CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7651 CVE-2016-4787 2016-05-26 2016-05-26
6.4
None Remote Low Not required Partial None Partial
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.
7652 CVE-2016-4779 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
7653 CVE-2016-4769 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
7654 CVE-2016-4768 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767.
7655 CVE-2016-4767 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.
7656 CVE-2016-4766 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768.
7657 CVE-2016-4765 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
7658 CVE-2016-4764 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-02-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
7659 CVE-2016-4762 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
7660 CVE-2016-4759 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
7661 CVE-2016-4728 20 Exec Code 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.
7662 CVE-2016-4692 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
7663 CVE-2016-4691 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
7664 CVE-2016-4688 119 DoS Exec Code Overflow 2017-02-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted font.
7665 CVE-2016-4683 119 DoS Exec Code Overflow 2017-02-20 2017-02-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted SGI file.
7666 CVE-2016-4681 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-02-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Core Image" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.
7667 CVE-2016-4677 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
7668 CVE-2016-4673 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.
7669 CVE-2016-4667 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
7670 CVE-2016-4666 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
7671 CVE-2016-4657 119 DoS Exec Code Overflow Mem. Corr. 2016-08-25 2018-06-07
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
7672 CVE-2016-4637 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.
7673 CVE-2016-4633 264 DoS Exec Code Mem. Corr. 2016-07-21 2017-08-31
6.9
None Local Medium Not required Complete Complete Complete
Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7674 CVE-2016-4631 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
7675 CVE-2016-4630 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression.
7676 CVE-2016-4624 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623.
7677 CVE-2016-4623 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4624.
7678 CVE-2016-4622 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.
7679 CVE-2016-4611 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.
7680 CVE-2016-4602 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4600.
7681 CVE-2016-4601 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SGI image.
7682 CVE-2016-4600 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602.
7683 CVE-2016-4599 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document.
7684 CVE-2016-4598 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.
7685 CVE-2016-4597 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602.
7686 CVE-2016-4596 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602.
7687 CVE-2016-4589 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.
7688 CVE-2016-4588 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
7689 CVE-2016-4586 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
7690 CVE-2016-4584 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
7691 CVE-2016-4577 119 DoS Exec Code Overflow 2016-05-23 2016-11-28
6.8
None Local Network High Not required Complete Complete Complete
Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."
7692 CVE-2016-4563 119 DoS Overflow 2016-06-04 2016-09-22
6.8
None Remote Medium Not required Partial Partial Partial
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
7693 CVE-2016-4562 119 DoS Overflow 2016-06-04 2016-09-22
6.8
None Remote Medium Not required Partial Partial Partial
The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
7694 CVE-2016-4558 DoS 2016-05-23 2016-08-02
6.9
None Local Medium Not required Complete Complete Complete
The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference count or (2) a 1 Tb system, related to the map reference count.
7695 CVE-2016-4533 119 Exec Code Overflow 2016-07-11 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.
7696 CVE-2016-4532 22 Dir. Trav. 2016-06-09 2016-11-28
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.
7697 CVE-2016-4526 427 +Priv 2016-09-18 2016-11-28
6.9
None Local Medium Not required Complete Complete Complete
ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory.
7698 CVE-2016-4510 287 Bypass 2016-06-09 2016-11-28
6.4
None Remote Low Not required Partial Partial None
The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors.
7699 CVE-2016-4509 119 Exec Code Overflow 2016-07-03 2016-11-28
6.0
None Remote Medium Single system Partial Partial Partial
Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file.
7700 CVE-2016-4506 352 CSRF 2016-05-30 2016-06-07
6.0
None Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.