| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
37601 |
CVE-2016-4830 |
295 |
|
|
2017-04-21 |
2017-04-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. |
|
37602 |
CVE-2016-4829 |
295 |
|
|
2017-04-21 |
2017-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. |
|
37603 |
CVE-2016-4828 |
19 |
|
|
2016-06-25 |
2016-06-27 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account. |
|
37604 |
CVE-2016-4827 |
79 |
|
XSS |
2016-06-25 |
2016-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826. |
|
37605 |
CVE-2016-4826 |
79 |
|
XSS |
2016-06-25 |
2016-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827. |
|
37606 |
CVE-2016-4825 |
20 |
|
Exec Code |
2016-06-25 |
2016-06-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. |
|
37607 |
CVE-2016-4824 |
254 |
|
|
2016-06-25 |
2016-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack. |
|
37608 |
CVE-2016-4823 |
|
|
DoS |
2016-06-25 |
2016-06-27 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors. |
|
37609 |
CVE-2016-4822 |
77 |
|
Exec Code |
2016-06-25 |
2016-06-27 |
5.2 |
None |
Local Network |
Low |
Single system |
Partial |
Partial |
Partial |
|
Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors. |
|
37610 |
CVE-2016-4821 |
|
|
DoS |
2016-06-18 |
2016-06-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. |
|
37611 |
CVE-2016-4820 |
352 |
|
CSRF |
2016-06-18 |
2016-06-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. |
|
37612 |
CVE-2016-4819 |
|
|
Exec Code |
2016-06-18 |
2016-06-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The printfDx function in Takumi Yamada DX Library for Borland C++ 3.13f through 3.16b, DX Library for Gnu C++ 3.13f through 3.16b, and DX Library for Visual C++ 3.13f through 3.16b allows remote attackers to execute arbitrary code via a crafted string. |
|
37613 |
CVE-2016-4818 |
295 |
|
|
2017-04-20 |
2017-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates. |
|
37614 |
CVE-2016-4817 |
|
|
DoS Exec Code |
2016-06-18 |
2016-06-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packet. |
|
37615 |
CVE-2016-4816 |
200 |
|
+Info |
2016-06-18 |
2016-06-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. |
|
37616 |
CVE-2016-4815 |
22 |
|
Dir. Trav. |
2016-06-18 |
2016-06-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors. |
|
37617 |
CVE-2016-4814 |
22 |
|
Dir. Trav. |
2016-06-18 |
2016-06-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors. |
|
37618 |
CVE-2016-4813 |
284 |
|
+Priv |
2016-06-18 |
2016-06-21 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account. |
|
37619 |
CVE-2016-4812 |
79 |
|
XSS |
2016-06-04 |
2016-06-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Markdown on Save Improved plugin before 2.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
37620 |
CVE-2016-4811 |
284 |
|
|
2016-06-19 |
2016-06-21 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15.1 and earlier for Android and 1.13.0 and earlier for iOS allows man-in-the-middle attackers to obtain API access via unspecified vectors. |
|
37621 |
CVE-2016-4810 |
284 |
|
|
2016-06-01 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors. |
|
37622 |
CVE-2016-4809 |
20 |
|
DoS |
2016-09-21 |
2017-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. |
|
37623 |
CVE-2016-4808 |
352 |
|
CSRF |
2017-01-11 |
2017-01-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim. |
|
37624 |
CVE-2016-4806 |
200 |
|
+Info File Inclusion |
2017-01-11 |
2017-01-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. |
|
37625 |
CVE-2016-4805 |
416 |
|
DoS Mem. Corr. |
2016-05-23 |
2019-04-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. |
|
37626 |
CVE-2016-4803 |
|
|
|
2016-06-30 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject. |
|
37627 |
CVE-2016-4802 |
264 |
|
Exec Code |
2016-06-24 |
2016-12-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. |
|
37628 |
CVE-2016-4800 |
284 |
|
Bypass |
2017-04-13 |
2019-07-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes. |
|
37629 |
CVE-2016-4797 |
369 |
|
DoS |
2017-02-03 |
2017-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947. |
|
37630 |
CVE-2016-4796 |
119 |
|
DoS Overflow |
2017-02-03 |
2017-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. |
|
37631 |
CVE-2016-4794 |
|
|
DoS |
2016-05-23 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls. |
|
37632 |
CVE-2016-4793 |
20 |
|
|
2017-01-23 |
2018-10-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header. |
|
37633 |
CVE-2016-4792 |
|
|
|
2016-05-26 |
2016-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors. |
|
37634 |
CVE-2016-4791 |
|
|
|
2016-05-26 |
2016-05-26 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors. |
|
37635 |
CVE-2016-4789 |
79 |
|
XSS |
2016-05-26 |
2016-05-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
37636 |
CVE-2016-4788 |
|
|
|
2016-05-26 |
2016-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. |
|
37637 |
CVE-2016-4787 |
|
|
|
2016-05-26 |
2016-05-26 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors. |
|
37638 |
CVE-2016-4786 |
|
|
DoS |
2016-05-26 |
2016-05-26 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. |
|
37639 |
CVE-2016-4785 |
200 |
|
+Info |
2016-05-30 |
2018-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain a limited amount of device memory content if network access was obtained. This vulnerability only affects EN100 Ethernet module included in SIPROTEC4 and SIPROTEC Compact devices. |
|
37640 |
CVE-2016-4784 |
200 |
|
+Info |
2016-05-30 |
2018-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.83; SIPROTEC 7UT686 : All versions < V 4.01; SIPROTEC 7SD686 : All versions < V 4.03; SIPROTEC 7SJ66 : All versions < V 4.20. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained. |
|
37641 |
CVE-2016-4783 |
79 |
|
XSS |
2016-05-23 |
2016-05-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)." |
|
37642 |
CVE-2016-4782 |
20 |
|
|
2016-05-23 |
2016-05-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack." |
|
37643 |
CVE-2016-4781 |
254 |
|
Bypass |
2017-02-20 |
2017-07-26 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors. |
|
37644 |
CVE-2016-4780 |
476 |
|
DoS Exec Code |
2017-02-20 |
2017-02-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Thunderbolt" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. |
|
37645 |
CVE-2016-4779 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-09-25 |
2017-07-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. |
|
37646 |
CVE-2016-4778 |
264 |
|
DoS Exec Code Mem. Corr. |
2016-09-25 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
|
37647 |
CVE-2016-4777 |
264 |
|
DoS Exec Code |
2016-09-25 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app. |
|
37648 |
CVE-2016-4776 |
125 |
|
DoS +Info |
2016-09-25 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774. |
|
37649 |
CVE-2016-4775 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2016-09-25 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. |
|
37650 |
CVE-2016-4774 |
125 |
|
DoS +Info |
2016-09-25 |
2017-07-29 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776. |
