CVEs from 2016
Total
8,436
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-15026 | unknown | — | — | 3y ago | dd-plist XML External Entitly vulnerability | |||
| CVE-2016-15011 | unknown | — | — | 4y ago | dssp vulnerable to Improper Restriction of XML External Entity Reference | |||
| CVE-2016-1000273 | unknown | — | — | 4y ago | Java Melody vulnerable to cross-site scripting | |||
| CVE-2016-1000027 | unknown | — | — | 4y ago | Pivotal Spring Framework contains unsafe Java deserialization methods | |||
| CVE-2016-10750 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Hazelcast | |||
| CVE-2016-7043 | unknown | — | — | 4y ago | Password in config file in KIE server | |||
| CVE-2016-9606 | unknown | — | — | 4y ago | JBoss RESTEasy vulnerable to Improper Input Validation | |||
| CVE-2016-8747 | unknown | — | — | 4y ago | Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request | |||
| CVE-2016-6810 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation Apache ActiveMQ | |||
| CVE-2016-9589 | unknown | — | — | 4y ago | Red Hat Wildfly DoS | |||
| CVE-2016-6814 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Groovy | |||
| CVE-2016-11024 | unknown | — | — | 5y ago | SQL Injection in odata4j | |||
| CVE-2016-3674 | unknown | — | — | 6y ago | XML External Entity Injection in XStream | |||
| CVE-2016-8750 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.karaf:apache-karaf | |||
| CVE-2016-10726 | unknown | — | — | 8y ago | High severity vulnerability that affects org.dspace:dspace-xmlui | |||
| CVE-2016-1000345 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | |||
| CVE-2016-1000344 | unknown | — | — | 8y ago | In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode | |||
| CVE-2016-8609 | unknown | — | — | 8y ago | Improper Authentication in org.keycloak:keycloak-core | |||
| CVE-2016-8629 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.keycloak:keycloak-core | |||
| CVE-2016-1000352 | unknown | — | — | 8y ago | In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode | |||
| CVE-2016-1000346 | unknown | — | — | 8y ago | In Bouncy Castle JCE Provider the other party DH public key is not fully validated | |||
| CVE-2016-1000343 | unknown | — | — | 8y ago | In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values | |||
| CVE-2016-1000342 | unknown | — | — | 8y ago | In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification | |||
| CVE-2016-1000341 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | |||
| CVE-2016-1000340 | unknown | — | — | 8y ago | The Bouncy Castle JCE Provider carry a propagation bug | |||
| CVE-2016-1000339 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | |||
| CVE-2016-1000338 | unknown | — | — | 8y ago | In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate | |||
| CVE-2016-10707 | unknown | — | — | 9y ago | Denial of Service in jquery | |||
| CVE-2016-10931 | unknown | — | — | 10y ago | An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for host… |