CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3001 CVE-2016-4778 264 DoS Exec Code Mem. Corr. 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3002 CVE-2016-4777 264 DoS Exec Code 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.
3003 CVE-2016-4753 20 Exec Code 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
3004 CVE-2016-4750 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3005 CVE-2016-4738 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
3006 CVE-2016-4737 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
3007 CVE-2016-4736 119 DoS Overflow Mem. Corr. 2016-09-25 2017-11-13
9.3
None Remote Medium Not required Complete Complete Complete
libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file.
3008 CVE-2016-4735 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734.
3009 CVE-2016-4734 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735.
3010 CVE-2016-4733 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735.
3011 CVE-2016-4731 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729.
3012 CVE-2016-4730 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.
3013 CVE-2016-4729 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731.
3014 CVE-2016-4727 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3015 CVE-2016-4726 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3016 CVE-2016-4724 476 DoS Exec Code 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
3017 CVE-2016-4723 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3018 CVE-2016-4712 787 DoS Exec Code 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
3019 CVE-2016-4703 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3020 CVE-2016-4702 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
3021 CVE-2016-4700 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699.
3022 CVE-2016-4699 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700.
3023 CVE-2016-4698 20 Exec Code 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
3024 CVE-2016-4697 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3025 CVE-2016-4696 476 DoS Exec Code 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
3026 CVE-2016-4675 264 Exec Code 2017-02-20 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
3027 CVE-2016-4671 787 DoS Exec Code 2017-02-20 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) via a crafted PDF file.
3028 CVE-2016-4662 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3029 CVE-2016-4658 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2018-02-22
10.0
None Remote Low Not required Complete Complete Complete
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.
3030 CVE-2016-4656 264 DoS Exec Code Mem. Corr. 2016-08-25 2018-06-07
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3031 CVE-2016-4654 119 DoS Exec Code Overflow Mem. Corr. 2016-08-18 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3032 CVE-2016-4650 119 DoS Exec Code Overflow Mem. Corr. 2017-04-20 2017-08-31
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3033 CVE-2016-4641 20 Exec Code +Info 2016-07-21 2017-08-31
9.3
None Remote Medium Not required Complete Complete Complete
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion."
3034 CVE-2016-4640 119 DoS Exec Code Overflow Mem. Corr. +Info 2016-07-21 2017-08-31
9.3
None Remote Medium Not required Complete Complete Complete
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app.
3035 CVE-2016-4638 264 +Priv 2016-07-21 2017-08-31
9.3
None Remote Medium Not required Complete Complete Complete
Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion."
3036 CVE-2016-4629 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
10.0
None Remote Low Not required Complete Complete Complete
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image.
3037 CVE-2016-4621 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
9.3
None Remote Medium Not required Complete Complete Complete
libc++abi in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3038 CVE-2016-4573 264 Bypass 2016-09-09 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account.
3039 CVE-2016-4521 200 +Info 2016-05-30 2016-06-01
10.0
None Remote Low Not required Complete Complete Complete
Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors.
3040 CVE-2016-4520 Exec Code 2016-07-15 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors.
3041 CVE-2016-4505 264 2016-05-30 2016-06-07
9.0
None Remote Low Single system Complete Complete Complete
Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors.
3042 CVE-2016-4461 20 Exec Code 2017-10-16 2018-06-30
9.0
None Remote Low Single system Complete Complete Complete
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.
3043 CVE-2016-4448 2016-06-09 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
3044 CVE-2016-4422 287 +Priv Bypass 2016-05-06 2016-05-10
10.0
None Remote Low Not required Complete Complete Complete
The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.
3045 CVE-2016-4384 DoS 2016-09-20 2017-07-29
9.0
None Remote Low Not required Partial Partial Complete
HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors.
3046 CVE-2016-4350 89 Exec Code Sql 2016-05-09 2016-05-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the BackupExceptionsServlet servlet; the (8) valDB or (9) valFS parameter in the BackupAssociationServlet servlet; the (10) orderBy or (11) orderDir parameter in the HostStorageServlet servlet; the (12) fileName, (13) sortField, or (14) sortDirection parameter in the DuplicateFilesServlet servlet; the (15) orderFld or (16) orderDir parameter in the QuantumMonitorServlet servlet; the (17) exitCode parameter in the NbuErrorMessageServlet servlet; the (18) udfName, (19) displayName, (20) udfDescription, (21) udfDataValue, (22) udfSectionName, or (23) udfId parameter in the UserDefinedFieldConfigServlet servlet; the (24) sortField or (25) sortDirection parameter in the XiotechMonitorServlet servlet; the (26) sortField or (27) sortDirection parameter in the BexDriveUsageSummaryServlet servlet; the (28) state parameter in the ScriptServlet servlet; the (29) assignedNames parameter in the FileActionAssignmentServlet servlet; the (30) winEventSource parameter in the WindowsEventLogsServlet servlet; or the (31) name, (32) ipOne, (33) ipTwo, or (34) ipThree parameter in the XiotechMonitorServlet servlet.
3047 CVE-2016-4328 +Info 2016-06-09 2016-06-10
10.0
None Remote Low Not required Complete Complete Complete
MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server.
3048 CVE-2016-4325 255 2016-05-14 2016-05-19
10.0
None Remote Low Not required Complete Complete Complete
Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors.
3049 CVE-2016-4287 190 Exec Code Overflow 2016-09-14 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors.
3050 CVE-2016-4286 284 Bypass 2016-10-13 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.