CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2801 CVE-2017-2212 426 +Priv 2017-06-09 2017-06-22
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in TKY2JGD (TKY2JGD1379.EXE) ver. 1.3.79 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2802 CVE-2017-2211 426 +Priv 2017-06-09 2017-06-22
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in PatchJGD (Hyoko) (PatchJGDh101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2803 CVE-2017-2210 427 +Priv 2017-06-09 2017-06-22
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in PatchJGD (PatchJGD101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2804 CVE-2017-2193 426 +Priv 2017-06-09 2017-06-22
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installer of Tera Term 4.94 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2805 CVE-2017-2192 426 +Priv 2017-06-09 2018-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2806 CVE-2017-2191 426 +Priv 2017-06-09 2017-06-28
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2807 CVE-2017-2190 426 +Priv 2017-06-09 2018-10-04
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2808 CVE-2017-2189 426 +Priv 2017-06-09 2018-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in RW-4040 driver installer for Windows 7 version 2.27 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2809 CVE-2017-2176 426 +Priv 2017-06-09 2017-06-22
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in screensaver installers (jasdf_01.exe, jasdf_02.exe, jasdf_03.exe, jasdf_04.exe, jasdf_05.exe, scramble_setup.exe, clock_01_setup.exe, clock_02_setup.exe) available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2810 CVE-2017-2149 264 +Priv 2017-04-28 2017-05-16
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
2811 CVE-2017-2142 119 Exec Code Overflow 2017-04-28 2017-05-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
2812 CVE-2017-2141 78 Exec Code 2017-04-28 2017-05-05
9.0
None Remote Low Single system Complete Complete Complete
WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors.
2813 CVE-2017-2126 287 Bypass 2017-07-21 2017-07-27
10.0
None Remote Low Not required Complete Complete Complete
WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.
2814 CVE-2017-2096 78 Exec Code 2017-04-28 2017-05-09
10.0
None Remote Low Not required Complete Complete Complete
smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
2815 CVE-2017-1696 20 Exec Code 2017-12-20 2018-01-05
9.0
None Remote Low Single system Complete Complete Complete
IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178.
2816 CVE-2017-1453 78 Exec Code 2017-11-13 2017-11-30
9.0
None Remote Low Single system Complete Complete Complete
IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372.
2817 CVE-2017-1407 77 Exec Code 2017-09-27 2017-10-06
9.0
None Remote Low Single system Complete Complete Complete
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394.
2818 CVE-2017-1318 78 Exec Code 2017-07-18 2017-07-28
9.0
None Remote Low Single system Complete Complete Complete
IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730.
2819 CVE-2017-1092 285 Exec Code 2017-05-22 2017-08-26
10.0
None Remote Low Not required Complete Complete Complete
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
2820 CVE-2017-0935 264 2018-03-22 2018-04-16
9.0
None Remote Low Single system Complete Complete Complete
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.
2821 CVE-2017-0934 264 2018-03-22 2018-04-16
9.0
None Remote Low Single system Complete Complete Complete
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.
2822 CVE-2017-0932 264 2018-03-22 2018-04-16
9.0
None Remote Low Single system Complete Complete Complete
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator (read-only) account and ssh connection to the devices could escalate privileges to admin (root) access in the system.
2823 CVE-2017-0878 20 Exec Code 2017-12-06 2017-12-19
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291.
2824 CVE-2017-0877 20 Exec Code 2017-12-06 2017-12-19
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-66372937.
2825 CVE-2017-0876 20 Exec Code 2017-12-06 2017-12-19
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-64964675.
2826 CVE-2017-0872 20 Exec Code 2017-12-06 2017-12-19
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323.
2827 CVE-2017-0841 264 Exec Code 2017-11-16 2017-12-07
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026.
2828 CVE-2017-0836 264 Exec Code 2017-11-16 2017-12-07
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226.
2829 CVE-2017-0835 284 Exec Code 2017-11-16 2017-11-27
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832.
2830 CVE-2017-0834 284 Exec Code 2017-11-16 2017-11-27
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953.
2831 CVE-2017-0833 284 Exec Code 2017-11-16 2017-11-27
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62896384.
2832 CVE-2017-0832 284 Exec Code 2017-11-16 2017-11-27
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62887820.
2833 CVE-2017-0831 264 2017-11-16 2017-11-27
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Android framework (window manager). Product: Android. Versions: 8.0. Android ID: A-37442941.
2834 CVE-2017-0830 264 2017-11-16 2017-11-27
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498.
2835 CVE-2017-0827 264 2017-10-03 2017-10-12
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872.
2836 CVE-2017-0826 264 2017-10-03 2017-10-12
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781.
2837 CVE-2017-0812 264 2017-10-03 2017-10-12
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Android media framework (audio hal). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231.
2838 CVE-2017-0811 284 Exec Code 2017-10-03 2017-10-12
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177.
2839 CVE-2017-0810 284 Exec Code 2017-10-03 2017-10-12
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38207066.
2840 CVE-2017-0809 284 Exec Code 2017-10-03 2017-10-12
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128.
2841 CVE-2017-0807 264 2017-10-03 2019-05-01
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974.
2842 CVE-2017-0806 264 2017-10-03 2017-10-12
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805.
2843 CVE-2017-0805 264 2017-08-23 2017-08-25
9.3
None Remote Medium Not required Complete Complete Complete
A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701.
2844 CVE-2017-0801 264 2017-09-08 2017-09-12
9.3
None Remote Medium Not required Complete Complete Complete
A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Product: Android. Versions: Android kernel. Android ID: A-38447970. References: M-ALPS03337980.
2845 CVE-2017-0800 264 2017-09-08 2017-09-12
9.3
None Remote Medium Not required Complete Complete Complete
A elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988.
2846 CVE-2017-0799 264 2017-09-08 2017-09-12
9.3
None Remote Medium Not required Complete Complete Complete
A elevation of privilege vulnerability in the MediaTek lastbus. Product: Android. Versions: Android kernel. Android ID: A-36731602. References: M-ALPS03342072.
2847 CVE-2017-0798 264 2017-09-08 2017-09-12
9.3
None Remote Medium Not required Complete Complete Complete
A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532.
2848 CVE-2017-0797 264 2017-09-08 2017-09-12
9.3
None Remote Medium Not required Complete Complete Complete
A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854.
2849 CVE-2017-0796 264 2017-09-08 2017-09-12
9.3
None Remote Medium Not required Complete Complete Complete
A elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887.
2850 CVE-2017-0795 264 2017-09-08 2017-09-12
9.3
None Remote Medium Not required Complete Complete Complete
A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36198473. References: M-ALPS03361480.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.