Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2015-06-10 CVE-2015-4171 Information Exposure vulnerability in multiple products
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.
network
high complexity
strongswan canonical debian CWE-200
2.6
2015-06-10 CVE-2014-8607 Information Exposure vulnerability in Xcloner 3.1.1/3.5.1
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command.
local
low complexity
xcloner CWE-200
2.1
2015-06-10 CVE-2015-1719 Information Exposure vulnerability in Microsoft products
The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain sensitive information from kernel memory via a crafted application, aka "Microsoft Windows Kernel Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
2.1
2015-06-09 CVE-2015-4427 Cross-site Scripting vulnerability in Ektron Content Management System 8.7.0/9.1
Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter.
network
ektron CWE-79
3.5
2015-06-08 CVE-2015-4053 Information Exposure vulnerability in Ceph Ceph-Deploy 1.5.22
The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
local
low complexity
ceph CWE-200
2.1
2015-06-07 CVE-2014-6175 Cross-site Scripting vulnerability in IBM Marketing Operations
Cross-site scripting (XSS) vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
2015-06-02 CVE-2015-4156 Link Following vulnerability in multiple products
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
local
low complexity
opensuse gnu CWE-59
3.6
2015-06-02 CVE-2015-4155 Link Following vulnerability in GNU Parallel
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
local
low complexity
gnu CWE-59
3.6
2015-06-01 CVE-2015-3179 Permissions, Privileges, and Access Controls vulnerability in Moodle
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.
network
moodle CWE-264
3.5
2015-06-01 CVE-2015-3178 Cross-site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.
network
moodle CWE-79
3.5