This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 2001-06-27
Product Debian Linux Last view 2018-11-12
Version * Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:debian:debian_linux

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2018-11-12 CVE-2018-19200

An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.

7.8 2017-09-25 CVE-2014-8156

The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.

8.8 2016-06-16 CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

4.9 2015-05-27 CVE-2015-3332

A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.

4.6 2015-04-21 CVE-2015-2041

net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.

4.4 2014-03-14 CVE-2013-6476

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.

6.8 2014-03-14 CVE-2013-6475

Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.

6.8 2014-03-14 CVE-2013-6474

Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.

4.6 2014-02-05 CVE-2011-4613

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

4.3 2012-08-07 CVE-2012-2317

The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing.

6.8 2011-03-25 CVE-2011-1400

The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.

9.3 2009-09-17 CVE-2009-3232

pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.

4.6 2009-05-06 CVE-2009-1573

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.

2.1 2007-12-17 CVE-2007-6418

The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.

7.5 2001-10-18 CVE-2001-0763

Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.

3.6 2001-07-02 CVE-2001-0430

Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.

7.5 2001-06-27 CVE-2001-0441

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

CWE : Common Weakness Enumeration

%idName
28% (4) CWE-264 Permissions, Privileges, and Access Controls
14% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
7% (1) CWE-476 NULL Pointer Dereference
7% (1) CWE-399 Resource Management Errors
7% (1) CWE-310 Cryptographic Issues
7% (1) CWE-287 Improper Authentication
7% (1) CWE-200 Information Exposure
7% (1) CWE-189 Numeric Errors
7% (1) CWE-17 Code
7% (1) CWE-16 Configuration

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-57 Utilizing REST's Trust in the System Resource to Register Man in the Middle
CAPEC-94 Man in the Middle Attack
CAPEC-114 Authentication Abuse

Open Source Vulnerability Database (OSVDB)

id Description
74630 tex-common conf/texmf.d/95NonPath.cnf shell_escape_commands Directive Crafted...
57908 pam-auth-update on Ubuntu Linux Authentication Bypass
54680 xvfb-run Command Line Process Listing MCOOKIE Disclosure Local Privilege Esca...
44138 Debian GNU/Linux libdspam7-drv-mysql Cron MySQL dspam Database Password Local...
13877 slrn News Reader Long Message Header Multiple Function Overflow
5642 Exuberant Ctags Insecure Temporary File Creation
5542 xinetd Long Ident Response Overflow

ExploitDB Exploits

id Description
18040 Xorg 1.4 to 1.11.2 File Permission Change PoC

OpenVAS Exploits

id Description
2012-06-22 Name : Ubuntu Update for php5 USN-1481-1
File : nvt/gb_ubuntu_USN_1481_1.nasl
2012-02-11 Name : Debian Security Advisory DSA 2364-1 (xorg)
File : nvt/deb_2364_1.nasl
2012-02-01 Name : Ubuntu Update for xorg USN-1349-1
File : nvt/gb_ubuntu_USN_1349_1.nasl
2011-05-12 Name : Debian Security Advisory DSA 2198-1 (tex-common)
File : nvt/deb_2198_1.nasl
2011-04-06 Name : Ubuntu Update for tex-common vulnerability USN-1103-1
File : nvt/gb_ubuntu_USN_1103_1.nasl
2010-12-02 Name : Fedora Update for xorg-x11-server FEDORA-2010-14754
File : nvt/gb_fedora_2010_14754_xorg-x11-server_fc14.nasl
2010-05-28 Name : Ubuntu Update for xorg-server vulnerabilities USN-939-1
File : nvt/gb_ubuntu_USN_939_1.nasl
2009-09-15 Name : Ubuntu USN-828-1 (pam)
File : nvt/ubuntu_828_1.nasl
2008-02-28 Name : Debian Security Advisory DSA 1501-1 (dspam)
File : nvt/deb_1501_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 040-1 (slrn)
File : nvt/deb_040_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 046-1 (exuberant-ctags)
File : nvt/deb_046_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 063-1 (xinetd)
File : nvt/deb_063_1.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c5c72a45ea.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a3ef0a026f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-96b48b34ae.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4003413459.nasl - Type: ACT_GATHER_INFO
2018-12-03 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_3563fae5f60c11e8b5135404a68ad561.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote Debian host is missing a security update.
File: debian_DLA-1581.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201705-08.nasl - Type: ACT_GATHER_INFO
2016-06-28 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-779.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3603.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security update.
File: debian_DLA-515.nasl - Type: ACT_GATHER_INFO
2016-02-03 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-124.nasl - Type: ACT_GATHER_INFO
2015-09-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1478-1.nasl - Type: ACT_GATHER_INFO
2015-08-17 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-543.nasl - Type: ACT_GATHER_INFO
2015-07-06 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1174-1.nasl - Type: ACT_GATHER_INFO
2015-06-18 Name: The remote Debian host is missing a security update.
File: debian_DLA-246.nasl - Type: ACT_GATHER_INFO
2015-06-17 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1071-1.nasl - Type: ACT_GATHER_INFO
2015-05-26 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2620-1.nasl - Type: ACT_GATHER_INFO
2015-05-26 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2619-1.nasl - Type: ACT_GATHER_INFO
2015-05-21 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2616-1.nasl - Type: ACT_GATHER_INFO
2015-05-21 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2615-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-0812-1.nasl - Type: ACT_GATHER_INFO
2015-04-27 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3237.nasl - Type: ACT_GATHER_INFO
2015-04-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2564-1.nasl - Type: ACT_GATHER_INFO
2015-04-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2565-1.nasl - Type: ACT_GATHER_INFO
2015-04-09 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2563-1.nasl - Type: ACT_GATHER_INFO