This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 1994-12-19
Product Debian Linux Last view 2018-11-12
Version 2.2 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:debian:debian_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2018-11-12 CVE-2018-19200

An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.

7.8 2017-09-25 CVE-2014-8156

The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.

8.8 2016-06-16 CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

2.1 2003-07-02 CVE-2003-0367

znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6 2003-06-09 CVE-2003-0358

Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.

10 2003-03-03 CVE-2003-0098

Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.

5 2002-11-04 CVE-2002-1232

Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.

7.2 2002-05-16 CVE-2002-0184

Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.

3.6 2002-01-31 CVE-2002-0044

GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.

7.2 2001-12-31 CVE-2001-1561

Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments.

6.4 2001-12-06 CVE-2001-0834

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

5 2001-10-18 CVE-2001-0738

LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.

5 2001-07-16 CVE-2001-0977

slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.

3.6 2001-07-02 CVE-2001-0430

Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.

7.5 2001-06-27 CVE-2001-0458

Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.

5 2001-06-27 CVE-2001-0457

man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).

7.5 2001-06-27 CVE-2001-0456

postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.

7.5 2001-06-27 CVE-2001-0441

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

1.2 2001-05-03 CVE-2001-1331

mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.

7.2 2001-05-03 CVE-2001-0279

Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.

7.2 2001-05-03 CVE-2001-0193

Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.

2.1 2001-03-26 CVE-2001-0235

Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.

10 2001-03-26 CVE-2001-0233

Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.

2.1 2001-03-26 CVE-2001-0195

sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.

1.2 2001-03-12 CVE-2001-0139

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

CWE : Common Weakness Enumeration

%idName
22% (2) CWE-264 Permissions, Privileges, and Access Controls
11% (1) CWE-787 Out-of-bounds Write
11% (1) CWE-476 NULL Pointer Dereference
11% (1) CWE-399 Resource Management Errors
11% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
11% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
11% (1) CWE-20 Improper Input Validation

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-58 Restful Privilege Elevation
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
20355 Debian Linux xvt Multiple Argument Local Overflow
14794 Multiple Unix Vendor locale subsystem Multiple Function Format String
14513 NIS ypserv ypdb_open Function Memory Consumption Remote DoS
13877 slrn News Reader Long Message Header Multiple Function Overflow
12029 Kanji on Console (KON) kon -StartupMessage Parameter Local Overflow
12020 Falcon's Eye falconseye -s Option Local Overflow
12019 nethack -s Option Local Overflow
11795 man-db mandb Command Line Option Arbitrary File Overwrite
11526 Linux Console (KON) kon Overflow
11524 Kanji on Console (KON) fld Input File Overflow
10748 APC apcupsd Slave Server Request Format String
10381 ePerl Multiple Unspecified Remote/Local Overflows
10364 Linux splitvt Multiple Input Validation Local Privilege Escalation
9697 Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
9696 Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
7591 ht://Dig (htdig) htsearch.cgi Write Permission Arbitrary File Access
7550 cron MAILTO Overflow Privilege Escalation
7306 Red Hat Linux rpc.lockd Malformed Request DoS
7304 CUPS CGI Form POST DoS
7303 CUPS Request File Deletion DoS
7302 CUPS Invalid Username Authentication Remote DoS
7208 Debian fshd Symlink Arbitrary Command Execution
7171 Debian sash /etc/shadow Content Disclosure
7166 ProFTPD SIZE Command Memory Leak DoS
7165 ProFTPD USER Command Memory Leak DoS

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2011-09-09 Name : Nfs-utils rpc.statd Multiple Remote Format String Vulnerabilities
File : nvt/secpod_nfs_rpc_statd_mult_format_string_vuln.nasl
2008-10-24 Name : apcupsd overflows
File : nvt/apcupsd_overflows.nasl
2008-01-17 Name : Debian Security Advisory DSA 046-1 (exuberant-ctags)
File : nvt/deb_046_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 350-1 (falconseye)
File : nvt/deb_350_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 316-1 (nethack)
File : nvt/deb_316_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 308-1 (gzip)
File : nvt/deb_308_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 277-1 (apcupsd)
File : nvt/deb_277_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 195-1 (apache-perl)
File : nvt/deb_195_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 188-1 (apache-ssl)
File : nvt/deb_188_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 187-1 (apache)
File : nvt/deb_187_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 180-1 (nis)
File : nvt/deb_180_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 128-1 (sudo)
File : nvt/deb_128_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 105-1 (enscript)
File : nvt/deb_105_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 082-1 (xvt)
File : nvt/deb_082_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 080-1 (htdig)
File : nvt/deb_080_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 068-1 (openldap)
File : nvt/deb_068_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 056-1 (man-db)
File : nvt/deb_056_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 040-1 (slrn)
File : nvt/deb_040_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 035-1 (man2html)
File : nvt/deb_035_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 034-1 (ePerl)
File : nvt/deb_034_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 032-1 (proftpd)
File : nvt/deb_032_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 031-1 (sudo)
File : nvt/deb_031_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 029-1 (proftpd)
File : nvt/deb_029_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 028-1 (man-db)
File : nvt/deb_028_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 024-1 (cron)
File : nvt/deb_024_1.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 portmap ypserv request UDP
RuleID : 590-community - Type : PROTOCOL-RPC - Revision : 22
2014-01-10 portmap ypserv request UDP
RuleID : 590 - Type : PROTOCOL-RPC - Revision : 22
2014-01-10 portmap nlockmgr request TCP
RuleID : 2080-community - Type : PROTOCOL-RPC - Revision : 13
2014-01-10 portmap nlockmgr request TCP
RuleID : 2080 - Type : PROTOCOL-RPC - Revision : 13
2014-01-10 portmap nlockmgr request UDP
RuleID : 2079-community - Type : PROTOCOL-RPC - Revision : 15
2014-01-10 portmap nlockmgr request UDP
RuleID : 2079 - Type : PROTOCOL-RPC - Revision : 15
2014-01-10 ypserv maplist request TCP
RuleID : 2034-community - Type : PROTOCOL-RPC - Revision : 13
2014-01-10 ypserv maplist request TCP
RuleID : 2034 - Type : PROTOCOL-RPC - Revision : 13
2014-01-10 ypserv maplist request UDP
RuleID : 2033-community - Type : PROTOCOL-RPC - Revision : 16
2014-01-10 ypserv maplist request UDP
RuleID : 2033 - Type : PROTOCOL-RPC - Revision : 16
2014-01-10 STATD TCP monitor mon_name format string exploit attempt
RuleID : 1916-community - Type : PROTOCOL-RPC - Revision : 17
2014-01-10 STATD TCP monitor mon_name format string exploit attempt
RuleID : 1916 - Type : PROTOCOL-RPC - Revision : 17
2014-01-10 STATD UDP monitor mon_name format string exploit attempt
RuleID : 1915-community - Type : PROTOCOL-RPC - Revision : 19
2014-01-10 STATD UDP monitor mon_name format string exploit attempt
RuleID : 1915 - Type : PROTOCOL-RPC - Revision : 19
2014-01-10 STATD TCP stat mon_name format string exploit attempt
RuleID : 1914-community - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 STATD TCP stat mon_name format string exploit attempt
RuleID : 1914 - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 STATD UDP stat mon_name format string exploit attempt
RuleID : 1913-community - Type : PROTOCOL-RPC - Revision : 20
2014-01-10 STATD UDP stat mon_name format string exploit attempt
RuleID : 1913 - Type : PROTOCOL-RPC - Revision : 20
2014-01-10 status GHBN format string attack
RuleID : 1891-community - Type : PROTOCOL-RPC - Revision : 17
2014-01-10 status GHBN format string attack
RuleID : 1891 - Type : PROTOCOL-RPC - Revision : 17
2014-01-10 status GHBN format string attack
RuleID : 1890-community - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 status GHBN format string attack
RuleID : 1890 - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 htsearch arbitrary configuration file attempt
RuleID : 1600-community - Type : SERVER-WEBAPP - Revision : 19
2014-01-10 htsearch arbitrary configuration file attempt
RuleID : 1600 - Type : SERVER-WEBAPP - Revision : 19
2014-01-10 SalesLogix Eviewer access
RuleID : 1588-community - Type : SERVER-WEBAPP - Revision : 16

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c5c72a45ea.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a3ef0a026f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-96b48b34ae.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4003413459.nasl - Type: ACT_GATHER_INFO
2018-12-03 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_3563fae5f60c11e8b5135404a68ad561.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote Debian host is missing a security update.
File: debian_DLA-1581.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201705-08.nasl - Type: ACT_GATHER_INFO
2016-06-28 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-779.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security update.
File: debian_DLA-515.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3603.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2000-021.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2001-028.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2001-027.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2001-024.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2001-021.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2001-015.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2001-010.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2001-001.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2000-086.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2000-067.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2000-002.nasl - Type: ACT_GATHER_INFO
2004-12-07 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2004-142.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-028.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-046.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-040.nasl - Type: ACT_GATHER_INFO