CVEs from 2016
Total
8,564
critical
critical 1,164
high
high 3,521
medium
medium 3,172
low
low 249
% Critical
13.6%
% with KEV
0.7%
% with exploit
0.9%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2016-9338 | low | 2.7 | 2.7 | 9y ago | An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and… | |
| CVE-2016-3046 | low | 2.7 | 2.7 | 9y ago | IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end da… | |
| CVE-2016-3021 | low | 2.7 | 2.7 | 9y ago | IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. | |
| CVE-2016-2947 | low | 2.7 | 2.7 | 10y ago | IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18… | |
| CVE-2016-0370 | low | 2.7 | 2.7 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an … | |
| CVE-2016-5462 | low | 2.7 | 2.7 | 10y ago | Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote administrators to affect confidentiality via vect… | |
| CVE-2016-2870 | low | 2.7 | 2.7 | 10y ago | Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of service via unspecified vectors. | |
| CVE-2016-2868 | low | 2.7 | 2.7 | 10y ago | IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity ref… | |
| CVE-2016-1212 | low | 2.7 | 2.7 | 10y ago | Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. | |
| CVE-2016-3972 | low | 2.7 | 2.7 | 10y ago | Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter. | |
| CVE-2016-10713 | low | — | 2.5 | — | An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. | |
| CVE-2016-7554 | low | — | 2.5 | — | arbitrary code execution in ffmpeg | |
| CVE-2016-20012 | low | — | 2.5 | — | OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occu… | |
| CVE-2016-5992 | low | 2.5 | 2.5 | 10y ago | IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors. | |
| CVE-2016-6450 | low | 2.5 | 2.5 | 10y ago | A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulne… | |
| CVE-2016-7960 | low | 2.5 | 2.5 | 10y ago | Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration in… | |
| CVE-2016-3321 | low | 2.5 | 2.5 | 10y ago | Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a… | |
| CVE-2016-5849 | low | 2.5 | 2.5 | 10y ago | Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage. | |
| CVE-2016-2894 | low | 2.5 | 2.5 | 10y ago | IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary ac… | |
| CVE-2016-0259 | low | 2.5 | 2.5 | 10y ago | runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands. | |
| CVE-2016-1185 | low | 2.5 | 2.5 | 10y ago | The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application. | |
| CVE-2016-7765 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Clipboard" component, which allows physically proximate attackers to obtain sensitive informati… | |
| CVE-2016-7664 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component. which allows physically proximate attackers to obtain sensitive photo… | |
| CVE-2016-7653 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Media Player" component, which allows physically proximate attackers to obtain sensitive photo … | |
| CVE-2016-9703 | low | 2.4 | 2.4 | 9y ago | IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. | |
| CVE-2016-3562 | low | 2.4 | 2.4 | 10y ago | Unspecified vulnerability in the RDBMS Security and SQL*Plus components in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality via vectors related to D… | |
| CVE-2016-3291 | low | 2.4 | 2.4 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Informa… | |
| CVE-2016-4593 | low | 2.4 | 2.4 | 10y ago | The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors. | |
| CVE-2016-1852 | low | 2.4 | 2.4 | 10y ago | Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via… | |
| CVE-2016-8305 | low | 2.1 | 2.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |
| CVE-2016-3002 | low | 2.1 | 2.1 | 10y ago | IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device. | |
| CVE-2016-3888 | low | 2.1 | 2.1 | 10y ago | internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to by… | |
| CVE-2016-0605 | low | — | 2.1 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. | |
| CVE-2016-0592 | low | — | 2.1 | 11y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors relat… | |
| CVE-2016-0454 | low | — | 2.1 | 11y ago | Unspecified vulnerability in the Oracle Mobile Application Servlet component in Oracle E-Business Suite 12.1 and 12.2 allows local users to affect confidentiality via vectors related to MWA Server Ma… | |
| CVE-2016-0446 | low | — | 2.1 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confident… | |
| CVE-2016-2943 | low | 1.9 | 1.9 | 10y ago | IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file. | |
| CVE-2016-0438 | low | — | 1.9 | 11y ago | Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile… | |
| CVE-2016-0437 | low | — | 1.9 | 11y ago | Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile… | |
| CVE-2016-0436 | low | — | 1.9 | 11y ago | Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile… | |
| CVE-2016-0434 | low | — | 1.9 | 11y ago | Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile… | |
| CVE-2016-0432 | low | — | 1.9 | 11y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Ou… | |
| CVE-2016-8284 | low | 1.8 | 1.8 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication. | |
| CVE-2016-0453 | low | — | 1.8 | 11y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote attackers to affect integrity via unknown vectors related to Embedded Server. | |
| CVE-2016-0609 | low | — | 1.7 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated use… | |
| CVE-2016-0405 | low | — | 1.7 | 11y ago | Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4 allows local users to affect confidentiality via vectors related to Cluster Manageability and… | |
| CVE-2016-0498 | low | — | 1.5 | 11y ago | Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0, and 6.2.0.0 allows local users to affect confidentiality vi… | |
| CVE-2016-0618 | low | — | 1.4 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zones. | |
| CVE-2016-0431 | low | — | 1.2 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0419. | |
| CVE-2016-1000344 | unknown | — | — | 8y ago | In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode |