CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2016 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-3679 DoS 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
2 CVE-2016-3191 119 DoS Exec Code Overflow 2016-03-17 2018-01-05
7.5
None Remote Low Not required Partial Partial Partial
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
3 CVE-2016-3142 119 DoS Overflow +Info 2016-03-31 2018-01-05
6.4
None Remote Low Not required Partial None Partial
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
4 CVE-2016-3141 119 DoS Overflow Mem. Corr. 2016-03-31 2018-01-05
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.
5 CVE-2016-2856 264 +Priv 2016-03-14 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
6 CVE-2016-2846 254 Bypass 2016-03-16 2016-12-03
6.4
None Remote Low Not required Partial Partial None
Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors.
7 CVE-2016-2844 20 DoS 2016-03-06 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code.
8 CVE-2016-2843 DoS 2016-03-06 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
9 CVE-2016-2842 119 DoS Overflow 2016-03-03 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
10 CVE-2016-2802 119 DoS Overflow 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
11 CVE-2016-2801 119 DoS Overflow 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.
12 CVE-2016-2800 119 DoS Overflow 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.
13 CVE-2016-2799 119 DoS Overflow 2016-03-13 2019-12-27
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
14 CVE-2016-2798 119 DoS Overflow 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
15 CVE-2016-2797 119 DoS Overflow 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801.
16 CVE-2016-2796 119 DoS Overflow 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
17 CVE-2016-2795 19 DoS 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.
18 CVE-2016-2794 119 DoS Overflow 2016-03-13 2019-12-27
9.3
None Remote Medium Not required Complete Complete Complete
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
19 CVE-2016-2793 119 DoS Overflow 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
20 CVE-2016-2792 119 DoS Overflow 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.
21 CVE-2016-2791 119 DoS Overflow 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
22 CVE-2016-2790 19 DoS 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.
23 CVE-2016-2774 20 DoS 2016-03-09 2020-01-08
7.1
None Remote Medium Not required None None Complete
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
24 CVE-2016-2345 119 Exec Code Overflow 2016-03-17 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in SolarWinds DameWare Mini Remote Control 12.0 allows remote attackers to execute arbitrary code via a crafted string.
25 CVE-2016-2344 119 DoS Exec Code Overflow 2016-03-28 2016-12-03
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks.
26 CVE-2016-2342 119 DoS Exec Code Overflow 2016-03-17 2018-01-05
7.6
None Remote High Not required Complete Complete Complete
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.
27 CVE-2016-2288 264 +Priv 2016-03-29 2017-09-08
7.2
None Local Low Not required Complete Complete Complete
Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file.
28 CVE-2016-2281 264 +Priv 2016-03-18 2016-03-21
6.0
None Local High ??? Complete Complete Complete
Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
29 CVE-2016-2278 284 Exec Code 2016-03-02 2018-10-30
9.0
None Remote Low ??? Complete Complete Complete
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.
30 CVE-2016-2245 287 Bypass 2016-03-19 2016-03-22
10.0
None Remote Low Not required Complete Complete Complete
HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.
31 CVE-2016-1998 20 Exec Code 2016-03-22 2016-12-01
10.0
None Remote Low Not required Complete Complete Complete
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
32 CVE-2016-1997 20 Exec Code 2016-03-22 2016-12-01
10.0
None Remote Low Not required Complete Complete Complete
HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
33 CVE-2016-1995 Exec Code 2016-03-18 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.
34 CVE-2016-1991 2016-03-16 2018-10-17
6.0
None Remote Medium ??? Partial Partial Partial
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.
35 CVE-2016-1989 Exec Code +Info 2016-03-15 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.
36 CVE-2016-1988 Exec Code +Info 2016-03-15 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.
37 CVE-2016-1979 DoS 2016-03-13 2017-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
38 CVE-2016-1978 DoS 2016-03-13 2017-11-04
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
39 CVE-2016-1977 119 DoS Exec Code Overflow Mem. Corr. 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.
40 CVE-2016-1976 DoS 2016-03-13 2016-12-03
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
41 CVE-2016-1975 362 DoS Mem. Corr. 2016-03-13 2016-12-03
6.8
None Remote Medium Not required Partial Partial Partial
Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
42 CVE-2016-1974 119 DoS Exec Code Overflow 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.
43 CVE-2016-1973 DoS Exec Code 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.
44 CVE-2016-1972 DoS 2016-03-13 2016-12-03
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
45 CVE-2016-1971 119 DoS Overflow Mem. Corr. 2016-03-13 2016-12-03
6.8
None Remote Medium Not required Partial Partial Partial
The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors.
46 CVE-2016-1970 119 DoS Overflow Mem. Corr. 2016-03-13 2016-12-03
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
47 CVE-2016-1969 119 DoS Overflow 2016-03-13 2016-12-03
6.8
None Remote Medium Not required Partial Partial Partial
The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font.
48 CVE-2016-1968 189 DoS Exec Code Overflow 2016-03-13 2016-12-03
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.
49 CVE-2016-1966 DoS Exec Code Mem. Corr. 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.
50 CVE-2016-1964 DoS Exec Code Mem. Corr. 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.
Total number of vulnerabilities : 226   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.