CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4601 CVE-2016-1931 119 DoS Exec Code Overflow Mem. Corr. 2016-01-31 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.
4602 CVE-2016-1930 119 DoS Exec Code Overflow Mem. Corr. 2016-01-31 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
4603 CVE-2016-1909 264 2016-01-15 2016-07-15
10.0
None Remote Low Not required Complete Complete Complete
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.
4604 CVE-2016-1906 264 +Priv 2016-02-03 2017-05-18
10.0
None Remote Low Not required Complete Complete Complete
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.
4605 CVE-2016-1896 264 Bypass 2016-01-27 2016-01-31
10.0
None Remote Low Not required Complete Complete Complete
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.
4606 CVE-2016-1894 284 Bypass 2017-02-07 2017-11-15
9.3
None Remote Medium Not required Complete Complete Complete
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors.
4607 CVE-2016-1861 119 DoS Exec Code Overflow Mem. Corr. 2016-06-19 2016-11-29
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
4608 CVE-2016-1846 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.
4609 CVE-2016-1831 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4610 CVE-2016-1829 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2017-11-29
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1830.
4611 CVE-2016-1828 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2017-11-29
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830.
4612 CVE-2016-1827 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2017-11-29
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1828, CVE-2016-1829, and CVE-2016-1830.
4613 CVE-2016-1826 Exec Code Overflow 2016-05-20 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
4614 CVE-2016-1825 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4615 CVE-2016-1824 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2017-11-29
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1823.
4616 CVE-2016-1823 125 DoS Exec Code Mem. Corr. 2016-05-20 2016-12-15
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a different vulnerability than CVE-2016-1824.
4617 CVE-2016-1822 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4618 CVE-2016-1821 DoS Exec Code 2016-05-20 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
4619 CVE-2016-1820 119 Exec Code Overflow 2016-05-20 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
4620 CVE-2016-1819 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818.
4621 CVE-2016-1818 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-12-29
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1819.
4622 CVE-2016-1817 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819.
4623 CVE-2016-1816 DoS Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
4624 CVE-2016-1815 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4625 CVE-2016-1813 DoS Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
4626 CVE-2016-1812 119 Exec Code Overflow 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
4627 CVE-2016-1810 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
The Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4628 CVE-2016-1808 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4629 CVE-2016-1806 284 Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
4630 CVE-2016-1805 284 Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
4631 CVE-2016-1804 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
The Multi-Touch subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4632 CVE-2016-1803 DoS Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
4633 CVE-2016-1800 20 Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
4634 CVE-2016-1799 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
Audio in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4635 CVE-2016-1797 284 Exec Code Bypass 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app.
4636 CVE-2016-1795 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
AppleGraphicsPowerManagement in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4637 CVE-2016-1794 DoS Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
4638 CVE-2016-1793 DoS Exec Code 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
4639 CVE-2016-1792 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
The AMD subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4640 CVE-2016-1783 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
4641 CVE-2016-1778 399 DoS Exec Code Mem. Corr. 2016-03-23 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
4642 CVE-2016-1775 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
4643 CVE-2016-1762 119 DoS Overflow 2016-03-23 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
4644 CVE-2016-1761 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
4645 CVE-2016-1759 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4646 CVE-2016-1757 362 Exec Code 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
4647 CVE-2016-1756 DoS Exec Code 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
4648 CVE-2016-1755 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2017-09-07
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.
4649 CVE-2016-1754 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755.
4650 CVE-2016-1753 189 Exec Code Overflow 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.