Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.
Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.