Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified. Rated medium severity (CVSS 6.9). Public exploit code available.
Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of. Rated medium severity (CVSS 4.7). Public exploit code available.
Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by. Rated medium severity (CVSS 4.0). Public exploit code available and no vendor patch available.
The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access. Rated medium severity (CVSS 6.9).
The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a. Rated medium severity (CVSS 4.4). No vendor patch available.
Cross-site scripting (XSS) vulnerability in the web interface in Cisco Prime Network Registrar 8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted field, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.