2016 CVE Vulnerabilities
10,645 CVEs published in 2016.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2016-11025 | CRITICAL | 9.8 | 0.4% | Apr 7, 2020 | An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memc... |
| CVE-2016-11049 | CRITICAL | 9.1 | 0.4% | Apr 7, 2020 | An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/310 chipsets). The IM... |
| CVE-2016-11024 | CRITICAL | 9.8 | 1.4% | Mar 30, 2020 | odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. |
| CVE-2016-11023 | CRITICAL | 9.8 | 1.4% | Mar 30, 2020 | odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. |
| CVE-2016-6918 | CRITICAL | 9.8 | 1.9% | Mar 9, 2020 | Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading file... |
| CVE-2016-11020 | CRITICAL | 9.8 | 2.9% | Feb 25, 2020 | Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote... |
| CVE-2016-4606 | CRITICAL | 9.8 | 3.3% | Feb 21, 2020 | Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrar... |
| CVE-2016-1000005 | CRITICAL | 9.8 | 1.4% | Feb 19, 2020 | mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if ot... |
| CVE-2016-1000004 | CRITICAL | 9.8 | 0.7% | Feb 19, 2020 | Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_d... |
| CVE-2016-2031 | CRITICAL | 9.8 | 5.1% | Jan 31, 2020 | Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-suppl... |
| CVE-2016-11018 | CRITICAL | 9.8 | 2.4% | Jan 21, 2020 | An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-For... |
| CVE-2016-11017 | CRITICAL | 9.8 | 4.4% | Jan 6, 2020 | The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execu... |
| CVE-2016-1000027 | CRITICAL | 9.8 | 32.3% | Jan 2, 2020 | Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java dese... |
| CVE-2016-9652 | CRITICAL | 9.8 | 2.1% | Nov 20, 2019 | Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75. |
| CVE-2016-5194 | CRITICAL | 9.8 | 0.7% | Nov 20, 2019 | Unspecified vulnerabilities in Google Chrome before 54.0.2840.59. |
| CVE-2016-1000006 | CRITICAL | 9.8 | 1.6% | Nov 19, 2019 | hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions. |
| CVE-2016-4401 | CRITICAL | 9.8 | 1.4% | Nov 6, 2019 | Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. |
| CVE-2016-5202 | CRITICAL | 9.1 | 0.8% | Oct 25, 2019 | browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windo... |
| CVE-2016-2360 | CRITICAL | 9.8 | 2.1% | Oct 25, 2019 | Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across dif... |
| CVE-2016-2359 | CRITICAL | 9.8 | 3.1% | Oct 25, 2019 | Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected ... |
| CVE-2016-2358 | CRITICAL | 9.8 | 2.1% | Oct 25, 2019 | Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials... |
| CVE-2016-2357 | CRITICAL | 9.8 | 2.1% | Oct 25, 2019 | Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. |
| CVE-2016-2356 | CRITICAL | 9.8 | 3.2% | Oct 25, 2019 | Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or pass... |
| CVE-2016-11014 | CRITICAL | 9.8 | 2.5% | Oct 16, 2019 | NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a speci... |
| CVE-2016-11000 | CRITICAL | 9.8 | 2.1% | Sep 20, 2019 | The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. |
Check if your code is affected by 2016 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now