Strix
26.1K

2016 CVE Vulnerabilities

10,645 CVEs published in 2016.

CRITICAL217

2.0%

HIGH748

7.0%

MEDIUM476

4.5%

LOW17

0.2%

UNKNOWN9,187

86.3%

Filter:CRITICALClear
CVE IDSeverityCVSSDescription
CVE-2016-20016CRITICAL9.8MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /...
CVE-2016-2338CRITICAL9.8An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitt...
CVE-2016-4991CRITICAL9.8Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, th...
CVE-2016-15004CRITICAL9.8A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this ...
CVE-2016-20014CRITICAL9.8In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
CVE-2016-1239CRITICAL9.8duck before 0.10 did not properly handle loading of untrusted code from the current directory.
CVE-2016-20010CRITICAL10EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving ...
CVE-2016-20009CRITICAL9.8A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vu...
CVE-2016-20005CRITICAL9.8The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is...
CVE-2016-20004CRITICAL9.8The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not ...
CVE-2016-20002CRITICAL9.8The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is no...
CVE-2016-20001CRITICAL9.8The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not c...
CVE-2016-9026CRITICAL9.8Exponent CMS before 2.6.0 has improper input validation in fileController.php.
CVE-2016-9025CRITICAL9.8Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
CVE-2016-9023CRITICAL9.8Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
CVE-2016-9022CRITICAL9.8Exponent CMS before 2.6.0 has improper input validation in usersController.php.
CVE-2016-9021CRITICAL9.8Exponent CMS before 2.6.0 has improper input validation in storeController.php.
CVE-2016-7063CRITICAL9.8A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privile...
CVE-2016-11074CRITICAL9.8An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.
CVE-2016-11064CRITICAL9.8An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection.
CVE-2016-11061CRITICAL9.8Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices b...
CVE-2016-11038CRITICAL9.8An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Profession...
CVE-2016-11036CRITICAL9.8An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Protection (FRP) bypass...
CVE-2016-11033CRITICAL9.8An issue was discovered on Samsung mobile devices with M(6.0) software. There is a heap-based buffer overflow in tlc_ser...
CVE-2016-11028CRITICAL9.8An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stac...

Check if your code is affected by 2016 CVEs

Strix scans your code and infrastructure for known vulnerabilities automatically.

Scan your code now