This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 1996-07-16
Product Debian Linux Last view 2018-11-12
Version 3.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:debian:debian_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2018-11-12 CVE-2018-19200

An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.

7.8 2017-09-25 CVE-2014-8156

The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.

8.8 2016-06-16 CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

7.5 2007-02-05 CVE-2007-0454

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

1.2 2006-03-23 CVE-2006-0050

snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.

5 2006-02-18 CVE-2006-0042

Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.

5 2005-12-31 CVE-2005-4347

The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver.

5 2005-12-31 CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

10 2005-12-31 CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

5 2005-12-31 CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

6.5 2005-12-12 CVE-2005-4178

Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.

7.5 2005-10-27 CVE-2005-3323

docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.

7.5 2005-05-02 CVE-2005-0211

Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.

7.2 2005-05-02 CVE-2005-0076

Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library.

7.5 2005-04-27 CVE-2005-0206

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

4.6 2005-04-27 CVE-2005-0159

The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

7.5 2005-04-14 CVE-2004-1176

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

7.5 2005-04-14 CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

5 2005-04-14 CVE-2004-1174

direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

5 2005-04-14 CVE-2004-1093

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

5 2005-04-14 CVE-2004-1092

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.

5 2005-04-14 CVE-2004-1091

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

5 2005-04-14 CVE-2004-1090

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

5 2005-04-14 CVE-2004-1009

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

7.5 2005-04-14 CVE-2004-1005

Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

CWE : Common Weakness Enumeration

%idName
30% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20% (2) CWE-399 Resource Management Errors
10% (1) CWE-476 NULL Pointer Dereference
10% (1) CWE-264 Permissions, Privileges, and Access Controls
10% (1) CWE-189 Numeric Errors
10% (1) CWE-134 Uncontrolled Format String
10% (1) CWE-20 Improper Input Validation

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-47 Buffer Overflow via Parameter Expansion

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
44330 CUPS on Red Hat 64-bit pdftops Crafted PDF File Handling Overflow
33101 Samba VFS Plugin afsacl.so Format String
30403 Debian Linux kernel-patch-vserver chroot barrier Bypass
24032 snmptrapfmt Symlink Arbitrary File Overwrite
23124 Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
22235 Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS
22234 Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS
22233 Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function...
21847 Dropbear SSH Server svr_ses.childpidsize Remote Overflow
19951 Zope Unspecified RestructuredText Functionality Disclosure
16894 Xpdf Integer Overflow Patch 64 Bit Architecture Failure
14513 NIS ypserv ypdb_open Function Memory Consumption Remote DoS
13779 Debian toolchain-source Multiple Script Symlink Arbitrary File Overwrite
13672 XView xv_parse_one() Local Overflow
13350 cpio -O Parameter umask Permission Weakness
13319 Squid WCCP recvfrom() Function Overflow
13203 Debian pam_radius_auth.conf Local Information Disclosure
13149 Xpdf Multiple Unspecified Remote Overflows
12911 Midnight Commander Unspecified Underflow DoS
12910 Midnight Commander Insecure Filename Quoting Arbitrary Command Execution
12909 Midnight Commander Nonexistent File Descriptor Handling DoS
12908 Midnight Commander Unspecified Freed Memory DoS
12907 Midnight Commander Unspecified Unallocated Memory Issue
12906 Midnight Commander Unspecified Null Dereference DoS
12905 Midnight Commander Corrupted Selection Header DoS

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for Midnight Commander
File : nvt/sles9p5011441.nasl
2009-10-10 Name : SLES9: Security update for CUPS
File : nvt/sles9p5014529.nasl
2009-10-10 Name : SLES9: Security update for squid
File : nvt/sles9p5015273.nasl
2009-10-10 Name : SLES9: Security update for MySQL
File : nvt/sles9p5015996.nasl
2009-10-10 Name : SLES9: Security update for MySQL
File : nvt/sles9p5020865.nasl
2009-04-09 Name : Mandriva Update for samba MDKSA-2007:034 (samba)
File : nvt/gb_mandriva_MDKSA_2007_034.nasl
2009-03-23 Name : Ubuntu Update for samba vulnerabilities USN-419-1
File : nvt/gb_ubuntu_USN_419_1.nasl
2009-03-06 Name : RedHat Update for cups RHSA-2008:0206-01
File : nvt/gb_RHSA-2008_0206-01_cups.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0206 centos3 i386
File : nvt/gb_CESA-2008_0206_cups_centos3_i386.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0206 centos3 x86_64
File : nvt/gb_CESA-2008_0206_cups_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0206 centos4 i386
File : nvt/gb_CESA-2008_0206_cups_centos4_i386.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0206 centos4 x86_64
File : nvt/gb_CESA-2008_0206_cups_centos4_x86_64.nasl
2009-01-28 Name : SuSE Update for samba SUSE-SA:2007:016
File : nvt/gb_suse_2007_016.nasl
2008-10-24 Name : apcupsd overflows
File : nvt/apcupsd_overflows.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200406-10 (gallery)
File : nvt/glsa_200406_10.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200406-12 (webmin)
File : nvt/glsa_200406_12.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200406-15 (Usermin)
File : nvt/glsa_200406_15.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200406-22 (Pavuk)
File : nvt/glsa_200406_22.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200410-20 (Xpdf)
File : nvt/glsa_200410_20.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200410-22 (MySQL)
File : nvt/glsa_200410_22.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200410-30 (GPdf)
File : nvt/glsa_200410_30.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200411-19 (pavuk)
File : nvt/glsa_200411_19.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200411-20 (ez-ipupdate)
File : nvt/glsa_200411_20.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200411-30 (pdftohtml)
File : nvt/glsa_200411_30.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 portmap ypserv request UDP
RuleID : 590-community - Type : PROTOCOL-RPC - Revision : 22
2014-01-10 portmap ypserv request UDP
RuleID : 590 - Type : PROTOCOL-RPC - Revision : 22
2019-09-10 nfs-utils TCP connection termination denial-of-service attempt
RuleID : 50913 - Type : SERVER-OTHER - Revision : 1
2014-01-10 ypserv maplist request TCP
RuleID : 2034-community - Type : PROTOCOL-RPC - Revision : 13
2014-01-10 ypserv maplist request TCP
RuleID : 2034 - Type : PROTOCOL-RPC - Revision : 13
2014-01-10 ypserv maplist request UDP
RuleID : 2033-community - Type : PROTOCOL-RPC - Revision : 16
2014-01-10 ypserv maplist request UDP
RuleID : 2033 - Type : PROTOCOL-RPC - Revision : 16
2014-01-10 successful kadmind buffer overflow attempt
RuleID : 1901-community - Type : SERVER-OTHER - Revision : 16
2014-01-10 successful kadmind buffer overflow attempt
RuleID : 1901 - Type : SERVER-OTHER - Revision : 16
2014-01-10 successful kadmind buffer overflow attempt
RuleID : 1900-community - Type : SERVER-OTHER - Revision : 15
2014-01-10 successful kadmind buffer overflow attempt
RuleID : 1900 - Type : SERVER-OTHER - Revision : 15
2014-01-10 kadmind buffer overflow attempt
RuleID : 1899-community - Type : INDICATOR-SHELLCODE - Revision : 12
2014-01-10 kadmind buffer overflow attempt
RuleID : 1899 - Type : INDICATOR-SHELLCODE - Revision : 12
2014-01-10 kadmind buffer overflow attempt
RuleID : 1898-community - Type : INDICATOR-SHELLCODE - Revision : 12
2014-01-10 kadmind buffer overflow attempt
RuleID : 1898 - Type : INDICATOR-SHELLCODE - Revision : 12
2014-01-10 kadmind buffer overflow attempt
RuleID : 1897-community - Type : INDICATOR-SHELLCODE - Revision : 12
2014-01-10 kadmind buffer overflow attempt
RuleID : 1897 - Type : INDICATOR-SHELLCODE - Revision : 12
2014-01-10 kadmind buffer overflow attempt
RuleID : 1896-community - Type : INDICATOR-SHELLCODE - Revision : 12
2014-01-10 kadmind buffer overflow attempt
RuleID : 1896 - Type : INDICATOR-SHELLCODE - Revision : 12
2014-01-10 kadmind buffer overflow attempt
RuleID : 1895-community - Type : INDICATOR-SHELLCODE - Revision : 13
2014-01-10 kadmind buffer overflow attempt
RuleID : 1895 - Type : INDICATOR-SHELLCODE - Revision : 13
2014-01-10 kadmind buffer overflow attempt
RuleID : 1894-community - Type : INDICATOR-SHELLCODE - Revision : 14
2014-01-10 kadmind buffer overflow attempt
RuleID : 1894 - Type : INDICATOR-SHELLCODE - Revision : 14
2014-01-10 portmap ypserv request TCP
RuleID : 1276-community - Type : PROTOCOL-RPC - Revision : 21
2014-01-10 portmap ypserv request TCP
RuleID : 1276 - Type : PROTOCOL-RPC - Revision : 21

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4003413459.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-96b48b34ae.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a3ef0a026f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c5c72a45ea.nasl - Type: ACT_GATHER_INFO
2018-12-03 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_3563fae5f60c11e8b5135404a68ad561.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote Debian host is missing a security update.
File: debian_DLA-1581.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201705-08.nasl - Type: ACT_GATHER_INFO
2016-06-28 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-779.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security update.
File: debian_DLA-515.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3603.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0206.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-041.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2005-042.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2005-043.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-044.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-056.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080401_cups_on_SL3_x.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_9797.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_253ea131bd1211d8b07100e08110b673.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_76904dceccf311d8babb000854d03344.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_e69ba632326f11d9b5b7000854d03344.nasl - Type: ACT_GATHER_INFO
2008-11-13 Name: Authenticated users can gain elevated privileges.
File: dropbear_ssh_0_47.nasl - Type: ACT_GATHER_INFO
2008-04-04 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2008-0206.nasl - Type: ACT_GATHER_INFO