2016 CVE Vulnerabilities
10,645 CVEs published in 2016.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2016-1000113 | CRITICAL | 9.8 | 3.1% | Oct 6, 2016 | XSS and SQLi in huge IT gallery v1.1.5 for Joomla |
| CVE-2016-1000112 | CRITICAL | 9.1 | 8.6% | Oct 6, 2016 | Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin |
| CVE-2016-1453 | CRITICAL | 9.8 | 8.1% | Oct 6, 2016 | Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 a... |
| CVE-2016-7161 | CRITICAL | 9.8 | 6.1% | Oct 5, 2016 | Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attacke... |
| CVE-2016-5180 | CRITICAL | 9.8 | 8.6% | Oct 3, 2016 | Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to caus... |
| CVE-2016-4303 | CRITICAL | 9.8 | 6.8% | Sep 26, 2016 | The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to c... |
| CVE-2016-6531 | CRITICAL | 9.8 | 2.5% | Sep 24, 2016 | Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative... |
| CVE-2016-6374 | CRITICAL | 9.8 | 3.7% | Sep 22, 2016 | Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup c... |
| CVE-2016-6303 | CRITICAL | 9.8 | 32.0% | Sep 16, 2016 | Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers t... |
| CVE-2016-7126 | CRITICAL | 9.8 | 8.8% | Sep 12, 2016 | The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validat... |
| CVE-2016-5344 | CRITICAL | 9.8 | 1.7% | Aug 30, 2016 | Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) And... |
| CVE-2016-5681 | CRITICAL | 9.8 | 11.9% | Aug 25, 2016 | Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx befor... |
| CVE-2016-5772 | CRITICAL | 9.8 | 9.8% | Aug 7, 2016 | Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.... |
| CVE-2016-5771 | CRITICAL | 9.8 | 15.1% | Aug 7, 2016 | spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize ... |
| CVE-2016-5770 | CRITICAL | 9.8 | 7.2% | Aug 7, 2016 | Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5... |
| CVE-2016-3078 | CRITICAL | 9.8 | 57.6% | Aug 7, 2016 | Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denia... |
| CVE-2016-4999 | CRITICAL | 9.8 | 3.7% | Aug 5, 2016 | SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/De... |
| CVE-2016-4837 | CRITICAL | 9.8 | 2.1% | Aug 1, 2016 | SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrar... |
| CVE-2016-4614 | CRITICAL | 9.8 | 3.4% | Jul 22, 2016 | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows,... |
| CVE-2016-4610 | CRITICAL | 9.8 | 5.1% | Jul 22, 2016 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows,... |
| CVE-2016-4609 | CRITICAL | 9.8 | 5.1% | Jul 22, 2016 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows,... |
| CVE-2016-4608 | CRITICAL | 9.8 | 5.1% | Jul 22, 2016 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows,... |
| CVE-2016-4607 | CRITICAL | 9.8 | 5.1% | Jul 22, 2016 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows,... |
| CVE-2016-5804 | CRITICAL | 9.8 | 1.1% | Jul 15, 2016 | Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB327... |
| CVE-2016-4503 | CRITICAL | 9.8 | 2.8% | Jul 12, 2016 | Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings... |
Check if your code is affected by 2016 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now