CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2016

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2016-1996 +Info 2016-03-18 2016-12-03
3.6
None Local Low Not required Partial Partial None
HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.
52 CVE-2016-1995 Exec Code 2016-03-18 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.
53 CVE-2016-1994 200 +Info 2016-03-18 2016-12-03
4.0
None Remote Low ??? Partial None None
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.
54 CVE-2016-1993 +Info 2016-03-18 2016-12-03
5.5
None Remote Low ??? Partial Partial None
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
55 CVE-2016-1992 200 +Info 2016-03-17 2016-12-03
4.0
None Remote Low ??? Partial None None
HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors.
56 CVE-2016-1991 2016-03-16 2018-10-17
6.0
None Remote Medium ??? Partial Partial Partial
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.
57 CVE-2016-1990 264 Exec Code +Priv 2016-03-16 2018-10-17
4.3
None Local Low ??? Partial Partial Partial
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
58 CVE-2016-1989 Exec Code +Info 2016-03-15 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.
59 CVE-2016-1988 Exec Code +Info 2016-03-15 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.
60 CVE-2016-1979 DoS 2016-03-13 2017-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
61 CVE-2016-1978 DoS 2016-03-13 2017-11-04
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
62 CVE-2016-1977 119 DoS Exec Code Overflow Mem. Corr. 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.
63 CVE-2016-1976 DoS 2016-03-13 2016-12-03
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
64 CVE-2016-1975 362 DoS Mem. Corr. 2016-03-13 2016-12-03
6.8
None Remote Medium Not required Partial Partial Partial
Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
65 CVE-2016-1974 119 DoS Exec Code Overflow 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.
66 CVE-2016-1973 DoS Exec Code 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.
67 CVE-2016-1972 DoS 2016-03-13 2016-12-03
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
68 CVE-2016-1971 119 DoS Overflow Mem. Corr. 2016-03-13 2016-12-03
6.8
None Remote Medium Not required Partial Partial Partial
The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors.
69 CVE-2016-1970 119 DoS Overflow Mem. Corr. 2016-03-13 2016-12-03
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
70 CVE-2016-1969 119 DoS Overflow 2016-03-13 2016-12-03
6.8
None Remote Medium Not required Partial Partial Partial
The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font.
71 CVE-2016-1968 189 DoS Exec Code Overflow 2016-03-13 2016-12-03
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.
72 CVE-2016-1967 200 Bypass +Info 2016-03-13 2016-12-03
4.3
None Remote Medium Not required Partial None None
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.
73 CVE-2016-1966 DoS Exec Code Mem. Corr. 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.
74 CVE-2016-1965 254 2016-03-13 2019-12-27
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.
75 CVE-2016-1964 DoS Exec Code Mem. Corr. 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.
76 CVE-2016-1963 264 DoS +Priv Mem. Corr. 2016-03-13 2016-12-03
4.4
None Local Medium Not required Partial Partial Partial
The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.
77 CVE-2016-1962 Exec Code 2016-03-13 2019-12-27
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.
78 CVE-2016-1961 Exec Code 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.
79 CVE-2016-1960 DoS Exec Code 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.
80 CVE-2016-1959 119 DoS Exec Code Overflow Mem. Corr. 2016-03-13 2016-12-03
6.8
None Remote Medium Not required Partial Partial Partial
The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API.
81 CVE-2016-1958 254 2016-03-13 2019-12-27
4.3
None Remote Medium Not required None Partial None
browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.
82 CVE-2016-1957 119 DoS Overflow 2016-03-13 2019-12-27
4.3
None Remote Medium Not required None None Partial
Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.
83 CVE-2016-1956 399 DoS Mem. Corr. 2016-03-13 2018-10-30
7.1
None Remote Medium Not required None None Complete
Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.
84 CVE-2016-1955 200 Bypass +Info 2016-03-13 2018-10-30
4.3
None Remote Medium Not required Partial None None
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.
85 CVE-2016-1954 264 DoS +Priv 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.
86 CVE-2016-1953 119 DoS Exec Code Overflow Mem. Corr. 2016-03-13 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.
87 CVE-2016-1952 119 DoS Exec Code Overflow Mem. Corr. 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
88 CVE-2016-1950 119 Exec Code Overflow 2016-03-13 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
89 CVE-2016-1788 310 2016-03-24 2016-12-03
2.6
None Remote High Not required Partial None None
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
90 CVE-2016-1787 200 +Info 2016-03-24 2016-12-20
5.0
None Remote Low Not required Partial None None
Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors.
91 CVE-2016-1786 200 Bypass +Info 2016-03-24 2018-10-09
5.8
None Remote Medium Not required Partial Partial None
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.
92 CVE-2016-1785 200 Bypass +Info 2016-03-24 2018-10-09
4.3
None Remote Medium Not required Partial None None
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
93 CVE-2016-1784 400 DoS 2016-03-24 2019-03-25
4.3
None Remote Medium Not required None None Partial
The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site.
94 CVE-2016-1783 119 DoS Exec Code Overflow Mem. Corr. 2016-03-24 2019-03-25
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
95 CVE-2016-1782 284 Bypass 2016-03-24 2018-10-09
4.3
None Remote Medium Not required None Partial None
WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site.
96 CVE-2016-1781 19 2016-03-24 2018-10-09
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.
97 CVE-2016-1780 200 +Info 2016-03-24 2016-12-03
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site.
98 CVE-2016-1779 200 Bypass +Info 2016-03-24 2018-10-09
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request.
99 CVE-2016-1778 399 DoS Exec Code Mem. Corr. 2016-03-24 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
100 CVE-2016-1777 310 2016-03-24 2016-12-20
5.0
None Remote Low Not required Partial None None
Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Total number of vulnerabilities : 330   Page : 1 2 (This Page)3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.