CVEs from 2016
Total
8,436
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3136 | medium | 4.6 | 5.6 | 10y ago | The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s… | |||
| CVE-2016-2188 | medium | 4.6 | 5.6 | 10y ago | The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system c… | |||
| CVE-2016-3139 | medium | 4.6 | 5.6 | 10y ago | The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system cr… | |||
| CVE-2016-2782 | medium | 4.6 | 5.6 | 10y ago | The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or… | |||
| CVE-2016-2384 | medium | 4.6 | 5.6 | 10y ago | Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly … | |||
| CVE-2016-2184 | medium | 4.6 | 5.6 | 10y ago | The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL poin… | |||
| CVE-2016-8018 | medium | 4.3 | 5.3 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a cr… | |||
| CVE-2016-3216 | medium | 4.3 | 5.3 | 10y ago | GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gol… | |||
| CVE-2016-8017 | medium | 4.1 | 5.1 | 9y ago | Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user… | |||
| CVE-2016-8016 | low | 3.4 | 4.4 | 9y ago | Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a UR… | |||
| CVE-2016-4486 | low | 3.3 | 4.3 | 10y ago | The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from … | |||
| CVE-2016-3716 | low | 3.3 | 4.3 | 10y ago | The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. | |||
| CVE-2016-3325 | low | 3.1 | 4.1 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |||
| CVE-2016-4534 | low | 3.0 | 4.0 | 10y ago | The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and… | |||
| CVE-2016-3321 | low | 2.5 | 3.5 | 10y ago | Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a… | |||
| CVE-2016-3714 | unknown | — | 2.5 | 2y ago | ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code v… | |||
| CVE-2016-20017 | unknown | — | 2.5 | 2y ago | D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter. | |||
| CVE-2016-0165 | unknown | — | 2.5 | 3y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2016-6415 | unknown | — | 2.5 | 3y ago | Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information… | |||
| CVE-2016-2388 | unknown | — | 2.5 | 4y ago | The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request. | |||
| CVE-2016-2386 | unknown | — | 2.5 | 4y ago | SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-0984 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code. | |||
| CVE-2016-6366 | unknown | — | 2.5 | 4y ago | A buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute cod… | |||
| CVE-2016-4657 | unknown | — | 2.5 | 4y ago | Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerability could impact HTM… | |||
| CVE-2016-4656 | unknown | — | 2.5 | 4y ago | A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service (DoS) via a crafted application. | |||
| CVE-2016-4655 | unknown | — | 2.5 | 4y ago | The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. | |||
| CVE-2016-6367 | unknown | — | 2.5 | 4y ago | A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service (DoS) condition or potentially execute code. | |||
| CVE-2016-4437 | unknown | — | 2.5 | 4y ago | Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been confi… | |||
| CVE-2016-7201 | unknown | — | 2.5 | 4y ago | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | |||
| CVE-2016-7200 | unknown | — | 2.5 | 4y ago | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | |||
| CVE-2016-3088 | unknown | — | 2.5 | 4y ago | The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request | |||
| CVE-2016-0189 | unknown | — | 2.5 | 4y ago | The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web s… | |||
| CVE-2016-0040 | unknown | — | 2.5 | 4y ago | The kernel in Microsoft Windows allows local users to gain privileges via a crafted application. | |||
| CVE-2016-0151 | unknown | — | 2.5 | 4y ago | The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application. | |||
| CVE-2016-1555 | unknown | — | 2.5 | 4y ago | Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution. | |||
| CVE-2016-11021 | unknown | — | 2.5 | 4y ago | setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command. | |||
| CVE-2016-10174 | unknown | — | 2.5 | 4y ago | The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution. | |||
| CVE-2016-3309 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in k… | |||
| CVE-2016-6277 | unknown | — | 2.5 | 4y ago | NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution. | |||
| CVE-2016-4117 | unknown | — | 2.5 | 4y ago | An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution. | |||
| CVE-2016-0099 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this… | |||
| CVE-2016-3235 | unknown | — | 2.5 | 5y ago | Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitat… | |||
| CVE-2016-0185 | unknown | — | 2.5 | 5y ago | Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. | |||
| CVE-2016-3718 | unknown | — | 2.5 | 5y ago | ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image. | |||
| CVE-2016-3715 | unknown | — | 2.5 | 5y ago | ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading. | |||
| CVE-2016-3976 | unknown | — | 2.5 | 5y ago | SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote at… | |||
| CVE-2016-3643 | unknown | — | 2.5 | 5y ago | SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo. | |||
| CVE-2016-7255 | unknown | — | 2.5 | 5y ago | Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode. | |||
| CVE-2016-0752 | unknown | — | 2.5 | 11y ago | Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files. | |||
| CVE-2016-5616 | unknown | — | 1.0 | — | ||||
| CVE-2016-8641 | unknown | — | 1.0 | — | ||||
| CVE-2016-15057 | unknown | — | 1.0 | 4mo ago | Apache Continuum vulnerable to Command Injection through Installations REST API | |||
| CVE-2016-10542 | unknown | — | 1.0 | 7y ago | ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server… | |||
| CVE-2016-1000282 | unknown | — | 1.0 | 7y ago | Critical severity vulnerability that affects Haraka |