Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2007-11-05 CVE-2007-5827 Permissions, Privileges, and Access Controls vulnerability in Iscsitarget 0.4.15
iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords.
local
low complexity
debian iscsitarget CWE-264
2.1
2007-11-02 CVE-2007-5795 Local Variable Handling Code Execution vulnerability in GNU Emacs
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.
local
debian gnu
6.3
2007-11-02 CVE-2007-5197 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mono
Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.
network
low complexity
suse debian opensuse mono CWE-119
7.5
2007-10-30 CVE-2007-5730 Out-Of-Bounds Write vulnerability in multiple products
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow.
local
low complexity
qemu debian CWE-787
7.2
2007-10-30 CVE-2007-5729 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow.
local
low complexity
qemu debian opensuse CWE-119
7.2
2007-10-30 CVE-2007-1321 Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error.
local
low complexity
qemu fedoraproject debian
7.2
2007-10-30 CVE-2007-5718 Link Following vulnerability in Vobcopy 0.5.14
vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file.
local
low complexity
debian vobcopy CWE-59
4.9
2007-10-28 CVE-2007-3919 Link Following vulnerability in Xensource INC XEN 3.0.301/3.0.303
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.
6.0
2007-10-11 CVE-2007-5365 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.
local
low complexity
debian openbsd redhat sun ubuntu CWE-119
7.2
2007-10-04 CVE-2007-5207 Link Following vulnerability in Debian Guilt 0.27
guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file.
local
debian CWE-59
3.3