CVEs from 2016
Total
8,565
critical
critical 1,164
high
high 3,521
medium
medium 3,172
low
low 249
% Critical
13.6%
% with KEV
0.7%
% with exploit
0.9%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2016-9079 | critical | — | 10.0 | 3y ago | Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows. | |
| CVE-2016-2417 | critical | 9.8 | 9.8 | 10y ago | media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows atta… | |
| CVE-2016-0801 | critical | 9.8 | 9.8 | 10y ago | The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service … | |
| CVE-2016-5195 | high | — | 9.5 | 4y ago | Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges. | |
| CVE-2016-10033 | high | — | 9.5 | 6y ago | PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attac… | |
| CVE-2016-6754 | high | 8.8 | 8.8 | 10y ago | A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is… | |
| CVE-2016-0846 | high | 8.4 | 8.4 | 10y ago | libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which … | |
| CVE-2016-2098 | high | 7.3 | 8.3 | 10y ago | Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of t… | |
| CVE-2016-10277 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Cr… | |
| CVE-2016-8972 | high | 7.8 | 7.8 | 9y ago | IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. | |
| CVE-2016-6079 | high | 7.8 | 7.8 | 9y ago | IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88… | |
| CVE-2016-3053 | high | 7.8 | 7.8 | 9y ago | IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | |
| CVE-2016-6772 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate becau… | |
| CVE-2016-6707 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the con… | |
| CVE-2016-2494 | high | 7.8 | 7.8 | 10y ago | Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as de… | |
| CVE-2016-5348 | medium | 5.9 | 5.9 | 10y ago | The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service… | |
| CVE-2016-6689 | medium | 5.5 | 5.5 | 10y ago | Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347. |