Vulnerabilities > Debian > Debian Linux > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-06-02 | CVE-2012-2947 | Improper Access Control vulnerability in multiple products chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold. | 2.6 |
| 2011-04-29 | CVE-2011-1499 | Configuration vulnerability in multiple products acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server. | 2.6 |
| 2010-05-07 | CVE-2010-1451 | Out-Of-Bounds Write vulnerability in multiple products The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain _PAGE_EXEC_4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent attackers to exploit stack-based buffer overflows via a crafted application. | 2.1 |
| 2008-11-04 | CVE-2008-4908 | Link Following vulnerability in Crossfire 1.11.0 maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | 3.3 |
| 2008-08-08 | CVE-2008-1945 | QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. | 2.1 |
| 2008-03-31 | CVE-2008-1569 | Link Following vulnerability in Policyd-Weight policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket. | 3.3 |
| 2007-12-18 | CVE-2007-6418 | Information Exposure vulnerability in Debian Linux The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments. | 2.1 |
| 2007-11-05 | CVE-2007-5827 | Permissions, Privileges, and Access Controls vulnerability in Iscsitarget 0.4.15 iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords. | 2.1 |
| 2007-08-27 | CVE-2007-2797 | Unspecified vulnerability in Xterm 1927.El4/2083.1 xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals. | 2.1 |
| 2007-07-03 | CVE-2007-2837 | Unspecified vulnerability in Fireflier 1.1.6 The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file. | 3.6 |