Vulnerabilities > Debian > Low

DATE CVE VULNERABILITY TITLE RISK
2017-01-06 CVE-2016-2380 Out-of-bounds Read vulnerability in multiple products
An information leak exists in the handling of the MXIT protocol in Pidgin.
network
high complexity
pidgin canonical debian CWE-125
3.1
2017-01-06 CVE-2016-4323 Path Traversal vulnerability in multiple products
A directory traversal exists in the handling of the MXIT protocol in Pidgin.
network
high complexity
pidgin canonical debian CWE-22
3.7
2016-08-10 CVE-2013-7458 Information Exposure vulnerability in multiple products
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
local
low complexity
redislabs debian CWE-200
3.3
2016-05-06 CVE-2015-0858 Link Following vulnerability in multiple products
Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.
local
low complexity
debian tardiff-project CWE-59
3.3
2016-04-21 CVE-2016-0643 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.
local
low complexity
debian redhat ibm opensuse oracle mariadb
3.3
2016-04-19 CVE-2015-7511 Information Exposure vulnerability in multiple products
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.
high complexity
gnupg debian canonical CWE-200
2.0
2016-04-13 CVE-2016-2057 Permissions, Privileges, and Access Controls vulnerability in multiple products
lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.
local
low complexity
xymon debian CWE-264
3.3
2016-04-13 CVE-2016-3159 Improper Access Control vulnerability in multiple products
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.
local
low complexity
oracle xen fedoraproject debian CWE-284
3.8
2015-05-21 CVE-2015-4000 Cryptographic Issues vulnerability in multiple products
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
3.7
2014-10-15 CVE-2014-3566 Cryptographic Issues vulnerability in multiple products
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
3.4