Vulnerabilities > Debian > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-05-02 | CVE-2007-1366 | QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error. | 2.1 |
| 2007-05-02 | CVE-2007-1322 | QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction. | 2.1 |
| 2006-12-18 | CVE-2006-6614 | Information Disclosure vulnerability in Fully Automated Installation Administrator Hashed Password The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash. | 1.9 |
| 2006-05-28 | CVE-2006-1174 | Permissions, Privileges, and Access Controls vulnerability in Debian Shadow useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox. | 3.7 |
| 2006-04-25 | CVE-2006-2016 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php. | 2.6 |
| 2006-04-19 | CVE-2006-1844 | Unspecified vulnerability in Debian Base-Config and Shadow The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges. | 2.1 |
| 2006-04-18 | CVE-2006-1753 | Unspecified vulnerability in Debian Linux 3.1 A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | 3.6 |
| 2006-03-24 | CVE-2006-1376 | Denial-Of-Service vulnerability in Debian Linux 3.1 The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption). | 2.1 |
| 2006-03-23 | CVE-2006-0050 | Unspecified vulnerability in Debian Linux 3.0/3.1 snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file. | 1.2 |
| 2005-12-31 | CVE-2005-4536 | Unspecified vulnerability in Debian Libmail-Audit-Perl 2.15 Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file. | 2.1 |