2016 CVE Vulnerabilities
10,645 CVEs published in 2016.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2016-8721 | CRITICAL | 9.1 | 3.3% | Apr 20, 2017 | An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A W... |
| CVE-2016-10328 | CRITICAL | 9.8 | 3.7% | Apr 14, 2017 | FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser... |
| CVE-2016-1908 | CRITICAL | 9.8 | 13.7% | Apr 11, 2017 | The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the loca... |
| CVE-2016-8735 | CRITICAL | 9.8 | 90.3% | Apr 6, 2017 | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8... |
| CVE-2016-6809 | CRITICAL | 9.8 | 8.1% | Apr 6, 2017 | Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists bec... |
| CVE-2016-10229 | CRITICAL | 9.8 | 12.8% | Apr 4, 2017 | udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an ... |
| CVE-2016-10307 | CRITICAL | 9.8 | 2.4% | Mar 30, 2017 | Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root... |
| CVE-2016-10305 | CRITICAL | 9.8 | 1.7% | Mar 30, 2017 | Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0... |
| CVE-2016-10145 | CRITICAL | 9.8 | 5.4% | Mar 24, 2017 | Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related t... |
| CVE-2016-10144 | CRITICAL | 9.8 | 4.9% | Mar 24, 2017 | coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. |
| CVE-2016-10195 | CRITICAL | 9.8 | 6.7% | Mar 15, 2017 | The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via ... |
| CVE-2016-9558 | CRITICAL | 9.8 | 5.1% | Feb 28, 2017 | (1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have uns... |
| CVE-2016-9400 | CRITICAL | 9.8 | 3.6% | Feb 22, 2017 | The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to w... |
| CVE-2016-9053 | CRITICAL | 9.8 | 7.2% | Feb 21, 2017 | An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Datab... |
| CVE-2016-9051 | CRITICAL | 9.8 | 6.9% | Feb 21, 2017 | An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospik... |
| CVE-2016-9369 | CRITICAL | 9.8 | 7.2% | Feb 13, 2017 | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 52... |
| CVE-2016-9366 | CRITICAL | 9.8 | 2.4% | Feb 13, 2017 | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 52... |
| CVE-2016-9361 | CRITICAL | 9.8 | 20.2% | Feb 13, 2017 | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 52... |
| CVE-2016-9343 | CRITICAL | 10 | 10.5% | Feb 13, 2017 | An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (exc... |
| CVE-2016-8567 | CRITICAL | 9.8 | 1.8% | Feb 13, 2017 | An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the ... |
| CVE-2016-2148 | CRITICAL | 9.8 | 28.4% | Feb 9, 2017 | Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecif... |
| CVE-2016-10150 | CRITICAL | 9.8 | 10.2% | Feb 6, 2017 | Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4... |
| CVE-2016-6090 | CRITICAL | 9.8 | 2.0% | Feb 1, 2017 | IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performi... |
| CVE-2016-6269 | CRITICAL | 9.1 | 3.7% | Jan 30, 2017 | Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before bu... |
| CVE-2016-10182 | CRITICAL | 9.8 | 9.2% | Jan 30, 2017 | An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters. |
Check if your code is affected by 2016 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now