This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 2016-11-01
Product Debian Linux Last view 2021-10-21
Version 10.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:debian:debian_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.8 2021-10-21 CVE-2021-42097

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).

6.5 2021-10-21 CVE-2021-42096

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.

7.5 2021-10-18 CVE-2021-41991

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

7.5 2021-10-18 CVE-2021-41990

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

7.8 2021-09-19 CVE-2021-41073

loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation.

7.5 2021-09-16 CVE-2021-36160

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

7.8 2021-09-07 CVE-2021-39263

A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.

7.8 2021-09-07 CVE-2021-39262

A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.

7.8 2021-09-07 CVE-2021-39261

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.

7.8 2021-09-07 CVE-2021-39260

A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.

7.8 2021-09-07 CVE-2021-39259

A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.

7.8 2021-09-07 CVE-2021-39258

A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.

5.5 2021-09-07 CVE-2021-39257

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.

7.8 2021-09-07 CVE-2021-39256

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.

7.8 2021-09-07 CVE-2021-39255

A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.

7.8 2021-09-07 CVE-2021-39254

A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.

7.8 2021-09-07 CVE-2021-39253

A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.

7.8 2021-09-07 CVE-2021-39252

A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.

7.8 2021-09-07 CVE-2021-39251

A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.

7.8 2021-09-07 CVE-2021-35269

NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.

7.8 2021-09-07 CVE-2021-35268

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.

7.8 2021-09-07 CVE-2021-35267

NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.

7.8 2021-09-07 CVE-2021-35266

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.

7.8 2021-09-07 CVE-2021-33289

In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

7.8 2021-09-07 CVE-2021-33287

In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
14% (111) CWE-787 Out-of-bounds Write
9% (74) CWE-416 Use After Free
8% (64) CWE-125 Out-of-bounds Read
5% (45) CWE-20 Improper Input Validation
3% (30) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (24) CWE-190 Integer Overflow or Wraparound
2% (22) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (22) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (21) CWE-200 Information Exposure
2% (18) CWE-476 NULL Pointer Dereference
2% (16) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
2% (16) CWE-269 Improper Privilege Management
2% (16) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
2% (16) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (14) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (14) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (13) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
1% (12) CWE-617 Reachable Assertion
1% (12) CWE-362 Race Condition
1% (11) CWE-295 Certificate Issues
1% (10) CWE-668 Exposure of Resource to Wrong Sphere
1% (10) CWE-276 Incorrect Default Permissions
1% (9) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
1% (8) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (7) CWE-755 Improper Handling of Exceptional Conditions

SAINT Exploits

Description Link
OpenSMTPD MAIL FROM command injection More info here

Open Source Vulnerability Database (OSVDB)

id Description
78564 Postfix Admin Unspecified XSS
78563 Postfix Admin edit-alias.php Unspecified XSS
78562 Postfix Admin create-alias.php Unspecified XSS
78561 Postfix Admin create-domain.php Unspecified XSS
78560 Postfix Admin templates/edit-vacation.php domain Parameter XSS
78559 Postfix Admin templates/menu.php domain Parameter XSS
78134 pithos Predictable Name Temporary File Symlink Arbitrary File Overwrite
77581 yaws URI Traversal Arbitrary File Access
75192 rsyslog Multiple Ruleset Message Handling Memory Exhaustion Local DoS (2011-1...
75191 rsyslog Multiple Ruleset Message Handling Memory Exhaustion Local DoS (2011-1...
75190 rsyslog RepeatedMsgReduction Function Memory Exhaustion Local DoS
74915 ax25-tools ax25d Return Value Checking Weakness Remote Privilege Escalation
74685 xpdf Font CharCodes Parsing Integer Overflow
74684 xpdf Malformed Command Handling Gfx Content Memory Corruption
73394 klibc DHCP Response Handling Metacharacter Shell Command Execution
71849 Thunar thunar/thunar-transfer-job.c thunar_transfer_job_copy_node() Function ...
71478 unixODBC SQLDriverConnect() SAVEFILE Parameter Overflow
68866 Ettercap src/interfaces/gtk/ec_gtk_conf.c gtkui_conf_read() Function Local Ov...

ExploitDB Exploits

id Description
29519 Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability
29274 Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability

OpenVAS Exploits

id Description
2012-11-26 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD20.nasl
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-18 (postfixadmin)
File : nvt/glsa_201209_18.nasl
2012-08-30 Name : Fedora Update for openstack-keystone FEDORA-2012-4690
File : nvt/gb_fedora_2012_4690_openstack-keystone_fc17.nasl
2012-08-30 Name : Fedora Update for openttd FEDORA-2012-12198
File : nvt/gb_fedora_2012_12198_openttd_fc16.nasl
2012-08-10 Name : Debian Security Advisory DSA 2524-1 (openttd)
File : nvt/deb_2524_1.nasl
2012-06-28 Name : Ubuntu Update for network-manager-applet USN-1483-2
File : nvt/gb_ubuntu_USN_1483_2.nasl
2012-06-28 Name : Ubuntu Update for network-manager USN-1483-1
File : nvt/gb_ubuntu_USN_1483_1.nasl
2012-04-11 Name : Fedora Update for openstack-keystone FEDORA-2012-4960
File : nvt/gb_fedora_2012_4960_openstack-keystone_fc16.nasl
2012-04-02 Name : Fedora Update for foomatic FEDORA-2011-11118
File : nvt/gb_fedora_2011_11118_foomatic_fc16.nasl
2012-04-02 Name : Fedora Update for openttd FEDORA-2012-0647
File : nvt/gb_fedora_2012_0647_openttd_fc16.nasl
2012-03-19 Name : Fedora Update for hardlink FEDORA-2011-14727
File : nvt/gb_fedora_2011_14727_hardlink_fc16.nasl
2012-03-19 Name : Fedora Update for polipo FEDORA-2012-0840
File : nvt/gb_fedora_2012_0840_polipo_fc16.nasl
2012-02-12 Name : FreeBSD Ports: openttd
File : nvt/freebsd_openttd4.nasl
2012-02-12 Name : FreeBSD Ports: surf
File : nvt/freebsd_surf.nasl
2012-02-12 Name : FreeBSD Ports: postfixadmin
File : nvt/freebsd_postfixadmin.nasl
2012-02-03 Name : Fedora Update for polipo FEDORA-2012-0849
File : nvt/gb_fedora_2012_0849_polipo_fc15.nasl
2012-02-01 Name : Fedora Update for openttd FEDORA-2012-0623
File : nvt/gb_fedora_2012_0623_openttd_fc15.nasl
2011-12-12 Name : Fedora Update for hardlink FEDORA-2011-14753
File : nvt/gb_fedora_2011_14753_hardlink_fc15.nasl
2011-09-27 Name : Fedora Update for foomatic FEDORA-2011-11205
File : nvt/gb_fedora_2011_11205_foomatic_fc14.nasl
2011-09-27 Name : Fedora Update for foomatic FEDORA-2011-11196
File : nvt/gb_fedora_2011_11196_foomatic_fc15.nasl
2011-08-03 Name : FreeBSD Ports: ikiwiki
File : nvt/freebsd_ikiwiki5.nasl
2011-07-12 Name : Fedora Update for PackageKit FEDORA-2011-8943
File : nvt/gb_fedora_2011_8943_PackageKit_fc15.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2021-02-18 TRUFFLEHUNTER TALOS-2021-1238 attack attempt
RuleID : 57135 - Type : BROWSER-WEBKIT - Revision : 1
2021-02-18 TRUFFLEHUNTER TALOS-2021-1238 attack attempt
RuleID : 57134 - Type : BROWSER-WEBKIT - Revision : 1
2021-02-18 TRUFFLEHUNTER TALOS-2021-1229 attack attempt
RuleID : 57046 - Type : BROWSER-WEBKIT - Revision : 1
2021-02-18 TRUFFLEHUNTER TALOS-2021-1229 attack attempt
RuleID : 57045 - Type : BROWSER-WEBKIT - Revision : 1
2021-01-12 Apache Server mod_proxy Error Page cross site scripting attempt
RuleID : 56563 - Type : SERVER-WEBAPP - Revision : 1
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56438 - Type : BROWSER-CHROME - Revision : 1
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56437 - Type : BROWSER-CHROME - Revision : 1
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56133 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56132 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56131 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56130 - Type : BROWSER-CHROME - Revision : 2
2020-09-02 BIND DNS server TSIG denial of service attempt
RuleID : 54630 - Type : PROTOCOL-DNS - Revision : 1
2020-07-07 Apache Tomcat FileStore directory traversal attempt
RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54033 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54032 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54031 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54030 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54023 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54022 - Type : SERVER-OTHER - Revision : 3
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53534 - Type : BROWSER-CHROME - Revision : 1
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53533 - Type : BROWSER-CHROME - Revision : 1
2020-04-21 Apache Log4j SocketServer insecure deserialization remote code execution attempt
RuleID : 53475 - Type : SERVER-OTHER - Revision : 1
2020-04-14 OpenSMTPD smtp_mailaddr command injection attempt
RuleID : 53432 - Type : SERVER-MAIL - Revision : 1
2020-04-14 OpenSMTPD smtp_mailaddr command injection attempt
RuleID : 53431 - Type : SERVER-MAIL - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53378 - Type : SERVER-OTHER - Revision : 1

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-aafdbb5554.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f749c70191.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1619.nasl - Type: ACT_GATHER_INFO
2018-11-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4339.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0034.nasl - Type: ACT_GATHER_INFO
2018-07-30 Name: The remote Debian host is missing a security update.
File: debian_DLA-1447.nasl - Type: ACT_GATHER_INFO
2018-07-06 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_e375ff3f7fec11e8808828d244aee256.nasl - Type: ACT_GATHER_INFO
2018-05-07 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-124-01.nasl - Type: ACT_GATHER_INFO
2018-05-07 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_8719b9358bae41ad92ba3c826f651219.nasl - Type: ACT_GATHER_INFO
2018-04-18 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-960.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote Fedora host is missing a security update.
File: fedora_2018-02e23192f5.nasl - Type: ACT_GATHER_INFO
2018-04-04 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201804-02.nasl - Type: ACT_GATHER_INFO
2018-03-28 Name: The remote Fedora host is missing a security update.
File: fedora_2018-faff5f661e.nasl - Type: ACT_GATHER_INFO
2018-03-20 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1053.nasl - Type: ACT_GATHER_INFO
2018-02-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-1285.nasl - Type: ACT_GATHER_INFO
2018-02-13 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1034.nasl - Type: ACT_GATHER_INFO
2018-01-26 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0223.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-09b1c3f099.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-15b815b9b7.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-b469be1a72.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-f2f3fa09e3.nasl - Type: ACT_GATHER_INFO
2018-01-02 Name: The remote Fedora host is missing a security update.
File: fedora_2017-ea44f172e3.nasl - Type: ACT_GATHER_INFO
2017-12-15 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3454.nasl - Type: ACT_GATHER_INFO
2017-12-15 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3455.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3458.nasl - Type: ACT_GATHER_INFO