Debian : Security Vulnerabilities, CVEs, Published In 2012 (Gain Privilege)
chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.
Max CVSS
2.6
EPSS Score
1.72%
Published
2012-06-02
Updated
2017-11-13
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username.
Max CVSS
5.0
EPSS Score
0.22%
Published
2012-07-12
Updated
2016-12-07
2 vulnerabilities found