Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2016-04-20 CVE-2015-8842 Permissions, Privileges, and Access Controls vulnerability in Opensuse 13.2
tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.
local
low complexity
opensuse CWE-264
3.3
2016-04-20 CVE-2014-9770 Permissions, Privileges, and Access Controls vulnerability in Opensuse 13.2
tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.
local
low complexity
opensuse CWE-264
3.3
2016-04-19 CVE-2015-7511 Information Exposure vulnerability in multiple products
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.
high complexity
gnupg debian canonical CWE-200
2.0
2016-04-18 CVE-2016-3972 Path Traversal vulnerability in Dotcms
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a ..
network
low complexity
dotcms CWE-22
2.7
2016-04-13 CVE-2016-3159 Improper Access Control vulnerability in multiple products
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.
local
low complexity
oracle xen fedoraproject debian CWE-284
3.8
2016-04-13 CVE-2016-3158 Improper Access Control vulnerability in multiple products
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.
local
low complexity
xen fedoraproject oracle CWE-284
3.8
2016-04-13 CVE-2016-2057 Permissions, Privileges, and Access Controls vulnerability in multiple products
lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.
local
low complexity
xymon debian CWE-264
3.3
2016-04-11 CVE-2015-5313 Path Traversal vulnerability in Redhat Libvirt
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a ..
local
high complexity
redhat CWE-22
2.5
2016-04-08 CVE-2016-2513 Information Exposure vulnerability in Djangoproject Django
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
network
high complexity
djangoproject CWE-200
3.1
2016-03-24 CVE-2016-1773 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
local
low complexity
apple CWE-264
3.3