This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 2016-11-01
Product Debian Linux Last view 2021-06-09
Version 10.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:debian:debian_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.5 2021-06-09 CVE-2021-0089

Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

6.5 2021-06-09 CVE-2020-24513

Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

3.3 2021-06-09 CVE-2020-24512

Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

6.5 2021-06-09 CVE-2020-24511

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

8.8 2021-06-09 CVE-2020-24489

Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.

7.5 2021-06-04 CVE-2021-28091

Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.

6.5 2021-06-02 CVE-2019-12067

The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.

6.5 2021-05-27 CVE-2021-31808

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.

6.5 2021-05-27 CVE-2021-31806

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.

6.5 2021-05-27 CVE-2021-28662

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.

4.9 2021-05-27 CVE-2021-28652

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.

7.5 2021-05-27 CVE-2021-28651

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.

9 2021-05-27 CVE-2020-15180

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.

7.5 2021-05-26 CVE-2021-33038

An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3.

7.8 2021-05-26 CVE-2020-27815

A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

7.5 2021-05-18 CVE-2020-25709

A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.

7.5 2021-05-13 CVE-2021-32920

Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.

7.5 2021-05-13 CVE-2021-32919

An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled).

5.3 2021-05-13 CVE-2021-32917

An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.

5.5 2021-05-13 CVE-2020-27830

A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.

5.5 2021-05-13 CVE-2020-27824

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.

7.8 2021-05-13 CVE-2020-27823

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

7.5 2021-05-12 CVE-2021-20277

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

7.5 2021-05-12 CVE-2020-27840

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.

8.8 2021-04-30 CVE-2021-21232

Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
10% (68) CWE-416 Use After Free
8% (54) CWE-125 Out-of-bounds Read
8% (53) CWE-20 Improper Input Validation
7% (50) CWE-787 Out-of-bounds Write
4% (29) CWE-200 Information Exposure
3% (25) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (23) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
3% (21) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (17) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
2% (16) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (15) CWE-190 Integer Overflow or Wraparound
2% (14) CWE-269 Improper Privilege Management
1% (13) CWE-476 NULL Pointer Dereference
1% (13) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (12) CWE-617 Reachable Assertion
1% (12) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
1% (12) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (11) CWE-362 Race Condition
1% (11) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
1% (10) CWE-668 Exposure of Resource to Wrong Sphere
1% (10) CWE-276 Incorrect Default Permissions
1% (9) CWE-732 Incorrect Permission Assignment for Critical Resource
1% (9) CWE-295 Certificate Issues
1% (8) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
1% (7) CWE-502 Deserialization of Untrusted Data

SAINT Exploits

Description Link
OpenSMTPD MAIL FROM command injection More info here

Open Source Vulnerability Database (OSVDB)

id Description
78564 Postfix Admin Unspecified XSS
78563 Postfix Admin edit-alias.php Unspecified XSS
78562 Postfix Admin create-alias.php Unspecified XSS
78561 Postfix Admin create-domain.php Unspecified XSS
78560 Postfix Admin templates/edit-vacation.php domain Parameter XSS
78559 Postfix Admin templates/menu.php domain Parameter XSS
78134 pithos Predictable Name Temporary File Symlink Arbitrary File Overwrite
77581 yaws URI Traversal Arbitrary File Access
75192 rsyslog Multiple Ruleset Message Handling Memory Exhaustion Local DoS (2011-1...
75191 rsyslog Multiple Ruleset Message Handling Memory Exhaustion Local DoS (2011-1...
75190 rsyslog RepeatedMsgReduction Function Memory Exhaustion Local DoS
74915 ax25-tools ax25d Return Value Checking Weakness Remote Privilege Escalation
74685 xpdf Font CharCodes Parsing Integer Overflow
74684 xpdf Malformed Command Handling Gfx Content Memory Corruption
73394 klibc DHCP Response Handling Metacharacter Shell Command Execution
71849 Thunar thunar/thunar-transfer-job.c thunar_transfer_job_copy_node() Function ...
71478 unixODBC SQLDriverConnect() SAVEFILE Parameter Overflow
68866 Ettercap src/interfaces/gtk/ec_gtk_conf.c gtkui_conf_read() Function Local Ov...

ExploitDB Exploits

id Description
29519 Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability
29274 Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability

OpenVAS Exploits

id Description
2012-11-26 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD20.nasl
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-18 (postfixadmin)
File : nvt/glsa_201209_18.nasl
2012-08-30 Name : Fedora Update for openstack-keystone FEDORA-2012-4690
File : nvt/gb_fedora_2012_4690_openstack-keystone_fc17.nasl
2012-08-30 Name : Fedora Update for openttd FEDORA-2012-12198
File : nvt/gb_fedora_2012_12198_openttd_fc16.nasl
2012-08-10 Name : Debian Security Advisory DSA 2524-1 (openttd)
File : nvt/deb_2524_1.nasl
2012-06-28 Name : Ubuntu Update for network-manager-applet USN-1483-2
File : nvt/gb_ubuntu_USN_1483_2.nasl
2012-06-28 Name : Ubuntu Update for network-manager USN-1483-1
File : nvt/gb_ubuntu_USN_1483_1.nasl
2012-04-11 Name : Fedora Update for openstack-keystone FEDORA-2012-4960
File : nvt/gb_fedora_2012_4960_openstack-keystone_fc16.nasl
2012-04-02 Name : Fedora Update for foomatic FEDORA-2011-11118
File : nvt/gb_fedora_2011_11118_foomatic_fc16.nasl
2012-04-02 Name : Fedora Update for openttd FEDORA-2012-0647
File : nvt/gb_fedora_2012_0647_openttd_fc16.nasl
2012-03-19 Name : Fedora Update for hardlink FEDORA-2011-14727
File : nvt/gb_fedora_2011_14727_hardlink_fc16.nasl
2012-03-19 Name : Fedora Update for polipo FEDORA-2012-0840
File : nvt/gb_fedora_2012_0840_polipo_fc16.nasl
2012-02-12 Name : FreeBSD Ports: openttd
File : nvt/freebsd_openttd4.nasl
2012-02-12 Name : FreeBSD Ports: surf
File : nvt/freebsd_surf.nasl
2012-02-12 Name : FreeBSD Ports: postfixadmin
File : nvt/freebsd_postfixadmin.nasl
2012-02-03 Name : Fedora Update for polipo FEDORA-2012-0849
File : nvt/gb_fedora_2012_0849_polipo_fc15.nasl
2012-02-01 Name : Fedora Update for openttd FEDORA-2012-0623
File : nvt/gb_fedora_2012_0623_openttd_fc15.nasl
2011-12-12 Name : Fedora Update for hardlink FEDORA-2011-14753
File : nvt/gb_fedora_2011_14753_hardlink_fc15.nasl
2011-09-27 Name : Fedora Update for foomatic FEDORA-2011-11205
File : nvt/gb_fedora_2011_11205_foomatic_fc14.nasl
2011-09-27 Name : Fedora Update for foomatic FEDORA-2011-11196
File : nvt/gb_fedora_2011_11196_foomatic_fc15.nasl
2011-08-03 Name : FreeBSD Ports: ikiwiki
File : nvt/freebsd_ikiwiki5.nasl
2011-07-12 Name : Fedora Update for PackageKit FEDORA-2011-8943
File : nvt/gb_fedora_2011_8943_PackageKit_fc15.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2021-01-12 Apache Server mod_proxy Error Page cross site scripting attempt
RuleID : 56563 - Type : SERVER-WEBAPP - Revision : 1
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56438 - Type : BROWSER-CHROME - Revision : 1
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56437 - Type : BROWSER-CHROME - Revision : 1
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56133 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56132 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56131 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56130 - Type : BROWSER-CHROME - Revision : 2
2020-09-02 BIND DNS server TSIG denial of service attempt
RuleID : 54630 - Type : PROTOCOL-DNS - Revision : 1
2020-07-07 Apache Tomcat FileStore directory traversal attempt
RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54033 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54032 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54031 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54030 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54023 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54022 - Type : SERVER-OTHER - Revision : 3
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53534 - Type : BROWSER-CHROME - Revision : 1
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53533 - Type : BROWSER-CHROME - Revision : 1
2020-04-21 Apache Log4j SocketServer insecure deserialization remote code execution attempt
RuleID : 53475 - Type : SERVER-OTHER - Revision : 1
2020-04-14 OpenSMTPD smtp_mailaddr command injection attempt
RuleID : 53432 - Type : SERVER-MAIL - Revision : 1
2020-04-14 OpenSMTPD smtp_mailaddr command injection attempt
RuleID : 53431 - Type : SERVER-MAIL - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53378 - Type : SERVER-OTHER - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53377 - Type : SERVER-OTHER - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53376 - Type : SERVER-OTHER - Revision : 1
2019-12-10 PHP FPM env_path_info buffer underflow attempt
RuleID : 52123 - Type : SERVER-WEBAPP - Revision : 1
2018-06-12 EHLO user overflow attempt
RuleID : 46610 - Type : SERVER-MAIL - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-aafdbb5554.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f749c70191.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1619.nasl - Type: ACT_GATHER_INFO
2018-11-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4339.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0034.nasl - Type: ACT_GATHER_INFO
2018-07-30 Name: The remote Debian host is missing a security update.
File: debian_DLA-1447.nasl - Type: ACT_GATHER_INFO
2018-07-06 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_e375ff3f7fec11e8808828d244aee256.nasl - Type: ACT_GATHER_INFO
2018-05-07 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-124-01.nasl - Type: ACT_GATHER_INFO
2018-05-07 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_8719b9358bae41ad92ba3c826f651219.nasl - Type: ACT_GATHER_INFO
2018-04-18 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-960.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote Fedora host is missing a security update.
File: fedora_2018-02e23192f5.nasl - Type: ACT_GATHER_INFO
2018-04-04 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201804-02.nasl - Type: ACT_GATHER_INFO
2018-03-28 Name: The remote Fedora host is missing a security update.
File: fedora_2018-faff5f661e.nasl - Type: ACT_GATHER_INFO
2018-03-20 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1053.nasl - Type: ACT_GATHER_INFO
2018-02-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-1285.nasl - Type: ACT_GATHER_INFO
2018-02-13 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1034.nasl - Type: ACT_GATHER_INFO
2018-01-26 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0223.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-09b1c3f099.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-15b815b9b7.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-b469be1a72.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-f2f3fa09e3.nasl - Type: ACT_GATHER_INFO
2018-01-02 Name: The remote Fedora host is missing a security update.
File: fedora_2017-ea44f172e3.nasl - Type: ACT_GATHER_INFO
2017-12-15 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3454.nasl - Type: ACT_GATHER_INFO
2017-12-15 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3455.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3458.nasl - Type: ACT_GATHER_INFO