Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-04-13 CVE-2015-0861 Permissions, Privileges, and Access Controls vulnerability in multiple products
model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.
network
low complexity
tryton debian CWE-264
4.3
2016-04-13 CVE-2014-6276 Permissions, Privileges, and Access Controls vulnerability in multiple products
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
network
low complexity
roundup-tracker debian CWE-264
4.3
2016-04-12 CVE-2016-3170 Information Exposure vulnerability in multiple products
The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.
network
low complexity
debian drupal CWE-200
5.3
2016-04-12 CVE-2016-3168 7PK - Security Features vulnerability in multiple products
The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."
network
high complexity
drupal debian CWE-254
6.4
2016-04-12 CVE-2016-3166 CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.
network
high complexity
debian drupal
5.9
2016-04-12 CVE-2015-8537 Information Exposure vulnerability in multiple products
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.
network
low complexity
debian redmine CWE-200
5.3
2016-04-12 CVE-2015-8473 Information Exposure vulnerability in multiple products
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
network
low complexity
debian redmine CWE-200
4.3
2016-04-12 CVE-2015-8346 Information Management Errors vulnerability in multiple products
app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.
network
low complexity
redmine debian CWE-199
5.3
2016-04-07 CVE-2016-2511 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php.
network
low complexity
debian websvn CWE-79
6.1
2016-04-07 CVE-2016-2858 Insufficient Entropy vulnerability in multiple products
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
local
low complexity
qemu canonical debian CWE-331
6.5