2016 CVE Vulnerabilities
10,645 CVEs published in 2016.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2016-10708 | HIGH | 7.5 | 16.0% | Jan 21, 2018 | sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon cra... |
| CVE-2016-10707 | HIGH | 7.5 | 2.9% | Jan 18, 2018 | jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any ... |
| CVE-2016-6914 | HIGH | 7.8 | 1.2% | Dec 27, 2017 | Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local u... |
| CVE-2016-10703 | HIGH | 7.5 | 2.6% | Dec 14, 2017 | A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, befo... |
| CVE-2016-6804 | HIGH | 7.8 | 3.0% | Nov 20, 2017 | The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains... |
| CVE-2016-8610 | HIGH | 7.5 | 39.7% | Nov 13, 2017 | A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto... |
| CVE-2016-5714 | HIGH | 7.2 | 2.2% | Oct 18, 2017 | Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to by... |
| CVE-2016-0732 | HIGH | 8.8 | 1.2% | Sep 7, 2017 | The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 th... |
| CVE-2016-6796 | HIGH | 7.5 | 8.3% | Aug 11, 2017 | A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to... |
| CVE-2016-6817 | HIGH | 7.5 | 7.2% | Aug 10, 2017 | The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header ... |
| CVE-2016-6797 | HIGH | 7.5 | 8.1% | Aug 10, 2017 | The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0... |
| CVE-2016-4456 | HIGH | 7.5 | 2.2% | Aug 8, 2017 | The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary... |
| CVE-2016-6220 | HIGH | 7.5 | 4.9% | Aug 7, 2017 | Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0. |
| CVE-2016-8743 | HIGH | 7.5 | 13.3% | Jul 27, 2017 | Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and... |
| CVE-2016-10402 | HIGH | 7.8 | 10.2% | Jul 27, 2017 | Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header... |
| CVE-2016-6342 | HIGH | 7.5 | 1.0% | Jun 27, 2017 | elog 3.1.1 allows remote attackers to post data as any username in the logbook. |
| CVE-2016-0780 | HIGH | 7.5 | 1.1% | May 25, 2017 | It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 a... |
| CVE-2016-9842 | HIGH | 8.8 | 5.2% | May 23, 2017 | The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact v... |
| CVE-2016-9840 | HIGH | 8.8 | 4.8% | May 23, 2017 | inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper point... |
| CVE-2016-8741 | HIGH | 7.5 | 6.2% | May 15, 2017 | The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user auth... |
| CVE-2016-4879 | HIGH | 8.8 | 0.9% | May 12, 2017 | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attacke... |
| CVE-2016-4838 | HIGH | 7.8 | 1.4% | May 12, 2017 | The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for... |
| CVE-2016-5399 | HIGH | 7.8 | 9.8% | Apr 21, 2017 | The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attac... |
| CVE-2016-1148 | HIGH | 8.1 | 0.9% | Apr 21, 2017 | Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. |
| CVE-2016-7051 | HIGH | 8.6 | 2.4% | Apr 14, 2017 | XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allow... |
Check if your code is affected by 2016 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now