WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.