Weekly Vulnerabilities Reports > March 7 to 13, 2016

Overview

149 new vulnerabilities reported during this period, including 23 critical vulnerabilities and 88 high severity vulnerabilities. This weekly summary report vulnerabilities in 115 products from 24 vendors including Microsoft, Mozilla, Opensuse, Adobe, and Oracle. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Permissions, Privileges, and Access Controls", "Information Exposure", and "Use After Free".

  • 132 reported vulnerabilities are remotely exploitables.
  • 20 reported vulnerabilities have public exploit available.
  • 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 140 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 47 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 12 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

23 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-03-12 CVE-2016-0816 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1

mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803.

10.0
2016-03-12 CVE-2016-0815 Google Improper Input Validation vulnerability in Google Android

The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349.

10.0
2016-03-09 CVE-2016-1327 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935.

10.0
2016-03-09 CVE-2016-1009 Adobe
Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1007.

10.0
2016-03-09 CVE-2016-1007 Adobe
Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1009.

10.0
2016-03-09 CVE-2016-0954 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Digital Editions

Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10.0
2016-03-09 CVE-2016-0132 Microsoft Improper Input Validation vulnerability in Microsoft .Net Framework

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass."

10.0
2016-03-13 CVE-2016-1962 Mozilla
Opensuse
Oracle
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.
9.8
2016-03-12 CVE-2016-1621 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792.

9.8
2016-03-12 CVE-2016-0827 Google Numeric Errors vulnerability in Google Android

Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and EffectReverb.cpp, aka internal bug 26347509.

9.3
2016-03-12 CVE-2016-0826 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403.

9.3
2016-03-12 CVE-2016-0820 Google Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0.1

The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358.

9.3
2016-03-12 CVE-2016-0819 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034.

9.3
2016-03-09 CVE-2015-6184 Microsoft Remote Memory Corruption vulnerability in Microsoft Internet Explorer

The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and memory corruption) via a malformed Cascading Style Sheets (CSS) token sequence in conjunction with modifications to HTML elements, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6048 and CVE-2015-6049.

9.3
2016-03-09 CVE-2016-0134 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-03-09 CVE-2016-0121 Microsoft Improper Input Validation vulnerability in Microsoft products

The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."

9.3
2016-03-09 CVE-2016-0118 Microsoft Improper Input Validation vulnerability in Microsoft Windows 10 1511

The PDF library in Microsoft Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows Remote Code Execution Vulnerability."

9.3
2016-03-09 CVE-2016-0117 Microsoft Improper Input Validation vulnerability in Microsoft products

The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows Remote Code Execution Vulnerability."

9.3
2016-03-09 CVE-2016-0101 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability."

9.3
2016-03-09 CVE-2016-0098 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability."

9.3
2016-03-09 CVE-2016-0092 Microsoft Improper Input Validation vulnerability in Microsoft products

OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0091.

9.3
2016-03-09 CVE-2016-0021 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Infopath 2007/2010/2013

Microsoft InfoPath 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-03-12 CVE-2015-7411 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Monitoring

The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors.

9.0

88 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-03-13 CVE-2016-1645 Google
Debian
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data.

8.8
2016-03-13 CVE-2016-1644 Google Unspecified vulnerability in Google Chrome

WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document.

8.8
2016-03-13 CVE-2016-1643 Google 7PK - Time and State vulnerability in Google Chrome

The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

8.8
2016-03-13 CVE-2016-2802 Mozilla
Suse
Opensuse
SIL
Oracle
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

8.8
2016-03-13 CVE-2016-2801 Suse
Opensuse
SIL
Oracle
Mozilla
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.

8.8
2016-03-13 CVE-2016-2800 Mozilla
Suse
Opensuse
Oracle
SIL
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.

8.8
2016-03-13 CVE-2016-2799 Oracle
Suse
Opensuse
Mozilla
SIL
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.

8.8
2016-03-13 CVE-2016-2798 Mozilla
SIL
Oracle
Suse
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

8.8
2016-03-13 CVE-2016-2797 Oracle
Mozilla
Suse
Opensuse
SIL
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801.

8.8
2016-03-13 CVE-2016-2796 SIL
Suse
Opensuse
Oracle
Mozilla
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.

8.8
2016-03-13 CVE-2016-2795 Suse
Opensuse
Oracle
Mozilla
SIL
Data Processing Errors vulnerability in multiple products

The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.

8.8
2016-03-13 CVE-2016-2794 Mozilla
SIL
Suse
Opensuse
Oracle
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

8.8
2016-03-13 CVE-2016-2793 Oracle
Mozilla
SIL
Suse
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

8.8
2016-03-13 CVE-2016-2792 SIL
Mozilla
Oracle
Suse
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.

8.8
2016-03-13 CVE-2016-2791 Suse
Opensuse
Mozilla
Oracle
SIL
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

8.8
2016-03-13 CVE-2016-2790 Suse
Opensuse
Mozilla
SIL
Oracle
Data Processing Errors vulnerability in multiple products

The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.

8.8
2016-03-13 CVE-2016-1977 Suse
Opensuse
Oracle
SIL
Mozilla
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.

8.8
2016-03-13 CVE-2016-1974 Mozilla
Oracle
Suse
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.

8.8
2016-03-13 CVE-2016-1969 SIL
Mozilla
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font.

8.8
2016-03-13 CVE-2016-1966 Oracle
Mozilla
Opensuse
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.
8.8
2016-03-13 CVE-2016-1964 Oracle
Suse
Opensuse
Mozilla
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.
8.8
2016-03-13 CVE-2016-1961 Suse
Opensuse
Mozilla
Oracle
Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.
8.8
2016-03-13 CVE-2016-1960 Oracle
Mozilla
Suse
Opensuse
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.
8.8
2016-03-13 CVE-2016-1954 Mozilla
Novell
Opensuse
Oracle
Permissions, Privileges, and Access Controls vulnerability in multiple products

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.

8.8
2016-03-13 CVE-2016-1953 Mozilla
Novell
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.

8.8
2016-03-13 CVE-2016-1952 Oracle
Novell
Opensuse
Mozilla
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

8.8
2016-03-13 CVE-2016-1950 Mozilla
Oracle
Apple
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

8.8
2016-03-12 CVE-2016-1010 Adobe
Samsung
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993.

8.8
2016-03-12 CVE-2016-1005 Adobe
Samsung
Access of Uninitialized Pointer vulnerability in multiple products

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1002.

8.8
2016-03-12 CVE-2016-1002 Adobe
Samsung
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005.

8.8
2016-03-12 CVE-2016-1001 Adobe
Samsung
Out-of-bounds Write vulnerability in multiple products

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors.

8.8
2016-03-12 CVE-2016-1000 Adobe
Samsung
Use After Free vulnerability in multiple products

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999.

8.8
2016-03-12 CVE-2016-0999 Adobe
Samsung
Use After Free vulnerability in multiple products

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-1000.

8.8
2016-03-12 CVE-2016-0998 Adobe
Samsung
Use After Free vulnerability in multiple products

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000.

8.8
2016-03-12 CVE-2016-0997 Adobe
Samsung
Use After Free vulnerability in multiple products

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.

8.8
2016-03-12 CVE-2016-0996 Adobe
Samsung
Use After Free vulnerability in multiple products

Use-after-free vulnerability in the setInterval method in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.

8.8
2016-03-12 CVE-2016-0995 Adobe
Samsung
Use After Free vulnerability in multiple products

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.

8.8
2016-03-12 CVE-2016-0994 Adobe
Samsung
Use After Free vulnerability in multiple products

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code by using the actionCallMethod opcode with crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.

8.8
2016-03-12 CVE-2016-0993 Adobe
Samsung
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-1010.

8.8
2016-03-12 CVE-2016-0992 Adobe
Samsung
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-1002, and CVE-2016-1005.

8.8
2016-03-12 CVE-2016-0991 Adobe
Samsung
Use After Free vulnerability in multiple products

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.

8.8
2016-03-12 CVE-2016-0990 Adobe
Samsung
Use After Free vulnerability in multiple products

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.

8.8
2016-03-12 CVE-2016-0989 Adobe
Samsung
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.

8.8
2016-03-12 CVE-2016-0988 Adobe
Samsung
Use After Free vulnerability in multiple products

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.

8.8
2016-03-12 CVE-2016-0987 Adobe
Samsung
Use After Free vulnerability in multiple products

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.

8.8
2016-03-12 CVE-2016-0986 Adobe
Samsung
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.

8.8
2016-03-12 CVE-2016-0963 Adobe
Samsung
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0993 and CVE-2016-1010.

8.8
2016-03-12 CVE-2016-0962 Adobe
Samsung
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.

8.8
2016-03-12 CVE-2016-0961 Adobe
Samsung
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.

8.8
2016-03-12 CVE-2016-0960 Adobe
Samsung
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.

8.8
2016-03-09 CVE-2016-1286 ISC
Suse
Opensuse
Fedoraproject
Canonical
Debian
Juniper
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
8.6
2016-03-12 CVE-2016-1338 Cisco Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5.1/X8.5.2

Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026.

8.0
2016-03-09 CVE-2016-1326 Cisco Resource Management Errors vulnerability in Cisco Dpq3925 8X4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter R1Base

The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service (device restart) via a crafted HTTP request, aka Bug ID CSCup48105.

7.8
2016-03-09 CVE-2016-1325 Cisco Information Exposure vulnerability in Cisco Dpc3939 Wireless Residential Voice Gateway Firmware 130514Acmcstbase

The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506.

7.8
2016-03-09 CVE-2016-1312 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASA 5500 Csc-Ssm Firmware 6.6.1125.0

The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147.

7.8
2016-03-09 CVE-2016-0099 Microsoft Classic Buffer Overflow vulnerability in Microsoft products

The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."

7.8
2016-03-12 CVE-2016-0822 Google Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0.1

The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324.

7.6
2016-03-09 CVE-2016-0130 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0129.

7.6
2016-03-09 CVE-2016-0129 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0130.

7.6
2016-03-09 CVE-2016-0124 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0129, and CVE-2016-0130.

7.6
2016-03-09 CVE-2016-0123 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130.

7.6
2016-03-09 CVE-2016-0116 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0123, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130.

7.6
2016-03-09 CVE-2016-0114 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0109.

7.6
2016-03-09 CVE-2016-0113 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0112.

7.6
2016-03-09 CVE-2016-0112 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0113.

7.6
2016-03-09 CVE-2016-0111 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113.

7.6
2016-03-09 CVE-2016-0110 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 10 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

7.6
2016-03-09 CVE-2016-0109 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0114.

7.6
2016-03-09 CVE-2016-0108 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0109, and CVE-2016-0114.

7.6
2016-03-09 CVE-2016-0107 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105, CVE-2016-0111, CVE-2016-0112, and CVE-2016-0113.

7.6
2016-03-09 CVE-2016-0106 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114.

7.6
2016-03-09 CVE-2016-0105 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0107, CVE-2016-0111, CVE-2016-0112, and CVE-2016-0113.

7.6
2016-03-09 CVE-2016-0104 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

7.6
2016-03-09 CVE-2016-0103 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114.

7.6
2016-03-09 CVE-2016-0102 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114.

7.6
2016-03-13 CVE-2016-1978 Mozilla Remote Code Execution vulnerability in Mozilla Firefox and Network Security Services

Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.

7.5
2016-03-09 CVE-2016-1008 Adobe
Apple
Microsoft
Improper Input Validation vulnerability in Adobe products

Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

7.2
2016-03-09 CVE-2016-0133 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows physically proximate attackers to execute arbitrary code by inserting a crafted USB device, aka "USB Mass Storage Elevation of Privilege Vulnerability."

7.2
2016-03-09 CVE-2016-0100 Microsoft Improper Input Validation vulnerability in Microsoft Windows Server 2008 and Windows Vista

Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Library Loading Input Validation Remote Code Execution Vulnerability."

7.2
2016-03-09 CVE-2016-0096 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0095.

7.2
2016-03-09 CVE-2016-0095 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096.

7.2
2016-03-09 CVE-2016-0094 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0095, and CVE-2016-0096.

7.2
2016-03-09 CVE-2016-0093 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0094, CVE-2016-0095, and CVE-2016-0096.

7.2
2016-03-09 CVE-2016-0087 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 do not properly validate handles, which allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."

7.2
2016-03-09 CVE-2016-0057 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Office

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka "Microsoft Office Security Feature Bypass Vulnerability."

7.2
2016-03-13 CVE-2016-1956 Mozilla
Linux
Novell
Opensuse
Resource Management Errors vulnerability in multiple products

Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.

7.1
2016-03-09 CVE-2016-2774 ISC
Debian
Canonical
Improper Input Validation vulnerability in multiple products

ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.

7.1
2016-03-09 CVE-2016-0120 Microsoft Improper Input Validation vulnerability in Microsoft products

The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." Per Microsoft: "For systems running Windows 10, an attacker who successfully exploited the vulnerability could potentially cause the application to stop responding instead of the system."

7.1

33 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-03-13 CVE-2016-1979 Mozilla Denial of Service vulnerability in Mozilla Firefox and Network Security Services

Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.

6.8
2016-03-13 CVE-2016-1976 Microsoft
Mozilla
Webrtc Project
Multiple Security vulnerability in Mozilla Firefox

Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8
2016-03-13 CVE-2016-1975 Webrtc Project
Mozilla
Race Condition vulnerability in multiple products

Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

6.8
2016-03-13 CVE-2016-1973 Oracle
Mozilla
Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.
6.8
2016-03-13 CVE-2016-1972 Mozilla
Microsoft
Multiple Security vulnerability in Mozilla Firefox

Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.

6.8
2016-03-13 CVE-2016-1971 Mozilla
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox

The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors.

6.8
2016-03-13 CVE-2016-1970 Mozilla
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox

Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

6.8
2016-03-13 CVE-2016-1968 Mozilla Numeric Errors vulnerability in Mozilla Firefox

Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.

6.8
2016-03-13 CVE-2016-1959 Mozilla Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox

The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API.

6.8
2016-03-12 CVE-2015-7446 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Flashsystem V9000 Firmware 7.4/7.5/7.6

Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.8
2016-03-09 CVE-2016-1285 ISC
Suse
Opensuse
Fedoraproject
Canonical
Debian
Juniper
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
6.8
2016-03-09 CVE-2016-0091 Microsoft Improper Input Validation vulnerability in Microsoft products

OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0092.

6.8
2016-03-12 CVE-2016-0832 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042.

6.6
2016-03-12 CVE-2015-7448 IBM SQL Injection vulnerability in IBM products

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2016-03-12 CVE-2016-0829 Google Information Exposure vulnerability in Google Android

The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering a QUEUE_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338109.

5.0
2016-03-12 CVE-2016-0828 Google Information Exposure vulnerability in Google Android

The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113.

5.0
2016-03-12 CVE-2016-0825 Google Information Exposure vulnerability in Google Android 6.0.1

The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039.

5.0
2016-03-12 CVE-2016-0824 Google Information Exposure vulnerability in Google Android 6.0/6.0.1

libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591.

5.0
2016-03-12 CVE-2015-6485 Schneider Electric Information Exposure vulnerability in Schneider-Electric Telvent RTU Firmware C3413500001D3/C3414500S02J1

Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet.

5.0
2016-03-13 CVE-2016-0771 Samba Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samba

The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record.

4.9
2016-03-12 CVE-2016-1361 Cisco Resource Management Errors vulnerability in Cisco IOS XR

Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900.

4.6
2016-03-13 CVE-2016-1963 Mozilla Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox

The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.

4.4
2016-03-13 CVE-2016-1967 Mozilla Information Exposure vulnerability in Mozilla Firefox

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session.

4.3
2016-03-13 CVE-2016-1965 Mozilla
Opensuse
Oracle
7PK - Security Features vulnerability in multiple products

Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.

4.3
2016-03-13 CVE-2016-1958 Oracle
Opensuse
Mozilla
7PK - Security Features vulnerability in multiple products

browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.

4.3
2016-03-13 CVE-2016-1957 Novell
Opensuse
Mozilla
Oracle
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.

4.3
2016-03-13 CVE-2016-1955 Novell
Opensuse
Mozilla
Information Exposure vulnerability in multiple products

Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.

4.3
2016-03-12 CVE-2016-0831 Google Information Exposure vulnerability in Google Android

The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215.

4.3
2016-03-12 CVE-2016-0818 Google 7PK - Security Features vulnerability in Google Android

The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830.

4.3
2016-03-09 CVE-2016-2088 ISC Improper Input Validation vulnerability in ISC Bind

resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.

4.3
2016-03-13 CVE-2015-7560 Samba
Canonical
Debian
Improper Access Control vulnerability in multiple products

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.

4.0
2016-03-12 CVE-2016-1562 DTE Energy Information Exposure vulnerability in DTE Energy Insight 1.7.7

The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter.

4.0
2016-03-09 CVE-2016-0886 EMC Information Exposure vulnerability in EMC Documentum XCP 2.1/2.2

EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-03-12 CVE-2016-0830 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1

btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376.

3.3
2016-03-12 CVE-2016-1360 Cisco Information Exposure vulnerability in Cisco Prime LAN Management Solution

Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390.

3.0
2016-03-09 CVE-2016-0125 Microsoft Information Exposure vulnerability in Microsoft Edge

Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka "Microsoft Edge Information Disclosure Vulnerability."

2.6
2016-03-12 CVE-2016-0823 Google
Linux
Information Exposure vulnerability in multiple products

The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.

2.1
2016-03-12 CVE-2016-0821 Linux
Google
Use of Uninitialized Resource vulnerability in multiple products

The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.

2.1