CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3301 CVE-2016-5344 190 DoS Overflow 2016-08-30 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c.
3302 CVE-2016-5333 798 2016-08-30 2017-08-15
9.3
Admin Remote Medium Not required Complete Complete Complete
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
3303 CVE-2016-5313 78 Exec Code 2017-04-12 2017-04-20
9.0
None Remote Low Single system Complete Complete Complete
Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.
3304 CVE-2016-5234 119 Exec Code Overflow 2016-06-13 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a crafted packet, aka HWPSIRT-2016-05054.
3305 CVE-2016-5228 119 Exec Code Overflow 2016-07-02 2017-09-02
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability.
3306 CVE-2016-5179 119 Exec Code Overflow 2018-03-06 2018-03-27
10.0
None Remote Low Not required Complete Complete Complete
Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.
3307 CVE-2016-5118 284 Exec Code 2016-06-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
3308 CVE-2016-5101 284 Exec Code 2016-06-29 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message.
3309 CVE-2016-5086 287 Bypass 2016-10-05 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks.
3310 CVE-2016-5081 798 2016-08-23 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session.
3311 CVE-2016-5080 DoS Exec Code Overflow 2016-07-19 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.
3312 CVE-2016-5071 264 2017-04-09 2017-04-14
10.0
None Remote Low Not required Complete Complete Complete
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
3313 CVE-2016-5067 77 2017-04-09 2017-04-14
9.0
None Remote Low Single system Complete Complete Complete
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
3314 CVE-2016-5066 255 2017-04-09 2017-04-14
10.0
None Remote Low Not required Complete Complete Complete
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
3315 CVE-2016-5062 669 Exec Code 2016-09-29 2017-04-09
9.3
None Remote Medium Not required Complete Complete Complete
The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.
3316 CVE-2016-5020 264 +Priv 2016-06-30 2016-12-06
9.0
None Remote Low Single system Complete Complete Complete
F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script.
3317 CVE-2016-5002 611 2017-10-27 2018-12-05
9.3
None Remote Medium Not required Complete Complete Complete
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
3318 CVE-2016-4965 78 Exec Code 2016-09-21 2016-09-21
9.0
None Remote Low Single system Complete Complete Complete
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.
3319 CVE-2016-4929 77 Exec Code 2017-03-20 2017-03-22
9.0
None Remote Low Single system Complete Complete Complete
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.
3320 CVE-2016-4902 426 +Priv 2017-06-09 2017-06-22
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier and The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
3321 CVE-2016-4899 20 Exec Code 2017-04-13 2017-04-19
10.0
None Remote Low Not required Complete Complete Complete
The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.
3322 CVE-2016-4898 20 Exec Code 2017-04-13 2017-04-19
10.0
None Remote Low Not required Complete Complete Complete
The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.
3323 CVE-2016-4846 426 2017-04-21 2017-04-26
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2.
3324 CVE-2016-4813 284 +Priv 2016-06-18 2016-06-21
9.0
None Remote Low Single system Complete Complete Complete
NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account.
3325 CVE-2016-4782 20 2016-05-23 2016-05-25
9.3
None Remote Medium Not required Complete Complete Complete
Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."
3326 CVE-2016-4780 476 DoS Exec Code 2017-02-20 2017-02-21
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Thunderbolt" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
3327 CVE-2016-4778 264 DoS Exec Code Mem. Corr. 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3328 CVE-2016-4777 264 DoS Exec Code 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.
3329 CVE-2016-4753 20 Exec Code 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
3330 CVE-2016-4750 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3331 CVE-2016-4738 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
3332 CVE-2016-4737 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
3333 CVE-2016-4736 119 DoS Overflow Mem. Corr. 2016-09-25 2017-11-13
9.3
None Remote Medium Not required Complete Complete Complete
libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file.
3334 CVE-2016-4735 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734.
3335 CVE-2016-4734 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735.
3336 CVE-2016-4733 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735.
3337 CVE-2016-4731 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729.
3338 CVE-2016-4730 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.
3339 CVE-2016-4729 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731.
3340 CVE-2016-4727 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3341 CVE-2016-4726 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3342 CVE-2016-4724 476 DoS Exec Code 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
3343 CVE-2016-4723 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3344 CVE-2016-4712 787 DoS Exec Code 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
3345 CVE-2016-4703 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3346 CVE-2016-4702 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
3347 CVE-2016-4700 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699.
3348 CVE-2016-4699 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700.
3349 CVE-2016-4698 20 Exec Code 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
3350 CVE-2016-4697 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.