CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4351 CVE-2016-2006 Exec Code 2016-04-21 2019-07-16
10.0
None Remote Low Not required Complete Complete Complete
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.
4352 CVE-2016-2005 Exec Code 2016-04-21 2019-07-16
10.0
None Remote Low Not required Complete Complete Complete
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.
4353 CVE-2016-2004 306 Exec Code 2016-04-21 2019-07-12
9.3
None Remote Medium Not required Complete Complete Complete
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.
4354 CVE-2016-2002 77 Exec Code 2016-04-20 2016-11-30
10.0
None Remote Low Not required Complete Complete Complete
The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.
4355 CVE-2016-1999 284 Exec Code 2016-05-29 2016-11-30
10.0
None Remote Low Not required Complete Complete Complete
The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
4356 CVE-2016-1998 20 Exec Code 2016-03-22 2016-11-30
10.0
None Remote Low Not required Complete Complete Complete
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
4357 CVE-2016-1997 20 Exec Code 2016-03-22 2016-11-30
10.0
None Remote Low Not required Complete Complete Complete
HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
4358 CVE-2016-1995 Exec Code 2016-03-18 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.
4359 CVE-2016-1989 Exec Code +Info 2016-03-14 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.
4360 CVE-2016-1988 Exec Code +Info 2016-03-14 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.
4361 CVE-2016-1985 94 Exec Code 2016-01-30 2017-03-13
10.0
None Remote Low Not required Complete Complete Complete
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
4362 CVE-2016-1984 255 2016-01-22 2016-12-05
10.0
None Remote Low Not required Complete Complete Complete
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the [email protected] account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015-8362.
4363 CVE-2016-1962 Exec Code 2016-03-13 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.
4364 CVE-2016-1946 119 DoS Overflow 2016-01-31 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata.
4365 CVE-2016-1945 DoS 2016-01-31 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive.
4366 CVE-2016-1944 119 DoS Overflow Mem. Corr. 2016-01-31 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
4367 CVE-2016-1935 119 Exec Code Overflow 2016-01-31 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.
4368 CVE-2016-1931 119 DoS Exec Code Overflow Mem. Corr. 2016-01-31 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.
4369 CVE-2016-1930 119 DoS Exec Code Overflow Mem. Corr. 2016-01-31 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
4370 CVE-2016-1909 264 2016-01-15 2016-07-15
10.0
None Remote Low Not required Complete Complete Complete
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.
4371 CVE-2016-1906 264 +Priv 2016-02-03 2017-05-18
10.0
None Remote Low Not required Complete Complete Complete
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.
4372 CVE-2016-1896 264 Bypass 2016-01-27 2016-01-31
10.0
None Remote Low Not required Complete Complete Complete
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.
4373 CVE-2016-1894 284 Bypass 2017-02-07 2017-11-15
9.3
None Remote Medium Not required Complete Complete Complete
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors.
4374 CVE-2016-1861 119 DoS Exec Code Overflow Mem. Corr. 2016-06-19 2016-11-29
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
4375 CVE-2016-1846 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.
4376 CVE-2016-1831 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4377 CVE-2016-1829 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2017-11-29
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1830.
4378 CVE-2016-1828 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2017-11-29
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830.
4379 CVE-2016-1827 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2017-11-29
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1828, CVE-2016-1829, and CVE-2016-1830.
4380 CVE-2016-1826 Exec Code Overflow 2016-05-20 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
4381 CVE-2016-1825 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4382 CVE-2016-1824 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2017-11-29
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1823.
4383 CVE-2016-1823 125 DoS Exec Code Mem. Corr. 2016-05-20 2016-12-15
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a different vulnerability than CVE-2016-1824.
4384 CVE-2016-1822 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4385 CVE-2016-1821 DoS Exec Code 2016-05-20 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
4386 CVE-2016-1820 119 Exec Code Overflow 2016-05-20 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
4387 CVE-2016-1819 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818.
4388 CVE-2016-1818 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-12-29
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1819.
4389 CVE-2016-1817 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819.
4390 CVE-2016-1816 DoS Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
4391 CVE-2016-1815 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4392 CVE-2016-1813 DoS Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
4393 CVE-2016-1812 119 Exec Code Overflow 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
4394 CVE-2016-1810 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
The Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4395 CVE-2016-1808 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4396 CVE-2016-1806 284 Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
4397 CVE-2016-1805 284 Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
4398 CVE-2016-1804 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
The Multi-Touch subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4399 CVE-2016-1803 DoS Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
4400 CVE-2016-1800 20 Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.