2016 CVE Vulnerabilities
10,645 CVEs published in 2016.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2016-4911 | MEDIUM | 4.3 | 1.4% | Jun 13, 2016 | The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users... |
| CVE-2016-4429 | MEDIUM | 5.9 | 4.0% | Jun 10, 2016 | Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) ... |
| CVE-2016-1222 | MEDIUM | 6.1 | 1.6% | Jun 5, 2016 | Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to in... |
| CVE-2016-4454 | MEDIUM | 6 | 0.4% | Jun 1, 2016 | The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sens... |
| CVE-2016-4453 | MEDIUM | 4.4 | 0.4% | Jun 1, 2016 | The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial o... |
| CVE-2016-3094 | MEDIUM | 5.9 | 7.8% | Jun 1, 2016 | PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allow... |
| CVE-2016-4020 | MEDIUM | 6.5 | 0.4% | May 25, 2016 | The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local ... |
| CVE-2016-0264 | MEDIUM | 5.6 | 3.9% | May 24, 2016 | Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 ... |
| CVE-2016-4037 | MEDIUM | 6 | 0.4% | May 23, 2016 | The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of s... |
| CVE-2016-4441 | MEDIUM | 6 | 0.4% | May 20, 2016 | The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DM... |
| CVE-2016-4439 | MEDIUM | 6.7 | 0.5% | May 20, 2016 | The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly ch... |
| CVE-2016-4425 | MEDIUM | 6.5 | 1.9% | May 17, 2016 | Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumpti... |
| CVE-2016-3721 | MEDIUM | 4.3 | 2.1% | May 17, 2016 | Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters in... |
| CVE-2016-3712 | MEDIUM | 5.5 | 0.5% | May 11, 2016 | Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read ... |
| CVE-2016-1115 | MEDIUM | 5.9 | 2.5% | May 11, 2016 | Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields o... |
| CVE-2016-1113 | MEDIUM | 6.1 | 3.1% | May 11, 2016 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Up... |
| CVE-2016-3718 | MEDIUM | 5.5 | 76.9% | May 5, 2016 | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct ... |
| CVE-2016-3715 | MEDIUM | 5.5 | 75.4% | May 5, 2016 | The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary fi... |
| CVE-2016-2107 | MEDIUM | 5.9 | 89.1% | May 5, 2016 | The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a ... |
| CVE-2016-2782 | MEDIUM | 4.6 | 1.6% | Apr 27, 2016 | The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attack... |
| CVE-2016-2383 | MEDIUM | 5.5 | 0.4% | Apr 27, 2016 | The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the ... |
| CVE-2016-0668 | MEDIUM | 4.1 | 1.5% | Apr 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 an... |
| CVE-2016-0651 | MEDIUM | 5.5 | 1.2% | Apr 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors relat... |
| CVE-2016-0642 | MEDIUM | 4.7 | 1.2% | Apr 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local us... |
| CVE-2016-0162 | MEDIUM | 4.3 | 22.1% | Apr 12, 2016 | Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScr... |
Check if your code is affected by 2016 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now