This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 1994-12-19
Product Debian Linux Last view 2018-11-12
Version 2.1 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:debian:debian_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2018-11-12 CVE-2018-19200

An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.

7.8 2017-09-25 CVE-2014-8156

The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.

8.8 2016-06-16 CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

4.6 2001-12-21 CVE-2001-0886

Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.

7.5 2001-10-18 CVE-2001-0763

Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.

3.6 2001-07-02 CVE-2001-0430

Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.

7.5 2001-06-27 CVE-2001-0441

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

4.6 2001-01-09 CVE-2000-1135

fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.

10 2000-11-14 CVE-2000-0844

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

10 2000-07-02 CVE-2000-0584

Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.

7.2 2000-06-21 CVE-2000-0607

Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.

7.2 2000-06-21 CVE-2000-0606

Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.

5 2000-03-27 CVE-2000-0289

IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.

7.2 2000-03-22 CVE-2000-0229

gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.

7.2 2000-02-02 CVE-2000-0112

The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation.

7.2 2000-02-01 CVE-2000-0107

Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.

10 2000-01-08 CVE-2000-1221

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.

2.1 1999-12-30 CVE-2000-0076

nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.

7.5 1999-12-09 CVE-1999-0978

htdig allows remote attackers to execute commands via filenames with shell metacharacters.

5 1999-12-08 CVE-1999-0986

The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

2.1 1999-12-02 CVE-2000-0366

dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.

10 1999-11-09 CVE-1999-0832

Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.

5 1999-08-26 CVE-1999-0939

Denial of service in Debian IRC Epic/epic4 client via a long string.

7.2 1999-08-25 CVE-1999-0872

Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.

7.2 1999-08-25 CVE-1999-0769

Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-264 Permissions, Privileges, and Access Controls
25% (1) CWE-476 NULL Pointer Dereference
25% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-63 Simple Script Injection
CAPEC-73 User-Controlled Filename

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
17208 Multiple Linux lpr lpd DNS Resolution Remote Privilege Escalation
14794 Multiple Unix Vendor locale subsystem Multiple Function Format String
13877 slrn News Reader Long Message Header Multiple Function Overflow
12029 Kanji on Console (KON) kon -StartupMessage Parameter Local Overflow
11526 Linux Console (KON) kon Overflow
11524 Kanji on Console (KON) fld Input File Overflow
11279 Linux NFS Server Pathname Overflow
9052 sudo File Existence Information Disclosure
8100 fte-console Virtual Console Device Local Privilege Escalation
7550 cron MAILTO Overflow Privilege Escalation
7306 Red Hat Linux rpc.lockd Malformed Request DoS
7208 Debian fshd Symlink Arbitrary Command Execution
5946 XFree86 xfs /tmp/.font-unix Symlink Privilege Escalation
5642 Exuberant Ctags Insecure Temporary File Creation
5542 xinetd Long Ident Response Overflow
2007 GNU libc (glibc) glob Function Remote Overflow
1452 Canna SR_INIT Command Remote Overflow
1449 Debian Linux 2.1 dump Symlink Restore
1447 Multiple Vendor nviboot Arbitrary File Delete
1266 Linux Kernel UDP/FTP IP Masquerading Remote DoS
1262 gpm gpm-root Privilege Drop Failure
1216 Debian Linux MBR Boot Sequence Floppy Privilege Escalation
1215 Linux apcd Symlink
1163 Linux Packet Length with Options
1160 ht://Dig (htdig) Filename Shell Metacharacter Arbitrary Command Execution

OpenVAS Exploits

id Description
2008-01-17 Name : Debian Security Advisory DSA 040-1 (slrn)
File : nvt/deb_040_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 046-1 (exuberant-ctags)
File : nvt/deb_046_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 063-1 (xinetd)
File : nvt/deb_063_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 103-1 (glibc)
File : nvt/deb_103_1.nasl

Snort® IPS/IDS

Date Description
2014-01-10 record route rr denial of service attempt
RuleID : 8730 - Type : PROTOCOL-ICMP - Revision : 6
2014-01-10 portmap nlockmgr request TCP
RuleID : 2080-community - Type : PROTOCOL-RPC - Revision : 13
2014-01-10 portmap nlockmgr request TCP
RuleID : 2080 - Type : PROTOCOL-RPC - Revision : 13
2014-01-10 portmap nlockmgr request UDP
RuleID : 2079-community - Type : PROTOCOL-RPC - Revision : 15
2014-01-10 portmap nlockmgr request UDP
RuleID : 2079 - Type : PROTOCOL-RPC - Revision : 15
2014-01-10 SalesLogix Eviewer access
RuleID : 1588-community - Type : SERVER-WEBAPP - Revision : 16
2014-01-10 SalesLogix Eviewer access
RuleID : 1588 - Type : SERVER-WEBAPP - Revision : 16
2014-01-10 wu-ftp bad file completion attempt
RuleID : 1378-community - Type : PROTOCOL-FTP - Revision : 24
2014-01-10 wu-ftp bad file completion attempt
RuleID : 1378 - Type : PROTOCOL-FTP - Revision : 24
2014-01-10 wu-ftp bad file completion attempt
RuleID : 1377-community - Type : PROTOCOL-FTP - Revision : 24
2014-01-10 wu-ftp bad file completion attempt
RuleID : 1377 - Type : PROTOCOL-FTP - Revision : 24
2014-01-10 SalesLogix Eviewer web command attempt
RuleID : 1187-community - Type : SERVER-WEBAPP - Revision : 21
2014-01-10 SalesLogix Eviewer web command attempt
RuleID : 1187 - Type : SERVER-WEBAPP - Revision : 21

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c5c72a45ea.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a3ef0a026f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-96b48b34ae.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4003413459.nasl - Type: ACT_GATHER_INFO
2018-12-03 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_3563fae5f60c11e8b5135404a68ad561.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote Debian host is missing a security update.
File: debian_DLA-1581.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201705-08.nasl - Type: ACT_GATHER_INFO
2016-06-28 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-779.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security update.
File: debian_DLA-515.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3603.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2001-028.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2000-002.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-103.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-063.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-046.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-040.nasl - Type: ACT_GATHER_INFO
2004-07-31 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2001-095.nasl - Type: ACT_GATHER_INFO
2002-08-29 Name: The remote language translation service has a buffer overflow vulnerability.
File: canna_overflow.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2000-03-03 Name: The remote host contains a web search engine that is affected by an informati...
File: htdig.nasl - Type: ACT_GATHER_INFO