CVEs from 2016
Total
8,565
critical
critical 1,164
high
high 3,521
medium
medium 3,172
low
low 249
% Critical
13.6%
% with KEV
0.7%
% with exploit
0.7%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2016-9079 | critical | — | 10.0 | 3y ago | Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows. | |
| CVE-2016-5195 | high | — | 9.5 | 4y ago | Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges. | |
| CVE-2016-10033 | high | — | 9.5 | 6y ago | PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attac… | |
| CVE-2016-3088 | unknown | — | 2.5 | 4y ago | The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request | |
| CVE-2016-0752 | unknown | — | 2.5 | 11y ago | Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files. | |
| CVE-2016-7836 | unknown | — | 1.5 | 8mo ago | SKYSEA Client View contains an improper authentication vulnerability that allows remote code execution via a flaw in processing authentication on the TCP connection with the management console progra… | |
| CVE-2016-3714 | unknown | — | 1.5 | 2y ago | ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code v… | |
| CVE-2016-20017 | unknown | — | 1.5 | 2y ago | D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter. | |
| CVE-2016-0165 | unknown | — | 1.5 | 3y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2016-6415 | unknown | — | 1.5 | 3y ago | Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information… | |
| CVE-2016-3427 | unknown | — | 1.5 | 3y ago | Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions … | |
| CVE-2016-2386 | unknown | — | 1.5 | 4y ago | SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2016-2388 | unknown | — | 1.5 | 4y ago | The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request. | |
| CVE-2016-1646 | unknown | — | 1.5 | 4y ago | Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript co… | |
| CVE-2016-5198 | unknown | — | 1.5 | 4y ago | Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. Thi… | |
| CVE-2016-3393 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the… | |
| CVE-2016-7256 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take con… | |
| CVE-2016-0984 | unknown | — | 1.5 | 4y ago | Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code. | |
| CVE-2016-1010 | unknown | — | 1.5 | 4y ago | Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code. | |
| CVE-2016-0034 | unknown | — | 1.5 | 4y ago | Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service (DoS). | |
| CVE-2016-3298 | unknown | — | 1.5 | 4y ago | An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow th… | |
| CVE-2016-6367 | unknown | — | 1.5 | 4y ago | A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service (DoS) condition or potentially execute code. | |
| CVE-2016-3351 | unknown | — | 1.5 | 4y ago | An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific f… | |
| CVE-2016-4656 | unknown | — | 1.5 | 4y ago | A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service (DoS) via a crafted application. | |
| CVE-2016-4657 | unknown | — | 1.5 | 4y ago | Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerability could impact HTM… | |
| CVE-2016-6366 | unknown | — | 1.5 | 4y ago | A buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute cod… | |
| CVE-2016-0162 | unknown | — | 1.5 | 4y ago | An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer. | |
| CVE-2016-4655 | unknown | — | 1.5 | 4y ago | The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. | |
| CVE-2016-4437 | unknown | — | 1.5 | 4y ago | Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been confi… | |
| CVE-2016-7201 | unknown | — | 1.5 | 4y ago | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | |
| CVE-2016-7200 | unknown | — | 1.5 | 4y ago | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | |
| CVE-2016-8735 | unknown | — | 1.5 | 4y ago | Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This C… | |
| CVE-2016-4523 | unknown | — | 1.5 | 4y ago | The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS). | |
| CVE-2016-0189 | unknown | — | 1.5 | 4y ago | The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web s… | |
| CVE-2016-0040 | unknown | — | 1.5 | 4y ago | The kernel in Microsoft Windows allows local users to gain privileges via a crafted application. | |
| CVE-2016-0151 | unknown | — | 1.5 | 4y ago | The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application. | |
| CVE-2016-10174 | unknown | — | 1.5 | 4y ago | The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution. | |
| CVE-2016-7892 | unknown | — | 1.5 | 4y ago | Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class. | |
| CVE-2016-11021 | unknown | — | 1.5 | 4y ago | setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command. | |
| CVE-2016-4171 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in Adobe Flash Player allows for remote code execution. | |
| CVE-2016-1555 | unknown | — | 1.5 | 4y ago | Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution. | |
| CVE-2016-3309 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in k… | |
| CVE-2016-6277 | unknown | — | 1.5 | 4y ago | NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution. | |
| CVE-2016-1019 | unknown | — | 1.5 | 4y ago | Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code. | |
| CVE-2016-8562 | unknown | — | 1.5 | 4y ago | An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service. | |
| CVE-2016-7193 | unknown | — | 1.5 | 4y ago | Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution. | |
| CVE-2016-0099 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this… | |
| CVE-2016-4117 | unknown | — | 1.5 | 4y ago | An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution. | |
| CVE-2016-7262 | unknown | — | 1.5 | 4y ago | A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands. | |
| CVE-2016-7855 | unknown | — | 1.5 | 4y ago | Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code. | |
| CVE-2016-3718 | unknown | — | 1.5 | 5y ago | ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image. | |
| CVE-2016-3715 | unknown | — | 1.5 | 5y ago | ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading. | |
| CVE-2016-3643 | unknown | — | 1.5 | 5y ago | SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo. | |
| CVE-2016-0185 | unknown | — | 1.5 | 5y ago | Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. | |
| CVE-2016-3235 | unknown | — | 1.5 | 5y ago | Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitat… | |
| CVE-2016-9563 | unknown | — | 1.5 | 5y ago | SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity (XXE) attacks. | |
| CVE-2016-7255 | unknown | — | 1.5 | 5y ago | Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode. | |
| CVE-2016-0167 | unknown | — | 1.5 | 5y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application | |
| CVE-2016-3976 | unknown | — | 1.5 | 5y ago | SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote at… |