2016 CVE Vulnerabilities
10,645 CVEs published in 2016.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2016-4117 | CRITICAL | 9.8 | 94.4% | May 11, 2016 | Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as ... |
| CVE-2016-1114 | CRITICAL | 9.8 | 8.8% | May 11, 2016 | Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute ar... |
| CVE-2016-4422 | CRITICAL | 9.8 | 1.8% | May 6, 2016 | The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass au... |
| CVE-2016-4351 | CRITICAL | 9.8 | 2.8% | May 5, 2016 | SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 befo... |
| CVE-2016-4002 | CRITICAL | 9.8 | 6.4% | Apr 26, 2016 | Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept ... |
| CVE-2016-3074 | CRITICAL | 9.8 | 37.0% | Apr 26, 2016 | Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of... |
| CVE-2016-3427 | CRITICAL | 9.8 | 92.3% | Apr 21, 2016 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows rem... |
| CVE-2016-1363 | CRITICAL | 9.8 | 5.6% | Apr 21, 2016 | Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 through 7.4 before ... |
| CVE-2016-2170 | CRITICAL | 9.8 | 12.7% | Apr 12, 2016 | Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands vi... |
| CVE-2016-3987 | CRITICAL | 9.8 | 22.3% | Apr 12, 2016 | The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url para... |
| CVE-2016-2324 | CRITICAL | 9.8 | 18.8% | Apr 8, 2016 | Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) ma... |
| CVE-2016-2315 | CRITICAL | 9.8 | 18.0% | Apr 8, 2016 | revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary c... |
| CVE-2016-3974 | CRITICAL | 9.1 | 15.1% | Apr 7, 2016 | XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remo... |
| CVE-2016-1019 | CRITICAL | 9.8 | 22.5% | Apr 7, 2016 | Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or po... |
| CVE-2016-2386 | CRITICAL | 9.8 | 71.1% | Feb 16, 2016 | SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbi... |
| CVE-2016-0746 | CRITICAL | 9.8 | 8.6% | Feb 15, 2016 | Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attacke... |
| CVE-2016-1283 | CRITICAL | 9.8 | 7.8% | Jan 3, 2016 | The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?... |
Check if your code is affected by 2016 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now