CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7801 CVE-2016-3887 264 Bypass 2016-09-11 2017-08-12
6.8
None Remote Medium Not required Partial Partial Partial
providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOW_CONFIG_VPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712.
7802 CVE-2016-3882 284 DoS 2016-10-10 2016-11-28
6.1
None Local Network Low Not required None None Complete
Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2) Venue Type value, aka internal bug 29464811.
7803 CVE-2016-3863 284 Exec Code Overflow 2016-09-11 2017-08-12
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a crafted media file, aka internal bug 29161888.
7804 CVE-2016-3856 19 DoS 2016-08-06 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631.
7805 CVE-2016-3855 125 DoS 2016-08-06 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR990824.
7806 CVE-2016-3854 125 DoS 2016-08-06 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR897326.
7807 CVE-2016-3850 264 Overflow +Priv 2016-08-05 2016-11-28
6.9
None Local Medium Not required Complete Complete Complete
Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug CR945164.
7808 CVE-2016-3849 264 +Priv 2016-08-05 2016-11-28
6.9
None Local Medium Not required Complete Complete Complete
The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28939740.
7809 CVE-2016-3847 264 +Priv 2016-08-05 2017-10-18
6.9
None Local Medium Not required Complete Complete Complete
The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433.
7810 CVE-2016-3822 119 DoS Exec Code Overflow 2016-08-05 2018-11-05
6.8
None Remote Medium Not required Partial Partial Partial
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.
7811 CVE-2016-3765 200 DoS +Info 2016-07-10 2016-07-12
6.4
None Remote Low Not required Partial None Partial
decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016-07-01 allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted application, aka internal bug 28168413.
7812 CVE-2016-3740 119 Exec Code Overflow 2017-04-04 2017-04-11
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed in 8.0.
7813 CVE-2016-3738 264 +Priv 2016-06-08 2016-06-09
6.5
None Remote Low Single system Partial Partial Partial
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.
7814 CVE-2016-3734 352 CSRF 2017-04-20 2017-04-27
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
7815 CVE-2016-3728 284 Exec Code 2016-05-20 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.
7816 CVE-2016-3707 284 Exec Code 2016-06-27 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.
7817 CVE-2016-3699 264 Exec Code Bypass 2016-10-07 2018-01-04
6.9
None Local Medium Not required Complete Complete Complete
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.
7818 CVE-2016-3698 284 DoS 2016-06-13 2016-10-03
6.8
None Remote Medium Not required Partial Partial Partial
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.
7819 CVE-2016-3693 264 +Info 2016-05-20 2018-02-22
6.8
None Remote Medium Not required Partial Partial Partial
The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.
7820 CVE-2016-3691 352 Bypass CSRF 2017-04-24 2017-04-27
6.8
None Remote Medium Not required Partial Partial Partial
Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.
7821 CVE-2016-3677 345 2016-06-13 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.
7822 CVE-2016-3675 89 Exec Code Sql 2016-04-11 2016-04-13
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases.
7823 CVE-2016-3659 89 Exec Code Sql 2016-04-11 2016-11-30
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.
7824 CVE-2016-3653 352 CSRF 2016-06-30 2017-09-02
6.0
None Remote Medium Single system Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users.
7825 CVE-2016-3651 200 +Info 2016-06-30 2017-08-31
6.0
None Remote Medium Single system Partial Partial Partial
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors.
7826 CVE-2016-3635 284 Bypass 2016-10-13 2016-11-28
6.0
None Remote Medium Single system Partial Partial Partial
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.
7827 CVE-2016-3632 787 DoS Exec Code 2016-09-21 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.
7828 CVE-2016-3630 19 Exec Code 2016-04-13 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
7829 CVE-2016-3628 119 DoS Exec Code Overflow 2016-04-20 2016-05-18
6.5
None Remote Low Single system Partial Partial Partial
Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data.
7830 CVE-2016-3621 125 DoS 2016-10-03 2017-09-02
6.8
None Remote Medium Not required Partial Partial Partial
The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
7831 CVE-2016-3616 476 DoS Exec Code 2017-02-13 2019-08-06
6.8
None Remote Medium Not required Partial Partial Partial
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
7832 CVE-2016-3606 2016-07-21 2017-11-09
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.
7833 CVE-2016-3565 2016-07-21 2017-08-31
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 5.1 and 5.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to System Administration.
7834 CVE-2016-3552 2016-07-21 2017-11-09
6.2
None Local High Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.
7835 CVE-2016-3537 2016-07-21 2017-08-31
6.8
None Remote Low Single system Complete None None
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-5473.
7836 CVE-2016-3521 2016-07-21 2018-01-04
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.
7837 CVE-2016-3520 2016-07-21 2017-08-31
6.8
None Remote Low Single system Complete None None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via vectors related to AOL Diagnostic tests.
7838 CVE-2016-3518 2016-07-21 2017-08-31
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
7839 CVE-2016-3514 2016-07-21 2017-08-31
6.8
None Remote Low Single system Complete None None
Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiality via vectors related to GUI, a different vulnerability than CVE-2016-3516.
7840 CVE-2016-3513 2016-07-21 2017-08-31
6.8
None Remote Low Single system Complete None None
Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality via vectors related to Infrastructure.
7841 CVE-2016-3511 2016-07-21 2018-01-04
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.
7842 CVE-2016-3506 2016-07-21 2018-07-18
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the JDBC component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2; the Oracle Retail Xstore Point of Service 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, and 16.0; the Oracle Retail Warehouse Management System 14.04, 14.1.3, and 15.0.1; the Oracle Retail Workforce Management 1.60.7, and 1.64.0; the Oracle Retail Clearance Optimization Engine 13.4; the Oracle Retail Markdown Optimization 13.4 and 14.0; and Oracle Retail Merchandising System 16.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
7843 CVE-2016-3502 2016-07-21 2017-08-31
6.0
None Remote Medium Single system Partial Partial Partial
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
7844 CVE-2016-3495 2016-10-25 2017-07-28
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.
7845 CVE-2016-3494 2016-07-21 2017-08-31
6.1
None Local Network Low Not required None None Complete
Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2 allows remote attackers to affect availability via vectors related to OS Provisioning.
7846 CVE-2016-3492 2016-10-25 2018-01-04
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
7847 CVE-2016-3486 2016-07-21 2017-08-31
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.
7848 CVE-2016-3483 2016-07-21 2017-08-31
6.4
None Remote Low Not required Partial None Partial
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and availability via vectors related to File Processing.
7849 CVE-2016-3476 2016-07-21 2017-08-31
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console.
7850 CVE-2016-3466 2016-04-21 2016-12-02
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.