CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6551 CVE-2016-9873 77 Exec Code 2017-02-03 2017-07-24
6.5
None Remote Low Single system Partial Partial Partial
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application.
6552 CVE-2016-9866 352 CSRF 2016-12-10 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
6553 CVE-2016-9864 89 Sql 2016-12-10 2017-06-30
6.0
None Remote Medium Single system Partial Partial Partial
An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
6554 CVE-2016-9842 189 2017-05-23 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
6555 CVE-2016-9840 189 2017-05-23 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
6556 CVE-2016-9832 74 Exec Code 2016-12-09 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report.
6557 CVE-2016-9831 119 Overflow 2017-02-16 2017-02-17
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.
6558 CVE-2016-9829 119 Overflow 2017-02-16 2017-02-17
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.
6559 CVE-2016-9809 125 2017-01-13 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
6560 CVE-2016-9777 125 DoS +Priv 2016-12-28 2016-12-30
6.9
None Local Medium Not required Complete Complete Complete
KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h.
6561 CVE-2016-9729 287 2017-03-07 2017-03-08
6.4
None Remote Low Not required Partial Partial None
IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Reference #: 1999545.
6562 CVE-2016-9716 352 CSRF 2017-07-31 2017-08-03
6.8
None Remote Medium Not required Partial Partial Partial
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729.
6563 CVE-2016-9714 352 CSRF 2017-07-31 2017-08-03
6.8
None Remote Medium Not required Partial Partial Partial
IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727.
6564 CVE-2016-9693 20 Bypass 2017-03-07 2017-05-01
6.8
None Remote Medium Not required Partial Partial Partial
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655.
6565 CVE-2016-9675 119 Exec Code Overflow 2016-12-22 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.
6566 CVE-2016-9651 94 Exec Code 2019-01-09 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
6567 CVE-2016-9606 20 Exec Code 2018-03-09 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
6568 CVE-2016-9599 284 2018-04-23 2019-10-09
6.0
None Remote Medium Single system Partial Partial Partial
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.
6569 CVE-2016-9594 665 2018-04-23 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
6570 CVE-2016-9586 119 Overflow 2018-04-23 2018-11-13
6.8
None Remote Medium Not required Partial Partial Partial
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.
6571 CVE-2016-9584 416 DoS 2017-01-18 2017-01-20
6.4
None Remote Low Not required Partial None Partial
libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file.
6572 CVE-2016-9583 125 2018-08-01 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
6573 CVE-2016-9581 119 Overflow 2018-08-01 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.
6574 CVE-2016-9580 190 Overflow 2018-08-01 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.
6575 CVE-2016-9577 119 Exec Code Overflow 2018-07-27 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.
6576 CVE-2016-9575 285 2018-03-13 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks.
6577 CVE-2016-9563 284 2016-11-22 2018-12-10
6.0
None Remote Medium Single system Partial Partial Partial
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.
6578 CVE-2016-9560 119 Overflow 2017-02-15 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
6579 CVE-2016-9496 306 2018-07-13 2019-10-09
6.1
None Local Network Low Not required None None Complete
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot.
6580 CVE-2016-9491 200 +Info 2018-07-13 2019-10-09
6.8
None Remote Low Single system Complete None None
ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administrative privileges, therefore it is possible to access every directory on the underlying operating system.
6581 CVE-2016-9487 611 2018-07-13 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities.
6582 CVE-2016-9480 119 DoS Overflow +Info 2016-11-29 2016-12-22
6.4
None Remote Low Not required Partial None Partial
libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006.
6583 CVE-2016-9463 287 Bypass 2017-03-27 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.
6584 CVE-2016-9456 352 CSRF 2017-03-27 2017-03-29
6.8
None Remote Medium Not required Partial Partial Partial
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed.
6585 CVE-2016-9455 352 CSRF 2017-03-27 2017-03-29
6.8
None Remote Medium Not required Partial Partial Partial
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`.
6586 CVE-2016-9453 787 DoS Exec Code 2017-01-27 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.
6587 CVE-2016-9447 125 DoS Exec Code 2017-01-23 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
6588 CVE-2016-9429 119 DoS Exec Code Overflow 2016-12-11 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffer overflow in the formUpdateBuffer function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
6589 CVE-2016-9428 119 DoS Exec Code Overflow 2016-12-11 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
6590 CVE-2016-9426 190 DoS Exec Code Overflow 2016-12-11 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM) and possibly execute arbitrary code due to bdwgc's bug (CVE-2016-9427) via a crafted HTML page.
6591 CVE-2016-9425 119 DoS Exec Code Overflow 2016-12-11 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
6592 CVE-2016-9424 119 DoS Exec Code Overflow 2016-12-11 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribute, which allows remote attackers to cause a denial of service (heap buffer overflow crash) and possibly execute arbitrary code via a crafted HTML page.
6593 CVE-2016-9423 119 DoS Exec Code Overflow 2016-12-11 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
6594 CVE-2016-9422 119 DoS Exec Code Overflow 2016-12-11 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause a denial of service (stack and/or heap buffer overflow) and possibly execute arbitrary code via a crafted HTML page.
6595 CVE-2016-9387 190 Overflow 2017-03-23 2018-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.
6596 CVE-2016-9381 362 +Priv 2017-01-23 2017-06-30
6.9
None Local Medium Not required Complete Complete Complete
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
6597 CVE-2016-9365 352 CSRF 2017-02-13 2017-02-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Requests are not verified to be intentionally submitted by the proper user (CROSS-SITE REQUEST FORGERY).
6598 CVE-2016-9362 287 2017-02-13 2017-06-28
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating.
6599 CVE-2016-9351 22 Dir. Trav. 2017-02-13 2017-08-11
6.0
None Remote Medium Single system Partial Partial Partial
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.
6600 CVE-2016-9318 611 2016-11-15 2018-08-15
6.8
None Remote Medium Not required Partial Partial Partial
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.