Weekly Vulnerabilities Reports > May 2 to 8, 2016

Overview

90 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 67 products from 30 vendors including Linux, Canonical, Redhat, Novell, and HP. Vulnerabilities are notably categorized as "Improper Input Validation", "Improper Access Control", "Information Exposure", "Permissions, Privileges, and Access Controls", and "Cross-site Scripting".

  • 53 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 20 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 79 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 38 reported vulnerabilities.
  • Debian has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

10 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-05-07 CVE-2015-6552 Veritas Improper Access Control vulnerability in Veritas Netbackup and Netbackup Appliance

The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.

10.0
2016-05-07 CVE-2015-6550 Veritas Improper Access Control vulnerability in Veritas Netbackup and Netbackup Appliance

bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.

10.0
2016-05-07 CVE-2013-7455 Littlecms Double Free Remote Code Execution vulnerability in Little CMS

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.

10.0
2016-05-06 CVE-2016-4422 Libpam Sshauth
Debian
Improper Authentication vulnerability in multiple products

The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.

10.0
2016-05-06 CVE-2015-8863 Opensuse
JQ Project
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.

10.0
2016-05-06 CVE-2015-0857 Tardiff Project
Debian
Command Injection vulnerability in multiple products

Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.

10.0
2016-05-05 CVE-2016-3714 Imagemagick
Canonical
Debian
Opensuse
Suse
Improper Input Validation vulnerability in Imagemagick

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

10.0
2016-05-05 CVE-2016-2108 Redhat
Openssl
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

10.0
2016-05-06 CVE-2015-8868 Fedoraproject
Debian
Canonical
Freedesktop
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.

9.3
2016-05-05 CVE-2016-1387 Cisco Improper Authentication vulnerability in Cisco Telepresence TC Software

The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.

9.0

20 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-05-07 CVE-2016-2014 HP Improper Access Control vulnerability in HP Network Node Manager I

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

8.5
2016-05-06 CVE-2016-4074 JQ Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in JQ Project JQ 1.5

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file.

7.8
2016-05-05 CVE-2016-1369 Cisco Resource Management Errors vulnerability in Cisco ASA With Firepower Services

The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource consumption, and inspection outage or module outage) via a flood of crafted IP traffic, aka Bug ID CSCux19922.

7.8
2016-05-05 CVE-2016-1368 Cisco Resource Management Errors vulnerability in Cisco Firesight System Software

Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214.

7.8
2016-05-05 CVE-2016-4535 Mcafee Improper Input Validation vulnerability in Mcafee Livesafe 14.0

Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable.

7.8
2016-05-05 CVE-2016-2109 Openssl
Redhat
Resource Management Errors vulnerability in multiple products

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

7.8
2016-05-02 CVE-2016-2070 Linux Numeric Errors vulnerability in Linux Kernel

The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic.

7.8
2016-05-02 CVE-2003-1604 Linux Null Pointer Deference Denial of Service vulnerability in Linux Kernel

The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787.

7.8
2016-05-07 CVE-2016-2351 Accellion SQL Injection vulnerability in Accellion File Transfer Appliance 80540

SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter.

7.5
2016-05-07 CVE-2016-2012 HP Improper Authentication vulnerability in HP Network Node Manager I

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors.

7.5
2016-05-05 CVE-2016-4351 Trend Micro SQL Injection vulnerability in Trend Micro Email Encryption Gateway

SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2016-05-07 CVE-2016-2353 Accellion Local Privilege Escalation vulnerability in Accellion File Transfer Appliance 80540

The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors.

7.2
2016-05-02 CVE-2016-1576 Canonical
Linux
Permissions, Privileges, and Access Controls vulnerability in multiple products

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

7.2
2016-05-02 CVE-2016-1575 Linux
Canonical
Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

7.2
2016-05-02 CVE-2015-8830 Linux Unspecified vulnerability in Linux Kernel 4.0

Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.

7.2
2016-05-02 CVE-2015-8019 Linux Improper Input Validation vulnerability in Linux Kernel 3.14.54/3.18.22

The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.

7.2
2016-05-02 CVE-2015-2686 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 3.19/3.19.1/3.19.2

net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem.

7.2
2016-05-02 CVE-2012-6701 Linux Unspecified vulnerability in Linux Kernel

Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.

7.2
2016-05-02 CVE-2012-6689 Linux Improper Access Control vulnerability in Linux Kernel

The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages.

7.2
2016-05-05 CVE-2016-3717 Canonical
Redhat
Imagemagick
Information Exposure vulnerability in multiple products

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

7.1

50 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-05-07 CVE-2016-1541 Libarchive Improper Input Validation vulnerability in Libarchive

Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.

6.8
2016-05-07 CVE-2016-2352 Accellion Permissions, Privileges, and Access Controls vulnerability in Accellion File Transfer Appliance 80540

The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role.

6.5
2016-05-07 CVE-2016-2009 HP Improper Access Control vulnerability in HP Network Node Manager I

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

6.5
2016-05-03 CVE-2016-0894 EMC 7PK - Security Features vulnerability in EMC RSA Data Loss Prevention

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter.

6.5
2016-05-05 CVE-2016-2176 Openssl Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openssl

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.

6.4
2016-05-05 CVE-2016-1392 Cisco Open Redirection vulnerability in Cisco Prime Collaboration Assurance

Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121.

5.8
2016-05-05 CVE-2016-3715 Redhat
Imagemagick
Canonical
Improper Access Control vulnerability in multiple products

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

5.8
2016-05-07 CVE-2016-0902 EMC HTTP Response Splitting vulnerability in EMC RSA Authentication Manager 8.1

CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

5.0
2016-05-06 CVE-2016-2094 Jboss Resource Management Errors vulnerability in Jboss Enterprise Application Platform 6.4.6

The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability.

5.0
2016-05-05 CVE-2016-1373 Cisco Server Side Request Forgery Security Bypass vulnerability in Cisco Finesse

The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.

5.0
2016-05-05 CVE-2016-2106 Openssl
Redhat
Numeric Errors vulnerability in multiple products

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

5.0
2016-05-05 CVE-2016-2105 Redhat
Opensuse
Oracle
Apple
Openssl
Debian
Canonical
Numeric Errors vulnerability in multiple products

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

5.0
2016-05-05 CVE-2000-1254 Openssl Cryptographic Issues vulnerability in Openssl

crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms.

5.0
2016-05-02 CVE-2016-2117 Oracle
Canonical
Linux
Information Exposure vulnerability in multiple products

The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.

5.0
2016-05-02 CVE-2015-8746 Linux Unspecified vulnerability in Linux Kernel

fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic.

5.0
2016-05-05 CVE-2016-2167 Apache Improper Access Control vulnerability in Apache Subversion

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.

4.9
2016-05-02 CVE-2016-3951 Canonical
Novell
Suse
Linux
Null Pointer Deference Local Denial of Service vulnerability in Linux Kernel

Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.

4.9
2016-05-02 CVE-2016-3689 Novell
Linux
Canonical
Local Denial of Service vulnerability in Linux Kernel

The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.

4.9
2016-05-02 CVE-2016-3140 Canonical
Linux
Novell
Local Denial of Service vulnerability in Linux Kernel 'digi_acceleport.c'

The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9
2016-05-02 CVE-2016-3138 Linux
Canonical
Novell
Unspecified vulnerability in Linux Kernel

The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.

4.9
2016-05-02 CVE-2016-3137 Novell
Canonical
Linux
Local Denial of Service vulnerability in Linux Kernel 'usb/serial/cypress_m8.c' Null Pointer Deference

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.

4.9
2016-05-02 CVE-2016-3136 Linux
Novell
Canonical
Local Denial of Service vulnerability in Linux Kernel

The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.

4.9
2016-05-02 CVE-2016-2188 Novell
Linux
Canonical
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
4.9
2016-05-02 CVE-2016-2187 Canonical
Linux
Novell
Local Denial of Service vulnerability in Linux Kernel 'USB Device Descriptor'

The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9
2016-05-02 CVE-2016-2186 Linux
Novell
Canonical
Local Denial of Service vulnerability in Linux Kernel

The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9
2016-05-02 CVE-2016-2185 Canonical
Linux
Novell
Null Pointer Deference Local Denial of Service vulnerability in Linux Kernel

The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9
2016-05-02 CVE-2015-8324 Linux NULL Pointer Dereference Denial of Service vulnerability in Linux Kernel

The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function.

4.9
2016-05-02 CVE-2015-4178 Linux Unspecified vulnerability in Linux Kernel

The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h.

4.9
2016-05-02 CVE-2015-4177 Linux Unspecified vulnerability in Linux Kernel

The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call.

4.9
2016-05-02 CVE-2015-2672 Linux Improper Input Validation vulnerability in Linux Kernel

The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand.

4.9
2016-05-02 CVE-2015-1573 Linux Data Processing Errors vulnerability in Linux Kernel

The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.

4.9
2016-05-02 CVE-2011-5321 Linux Unspecified vulnerability in Linux Kernel

The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a device file under the /dev/pts directory.

4.9
2016-05-02 CVE-2016-2053 Linux Cryptographic Issues vulnerability in Linux Kernel

The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.

4.7
2016-05-02 CVE-2015-4170 Linux
Redhat
Race Condition vulnerability in Linux Kernel

Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.

4.7
2016-05-05 CVE-2016-2062 Linux
Google
Integer Overflow OR Wraparound vulnerability in Linux Kernel

The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call.

4.6
2016-05-02 CVE-2016-2854 Linux Improper Privilege Management vulnerability in Linux Kernel

The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

4.6
2016-05-05 CVE-2016-2059 Linux
Google
Improper Privilege Management vulnerability in Linux Kernel

The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls.

4.4
2016-05-02 CVE-2016-2853 Linux Improper Privilege Management vulnerability in Linux Kernel

The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

4.4
2016-05-07 CVE-2016-2350 Accellion Cross-Site Scripting vulnerability in Accellion File Transfer Appliance 80540

Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html.

4.3
2016-05-07 CVE-2015-6551 Veritas Information Exposure vulnerability in Veritas Netbackup and Netbackup Appliance

Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.

4.3
2016-05-07 CVE-2016-0901 EMC Cross-Site Scripting vulnerability in EMC RSA Authentication Manager 8.1

Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900.

4.3
2016-05-07 CVE-2016-0900 EMC Cross-Site Scripting vulnerability in EMC RSA Authentication Manager 8.1

Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901.

4.3
2016-05-05 CVE-2016-4008 Canonical
Opensuse
GNU
Fedoraproject
Resource Management Errors vulnerability in multiple products

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

4.3
2016-05-05 CVE-2016-3718 Canonical
Imagemagick
Redhat
Improper Input Validation vulnerability in multiple products

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

4.3
2016-05-05 CVE-2016-3716 Canonical
Imagemagick
Redhat
Permissions, Privileges, and Access Controls vulnerability in multiple products

The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.

4.3
2016-05-03 CVE-2016-0895 EMC Improper Input Validation vulnerability in EMC RSA Data Loss Prevention

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity.

4.3
2016-05-03 CVE-2016-0892 EMC Cross-Site Scripting vulnerability in EMC RSA Data Loss Prevention

Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2016-05-07 CVE-2016-2013 HP Information Exposure vulnerability in HP Network Node Manager I

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.0
2016-05-05 CVE-2016-2168 Apache Unspecified vulnerability in Apache Subversion

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.

4.0
2016-05-03 CVE-2016-0893 EMC Information Exposure vulnerability in EMC RSA Data Loss Prevention

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages.

4.0

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-05-02 CVE-2014-9717 Linux Improper Access Control vulnerability in Linux Kernel

fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.

3.6
2016-05-07 CVE-2016-2011 HP Cross-Site Scripting vulnerability in HP Network Node Manager I

Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010.

3.5
2016-05-07 CVE-2016-2010 HP Cross-Site Scripting vulnerability in HP Network Node Manager I

Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011.

3.5
2016-05-05 CVE-2016-4534 Mcafee
Microsoft
Permissions, Privileges, and Access Controls vulnerability in multiple products

The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.

3.0
2016-05-05 CVE-2016-2107 Redhat
Opensuse
Openssl
Google
HP
Information Exposure vulnerability in multiple products

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session.

2.6
2016-05-06 CVE-2015-0858 Debian
Tardiff Project
Link Following vulnerability in multiple products

Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.

2.1
2016-05-02 CVE-2015-4176 Linux Information Exposure vulnerability in Linux Kernel

fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory.

2.1
2016-05-02 CVE-2015-1350 Linux
Redhat
Files OR Directories Accessible TO External Parties vulnerability in Linux Kernel

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

2.1
2016-05-02 CVE-2008-7316 Linux Improper Input Validation vulnerability in Linux Kernel

mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length.

2.1
2016-05-02 CVE-2015-8839 Linux
Canonical
Race Condition vulnerability in multiple products

Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.

1.9