Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2016-05-05	CVE-2016-3717	Information Exposure vulnerability in multiple products The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. local low complexity canonical redhat imagemagick CWE-200	5.5
2016-05-05	CVE-2016-3715	The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. local low complexity redhat imagemagick canonical oracle suse opensuse	5.5
2016-05-05	CVE-2016-2107	Information Exposure vulnerability in multiple products The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. network high complexity redhat opensuse openssl google hp nodejs debian canonical CWE-200	5.9
2016-05-02	CVE-2016-3951	Null Pointer Deference Local Denial of Service vulnerability in Linux Kernel Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. local low complexity canonical novell suse linux	4.9
2016-05-02	CVE-2016-3689	The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. low complexity novell linux canonical	4.6
2016-05-02	CVE-2016-3140	The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. low complexity canonical linux novell	4.6
2016-05-02	CVE-2016-3138	The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor. low complexity linux canonical novell	4.6
2016-05-02	CVE-2016-3137	drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. low complexity novell canonical linux	4.6
2016-05-02	CVE-2016-3136	The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. low complexity linux novell canonical	4.6
2016-05-02	CVE-2016-2188	The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. low complexity novell linux canonical	4.6