CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3801 CVE-2016-6761 284 Exec Code +Priv 2017-01-12 2017-01-19
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29421682. References: QC-CR#1055792.
3802 CVE-2016-6760 284 Exec Code +Priv 2017-01-12 2017-01-19
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783.
3803 CVE-2016-6759 284 Exec Code +Priv 2017-01-12 2017-01-19
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29982686. References: QC-CR#1055766.
3804 CVE-2016-6758 284 Exec Code +Priv 2017-01-12 2017-01-19
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. References: QC-CR#1071731.
3805 CVE-2016-6745 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-31252388.
3806 CVE-2016-6744 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30970485.
3807 CVE-2016-6743 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30937462.
3808 CVE-2016-6742 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30799828.
3809 CVE-2016-6741 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30559423. References: Qualcomm QC-CR#1060554.
3810 CVE-2016-6740 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30143904. References: Qualcomm QC-CR#1056307.
3811 CVE-2016-6739 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30074605. References: Qualcomm QC-CR#1049826.
3812 CVE-2016-6738 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm crypto engine driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30034511. References: Qualcomm QC-CR#1050538.
3813 CVE-2016-6737 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30928456.
3814 CVE-2016-6736 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30953284. References: NVIDIA N-CVE-2016-6736.
3815 CVE-2016-6735 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907701. References: NVIDIA N-CVE-2016-6735.
3816 CVE-2016-6734 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907120. References: NVIDIA N-CVE-2016-6734.
3817 CVE-2016-6733 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906694. References: NVIDIA N-CVE-2016-6733.
3818 CVE-2016-6732 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906599. References: NVIDIA N-CVE-2016-6732.
3819 CVE-2016-6731 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906023. References: NVIDIA N-CVE-2016-6731.
3820 CVE-2016-6730 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30904789. References: NVIDIA N-CVE-2016-6730.
3821 CVE-2016-6729 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30977990. References: Qualcomm QC-CR#977684.
3822 CVE-2016-6728 264 Exec Code 2016-11-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30400942.
3823 CVE-2016-6727 264 Exec Code 2017-04-17 2017-04-24
10.0
None Remote Low Not required Complete Complete Complete
The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code.
3824 CVE-2016-6726 2017-04-17 2017-04-20
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices.
3825 CVE-2016-6725 284 Exec Code 2016-11-25 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Android ID: A-30515053. References: Qualcomm QC-CR#1050970.
3826 CVE-2016-6707 264 Exec Code +Priv 2016-11-25 2017-02-06
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622.
3827 CVE-2016-6706 264 Exec Code +Priv 2016-12-13 2016-12-14
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31385713.
3828 CVE-2016-6705 264 Exec Code +Priv 2016-11-25 2016-12-06
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30907212.
3829 CVE-2016-6704 264 Exec Code +Priv 2016-11-25 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30229821.
3830 CVE-2016-6700 264 Exec Code 2016-11-25 2016-12-06
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30916186.
3831 CVE-2016-6699 119 Exec Code Overflow Mem. Corr. 2016-12-13 2016-12-14
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Android ID: A-31373622.
3832 CVE-2016-6676 119 DoS Overflow +Priv 2016-10-10 2016-12-06
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a GET_CFG ioctl call, aka Android internal bug 30874066 and Qualcomm internal bug CR 1000853.
3833 CVE-2016-6675 119 DoS Overflow +Priv 2016-10-10 2016-12-06
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a linkspeed ioctl call, aka Android internal bug 30873776 and Qualcomm internal bug CR 1000861.
3834 CVE-2016-6673 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 30204201.
3835 CVE-2016-6672 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 30537088.
3836 CVE-2016-6662 264 Exec Code Bypass 2016-09-20 2019-06-03
10.0
None Remote Low Not required Complete Complete Complete
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
3837 CVE-2016-6646 20 Exec Code 2016-10-04 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class.
3838 CVE-2016-6645 20 Exec Code 2016-10-04 2017-07-29
9.0
None Remote Low Single system Complete Complete Complete
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class.
3839 CVE-2016-6629 254 Bypass 2016-12-10 2017-06-30
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
3840 CVE-2016-6604 476 2017-01-30 2017-02-07
10.0
None Remote Low Not required Complete Complete Complete
NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors.
3841 CVE-2016-6598 284 Exec Code 2018-01-30 2018-02-26
10.0
None Remote Low Not required Complete Complete Complete
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM.
3842 CVE-2016-6567 20 Exec Code 2018-07-13 2018-09-10
10.0
None Remote Low Not required Complete Complete Complete
SHDesigns' Resident Download Manager provides firmware update capabilities for Rabbit 2000/3000 CPU boards, which according to the reporter may be used in some industrial control and embedded applications. The Resident Download Manager does not verify that the firmware is authentic before executing code and deploying the firmware to devices. A remote attacker with the ability to send UDP traffic to the device may be able to execute arbitrary code on the device. According to SHDesigns' website, the Resident Download Manager and other Rabbit Tools have been discontinued since June 2011.
3843 CVE-2016-6564 264 Exec Code 2018-07-13 2018-09-14
9.3
None Remote Medium Not required Complete Complete Complete
Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={"name":"c_regist","details":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {"code": "01", "name": "push_commands", "details": {"server_id": "1" , "title": "Test Command", "comments": "Test", "commands": "touch /tmp/test"}} This binary is reported to be present in the following devices: BLU Studio G BLU Studio G Plus BLU Studio 6.0 HD BLU Studio X BLU Studio X Plus BLU Studio C HD Infinix Hot X507 Infinix Hot 2 X510 Infinix Zero X506 Infinix Zero 2 X509 DOOGEE Voyager 2 DG310 LEAGOO Lead 5 LEAGOO Lead 6 LEAGOO Lead 3i LEAGOO Lead 2S LEAGOO Alfa 6 IKU Colorful K45i Beeline Pro 2 XOLO Cube 5.0
3844 CVE-2016-6563 119 Overflow 2018-07-13 2018-09-10
10.0
None Remote Low Not required Complete Complete Complete
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.
3845 CVE-2016-6554 255 +Priv 2018-07-13 2018-09-07
10.0
None Remote Low Not required Complete Complete Complete
Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device.
3846 CVE-2016-6553 255 +Priv 2018-07-13 2018-09-07
10.0
None Remote Low Not required Complete Complete Complete
Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulnerable device.
3847 CVE-2016-6552 255 +Priv 2018-07-13 2018-09-07
10.0
None Remote Low Not required Complete Complete Complete
Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device.
3848 CVE-2016-6551 255 2018-07-13 2018-09-07
10.0
None Remote Low Not required Complete Complete Complete
Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device.
3849 CVE-2016-6536 264 Bypass 2016-09-18 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value.
3850 CVE-2016-6535 798 +Info 2016-09-18 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.