Weekly Vulnerabilities Reports > May 23 to 29, 2016

Overview

61 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 23 high severity vulnerabilities. This weekly summary report vulnerabilities in 111 products from 31 vendors including Canonical, Linux, Cisco, Ivanti, and Huawei. Vulnerabilities are notably categorized as "Information Exposure", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", and "Resource Management Errors".

  • 39 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 40 reported vulnerabilities are exploitable by an anonymous user.
  • Canonical has the most reported vulnerabilities, with 17 reported vulnerabilities.
  • Huawei has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-05-26 CVE-2016-4787 Ivanti
Pulsesecure
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.
10.0
2016-05-26 CVE-2016-0718 Mozilla
Apple
Suse
Opensuse
Canonical
Libexpat Project
Debian
Mcafee
Python
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

9.8
2016-05-26 CVE-2016-3681 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Mate 8 Firmware

Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03021.

9.3
2016-05-26 CVE-2016-3680 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Mate 8 Firmware

Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03020.

9.3
2016-05-23 CVE-2016-4782 Google
Lenovo
Improper Input Validation vulnerability in Lenovo Shareit 3.5.98Ww

Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."

9.3

23 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-05-26 CVE-2016-4791 Pulsesecure
Ivanti
The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.
8.6
2016-05-23 CVE-2016-4001 Qemu
Canonical
Fedoraproject
Debian
Classic Buffer Overflow vulnerability in multiple products

Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.

8.6
2016-05-26 CVE-2016-4021 Fedoraproject
Pgpdump Project
Resource Management Errors vulnerability in multiple products

The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.

7.8
2016-05-25 CVE-2016-1383 Cisco Resource Management Errors vulnerability in Cisco web Security Appliance (Wsa)

Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305.

7.8
2016-05-25 CVE-2016-1382 Cisco Improper Input Validation vulnerability in Cisco web Security Appliance (Wsa)

Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529.

7.8
2016-05-25 CVE-2016-1381 Cisco Resource Management Errors vulnerability in Cisco web Security Appliance

Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270.

7.8
2016-05-25 CVE-2016-1380 Cisco Improper Input Validation vulnerability in Cisco web Security Appliance

Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171.

7.8
2016-05-23 CVE-2016-3958 Golang Permissions, Privileges, and Access Controls vulnerability in Golang GO

Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.

7.8
2016-05-23 CVE-2016-4951 Linux
Canonical
Oracle
The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation.
7.8
2016-05-23 CVE-2016-4913 Canonical
Linux
Oracle
Novell
Information Exposure vulnerability in multiple products

The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.

7.8
2016-05-23 CVE-2016-4805 Novell
Redhat
Canonical
Linux
Oracle
Use After Free vulnerability in multiple products

Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.

7.8
2016-05-23 CVE-2016-4794 Linux
Canonical
Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls.
7.8
2016-05-23 CVE-2016-4568 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call.

7.8
2016-05-23 CVE-2016-4565 Linux
Canonical
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.

7.8
2016-05-23 CVE-2016-4557 Linux Unspecified vulnerability in Linux Kernel

The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor.

7.8
2016-05-26 CVE-2016-4786 Pulsesecure
Ivanti
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
7.5
2016-05-23 CVE-2016-4576 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."

7.5
2016-05-23 CVE-2016-3959 Opensuse
Golang
Fedoraproject
Improper Input Validation vulnerability in multiple products

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.

7.5
2016-05-23 CVE-2016-4485 Novell
Canonical
Linux
Information Exposure vulnerability in multiple products

The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.

7.5
2016-05-25 CVE-2016-1887 Freebsd Permissions, Privileges, and Access Controls vulnerability in Freebsd 10.1/10.2/10.3

Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.

7.2
2016-05-25 CVE-2016-1886 Freebsd Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freebsd

Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow."

7.2
2016-05-23 CVE-2016-2855 Huawei Permissions, Privileges, and Access Controls vulnerability in Huawei Mobile Broadband HL Service

The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll.

7.2
2016-05-23 CVE-2016-4558 Linux
Canonical
The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference count or (2) a 1 Tb system, related to the map reference count.
7.0

30 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-05-24 CVE-2016-0264 Suse
IBM
Redhat
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.

6.8
2016-05-23 CVE-2016-4577 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."

6.8
2016-05-28 CVE-2016-1379 Cisco Resource Management Errors vulnerability in Cisco Adaptive Security Appliance Software

Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted (1) LAN-to-LAN or (2) Remote Access VPN tunnel packets, aka Bug ID CSCuv70576.

6.5
2016-05-26 CVE-2016-1385 Cisco Resource Management Errors vulnerability in Cisco Adaptive Security Appliance Software

The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209.

6.5
2016-05-25 CVE-2016-4020 Qemu
Canonical
Debian
Redhat
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
6.5
2016-05-25 CVE-2014-3672 Redhat
XEN
Resource Exhaustion vulnerability in multiple products

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.

6.5
2016-05-25 CVE-2016-1406 Cisco Improper Access Control vulnerability in Cisco products

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.

6.5
2016-05-23 CVE-2016-4482 Canonical
Linux
Novell
Fedoraproject
Information Exposure vulnerability in multiple products

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.

6.2
2016-05-26 CVE-2016-4789 Pulsesecure
Ivanti
Cross-site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1
2016-05-23 CVE-2016-4037 Fedoraproject
Canonical
Qemu
Debian
Resource Exhaustion vulnerability in multiple products

The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.

6.0
2016-05-26 CVE-2016-4788 Ivanti
Pulsesecure
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors.
5.8
2016-05-23 CVE-2016-3664 Trend Micro Information Exposure vulnerability in Trend Micro Mobile Security 3.1

Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate.

5.8
2016-05-26 CVE-2016-4790 Pulsesecure
Ivanti
Cross-site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5.5
2016-05-23 CVE-2015-8558 Qemu
Debian
Infinite Loop vulnerability in multiple products

The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.

5.5
2016-05-23 CVE-2016-4581 Canonical
Linux
Oracle
fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.
5.5
2016-05-23 CVE-2016-4569 Linux
Canonical
Novell
Information Exposure vulnerability in multiple products

The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.

5.5
2016-05-26 CVE-2016-4792 Ivanti Unspecified vulnerability in Ivanti Connect Secure 8.2

Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors.

5.3
2016-05-23 CVE-2016-4087 Huawei Improper Input Validation vulnerability in Huawei S12700 Firmware and S5700 Firmware

Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets.

5.1
2016-05-29 CVE-2016-1409 Cisco Improper Input Validation vulnerability in Cisco IOS

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.

5.0
2016-05-29 CVE-2016-1404 Cisco Information Exposure vulnerability in Cisco UCS Invicta C3124Sa Appliance

Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504.

5.0
2016-05-28 CVE-2016-1410 Cisco Information Exposure vulnerability in Cisco Webex Meeting Center

Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.

5.0
2016-05-25 CVE-2015-8853 Fedoraproject
Perl
Improper Input Validation vulnerability in multiple products

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

5.0
2016-05-25 CVE-2016-1407 Cisco Improper Input Validation vulnerability in Cisco IOS XR

Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576.

5.0
2016-05-25 CVE-2016-1400 Cisco Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server

Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258.

5.0
2016-05-23 CVE-2016-4049 Quagga
Opensuse
Improper Input Validation vulnerability in multiple products

The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.

5.0
2016-05-23 CVE-2016-4580 Linux
Canonical
Information Exposure vulnerability in Linux Kernel

The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.

5.0
2016-05-26 CVE-2015-7360 Fortinet Cross-site Scripting vulnerability in Fortinet Fortisandbox Firmware

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) "Fortiview threats by users search filtered by vdom" or (5) "PCAP file download generated by the VM scan feature."

4.3
2016-05-25 CVE-2016-4575 Huawei Cross-site Scripting vulnerability in Huawei products

Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.

4.3
2016-05-23 CVE-2016-4783 Google
Lenovo
Cross-site Scripting vulnerability in Lenovo Shareit 3.5.98Ww

Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

4.3
2016-05-28 CVE-2016-1413 Cisco Code Injection vulnerability in Cisco Firepower Management Center

The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-05-23 CVE-2016-4486 Novell
Canonical
Linux
Information Exposure vulnerability in multiple products

The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.

3.3
2016-05-26 CVE-2016-2784 Cmsmadesimple Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple

CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.

2.6
2016-05-23 CVE-2016-4578 Linux
Canonical
Debian
Redhat
Opensuse
Information Exposure vulnerability in Linux Kernel

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.

2.1