CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4551 CVE-2016-0946 119 DoS Exec Code Overflow Mem. Corr. 2016-01-14 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, and CVE-2016-0945.
4552 CVE-2016-0945 119 DoS Exec Code Overflow Mem. Corr. 2016-01-14 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, and CVE-2016-0946.
4553 CVE-2016-0944 119 DoS Exec Code Overflow Mem. Corr. 2016-01-14 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0945, and CVE-2016-0946.
4554 CVE-2016-0942 119 DoS Exec Code Overflow Mem. Corr. 2016-01-14 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.
4555 CVE-2016-0940 Exec Code 2016-01-14 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, and CVE-2016-0941.
4556 CVE-2016-0938 119 DoS Exec Code Overflow Mem. Corr. 2016-01-14 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
The AcroForm plugin in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.
4557 CVE-2016-0937 Exec Code 2016-01-14 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the OCG object implementation in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0940, and CVE-2016-0941.
4558 CVE-2016-0936 119 DoS Exec Code Overflow Mem. Corr. 2016-01-14 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG 2000 data, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.
4559 CVE-2016-0933 119 DoS Exec Code Overflow Mem. Corr. 2016-01-14 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.
4560 CVE-2016-0916 287 Exec Code 2016-06-09 2017-01-10
10.0
None Remote Low Not required Complete Complete Complete
EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.
4561 CVE-2016-0912 264 Bypass 2016-06-19 2017-01-10
9.0
None Remote Low Single system Complete Complete Complete
EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation.
4562 CVE-2016-0889 20 2016-04-15 2017-01-10
10.0
Admin Remote Low Not required Complete Complete Complete
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname.
4563 CVE-2016-0888 2016-04-07 2017-01-10
9.0
None Remote Low Single system Complete Complete Complete
EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors.
4564 CVE-2016-0868 119 Exec Code Overflow 2016-01-28 2016-12-22
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request.
4565 CVE-2016-0865 255 2016-02-12 2016-02-18
9.0
None Remote Low Single system Complete Complete Complete
Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors.
4566 CVE-2016-0861 77 Exec Code 2016-02-05 2017-09-09
9.0
None Remote Low Single system Complete Complete Complete
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.
4567 CVE-2016-0860 119 DoS Overflow 2016-01-14 2016-12-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request.
4568 CVE-2016-0859 189 DoS Exec Code Overflow 2016-01-14 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request.
4569 CVE-2016-0858 119 DoS Exec Code Overflow 2016-01-14 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request.
4570 CVE-2016-0857 119 Exec Code Overflow 2016-01-14 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.
4571 CVE-2016-0856 119 Exec Code Overflow 2016-01-14 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.
4572 CVE-2016-0854 2016-01-14 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
4573 CVE-2016-0842 119 DoS Exec Code Overflow Mem. Corr. 2016-04-17 2016-04-20
10.0
None Remote Low Not required Complete Complete Complete
The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25818142.
4574 CVE-2016-0841 119 DoS Exec Code Overflow Mem. Corr. 2016-04-17 2016-04-20
10.0
None Remote Low Not required Complete Complete Complete
media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840.
4575 CVE-2016-0840 119 DoS Exec Code Overflow Mem. Corr. 2016-04-17 2016-04-20
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26399350.
4576 CVE-2016-0839 119 DoS Exec Code Overflow Mem. Corr. 2016-04-17 2016-04-20
10.0
None Remote Low Not required Complete Complete Complete
post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25753245.
4577 CVE-2016-0838 119 DoS Exec Code Overflow Mem. Corr. 2016-04-17 2016-04-20
10.0
None Remote Low Not required Complete Complete Complete
Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to arm-wt-22k/lib_src/eas_wtengine.c and arm-wt-22k/lib_src/eas_wtsynth.c, aka internal bug 26366256.
4578 CVE-2016-0837 119 DoS Exec Code Overflow Mem. Corr. 2016-04-17 2016-04-20
10.0
None Remote Low Not required Complete Complete Complete
MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted media file, aka internal bug 27208621.
4579 CVE-2016-0836 119 DoS Exec Code Overflow Mem. Corr. 2016-04-17 2016-04-19
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25812590.
4580 CVE-2016-0835 119 DoS Exec Code Overflow Mem. Corr. 2016-04-17 2016-04-20
10.0
None Remote Low Not required Complete Complete Complete
decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug 26070014.
4581 CVE-2016-0834 20 DoS Exec Code Mem. Corr. 2016-04-17 2017-10-18
10.0
None Remote Low Not required Complete Complete Complete
An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26220548.
4582 CVE-2016-0827 189 Overflow +Priv 2016-03-12 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and EffectReverb.cpp, aka internal bug 26347509.
4583 CVE-2016-0826 264 +Priv 2016-03-12 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403.
4584 CVE-2016-0820 264 +Priv 2016-03-12 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358.
4585 CVE-2016-0819 264 +Priv 2016-03-12 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034.
4586 CVE-2016-0816 119 DoS Exec Code Overflow Mem. Corr. 2016-03-12 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803.
4587 CVE-2016-0815 20 DoS Exec Code Mem. Corr. 2016-03-12 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349.
4588 CVE-2016-0804 119 DoS Exec Code Overflow Mem. Corr. 2016-02-06 2016-03-14
10.0
None Remote Low Not required Complete Complete Complete
The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434.
4589 CVE-2016-0803 119 DoS Exec Code Overflow Mem. Corr. 2016-02-06 2016-03-09
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794.
4590 CVE-2016-0799 119 DoS Overflow 2016-03-03 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
4591 CVE-2016-0795 119 DoS Overflow Mem. Corr. 2016-02-18 2018-01-04
9.3
None Remote Medium Not required Complete Complete Complete
LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.
4592 CVE-2016-0794 119 DoS Overflow Mem. Corr. 2016-02-18 2018-01-04
9.3
None Remote Medium Not required Complete Complete Complete
The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document.
4593 CVE-2016-0792 20 Exec Code 2016-04-07 2018-01-04
9.0
None Remote Low Single system Complete Complete Complete
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
4594 CVE-2016-0788 264 Exec Code 2016-04-07 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.
4595 CVE-2016-0785 20 Exec Code 2016-04-12 2017-11-07
9.0
None Remote Low Single system Complete Complete Complete
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
4596 CVE-2016-0766 264 +Priv 2016-02-17 2017-06-30
9.0
None Remote Low Single system Complete Complete Complete
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
4597 CVE-2016-0761 19 2017-05-25 2017-06-08
10.0
None Remote Low Not required Complete Complete Complete
Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host.
4598 CVE-2016-0749 119 DoS Exec Code Overflow 2016-06-09 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
4599 CVE-2016-0709 22 Exec Code Dir. Trav. 2016-04-11 2016-04-20
9.0
None Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."
4600 CVE-2016-0705 DoS Mem. Corr. 2016-03-03 2018-09-18
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.