This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 2016-11-01
Product Debian Linux Last view 2021-02-15
Version 10.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:debian:debian_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2021-02-15 CVE-2021-21702

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.

5.3 2021-02-15 CVE-2020-7071

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.

7.5 2021-02-14 CVE-2021-27212

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.

7.5 2021-02-11 CVE-2020-35498

A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

6.5 2021-02-09 CVE-2021-26676

gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.

8.8 2021-02-09 CVE-2021-26675

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.

7 2021-02-08 CVE-2021-26910

Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.

7.8 2021-01-29 CVE-2021-3347

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.

7.8 2021-01-26 CVE-2021-3156

Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

6.5 2021-01-26 CVE-2021-3114

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

7.5 2021-01-26 CVE-2020-36230

A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.

7.5 2021-01-26 CVE-2020-36229

A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.

7.5 2021-01-26 CVE-2020-36228

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.

7.5 2021-01-26 CVE-2020-36227

A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.

7.5 2021-01-26 CVE-2020-36226

A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.

7.5 2021-01-26 CVE-2020-36225

A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

7.5 2021-01-26 CVE-2020-36224

A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

7.5 2021-01-26 CVE-2020-36223

A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).

7.5 2021-01-26 CVE-2020-36222

A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.

7.5 2021-01-26 CVE-2020-36221

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).

5.9 2021-01-20 CVE-2020-25687

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

3.7 2021-01-20 CVE-2020-25686

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

3.7 2021-01-20 CVE-2020-25685

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

3.7 2021-01-20 CVE-2020-25684

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

5.9 2021-01-20 CVE-2020-25683

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
9% (49) CWE-125 Out-of-bounds Read
9% (45) CWE-20 Improper Input Validation
8% (41) CWE-416 Use After Free
7% (38) CWE-787 Out-of-bounds Write
4% (23) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
4% (20) CWE-200 Information Exposure
3% (17) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
3% (15) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (14) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
2% (13) CWE-269 Improper Privilege Management
2% (12) CWE-59 Improper Link Resolution Before File Access ('Link Following')
2% (11) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (10) CWE-362 Race Condition
1% (9) CWE-476 NULL Pointer Dereference
1% (9) CWE-276 Incorrect Default Permissions
1% (9) CWE-190 Integer Overflow or Wraparound
1% (9) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
1% (8) CWE-617 Reachable Assertion
1% (8) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (7) CWE-732 Incorrect Permission Assignment for Critical Resource
1% (7) CWE-668 Exposure of Resource to Wrong Sphere
1% (7) CWE-502 Deserialization of Untrusted Data
1% (7) CWE-295 Certificate Issues
1% (6) CWE-772 Missing Release of Resource after Effective Lifetime
1% (6) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...

SAINT Exploits

Description Link
OpenSMTPD MAIL FROM command injection More info here

Open Source Vulnerability Database (OSVDB)

id Description
78564 Postfix Admin Unspecified XSS
78563 Postfix Admin edit-alias.php Unspecified XSS
78562 Postfix Admin create-alias.php Unspecified XSS
78561 Postfix Admin create-domain.php Unspecified XSS
78560 Postfix Admin templates/edit-vacation.php domain Parameter XSS
78559 Postfix Admin templates/menu.php domain Parameter XSS
78134 pithos Predictable Name Temporary File Symlink Arbitrary File Overwrite
77581 yaws URI Traversal Arbitrary File Access
75192 rsyslog Multiple Ruleset Message Handling Memory Exhaustion Local DoS (2011-1...
75191 rsyslog Multiple Ruleset Message Handling Memory Exhaustion Local DoS (2011-1...
75190 rsyslog RepeatedMsgReduction Function Memory Exhaustion Local DoS
74915 ax25-tools ax25d Return Value Checking Weakness Remote Privilege Escalation
74685 xpdf Font CharCodes Parsing Integer Overflow
74684 xpdf Malformed Command Handling Gfx Content Memory Corruption
73394 klibc DHCP Response Handling Metacharacter Shell Command Execution
71849 Thunar thunar/thunar-transfer-job.c thunar_transfer_job_copy_node() Function ...
71478 unixODBC SQLDriverConnect() SAVEFILE Parameter Overflow
68866 Ettercap src/interfaces/gtk/ec_gtk_conf.c gtkui_conf_read() Function Local Ov...

ExploitDB Exploits

id Description
29519 Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability
29274 Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability

OpenVAS Exploits

id Description
2012-11-26 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD20.nasl
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-18 (postfixadmin)
File : nvt/glsa_201209_18.nasl
2012-08-30 Name : Fedora Update for openstack-keystone FEDORA-2012-4690
File : nvt/gb_fedora_2012_4690_openstack-keystone_fc17.nasl
2012-08-30 Name : Fedora Update for openttd FEDORA-2012-12198
File : nvt/gb_fedora_2012_12198_openttd_fc16.nasl
2012-08-10 Name : Debian Security Advisory DSA 2524-1 (openttd)
File : nvt/deb_2524_1.nasl
2012-06-28 Name : Ubuntu Update for network-manager-applet USN-1483-2
File : nvt/gb_ubuntu_USN_1483_2.nasl
2012-06-28 Name : Ubuntu Update for network-manager USN-1483-1
File : nvt/gb_ubuntu_USN_1483_1.nasl
2012-04-11 Name : Fedora Update for openstack-keystone FEDORA-2012-4960
File : nvt/gb_fedora_2012_4960_openstack-keystone_fc16.nasl
2012-04-02 Name : Fedora Update for foomatic FEDORA-2011-11118
File : nvt/gb_fedora_2011_11118_foomatic_fc16.nasl
2012-04-02 Name : Fedora Update for openttd FEDORA-2012-0647
File : nvt/gb_fedora_2012_0647_openttd_fc16.nasl
2012-03-19 Name : Fedora Update for hardlink FEDORA-2011-14727
File : nvt/gb_fedora_2011_14727_hardlink_fc16.nasl
2012-03-19 Name : Fedora Update for polipo FEDORA-2012-0840
File : nvt/gb_fedora_2012_0840_polipo_fc16.nasl
2012-02-12 Name : FreeBSD Ports: openttd
File : nvt/freebsd_openttd4.nasl
2012-02-12 Name : FreeBSD Ports: surf
File : nvt/freebsd_surf.nasl
2012-02-12 Name : FreeBSD Ports: postfixadmin
File : nvt/freebsd_postfixadmin.nasl
2012-02-03 Name : Fedora Update for polipo FEDORA-2012-0849
File : nvt/gb_fedora_2012_0849_polipo_fc15.nasl
2012-02-01 Name : Fedora Update for openttd FEDORA-2012-0623
File : nvt/gb_fedora_2012_0623_openttd_fc15.nasl
2011-12-12 Name : Fedora Update for hardlink FEDORA-2011-14753
File : nvt/gb_fedora_2011_14753_hardlink_fc15.nasl
2011-09-27 Name : Fedora Update for foomatic FEDORA-2011-11205
File : nvt/gb_fedora_2011_11205_foomatic_fc14.nasl
2011-09-27 Name : Fedora Update for foomatic FEDORA-2011-11196
File : nvt/gb_fedora_2011_11196_foomatic_fc15.nasl
2011-08-03 Name : FreeBSD Ports: ikiwiki
File : nvt/freebsd_ikiwiki5.nasl
2011-07-12 Name : Fedora Update for PackageKit FEDORA-2011-8943
File : nvt/gb_fedora_2011_8943_PackageKit_fc15.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2021-01-12 Apache Server mod_proxy Error Page cross site scripting attempt
RuleID : 56563 - Type : SERVER-WEBAPP - Revision : 1
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56438 - Type : BROWSER-CHROME - Revision : 1
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56437 - Type : BROWSER-CHROME - Revision : 1
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56133 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56132 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56131 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56130 - Type : BROWSER-CHROME - Revision : 2
2020-09-02 BIND DNS server TSIG denial of service attempt
RuleID : 54630 - Type : PROTOCOL-DNS - Revision : 1
2020-07-07 Apache Tomcat FileStore directory traversal attempt
RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54033 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54032 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54031 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54030 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54023 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54022 - Type : SERVER-OTHER - Revision : 3
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53534 - Type : BROWSER-CHROME - Revision : 1
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53533 - Type : BROWSER-CHROME - Revision : 1
2020-04-21 Apache Log4j SocketServer insecure deserialization remote code execution attempt
RuleID : 53475 - Type : SERVER-OTHER - Revision : 1
2020-04-14 OpenSMTPD smtp_mailaddr command injection attempt
RuleID : 53432 - Type : SERVER-MAIL - Revision : 1
2020-04-14 OpenSMTPD smtp_mailaddr command injection attempt
RuleID : 53431 - Type : SERVER-MAIL - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53378 - Type : SERVER-OTHER - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53377 - Type : SERVER-OTHER - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53376 - Type : SERVER-OTHER - Revision : 1
2019-12-10 PHP FPM env_path_info buffer underflow attempt
RuleID : 52123 - Type : SERVER-WEBAPP - Revision : 1
2018-06-12 EHLO user overflow attempt
RuleID : 46610 - Type : SERVER-MAIL - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-aafdbb5554.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f749c70191.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1619.nasl - Type: ACT_GATHER_INFO
2018-11-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4339.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0034.nasl - Type: ACT_GATHER_INFO
2018-07-30 Name: The remote Debian host is missing a security update.
File: debian_DLA-1447.nasl - Type: ACT_GATHER_INFO
2018-07-06 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_e375ff3f7fec11e8808828d244aee256.nasl - Type: ACT_GATHER_INFO
2018-05-07 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-124-01.nasl - Type: ACT_GATHER_INFO
2018-05-07 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_8719b9358bae41ad92ba3c826f651219.nasl - Type: ACT_GATHER_INFO
2018-04-18 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-960.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote Fedora host is missing a security update.
File: fedora_2018-02e23192f5.nasl - Type: ACT_GATHER_INFO
2018-04-04 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201804-02.nasl - Type: ACT_GATHER_INFO
2018-03-28 Name: The remote Fedora host is missing a security update.
File: fedora_2018-faff5f661e.nasl - Type: ACT_GATHER_INFO
2018-03-20 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1053.nasl - Type: ACT_GATHER_INFO
2018-02-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-1285.nasl - Type: ACT_GATHER_INFO
2018-02-13 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1034.nasl - Type: ACT_GATHER_INFO
2018-01-26 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0223.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-09b1c3f099.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-15b815b9b7.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-b469be1a72.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-f2f3fa09e3.nasl - Type: ACT_GATHER_INFO
2018-01-02 Name: The remote Fedora host is missing a security update.
File: fedora_2017-ea44f172e3.nasl - Type: ACT_GATHER_INFO
2017-12-15 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3454.nasl - Type: ACT_GATHER_INFO
2017-12-15 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3455.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3458.nasl - Type: ACT_GATHER_INFO