CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11701 CVE-2016-8277 20 DoS 2016-10-03 2016-10-06
6.8
None Remote Low ??? None None Complete
Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter.
11702 CVE-2016-8273 20 2017-04-02 2017-04-05
6.9
None Local Medium Not required Complete Complete Complete
Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC.
11703 CVE-2016-8229 352 CSRF 2017-06-04 2017-06-09
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
11704 CVE-2016-8226 19 DoS 2017-01-26 2017-02-01
6.8
None Remote Low ??? None None Complete
The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.
11705 CVE-2016-8206 22 Dir. Trav. 2017-01-14 2018-05-10
6.4
None Remote Low Not required None Partial Partial
A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.
11706 CVE-2016-8201 352 CSRF 2017-01-14 2019-04-17
6.0
None Remote Medium ??? Partial Partial Partial
A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster.
11707 CVE-2016-8105 DoS 2017-02-27 2017-03-02
6.1
None Local Network Low Not required None None Complete
Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations.
11708 CVE-2016-8103 264 2016-12-08 2016-12-27
6.8
None Local Low ??? Complete Complete Complete
SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform.
11709 CVE-2016-8025 89 Sql +Info 2017-03-14 2017-09-03
6.0
None Remote Medium ??? Partial Partial Partial
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
11710 CVE-2016-8024 113 +Info 2017-03-14 2017-09-03
6.8
None Remote Medium Not required Partial Partial Partial
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.
11711 CVE-2016-8023 287 Bypass 2017-03-14 2017-09-03
6.8
None Remote Medium Not required Partial Partial Partial
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.
11712 CVE-2016-8020 94 Exec Code 2017-03-14 2017-09-03
6.0
None Remote Medium ??? Partial Partial Partial
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.
11713 CVE-2016-8018 352 Exec Code CSRF 2017-03-14 2017-09-03
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.
11714 CVE-2016-7998 20 Exec Code 2017-01-18 2017-05-24
6.5
None Remote Low ??? Partial Partial Partial
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
11715 CVE-2016-7980 352 Exec Code CSRF 2017-01-18 2017-05-24
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.
11716 CVE-2016-7976 20 Exec Code 2017-08-07 2017-11-04
6.8
None Remote Medium Not required Partial Partial Partial
The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams.
11717 CVE-2016-7904 352 CSRF 2017-01-16 2017-01-27
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.
11718 CVE-2016-7902 434 Exec Code 2017-01-04 2017-01-07
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20.
11719 CVE-2016-7885 352 CSRF 2016-12-15 2016-12-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks.
11720 CVE-2016-7844 78 Exec Code 2017-08-02 2017-08-04
6.0
None Remote Medium ??? Partial Partial Partial
GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template.
11721 CVE-2016-7838 426 Exec Code 2017-06-09 2017-06-20
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.
11722 CVE-2016-7835 416 +Info 2017-06-09 2021-04-19
6.4
None Remote Low Not required Partial None Partial
Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.
11723 CVE-2016-7833 284 Bypass 2017-06-09 2017-06-14
6.4
None Remote Low Not required None Partial Partial
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
11724 CVE-2016-7824 284 Bypass 2017-06-09 2017-06-15
6.5
None Remote Low ??? Partial Partial Partial
Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors.
11725 CVE-2016-7822 352 CSRF 2017-06-09 2017-06-15
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.
11726 CVE-2016-7818 264 +Priv 2017-06-09 2017-06-22
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to October 17, 2016 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
11727 CVE-2016-7809 352 CSRF 2017-06-09 2017-06-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors.
11728 CVE-2016-7804 426 +Priv 2017-05-22 2017-06-01
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
11729 CVE-2016-7803 89 Exec Code Sql 2017-06-09 2017-06-13
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
11730 CVE-2016-7793 284 Exec Code 2017-01-19 2017-01-20
6.8
None Remote Medium Not required Partial Partial Partial
sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL.
11731 CVE-2016-7742 20 Exec Code 2017-02-20 2017-02-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "xar" component, which allows remote attackers to execute arbitrary code via a crafted archive that triggers use of uninitialized memory locations.
11732 CVE-2016-7659 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.
11733 CVE-2016-7658 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.
11734 CVE-2016-7656 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
11735 CVE-2016-7655 704 DoS +Priv 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreMedia External Displays" component. It allows local users to gain privileges or cause a denial of service (type confusion) via unspecified vectors.
11736 CVE-2016-7654 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
11737 CVE-2016-7652 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
11738 CVE-2016-7649 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
11739 CVE-2016-7648 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
11740 CVE-2016-7646 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
11741 CVE-2016-7645 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
11742 CVE-2016-7642 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
11743 CVE-2016-7641 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
11744 CVE-2016-7640 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
11745 CVE-2016-7639 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
11746 CVE-2016-7635 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
11747 CVE-2016-7632 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
11748 CVE-2016-7626 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the "Profiles" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted certificate profile.
11749 CVE-2016-7622 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Grapher" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file.
11750 CVE-2016-7618 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.