2016 CVE Vulnerabilities
10,645 CVEs published in 2016.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2016-10995 | CRITICAL | 9.8 | 2.0% | Sep 18, 2019 | The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php. |
| CVE-2016-10972 | CRITICAL | 9.8 | 9.3% | Sep 16, 2019 | The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. |
| CVE-2016-10971 | CRITICAL | 9.8 | 1.9% | Sep 16, 2019 | The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an ... |
| CVE-2016-10955 | CRITICAL | 9.8 | 2.4% | Sep 13, 2019 | The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking. |
| CVE-2016-10954 | CRITICAL | 9.8 | 2.2% | Sep 13, 2019 | The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. |
| CVE-2016-10942 | CRITICAL | 9.8 | 2.0% | Sep 13, 2019 | The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id param... |
| CVE-2016-7398 | CRITICAL | 9.8 | 6.8% | Sep 6, 2019 | A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta... |
| CVE-2016-10764 | CRITICAL | 9.8 | 3.1% | Jul 27, 2019 | In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash(... |
| CVE-2016-10749 | CRITICAL | 9.8 | 2.5% | Apr 29, 2019 | parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with ... |
| CVE-2016-1585 | CRITICAL | 9.8 | 1.0% | Apr 22, 2019 | In all versions of AppArmor mount rules are accidentally widened when compiled. |
| CVE-2016-9063 | CRITICAL | 9.8 | 5.5% | Jun 11, 2018 | An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. |
| CVE-2016-10541 | CRITICAL | 9.8 | 2.2% | May 31, 2018 | The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shel... |
| CVE-2016-10722 | CRITICAL | 9.8 | 2.7% | May 2, 2018 | partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient vali... |
| CVE-2016-8717 | CRITICAL | 9.8 | 2.3% | Apr 2, 2018 | An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running fi... |
| CVE-2016-0898 | CRITICAL | 10 | 1.4% | Mar 29, 2018 | MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were l... |
| CVE-2016-6813 | CRITICAL | 9.8 | 5.6% | Feb 6, 2018 | Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer ... |
| CVE-2016-5018 | CRITICAL | 9.1 | 10.3% | Aug 10, 2017 | In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malici... |
| CVE-2016-8731 | CRITICAL | 9.8 | 2.6% | Jun 21, 2017 | Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials... |
| CVE-2016-7836 | CRITICAL | 9.8 | 19.4% | Jun 9, 2017 | SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the... |
| CVE-2016-6087 | CRITICAL | 9.8 | 1.9% | Jun 7, 2017 | IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data us... |
| CVE-2016-0761 | CRITICAL | 9.8 | 1.6% | May 25, 2017 | Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw i... |
| CVE-2016-9843 | CRITICAL | 9.8 | 5.9% | May 23, 2017 | The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via v... |
| CVE-2016-9841 | CRITICAL | 9.8 | 7.5% | May 23, 2017 | inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointe... |
| CVE-2016-2173 | CRITICAL | 9.8 | 6.3% | Apr 21, 2017 | org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute a... |
| CVE-2016-1555 | CRITICAL | 9.8 | 98.3% | Apr 21, 2017 | (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear... |
Check if your code is affected by 2016 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now