2016 CVE Vulnerabilities
10,645 CVEs published in 2016.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2016-1000107 | MEDIUM | 6.1 | 1.4% | Dec 10, 2019 | inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications fr... |
| CVE-2016-1000108 | MEDIUM | 6.1 | 1.1% | Dec 10, 2019 | yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect... |
| CVE-2016-1000110 | MEDIUM | 6.1 | 4.6% | Nov 27, 2019 | The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script... |
| CVE-2016-9271 | MEDIUM | 5.4 | 0.5% | Nov 26, 2019 | Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature. |
| CVE-2016-6353 | MEDIUM | 6.5 | 0.8% | Nov 26, 2019 | Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass S... |
| CVE-2016-3192 | MEDIUM | 6.5 | 0.6% | Nov 26, 2019 | Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files. |
| CVE-2016-3131 | MEDIUM | 6.5 | 0.7% | Nov 26, 2019 | Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. |
| CVE-2016-1000236 | MEDIUM | 4.4 | 0.9% | Nov 19, 2019 | Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used. |
| CVE-2016-1000037 | MEDIUM | 6.1 | 1.1% | Nov 6, 2019 | Pagure: XSS possible in file attachment endpoint |
| CVE-2016-4289 | MEDIUM | 5.5 | 0.6% | Oct 29, 2019 | A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2... |
| CVE-2016-11016 | MEDIUM | 6.1 | 1.6% | Oct 16, 2019 | NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. |
| CVE-2016-11015 | MEDIUM | 6.5 | 0.8% | Oct 16, 2019 | NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.... |
| CVE-2016-11013 | MEDIUM | 6.1 | 1.0% | Sep 20, 2019 | The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. |
| CVE-2016-11012 | MEDIUM | 5.4 | 0.8% | Sep 20, 2019 | The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. |
| CVE-2016-11011 | MEDIUM | 6.5 | 1.4% | Sep 20, 2019 | The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. |
| CVE-2016-11010 | MEDIUM | 5.3 | 1.8% | Sep 20, 2019 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata update... |
| CVE-2016-11009 | MEDIUM | 5.3 | 1.8% | Sep 20, 2019 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates... |
| CVE-2016-11008 | MEDIUM | 5.3 | 1.8% | Sep 20, 2019 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. |
| CVE-2016-11007 | MEDIUM | 5.3 | 2.0% | Sep 20, 2019 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. |
| CVE-2016-11006 | MEDIUM | 5.3 | 1.8% | Sep 20, 2019 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. |
| CVE-2016-11005 | MEDIUM | 6.1 | 1.0% | Sep 20, 2019 | The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. |
| CVE-2016-11001 | MEDIUM | 6.1 | 1.2% | Sep 20, 2019 | The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. |
| CVE-2016-10999 | MEDIUM | 6.1 | 0.9% | Sep 20, 2019 | The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter. |
| CVE-2016-10998 | MEDIUM | 6.1 | 0.9% | Sep 20, 2019 | The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS. |
| CVE-2016-10997 | MEDIUM | 6.5 | 0.8% | Sep 20, 2019 | The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php. |
Check if your code is affected by 2016 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now