This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 2016-11-01
Product Debian Linux Last view 2021-04-30
Version 10.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:debian:debian_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.8 2021-04-30 CVE-2021-21231

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

4.3 2021-04-30 CVE-2021-21228

Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

9.8 2021-04-29 CVE-2021-25216

In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security.

7.5 2021-04-29 CVE-2021-25215

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.

6.5 2021-04-29 CVE-2021-25214

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

7.8 2021-04-29 CVE-2020-18032

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.

8.8 2021-04-27 CVE-2021-29472

Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to Composer users directly is limited as the composer.json file is typically under their own control and source download URLs can only be supplied by third party Composer repositories they explicitly trust to download and execute source code from, e.g. Composer plugins. The main impact is to services passing user input to Composer, including Packagist.org and Private Packagist. This allowed users to trigger remote code execution. The vulnerability has been patched on Packagist.org and Private Packagist within 12h of receiving the initial vulnerability report and based on a review of logs, to the best of our knowledge, was not abused by anyone. Other services/tools using VcsRepository/VcsDriver or derivatives may also be vulnerable and should upgrade their composer/composer dependency immediately. Versions 1.10.22 and 2.0.13 include patches for this issue.

9.6 2021-04-26 CVE-2021-21226

Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8 2021-04-26 CVE-2021-21225

Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2021-04-26 CVE-2021-21224

Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

9.6 2021-04-26 CVE-2021-21223

Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

6.5 2021-04-26 CVE-2021-21222

Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

6.5 2021-04-26 CVE-2021-21221

Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

5.5 2021-04-26 CVE-2021-21219

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

5.5 2021-04-26 CVE-2021-21218

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

5.5 2021-04-26 CVE-2021-21217

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

6.5 2021-04-26 CVE-2021-21216

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

6.5 2021-04-26 CVE-2021-21215

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

8.8 2021-04-26 CVE-2021-21214

Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.

8.8 2021-04-26 CVE-2021-21213

Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5 2021-04-26 CVE-2021-21212

Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.

6.5 2021-04-26 CVE-2021-21211

Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5 2021-04-26 CVE-2021-21210

Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.

6.5 2021-04-26 CVE-2021-21209

Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5 2021-04-26 CVE-2021-21208

Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
10% (67) CWE-416 Use After Free
8% (51) CWE-20 Improper Input Validation
8% (50) CWE-125 Out-of-bounds Read
7% (47) CWE-787 Out-of-bounds Write
4% (27) CWE-200 Information Exposure
4% (25) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (20) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
3% (20) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (17) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
2% (15) CWE-190 Integer Overflow or Wraparound
2% (14) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (14) CWE-269 Improper Privilege Management
2% (13) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (11) CWE-617 Reachable Assertion
1% (11) CWE-476 NULL Pointer Dereference
1% (11) CWE-362 Race Condition
1% (11) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
1% (11) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (10) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
1% (10) CWE-276 Incorrect Default Permissions
1% (9) CWE-732 Incorrect Permission Assignment for Critical Resource
1% (9) CWE-668 Exposure of Resource to Wrong Sphere
1% (8) CWE-295 Certificate Issues
1% (7) CWE-502 Deserialization of Untrusted Data
1% (7) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...

SAINT Exploits

Description Link
OpenSMTPD MAIL FROM command injection More info here

Open Source Vulnerability Database (OSVDB)

id Description
78564 Postfix Admin Unspecified XSS
78563 Postfix Admin edit-alias.php Unspecified XSS
78562 Postfix Admin create-alias.php Unspecified XSS
78561 Postfix Admin create-domain.php Unspecified XSS
78560 Postfix Admin templates/edit-vacation.php domain Parameter XSS
78559 Postfix Admin templates/menu.php domain Parameter XSS
78134 pithos Predictable Name Temporary File Symlink Arbitrary File Overwrite
77581 yaws URI Traversal Arbitrary File Access
75192 rsyslog Multiple Ruleset Message Handling Memory Exhaustion Local DoS (2011-1...
75191 rsyslog Multiple Ruleset Message Handling Memory Exhaustion Local DoS (2011-1...
75190 rsyslog RepeatedMsgReduction Function Memory Exhaustion Local DoS
74915 ax25-tools ax25d Return Value Checking Weakness Remote Privilege Escalation
74685 xpdf Font CharCodes Parsing Integer Overflow
74684 xpdf Malformed Command Handling Gfx Content Memory Corruption
73394 klibc DHCP Response Handling Metacharacter Shell Command Execution
71849 Thunar thunar/thunar-transfer-job.c thunar_transfer_job_copy_node() Function ...
71478 unixODBC SQLDriverConnect() SAVEFILE Parameter Overflow
68866 Ettercap src/interfaces/gtk/ec_gtk_conf.c gtkui_conf_read() Function Local Ov...

ExploitDB Exploits

id Description
29519 Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability
29274 Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability

OpenVAS Exploits

id Description
2012-11-26 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD20.nasl
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-18 (postfixadmin)
File : nvt/glsa_201209_18.nasl
2012-08-30 Name : Fedora Update for openstack-keystone FEDORA-2012-4690
File : nvt/gb_fedora_2012_4690_openstack-keystone_fc17.nasl
2012-08-30 Name : Fedora Update for openttd FEDORA-2012-12198
File : nvt/gb_fedora_2012_12198_openttd_fc16.nasl
2012-08-10 Name : Debian Security Advisory DSA 2524-1 (openttd)
File : nvt/deb_2524_1.nasl
2012-06-28 Name : Ubuntu Update for network-manager-applet USN-1483-2
File : nvt/gb_ubuntu_USN_1483_2.nasl
2012-06-28 Name : Ubuntu Update for network-manager USN-1483-1
File : nvt/gb_ubuntu_USN_1483_1.nasl
2012-04-11 Name : Fedora Update for openstack-keystone FEDORA-2012-4960
File : nvt/gb_fedora_2012_4960_openstack-keystone_fc16.nasl
2012-04-02 Name : Fedora Update for foomatic FEDORA-2011-11118
File : nvt/gb_fedora_2011_11118_foomatic_fc16.nasl
2012-04-02 Name : Fedora Update for openttd FEDORA-2012-0647
File : nvt/gb_fedora_2012_0647_openttd_fc16.nasl
2012-03-19 Name : Fedora Update for hardlink FEDORA-2011-14727
File : nvt/gb_fedora_2011_14727_hardlink_fc16.nasl
2012-03-19 Name : Fedora Update for polipo FEDORA-2012-0840
File : nvt/gb_fedora_2012_0840_polipo_fc16.nasl
2012-02-12 Name : FreeBSD Ports: openttd
File : nvt/freebsd_openttd4.nasl
2012-02-12 Name : FreeBSD Ports: surf
File : nvt/freebsd_surf.nasl
2012-02-12 Name : FreeBSD Ports: postfixadmin
File : nvt/freebsd_postfixadmin.nasl
2012-02-03 Name : Fedora Update for polipo FEDORA-2012-0849
File : nvt/gb_fedora_2012_0849_polipo_fc15.nasl
2012-02-01 Name : Fedora Update for openttd FEDORA-2012-0623
File : nvt/gb_fedora_2012_0623_openttd_fc15.nasl
2011-12-12 Name : Fedora Update for hardlink FEDORA-2011-14753
File : nvt/gb_fedora_2011_14753_hardlink_fc15.nasl
2011-09-27 Name : Fedora Update for foomatic FEDORA-2011-11205
File : nvt/gb_fedora_2011_11205_foomatic_fc14.nasl
2011-09-27 Name : Fedora Update for foomatic FEDORA-2011-11196
File : nvt/gb_fedora_2011_11196_foomatic_fc15.nasl
2011-08-03 Name : FreeBSD Ports: ikiwiki
File : nvt/freebsd_ikiwiki5.nasl
2011-07-12 Name : Fedora Update for PackageKit FEDORA-2011-8943
File : nvt/gb_fedora_2011_8943_PackageKit_fc15.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2021-01-12 Apache Server mod_proxy Error Page cross site scripting attempt
RuleID : 56563 - Type : SERVER-WEBAPP - Revision : 1
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56438 - Type : BROWSER-CHROME - Revision : 1
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56437 - Type : BROWSER-CHROME - Revision : 1
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56133 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56132 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56131 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56130 - Type : BROWSER-CHROME - Revision : 2
2020-09-02 BIND DNS server TSIG denial of service attempt
RuleID : 54630 - Type : PROTOCOL-DNS - Revision : 1
2020-07-07 Apache Tomcat FileStore directory traversal attempt
RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54033 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54032 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54031 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54030 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54023 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54022 - Type : SERVER-OTHER - Revision : 3
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53534 - Type : BROWSER-CHROME - Revision : 1
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53533 - Type : BROWSER-CHROME - Revision : 1
2020-04-21 Apache Log4j SocketServer insecure deserialization remote code execution attempt
RuleID : 53475 - Type : SERVER-OTHER - Revision : 1
2020-04-14 OpenSMTPD smtp_mailaddr command injection attempt
RuleID : 53432 - Type : SERVER-MAIL - Revision : 1
2020-04-14 OpenSMTPD smtp_mailaddr command injection attempt
RuleID : 53431 - Type : SERVER-MAIL - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53378 - Type : SERVER-OTHER - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53377 - Type : SERVER-OTHER - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53376 - Type : SERVER-OTHER - Revision : 1
2019-12-10 PHP FPM env_path_info buffer underflow attempt
RuleID : 52123 - Type : SERVER-WEBAPP - Revision : 1
2018-06-12 EHLO user overflow attempt
RuleID : 46610 - Type : SERVER-MAIL - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-aafdbb5554.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f749c70191.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1619.nasl - Type: ACT_GATHER_INFO
2018-11-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4339.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0034.nasl - Type: ACT_GATHER_INFO
2018-07-30 Name: The remote Debian host is missing a security update.
File: debian_DLA-1447.nasl - Type: ACT_GATHER_INFO
2018-07-06 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_e375ff3f7fec11e8808828d244aee256.nasl - Type: ACT_GATHER_INFO
2018-05-07 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-124-01.nasl - Type: ACT_GATHER_INFO
2018-05-07 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_8719b9358bae41ad92ba3c826f651219.nasl - Type: ACT_GATHER_INFO
2018-04-18 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-960.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote Fedora host is missing a security update.
File: fedora_2018-02e23192f5.nasl - Type: ACT_GATHER_INFO
2018-04-04 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201804-02.nasl - Type: ACT_GATHER_INFO
2018-03-28 Name: The remote Fedora host is missing a security update.
File: fedora_2018-faff5f661e.nasl - Type: ACT_GATHER_INFO
2018-03-20 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1053.nasl - Type: ACT_GATHER_INFO
2018-02-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-1285.nasl - Type: ACT_GATHER_INFO
2018-02-13 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1034.nasl - Type: ACT_GATHER_INFO
2018-01-26 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0223.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-09b1c3f099.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-15b815b9b7.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-b469be1a72.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-f2f3fa09e3.nasl - Type: ACT_GATHER_INFO
2018-01-02 Name: The remote Fedora host is missing a security update.
File: fedora_2017-ea44f172e3.nasl - Type: ACT_GATHER_INFO
2017-12-15 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3454.nasl - Type: ACT_GATHER_INFO
2017-12-15 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3455.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3458.nasl - Type: ACT_GATHER_INFO