2016 CVE Vulnerabilities
10,645 CVEs published in 2016.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2016-4247 | MEDIUM | 5.3 | 3.2% | Jul 13, 2016 | Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and b... |
| CVE-2016-4178 | MEDIUM | 4.3 | 3.2% | Jul 13, 2016 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632... |
| CVE-2016-4428 | MEDIUM | 5.4 | 2.1% | Jul 12, 2016 | Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allo... |
| CVE-2016-1445 | MEDIUM | 5.3 | 1.3% | Jul 12, 2016 | Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Ech... |
| CVE-2016-1444 | MEDIUM | 6.5 | 1.2% | Jul 7, 2016 | The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 an... |
| CVE-2016-0230 | MEDIUM | 6.8 | 0.4% | Jul 7, 2016 | IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 thr... |
| CVE-2016-6170 | MEDIUM | 6.5 | 40.5% | Jul 6, 2016 | ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a d... |
| CVE-2016-4508 | MEDIUM | 6.1 | 0.9% | Jul 6, 2016 | Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers ... |
| CVE-2016-4507 | MEDIUM | 6.4 | 0.9% | Jul 6, 2016 | SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to ... |
| CVE-2016-4956 | MEDIUM | 5.3 | 16.1% | Jul 5, 2016 | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and tim... |
| CVE-2016-4955 | MEDIUM | 5.9 | 8.8% | Jul 5, 2016 | ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-vari... |
| CVE-2016-5848 | MEDIUM | 6.7 | 0.3% | Jul 4, 2016 | Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local ... |
| CVE-2016-3189 | MEDIUM | 6.5 | 15.7% | Jun 30, 2016 | Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash)... |
| CVE-2016-4828 | MEDIUM | 6.5 | 1.8% | Jun 25, 2016 | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to ob... |
| CVE-2016-4827 | MEDIUM | 6.1 | 1.5% | Jun 25, 2016 | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remot... |
| CVE-2016-4826 | MEDIUM | 6.1 | 1.5% | Jun 25, 2016 | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remot... |
| CVE-2016-4825 | MEDIUM | 5.6 | 2.9% | Jun 25, 2016 | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection ... |
| CVE-2016-2178 | MEDIUM | 5.5 | 1.2% | Jun 20, 2016 | The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of const... |
| CVE-2016-4530 | MEDIUM | 6.5 | 1.4% | Jun 19, 2016 | OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (... |
| CVE-2016-1224 | MEDIUM | 6.1 | 1.6% | Jun 19, 2016 | CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.... |
| CVE-2016-1223 | MEDIUM | 5.3 | 4.2% | Jun 19, 2016 | Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-F... |
| CVE-2016-2391 | MEDIUM | 5 | 0.4% | Jun 16, 2016 | The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administ... |
| CVE-2016-4159 | MEDIUM | 6.1 | 1.9% | Jun 16, 2016 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Up... |
| CVE-2016-5337 | MEDIUM | 5.5 | 0.4% | Jun 14, 2016 | The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive... |
| CVE-2016-5238 | MEDIUM | 4.4 | 0.4% | Jun 14, 2016 | The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (ou... |
Check if your code is affected by 2016 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now