CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2016 (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-3679 DoS 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
2 CVE-2016-2844 20 DoS 2016-03-06 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code.
3 CVE-2016-2843 DoS 2016-03-06 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
4 CVE-2016-2842 119 DoS Overflow 2016-03-03 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
5 CVE-2016-2799 119 DoS Overflow 2016-03-13 2019-12-27
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
6 CVE-2016-2794 119 DoS Overflow 2016-03-13 2019-12-27
9.3
None Remote Medium Not required Complete Complete Complete
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
7 CVE-2016-2345 119 Exec Code Overflow 2016-03-17 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in SolarWinds DameWare Mini Remote Control 12.0 allows remote attackers to execute arbitrary code via a crafted string.
8 CVE-2016-2278 284 Exec Code 2016-03-02 2018-10-30
9.0
None Remote Low ??? Complete Complete Complete
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.
9 CVE-2016-2245 287 Bypass 2016-03-19 2016-03-22
10.0
None Remote Low Not required Complete Complete Complete
HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.
10 CVE-2016-1998 20 Exec Code 2016-03-22 2016-12-01
10.0
None Remote Low Not required Complete Complete Complete
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
11 CVE-2016-1997 20 Exec Code 2016-03-22 2016-12-01
10.0
None Remote Low Not required Complete Complete Complete
HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
12 CVE-2016-1995 Exec Code 2016-03-18 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.
13 CVE-2016-1989 Exec Code +Info 2016-03-15 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.
14 CVE-2016-1988 Exec Code +Info 2016-03-15 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.
15 CVE-2016-1962 Exec Code 2016-03-13 2019-12-27
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.
16 CVE-2016-1783 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2019-03-25
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
17 CVE-2016-1778 399 DoS Exec Code Mem. Corr. 2016-03-24 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
18 CVE-2016-1775 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2019-03-25
9.3
None Remote Medium Not required Complete Complete Complete
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
19 CVE-2016-1761 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
20 CVE-2016-1759 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
21 CVE-2016-1757 362 Exec Code 2016-03-24 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
22 CVE-2016-1756 DoS Exec Code 2016-03-24 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
23 CVE-2016-1755 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2019-03-25
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.
24 CVE-2016-1754 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2019-03-25
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755.
25 CVE-2016-1753 190 Exec Code Overflow 2016-03-24 2019-03-25
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.
26 CVE-2016-1750 416 Exec Code 2016-03-24 2019-03-25
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
27 CVE-2016-1749 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2017-09-08
9.3
None Remote Medium Not required Complete Complete Complete
IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
28 CVE-2016-1747 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746.
29 CVE-2016-1746 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747.
30 CVE-2016-1744 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2017-09-08
9.3
None Remote Medium Not required Complete Complete Complete
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1743.
31 CVE-2016-1743 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2017-09-08
9.3
None Remote Medium Not required Complete Complete Complete
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1744.
32 CVE-2016-1741 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2017-09-08
10.0
None Remote Low Not required Complete Complete Complete
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
33 CVE-2016-1740 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2019-03-25
9.3
None Remote Medium Not required Complete Complete Complete
FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.
34 CVE-2016-1736 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735.
35 CVE-2016-1735 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736.
36 CVE-2016-1733 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
37 CVE-2016-1650 DoS 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document.
38 CVE-2016-1649 119 DoS Overflow 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages.
39 CVE-2016-1648 DoS 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.
40 CVE-2016-1647 DoS 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
41 CVE-2016-1646 119 DoS Overflow 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
42 CVE-2016-1645 119 DoS Overflow 2016-03-13 2019-09-27
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data.
43 CVE-2016-1644 DoS 2016-03-13 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document.
44 CVE-2016-1643 361 DoS 2016-03-13 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
45 CVE-2016-1642 DoS 2016-03-06 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
46 CVE-2016-1641 DoS 2016-03-06 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an image download after a certain data structure is deleted, as demonstrated by a favicon.ico download.
47 CVE-2016-1639 DoS 2016-03-06 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer.
48 CVE-2016-1635 DoS 2016-03-06 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
49 CVE-2016-1634 DoS 2016-03-06 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that triggers Cascading Style Sheets (CSS) style invalidation during a certain subtree-removal action.
50 CVE-2016-1633 DoS 2016-03-06 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Total number of vulnerabilities : 111   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.