This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 2000-07-16
Product Debian Linux Last view 2018-11-12
Version 2.2 Type Os
Update *  
Edition alpha  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:debian:debian_linux

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2018-11-12 CVE-2018-19200

An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.

7.8 2017-09-25 CVE-2014-8156

The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.

8.8 2016-06-16 CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

4.9 2002-12-31 CVE-2002-2185

The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.

5 2002-11-04 CVE-2002-1232

Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.

5 2002-10-04 CVE-2002-0912

in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow.

7.2 2002-03-08 CVE-2002-0062

Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."

7.2 2002-02-27 CVE-2002-0004

Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.

3.6 2001-07-02 CVE-2001-0430

Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.

7.5 2001-06-27 CVE-2001-0441

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

7.2 2001-05-03 CVE-2001-0193

Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.

1.2 2001-03-12 CVE-2001-0139

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

1.2 2001-03-12 CVE-2001-0138

privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.

7.2 2001-03-12 CVE-2001-0112

Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands.

7.2 2001-03-12 CVE-2001-0111

Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument.

2.1 2001-02-12 CVE-2001-0069

dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack.

10 2000-07-16 CVE-2000-0666

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-476 NULL Pointer Dereference
33% (1) CWE-264 Permissions, Privileges, and Access Controls
33% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

id Description
22509 IGMP Spoofed Membership Report DoS
14513 NIS ypserv ypdb_open Function Memory Consumption Remote DoS
14455 Debian Linux in.uucpd Long String DoS
13877 slrn News Reader Long Message Header Multiple Function Overflow
10364 Linux splitvt Multiple Input Validation Local Privilege Escalation
5642 Exuberant Ctags Insecure Temporary File Creation
5389 ncurses Cursor/Scrolling Routine Overflow
2028 at Malformed Execution Time Overflow
1756 Linux man -l Format String
1729 Linux splitvt -rcfile Argument Format String
1717 INN /tmp Symlink Arbitrary File Overwrite
1716 WU-FTPD privatepw Symlink Arbitrary File Overwrite
1701 dialog /tmp File Race Condition
443 Linux nfs-utils rpc.statd Remote Format String

OpenVAS Exploits

id Description
2011-09-09 Name : Nfs-utils rpc.statd Multiple Remote Format String Vulnerabilities
File : nvt/secpod_nfs_rpc_statd_mult_format_string_vuln.nasl
2008-01-17 Name : Debian Security Advisory DSA 014-1 (splitvt)
File : nvt/deb_014_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 016-1 (wu-ftpd)
File : nvt/deb_016_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 028-1 (man-db)
File : nvt/deb_028_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 040-1 (slrn)
File : nvt/deb_040_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 046-1 (exuberant-ctags)
File : nvt/deb_046_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 102-1 (at)
File : nvt/deb_102_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 102-2 (at)
File : nvt/deb_102_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 113-1 (ncurses)
File : nvt/deb_113_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 129-1 (uucp)
File : nvt/deb_129_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 180-1 (nis)
File : nvt/deb_180_1.nasl

Snort® IPS/IDS

Date Description
2014-01-10 portmap ypserv request UDP
RuleID : 590-community - Type : PROTOCOL-RPC - Revision : 22
2014-01-10 portmap ypserv request UDP
RuleID : 590 - Type : PROTOCOL-RPC - Revision : 22
2014-01-10 ypserv maplist request TCP
RuleID : 2034-community - Type : PROTOCOL-RPC - Revision : 13
2014-01-10 ypserv maplist request TCP
RuleID : 2034 - Type : PROTOCOL-RPC - Revision : 13
2014-01-10 ypserv maplist request UDP
RuleID : 2033-community - Type : PROTOCOL-RPC - Revision : 16
2014-01-10 ypserv maplist request UDP
RuleID : 2033 - Type : PROTOCOL-RPC - Revision : 16
2014-01-10 STATD TCP monitor mon_name format string exploit attempt
RuleID : 1916-community - Type : PROTOCOL-RPC - Revision : 17
2014-01-10 STATD TCP monitor mon_name format string exploit attempt
RuleID : 1916 - Type : PROTOCOL-RPC - Revision : 17
2014-01-10 STATD UDP monitor mon_name format string exploit attempt
RuleID : 1915-community - Type : PROTOCOL-RPC - Revision : 19
2014-01-10 STATD UDP monitor mon_name format string exploit attempt
RuleID : 1915 - Type : PROTOCOL-RPC - Revision : 19
2014-01-10 STATD TCP stat mon_name format string exploit attempt
RuleID : 1914-community - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 STATD TCP stat mon_name format string exploit attempt
RuleID : 1914 - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 STATD UDP stat mon_name format string exploit attempt
RuleID : 1913-community - Type : PROTOCOL-RPC - Revision : 20
2014-01-10 STATD UDP stat mon_name format string exploit attempt
RuleID : 1913 - Type : PROTOCOL-RPC - Revision : 20
2014-01-10 status GHBN format string attack
RuleID : 1891-community - Type : PROTOCOL-RPC - Revision : 17
2014-01-10 status GHBN format string attack
RuleID : 1891 - Type : PROTOCOL-RPC - Revision : 17
2014-01-10 status GHBN format string attack
RuleID : 1890-community - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 status GHBN format string attack
RuleID : 1890 - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 portmap ypserv request TCP
RuleID : 1276-community - Type : PROTOCOL-RPC - Revision : 21
2014-01-10 portmap ypserv request TCP
RuleID : 1276 - Type : PROTOCOL-RPC - Revision : 21

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c5c72a45ea.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a3ef0a026f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-96b48b34ae.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4003413459.nasl - Type: ACT_GATHER_INFO
2018-12-03 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_3563fae5f60c11e8b5135404a68ad561.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote Debian host is missing a security update.
File: debian_DLA-1581.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201705-08.nasl - Type: ACT_GATHER_INFO
2016-06-28 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-779.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3603.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security update.
File: debian_DLA-515.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2000-021.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2001-001.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2001-010.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2001-028.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2006-0101.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2006-0140.nasl - Type: ACT_GATHER_INFO
2006-02-05 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2006-0191.nasl - Type: ACT_GATHER_INFO
2006-01-20 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2006-0140.nasl - Type: ACT_GATHER_INFO
2006-01-17 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2006-0101.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-180.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-014.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-016.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-028.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-040.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-046.nasl - Type: ACT_GATHER_INFO