Security Vulnerabilities, CVEs, Published In March 2016 CVSS score >= 9
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Max CVSS
9.3
EPSS Score
0.52%
Published
2016-03-29
Updated
2018-10-30
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
Max CVSS
9.8
EPSS Score
15.14%
Published
2016-03-17
Updated
2018-01-05
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.
Max CVSS
9.8
EPSS Score
6.87%
Published
2016-03-31
Updated
2018-01-05
WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code.
Max CVSS
9.3
EPSS Score
1.07%
Published
2016-03-06
Updated
2016-12-03
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
0.17%
Published
2016-03-06
Updated
2016-12-03
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
Max CVSS
10.0
EPSS Score
76.90%
Published
2016-03-03
Updated
2018-01-05
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
Max CVSS
9.3
EPSS Score
5.09%
Published
2016-03-13
Updated
2019-12-27
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
Max CVSS
9.3
EPSS Score
5.40%
Published
2016-03-13
Updated
2019-12-27
Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in SolarWinds DameWare Mini Remote Control 12.0 allows remote attackers to execute arbitrary code via a crafted string.
Max CVSS
10.0
EPSS Score
23.04%
Published
2016-03-17
Updated
2018-10-09
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.
Max CVSS
9.0
EPSS Score
2.11%
Published
2016-03-02
Updated
2018-10-30
HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.96%
Published
2016-03-19
Updated
2016-03-22
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Max CVSS
10.0
EPSS Score
0.32%
Published
2016-03-22
Updated
2016-12-01
HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Max CVSS
10.0
EPSS Score
0.32%
Published
2016-03-22
Updated
2016-12-01
HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
1.96%
Published
2016-03-18
Updated
2016-12-03
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.
Max CVSS
10.0
EPSS Score
1.53%
Published
2016-03-15
Updated
2016-12-03
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.
Max CVSS
10.0
EPSS Score
1.53%
Published
2016-03-15
Updated
2016-12-03
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.
Max CVSS
10.0
EPSS Score
1.02%
Published
2016-03-13
Updated
2019-12-27
WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Max CVSS
9.3
EPSS Score
0.52%
Published
2016-03-24
Updated
2019-03-25
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Max CVSS
9.3
EPSS Score
2.12%
Published
2016-03-24
Updated
2018-10-09
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
Max CVSS
9.3
EPSS Score
1.76%
Published
2016-03-24
Updated
2019-03-25
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Max CVSS
10.0
EPSS Score
6.99%
Published
2016-03-24
Updated
2016-12-03
The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Max CVSS
9.3
EPSS Score
0.17%
Published
2016-03-24
Updated
2016-12-03
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.35%
Published
2016-03-24
Updated
2016-12-03
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
Max CVSS
9.3
EPSS Score
0.22%
Published
2016-03-24
Updated
2016-12-03
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.
Max CVSS
9.3
EPSS Score
0.25%
Published
2016-03-24
Updated
2019-03-25