2016 CVE Vulnerabilities
10,645 CVEs published in 2016.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2016-0128 | MEDIUM | 6.8 | 20.9% | Apr 12, 2016 | The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 ... |
| CVE-2016-1180 | MEDIUM | 6.1 | 1.6% | Apr 8, 2016 | Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin before 1.1 for EC-CUBE 2.13.x al... |
| CVE-2016-3975 | MEDIUM | 6.1 | 1.6% | Apr 7, 2016 | Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbi... |
| CVE-2016-3973 | MEDIUM | 5.3 | 2.4% | Apr 7, 2016 | The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allo... |
| CVE-2016-2858 | MEDIUM | 6.5 | 0.4% | Apr 7, 2016 | QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a... |
| CVE-2016-2292 | MEDIUM | 6.5 | 2.3% | Apr 6, 2016 | Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05... |
| CVE-2016-2291 | MEDIUM | 6.5 | 2.2% | Apr 6, 2016 | Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.0... |
| CVE-2016-1160 | MEDIUM | 6.1 | 1.5% | Mar 26, 2016 | Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attack... |
| CVE-2016-3115 | MEDIUM | 6.4 | 37.0% | Mar 22, 2016 | Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to... |
| CVE-2016-2075 | MEDIUM | 5.4 | 0.8% | Mar 16, 2016 | Cross-site scripting (XSS) vulnerability in VMware vRealize Business Advanced and Enterprise 8.x before 8.2.5 on Linux a... |
| CVE-2016-0821 | MEDIUM | 5.5 | 0.4% | Mar 12, 2016 | The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-0... |
| CVE-2016-1285 | MEDIUM | 6.8 | 59.0% | Mar 9, 2016 | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fe... |
| CVE-2016-2774 | MEDIUM | 5.9 | 73.7% | Mar 9, 2016 | ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessio... |
| CVE-2016-0702 | MEDIUM | 5.1 | 1.9% | Mar 3, 2016 | The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g... |
| CVE-2016-2279 | MEDIUM | 6.1 | 7.5% | Mar 2, 2016 | Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* bef... |
| CVE-2016-2388 | MEDIUM | 5.3 | 51.6% | Feb 16, 2016 | The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user infor... |
| CVE-2016-0753 | MEDIUM | 5.3 | 7.2% | Feb 16, 2016 | Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use... |
| CVE-2016-0747 | MEDIUM | 5.3 | 8.4% | Feb 15, 2016 | The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote... |
| CVE-2016-2073 | MEDIUM | 6.5 | 2.7% | Feb 12, 2016 | The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bound... |
| CVE-2016-1144 | MEDIUM | 5.4 | 0.9% | Jan 30, 2016 | Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTEM High Income 1.0.6 ... |
| CVE-2016-0502 | MEDIUM | 6.5 | 3.1% | Jan 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to... |
| CVE-2016-0777 | MEDIUM | 6.5 | 63.5% | Jan 14, 2016 | The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote serv... |
| CVE-2016-0032 | MEDIUM | 6.1 | 7.6% | Jan 13, 2016 | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulat... |
| CVE-2016-0031 | MEDIUM | 6.1 | 7.7% | Jan 13, 2016 | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote att... |
| CVE-2016-0030 | MEDIUM | 6.1 | 7.6% | Jan 13, 2016 | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulat... |
Check if your code is affected by 2016 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now