Results for

debian_linux

6.6
MEDIUM
CVE-2014-2312

The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.

2.1
LOW
CVE-2001-0235

Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.

2.1
LOW
CVE-2001-0195

sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.

3.6
LOW
CVE-2006-1753

A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

2.1
LOW
CVE-1999-0374

Debian GNU/Linux cfengine package is susceptible to a symlink attack.

2.1
LOW
CVE-1999-0732

The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.

7.2
HIGH
CVE-2006-1772

debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin...

10
HIGH
CVE-1999-0730

The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.

DebianDebian Linux
5
MEDIUM
CVE-2017-8819

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigg...

5
MEDIUM
CVE-2017-18076

In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.

DebianDebian Linux