The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.
The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.
The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.
Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.