CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2651 CVE-2016-8204 22 Dir. Trav. 2017-01-14 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
2652 CVE-2016-8202 264 +Priv 2017-05-08 2018-03-15
9.0
None Remote Low Single system Complete Complete Complete
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.
2653 CVE-2016-7990 190 DoS Exec Code Overflow 2016-10-31 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542.
2654 CVE-2016-7913 416 DoS +Priv 2016-11-16 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.
2655 CVE-2016-7912 416 +Priv 2016-11-16 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call.
2656 CVE-2016-7911 416 DoS +Priv 2016-11-16 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.
2657 CVE-2016-7910 416 +Priv 2016-11-16 2018-01-04
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.
2658 CVE-2016-7892 416 Exec Code 2016-12-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.
2659 CVE-2016-7886 119 Exec Code Overflow Mem. Corr. 2016-12-15 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe InDesign version 11.4.1 and earlier, Adobe InDesign Server 11.0.0 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
2660 CVE-2016-7881 416 Exec Code 2016-12-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class when handling conversion to an object. Successful exploitation could lead to arbitrary code execution.
2661 CVE-2016-7880 416 Exec Code 2016-12-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitation could lead to arbitrary code execution.
2662 CVE-2016-7879 416 Exec Code 2016-12-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution.
2663 CVE-2016-7878 416 Exec Code 2016-12-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to arbitrary code execution.
2664 CVE-2016-7877 416 Exec Code 2016-12-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution.
2665 CVE-2016-7876 119 Exec Code Overflow Mem. Corr. 2016-12-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Successful exploitation could lead to arbitrary code execution.
2666 CVE-2016-7875 190 Exec Code Overflow 2016-12-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
2667 CVE-2016-7874 119 Exec Code Overflow Mem. Corr. 2016-12-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful exploitation could lead to arbitrary code execution.
2668 CVE-2016-7873 119 Exec Code Overflow Mem. Corr. 2016-12-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the PSDK class related to ad policy functionality method. Successful exploitation could lead to arbitrary code execution.
2669 CVE-2016-7872 416 Exec Code 2016-12-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels. Successful exploitation could lead to arbitrary code execution.
2670 CVE-2016-7871 119 Exec Code Overflow Mem. Corr. 2016-12-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class. Successful exploitation could lead to arbitrary code execution.
2671 CVE-2016-7870 119 Exec Code Overflow 2016-12-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class for specific search strategies. Successful exploitation could lead to arbitrary code execution.
2672 CVE-2016-7869 119 Exec Code Overflow 2016-12-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution.
2673 CVE-2016-7868 119 Exec Code Overflow 2016-12-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution.
2674 CVE-2016-7867 119 Exec Code Overflow 2016-12-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution.
2675 CVE-2016-7866 119 Exec Code Overflow Mem. Corr. 2016-12-15 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
2676 CVE-2016-7865 Exec Code 2016-11-08 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
2677 CVE-2016-7864 416 Exec Code 2016-11-08 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
2678 CVE-2016-7863 416 Exec Code 2016-11-08 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
2679 CVE-2016-7862 416 Exec Code 2016-11-08 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
2680 CVE-2016-7861 Exec Code 2016-11-08 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
2681 CVE-2016-7860 Exec Code 2016-11-08 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
2682 CVE-2016-7859 416 Exec Code 2016-11-08 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
2683 CVE-2016-7858 416 Exec Code 2016-11-08 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
2684 CVE-2016-7857 416 Exec Code 2016-11-08 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
2685 CVE-2016-7856 119 Exec Code Overflow Mem. Corr. 2016-12-15 2016-12-16
10.0
None Remote Low Not required Complete Complete Complete
Adobe DNG Converter versions 9.7 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
2686 CVE-2016-7855 416 Exec Code 2016-11-01 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.
2687 CVE-2016-7854 119 DoS Exec Code Overflow Mem. Corr. 2016-10-21 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7852, and CVE-2016-7853.
2688 CVE-2016-7853 119 DoS Exec Code Overflow Mem. Corr. 2016-10-21 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7852, and CVE-2016-7854.
2689 CVE-2016-7852 119 DoS Exec Code Overflow Mem. Corr. 2016-10-21 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7853, and CVE-2016-7854.
2690 CVE-2016-7836 287 Exec Code 2017-06-09 2017-06-16
10.0
None Remote Low Not required Complete Complete Complete
SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.
2691 CVE-2016-7820 119 Exec Code Overflow 2017-06-09 2017-06-16
9.0
None Remote Low Single system Complete Complete Complete
Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors.
2692 CVE-2016-7819 78 Exec Code 2017-06-09 2017-06-16
9.0
None Remote Low Single system Complete Complete Complete
I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
2693 CVE-2016-7806 78 Exec Code 2017-06-09 2017-06-15
10.0
None Remote Low Not required Complete Complete Complete
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.
2694 CVE-2016-7786 264 Bypass 2017-04-07 2018-04-18
9.0
None Remote Low Single system Complete Complete Complete
Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.
2695 CVE-2016-7644 416 DoS Exec Code 2017-02-20 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
2696 CVE-2016-7629 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-26
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
2697 CVE-2016-7617 704 DoS Exec Code 2017-02-20 2017-09-02
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app.
2698 CVE-2016-7616 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Disk Images" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
2699 CVE-2016-7613 264 Exec Code 2017-02-20 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling during process spawning.
2700 CVE-2016-7612 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.