Weekly Vulnerabilities Reports > June 6 to 12, 2016

Overview

96 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 133 products from 47 vendors including HP, Redhat, Debian, Canonical, and Opensuse. Vulnerabilities are notably categorized as "Information Exposure", "Improper Input Validation", "Improper Access Control", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Permissions, Privileges, and Access Controls".

  • 72 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 21 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 68 reported vulnerabilities are exploitable by an anonymous user.
  • HP has the most reported vulnerabilities, with 27 reported vulnerabilities.
  • Redhat has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

9 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-06-10 CVE-2016-4328 Medhost Hard Coded Credentials Authentication Bypass vulnerability in MEDHOST PIMS

MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server.

10.0
2016-06-10 CVE-2016-0916 EMC Improper Authentication vulnerability in EMC Networker

EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.

10.0
2016-06-09 CVE-2016-2310 GE Use of Hard-coded Credentials vulnerability in GE Multilink Firmware

General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface.

10.0
2016-06-10 CVE-2016-5118 Graphicsmagick
Suse
Oracle
Opensuse
Canonical
Debian
Imagemagick
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
9.8
2016-06-09 CVE-2016-4448 HP
Apple
Xmlsoft
Redhat
Slackware
Oracle
Tenable
Mcafee
Use of Externally-Controlled Format String vulnerability in multiple products

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

9.8
2016-06-09 CVE-2016-0749 Opensuse
Debian
Redhat
Spice Project
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

9.8
2016-06-07 CVE-2016-4437 Apache
Redhat
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
9.8
2016-06-07 CVE-2015-7611 Apache OS Command Injection vulnerability in Apache James Server 2.3.2

Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.

9.3
2016-06-08 CVE-2016-2160 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Openshift and Openshift Origin

Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.

9.0

31 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-06-08 CVE-2016-3738 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Openshift 3.2

Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.

8.8
2016-06-07 CVE-2016-3072 Katello
Redhat
SQL Injection vulnerability in multiple products

Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.

8.8
2016-06-07 CVE-2016-2335 Opensuse
Debian
7 ZIP
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.

8.8
2016-06-08 CVE-2016-2020 HP Unspecified vulnerability in HP products

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

8.5
2016-06-07 CVE-2015-5723 Zend
Debian
Doctrine Project
Permissions, Privileges, and Access Controls vulnerability in multiple products

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

7.8
2016-06-07 CVE-2015-5260 Redhat
Debian
Canonical
Spice Project
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

7.8
2016-06-08 CVE-2016-2021 HP Unspecified vulnerability in HP products

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030.

7.7
2016-06-08 CVE-2016-2019 HP Unspecified vulnerability in HP products

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

7.7
2016-06-08 CVE-2015-8798 Broadcom Path Traversal vulnerability in Broadcom products

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors.

7.7
2016-06-10 CVE-2016-3720 Fedoraproject
Fasterxml
XML External Entity Injection vulnerability in FasterXML Jackson

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.

7.5
2016-06-10 CVE-2016-3706 Opensuse
GNU
Improper Input Validation vulnerability in multiple products

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion.

7.5
2016-06-10 CVE-2016-2786 Puppet Improper Input Validation vulnerability in Puppet Agent and Puppet Enterprise

The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate.

7.5
2016-06-10 CVE-2016-2785 Puppet Improper Access Control vulnerability in Puppet Puppet, Puppet Agent and Puppet Server

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.

7.5
2016-06-10 CVE-2016-4326 Chef Remote Code Execution vulnerability in Chef Manage add-on

The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie.

7.5
2016-06-09 CVE-2016-4447 HP
Canonical
Debian
Oracle
Apple
Xmlsoft
Mcafee
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

7.5
2016-06-09 CVE-2016-4523 Trihedral Out-of-bounds Read vulnerability in Trihedral Vtscada

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.

7.5
2016-06-08 CVE-2016-5108 Debian
Videolan
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.

7.5
2016-06-08 CVE-2016-4368 HP Improper Input Validation vulnerability in HP products

HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

7.5
2016-06-08 CVE-2016-4366 HP Security vulnerability in HP Systems Insight Manager

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.

7.5
2016-06-08 CVE-2016-4359 HP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP Loadrunner and Performance Center

Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516.

7.5
2016-06-08 CVE-2016-4357 HP Unspecified vulnerability in HP products

HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.

7.5
2016-06-08 CVE-2016-2024 HP Security vulnerability in Multiple HP Products

HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.

7.5
2016-06-07 CVE-2016-3087 Apache Improper Input Validation vulnerability in Apache Struts

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.

7.5
2016-06-07 CVE-2015-7695 Zend
Debian
SQL Injection vulnerability in multiple products

The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.

7.5
2016-06-07 CVE-2014-9746 Freetype
Debian
Improper Input Validation vulnerability in multiple products

The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font.

7.5
2016-06-10 CVE-2016-1420 Cisco Unspecified vulnerability in Cisco products

The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.

7.2
2016-06-08 CVE-2016-4364 HP Local Privilege Escalation vulnerability in HP Insight Control server deployment

HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors.

7.2
2016-06-08 CVE-2016-1418 Cisco Improper Input Validation vulnerability in Cisco Aironet Access Point Software 8.2(100.0)

Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037.

7.2
2016-06-07 CVE-2015-5228 Opensuse
Criu
Permissions, Privileges, and Access Controls vulnerability in multiple products

The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.

7.2
2016-06-08 CVE-2016-3708 Redhat Improper Access Control vulnerability in Redhat Openshift 3.2

Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.

7.1
2016-06-08 CVE-2015-8799 Broadcom Path Traversal vulnerability in Broadcom products

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.

7.1

45 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-06-10 CVE-2016-4494 KMC Controls Cross-Site Request Forgery (CSRF) vulnerability in KMC Controls Bac-5051E Firmware

Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file.

6.8
2016-06-10 CVE-2016-1419 Cisco Improper Input Validation vulnerability in Cisco Aironet Access Point Software 8.2(102.43)

Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803.

6.8
2016-06-07 CVE-2016-4962 Oracle
XEN
Permissions, Privileges, and Access Controls vulnerability in multiple products

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.

6.8
2016-06-09 CVE-2016-4370 HPE Remote Command Execution vulnerability in HP Project and Portfolio Management Center

HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors.

6.5
2016-06-08 CVE-2016-2149 Redhat Information Exposure vulnerability in Redhat Openshift 3.2

Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.

6.5
2016-06-08 CVE-2016-4369 HP Improper Access Control vulnerability in HP Discovery and Dependency Mapping Inventory 9.30/9.31/9.32

HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

6.5
2016-06-08 CVE-2015-8157 Broadcom SQL Injection vulnerability in Broadcom products

SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2016-06-09 CVE-2016-4532 Trihedral Path Traversal vulnerability in Trihedral Vtscada

Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.

6.4
2016-06-09 CVE-2016-4510 Trihedral Improper Authentication vulnerability in Trihedral Vtscada

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors.

6.4
2016-06-08 CVE-2016-4360 HP Remote Code Execution and Denial of Service vulnerability in HP Loadrunner and Performance Center

web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555.

6.4
2016-06-08 CVE-2016-2029 HP Unspecified vulnerability in HP products

HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358.

6.4
2016-06-08 CVE-2016-2018 HP Unspecified vulnerability in HP products

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

6.4
2016-06-06 CVE-2015-5041 IBM
Suse
Redhat
Information Exposure vulnerability in multiple products

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

6.4
2016-06-10 CVE-2016-4429 Opensuse
GNU
Canonical
Out-of-bounds Write vulnerability in multiple products

Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.

5.9
2016-06-10 CVE-2016-3085 Apache 7PK - Security Features vulnerability in Apache Cloudstack

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.

5.8
2016-06-09 CVE-2016-4449 Debian
Canonical
Xmlsoft
Improper Input Validation vulnerability in multiple products

XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

5.8
2016-06-08 CVE-2016-2142 Redhat Information Exposure vulnerability in Redhat Openshift 3.1

Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.

5.5
2016-06-08 CVE-2016-4362 HP Security Bypass vulnerability in HP Insight Control Server Deployment

HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

5.5
2016-06-08 CVE-2016-2030 HP Unspecified vulnerability in HP products

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022.

5.5
2016-06-08 CVE-2016-2028 HP Unspecified vulnerability in HP products

HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357.

5.5
2016-06-08 CVE-2016-2017 HP Unspecified vulnerability in HP products

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

5.5
2016-06-08 CVE-2016-3703 Redhat Improper Access Control vulnerability in Redhat Openshift 3.1/3.2

Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.

5.3
2016-06-07 CVE-2016-3093 Ognl Project
Apache
Improper Input Validation vulnerability in multiple products

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.

5.3
2016-06-10 CVE-2016-4495 KMC Controls Improper Access Control vulnerability in KMC Controls Bac-5051E Firmware

KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors.

5.0
2016-06-10 CVE-2016-1421 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1)

A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition.

5.0
2016-06-10 CVE-2015-8268 Idera Information Exposure vulnerability in Idera Uptime Infrastructure Monitor 7.5/7.6

The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2016-06-08 CVE-2016-4367 HP Information Exposure vulnerability in HP Universal Cmbd Foundation

The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2016-06-08 CVE-2016-4365 HP Information Disclosure vulnerability in HP Insight Control Server Deployment

HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2016-06-08 CVE-2016-4361 HP Remote Code Execution and Denial of Service vulnerability in HP Loadrunner and Performance Center

HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to cause a denial of service via unspecified vectors.

5.0
2016-06-08 CVE-2016-2027 HP Information Exposure vulnerability in HP products

HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.

5.0
2016-06-08 CVE-2016-2026 HP Information Exposure vulnerability in HP products

HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.

5.0
2016-06-08 CVE-2016-1405 Clamav
Cisco
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503.

5.0
2016-06-07 CVE-2016-4545 F5 Improper Input Validation vulnerability in F5 products

Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service (resource consumption and Traffic Management Microkernel restart) via an SSL alert during the handshake.

5.0
2016-06-07 CVE-2016-4450 Canonical
F5
Debian
NULL Pointer Dereference vulnerability in multiple products

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.

5.0
2016-06-07 CVE-2014-9747 Freetype
Debian
Resource Management Errors vulnerability in multiple products

The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.

5.0
2016-06-08 CVE-2015-8800 Broadcom Injection vulnerability in Broadcom products

Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.

4.9
2016-06-08 CVE-2016-4358 HP Unspecified vulnerability in HP products

HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029.

4.8
2016-06-08 CVE-2016-2022 HP Unspecified vulnerability in HP products

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030.

4.7
2016-06-07 CVE-2016-5242 XEN Denial of Service vulnerability in Xen VMID Exhaustion

The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion.

4.7
2016-06-10 CVE-2016-5233 Huawei Information Exposure vulnerability in Huawei Mate 8 Firmware

Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors involving improper security status verification, aka HWPSIRT-2015-12007.

4.3
2016-06-10 CVE-2016-0910 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Data Domain OS

EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors.

4.3
2016-06-08 CVE-2016-4363 HP Cross-site Scripting vulnerability in HP Insight Control Server Deployment

HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors.

4.3
2016-06-08 CVE-2016-2078 Microsoft
Vmware
Cross-site Scripting vulnerability in VMWare Vcenter Server

Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter.

4.3
2016-06-07 CVE-2013-7440 Python Data Processing Errors vulnerability in Python

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

4.3
2016-06-07 CVE-2014-8177 Redhat Improper Access Control vulnerability in Redhat products

The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined.

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-06-09 CVE-2016-2150 Redhat
Microsoft
Opensuse
Debian
Spice Project
Improper Access Control vulnerability in multiple products

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

3.6
2016-06-07 CVE-2015-5261 Canonical
Redhat
Debian
Spice Project
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

3.6
2016-06-08 CVE-2016-3711 Redhat Information Exposure vulnerability in Redhat Openshift and Openshift Origin

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.

3.3
2016-06-10 CVE-2016-4524 ABB Improper Access Control vulnerability in ABB Pcm600

ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors.

2.1
2016-06-10 CVE-2016-4516 ABB Information Exposure vulnerability in ABB Pcm600

ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors.

2.1
2016-06-09 CVE-2016-1582 Canonical Information Exposure vulnerability in Canonical LXD and Ubuntu Linux

LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.

2.1
2016-06-09 CVE-2016-1581 Canonical Improper Access Control vulnerability in Canonical LXD and Ubuntu Linux

LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.

2.1
2016-06-07 CVE-2015-5231 Criu
Opensuse
Information Exposure vulnerability in multiple products

The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.

2.1
2016-06-10 CVE-2016-4527 ABB Credentials Management vulnerability in ABB Pcm600

ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors.

1.9
2016-06-10 CVE-2016-4511 ABB Cryptographic Issues vulnerability in ABB Pcm600

ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file.

1.9
2016-06-07 CVE-2016-4963 XEN Improper Access Control vulnerability in XEN

The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.

1.9