2016 CVE Vulnerabilities
10,645 CVEs published in 2016.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2016-3955 | CRITICAL | 9.8 | 25.9% | Jul 3, 2016 | The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attacke... |
| CVE-2016-2141 | CRITICAL | 9.8 | 4.7% | Jun 30, 2016 | It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cl... |
| CVE-2016-4171 | CRITICAL | 9.8 | 19.9% | Jun 16, 2016 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code... |
| CVE-2016-4163 | CRITICAL | 9.8 | 6.3% | Jun 16, 2016 | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621... |
| CVE-2016-4162 | CRITICAL | 9.8 | 6.3% | Jun 16, 2016 | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621... |
| CVE-2016-4161 | CRITICAL | 9.8 | 6.3% | Jun 16, 2016 | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621... |
| CVE-2016-4160 | CRITICAL | 9.8 | 6.3% | Jun 16, 2016 | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621... |
| CVE-2016-4138 | CRITICAL | 9.8 | 25.4% | Jun 16, 2016 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsof... |
| CVE-2016-4121 | CRITICAL | 9.8 | 10.0% | Jun 16, 2016 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows ... |
| CVE-2016-4120 | CRITICAL | 9.8 | 6.3% | Jun 16, 2016 | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621... |
| CVE-2016-2496 | CRITICAL | 9.8 | 0.9% | Jun 13, 2016 | The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjackin... |
| CVE-2016-5118 | CRITICAL | 9.8 | 49.3% | Jun 10, 2016 | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbit... |
| CVE-2016-3720 | CRITICAL | 9.8 | 2.7% | Jun 10, 2016 | XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xm... |
| CVE-2016-2786 | CRITICAL | 9.8 | 1.6% | Jun 10, 2016 | The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not prope... |
| CVE-2016-2785 | CRITICAL | 9.8 | 2.9% | Jun 10, 2016 | Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow... |
| CVE-2016-4448 | CRITICAL | 9.8 | 7.0% | Jun 9, 2016 | Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specif... |
| CVE-2016-2310 | CRITICAL | 9.8 | 3.2% | Jun 9, 2016 | General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000,... |
| CVE-2016-4437 | CRITICAL | 9.8 | 93.1% | Jun 7, 2016 | Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attack... |
| CVE-2016-4432 | CRITICAL | 9.1 | 8.1% | Jun 1, 2016 | The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to b... |
| CVE-2016-3088 | CRITICAL | 9.8 | 98.5% | Jun 1, 2016 | The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitr... |
| CVE-2016-0718 | CRITICAL | 9.8 | 13.3% | May 26, 2016 | Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a m... |
| CVE-2016-4544 | CRITICAL | 9.8 | 6.7% | May 22, 2016 | The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.... |
| CVE-2016-4346 | CRITICAL | 9.8 | 5.7% | May 22, 2016 | Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a... |
| CVE-2016-4345 | CRITICAL | 9.8 | 5.2% | May 22, 2016 | Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows rem... |
| CVE-2016-4344 | CRITICAL | 9.8 | 5.2% | May 22, 2016 | Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a... |
Check if your code is affected by 2016 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now