Low Not required Complete Complete Complete
The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.
6327 CVE-2016-4846 426 2017-04-21 2017-04-26
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2.
6328 CVE-2016-4813 284 +Priv 2016-06-19 2016-06-21
9.0
None Remote Low ??? Complete Complete Complete
NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account.
6329 CVE-2016-4782 20 2016-05-23 2016-05-25
9.3
None Remote Medium Not required Complete Complete Complete
Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."
6330 CVE-2016-4780 476 DoS Exec Code 2017-02-20 2017-02-21
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Thunderbolt" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
6331 CVE-2016-4778 264 DoS Exec Code Mem. Corr. 2016-09-25 2019-03-13
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
6332 CVE-2016-4777 264 DoS Exec Code 2016-09-25 2019-03-13
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.
6333 CVE-2016-4753 20 Exec Code 2016-09-25 2019-03-13
9.3
None Remote Medium Not required Complete Complete Complete
Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
6334 CVE-2016-4750 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-30
9.3
None Remote Medium Not required Complete Complete Complete
S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
6335 CVE-2016-4738 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2019-06-18
9.3
None Remote Medium Not required Complete Complete Complete
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
6336 CVE-2016-4737 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2019-03-12
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
6337 CVE-2016-4736 119 DoS Overflow Mem. Corr. 2016-09-25 2017-11-14
9.3
None Remote Medium Not required Complete Complete Complete
libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file.
6338 CVE-2016-4735 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2019-03-13
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734.
6339 CVE-2016-4734 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2019-03-12
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735.
6340 CVE-2016-4733 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2019-03-13
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735.
6341 CVE-2016-4731 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-30
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729.
6342 CVE-2016-4730 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2019-03-11
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.
6343 CVE-2016-4729 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-30
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731.
6344 CVE-2016-4727 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-30
9.3
None Remote Medium Not required Complete Complete Complete
IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
6345 CVE-2016-4726 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2019-03-09
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
6346 CVE-2016-4724 476 DoS Exec Code 2016-09-25 2017-07-30
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
6347 CVE-2016-4723 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-30
9.3
None Remote Medium Not required Complete Complete Complete
Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
6348 CVE-2016-4712 787 DoS Exec Code 2016-09-25 2019-03-13
9.3
None Remote Medium Not required Complete Complete Complete
CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
6349 CVE-2016-4703 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-30
9.3
None Remote Medium Not required Complete Complete Complete
Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
6350 CVE-2016-4702 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2019-03-13
10.0
None Remote Low Not required Complete Complete Complete
Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.