2016 CVE Vulnerabilities
10,645 CVEs published in 2016.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2016-6418 | MEDIUM | 6.1 | 0.9% | Oct 5, 2016 | Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4... |
| CVE-2016-7909 | MEDIUM | 4.4 | 0.4% | Oct 5, 2016 | The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to caus... |
| CVE-2016-7908 | MEDIUM | 4.4 | 0.4% | Oct 5, 2016 | The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descripto... |
| CVE-2016-7907 | MEDIUM | 4.4 | 0.4% | Oct 5, 2016 | The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descripto... |
| CVE-2016-6306 | MEDIUM | 5.9 | 41.7% | Sep 26, 2016 | The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial o... |
| CVE-2016-5172 | MEDIUM | 6.5 | 1.9% | Sep 25, 2016 | The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers... |
| CVE-2016-4278 | MEDIUM | 6.5 | 4.1% | Sep 14, 2016 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635... |
| CVE-2016-4277 | MEDIUM | 6.5 | 4.2% | Sep 14, 2016 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635... |
| CVE-2016-4271 | MEDIUM | 6.5 | 4.6% | Sep 14, 2016 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635... |
| CVE-2016-3351 | MEDIUM | 6.5 | 26.3% | Sep 14, 2016 | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a... |
| CVE-2016-6351 | MEDIUM | 6.7 | 0.5% | Sep 7, 2016 | The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation... |
| CVE-2016-5430 | MEDIUM | 5.3 | 1.7% | Sep 3, 2016 | The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling ... |
| CVE-2016-5107 | MEDIUM | 6 | 0.4% | Sep 2, 2016 | The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allo... |
| CVE-2016-5106 | MEDIUM | 6 | 0.4% | Sep 2, 2016 | The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Ada... |
| CVE-2016-5105 | MEDIUM | 4.4 | 0.4% | Sep 2, 2016 | The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter e... |
| CVE-2016-4952 | MEDIUM | 6 | 0.4% | Sep 2, 2016 | QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS a... |
| CVE-2016-6298 | MEDIUM | 5.3 | 2.2% | Sep 1, 2016 | The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling pro... |
| CVE-2016-4655 | MEDIUM | 5.5 | 33.4% | Aug 25, 2016 | The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. |
| CVE-2016-5845 | MEDIUM | 5.5 | 3.0% | Aug 13, 2016 | SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to ca... |
| CVE-2016-6207 | MEDIUM | 6.5 | 6.3% | Aug 12, 2016 | Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2... |
| CVE-2016-5403 | MEDIUM | 5.5 | 0.5% | Aug 2, 2016 | The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of servi... |
| CVE-2016-6257 | MEDIUM | 6.5 | 1.0% | Aug 2, 2016 | The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboa... |
| CVE-2016-2775 | MEDIUM | 5.9 | 63.3% | Jul 19, 2016 | ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option... |
| CVE-2016-5660 | MEDIUM | 6.1 | 1.7% | Jul 15, 2016 | Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows r... |
| CVE-2016-5787 | MEDIUM | 6.3 | 0.4% | Jul 15, 2016 | General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows lo... |
Check if your code is affected by 2016 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now