Summary
Detail | |||
---|---|---|---|
Vendor | Debian | First view | 1996-07-16 |
Product | Debian Linux | Last view | 2018-11-12 |
Version | 3.0 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:debian:debian_linux |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2018-11-12 | CVE-2018-19200 | An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. |
7.8 | 2017-09-25 | CVE-2014-8156 | The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service. |
8.8 | 2016-06-16 | CVE-2016-3062 | The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. |
7.5 | 2007-02-05 | CVE-2007-0454 | Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. |
2.6 | 2006-04-25 | CVE-2006-2016 | Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php. |
1.2 | 2006-03-23 | CVE-2006-0050 | snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file. |
5 | 2006-02-18 | CVE-2006-0042 | Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity. |
5 | 2005-12-31 | CVE-2005-4347 | The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver. |
5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
6.5 | 2005-12-12 | CVE-2005-4178 | Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations. |
7.5 | 2005-10-27 | CVE-2005-3323 | docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality. |
5 | 2005-05-19 | CVE-2005-1260 | bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). |
7.5 | 2005-05-02 | CVE-2005-0211 | Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter. |
7.2 | 2005-05-02 | CVE-2005-0076 | Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library. |
7.5 | 2005-04-27 | CVE-2005-0206 | The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. |
4.6 | 2005-04-27 | CVE-2005-0159 | The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. |
7.5 | 2005-04-14 | CVE-2004-1176 | Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
7.5 | 2005-04-14 | CVE-2004-1175 | fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. |
5 | 2005-04-14 | CVE-2004-1174 | direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." |
5 | 2005-04-14 | CVE-2004-1093 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory." |
5 | 2005-04-14 | CVE-2004-1092 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. |
5 | 2005-04-14 | CVE-2004-1091 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference. |
5 | 2005-04-14 | CVE-2004-1090 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header." |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
16% (3) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
11% (2) | CWE-787 | Out-of-bounds Write |
11% (2) | CWE-415 | Double Free |
11% (2) | CWE-399 | Resource Management Errors |
11% (2) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
5% (1) | CWE-476 | NULL Pointer Dereference |
5% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
5% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
5% (1) | CWE-189 | Numeric Errors |
5% (1) | CWE-134 | Uncontrolled Format String |
5% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
5% (1) | CWE-20 | Improper Input Validation |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-100 | Overflow Buffers |
CAPEC-123 | Buffer Attacks |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
44330 | CUPS on Red Hat 64-bit pdftops Crafted PDF File Handling Overflow |
33101 | Samba VFS Plugin afsacl.so Format String |
30403 | Debian Linux kernel-patch-vserver chroot barrier Bypass |
24794 | phpLDAPadmin template_engine.php Multiple Parameter XSS |
24793 | phpLDAPadmin search.php scope Parameter XSS |
24792 | phpLDAPadmin delete_form.php dn Parameter XSS |
24790 | phpLDAPadmin rename_form.php dn Parameter XSS |
24789 | phpLDAPadmin copy_form.php dn Parameter XSS |
24788 | phpLDAPadmin compare_form.php dn Parameter XSS |
24032 | snmptrapfmt Symlink Arbitrary File Overwrite |
23124 | Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS |
22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
21847 | Dropbear SSH Server svr_ses.childpidsize Remote Overflow |
19951 | Zope Unspecified RestructuredText Functionality Disclosure |
16894 | Xpdf Integer Overflow Patch 64 Bit Architecture Failure |
16767 | bzip2 Malformed Archive Decompression DoS |
14513 | NIS ypserv ypdb_open Function Memory Consumption Remote DoS |
13779 | Debian toolchain-source Multiple Script Symlink Arbitrary File Overwrite |
13672 | XView xv_parse_one() Local Overflow |
13350 | cpio -O Parameter umask Permission Weakness |
13319 | Squid WCCP recvfrom() Function Overflow |
13203 | Debian pam_radius_auth.conf Local Information Disclosure |
13149 | Xpdf Multiple Unspecified Remote Overflows |
OpenVAS Exploits
id | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for bzip2 File : nvt/sles9p5010943.nasl |
2009-10-10 | Name : SLES9: Security update for Midnight Commander File : nvt/sles9p5011441.nasl |
2009-10-10 | Name : SLES9: Security update for CUPS File : nvt/sles9p5014529.nasl |
2009-10-10 | Name : SLES9: Security update for squid File : nvt/sles9p5015273.nasl |
2009-10-10 | Name : SLES9: Security update for MySQL File : nvt/sles9p5015996.nasl |
2009-10-10 | Name : SLES9: Security update for MySQL File : nvt/sles9p5020865.nasl |
2009-04-09 | Name : Mandriva Update for samba MDKSA-2007:034 (samba) File : nvt/gb_mandriva_MDKSA_2007_034.nasl |
2009-03-23 | Name : Ubuntu Update for samba vulnerabilities USN-419-1 File : nvt/gb_ubuntu_USN_419_1.nasl |
2009-03-06 | Name : RedHat Update for cups RHSA-2008:0206-01 File : nvt/gb_RHSA-2008_0206-01_cups.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos3 i386 File : nvt/gb_CESA-2008_0206_cups_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos3 x86_64 File : nvt/gb_CESA-2008_0206_cups_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos4 i386 File : nvt/gb_CESA-2008_0206_cups_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos4 x86_64 File : nvt/gb_CESA-2008_0206_cups_centos4_x86_64.nasl |
2009-01-28 | Name : SuSE Update for samba SUSE-SA:2007:016 File : nvt/gb_suse_2007_016.nasl |
2008-10-24 | Name : apcupsd overflows File : nvt/apcupsd_overflows.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200405-13 (neon) File : nvt/glsa_200405_13.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200405-15 (cadaver) File : nvt/glsa_200405_15.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200405-23 (Heimdal) File : nvt/glsa_200405_23.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-10 (gallery) File : nvt/glsa_200406_10.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-12 (webmin) File : nvt/glsa_200406_12.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-15 (Usermin) File : nvt/glsa_200406_15.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-22 (Pavuk) File : nvt/glsa_200406_22.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-09 (mit-krb5) File : nvt/glsa_200409_09.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200410-20 (Xpdf) File : nvt/glsa_200410_20.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | portmap ypserv request UDP RuleID : 590-community - Type : PROTOCOL-RPC - Revision : 22 |
2014-01-10 | portmap ypserv request UDP RuleID : 590 - Type : PROTOCOL-RPC - Revision : 22 |
2019-09-10 | nfs-utils TCP connection termination denial-of-service attempt RuleID : 50913 - Type : SERVER-OTHER - Revision : 1 |
2014-01-10 | ypserv maplist request TCP RuleID : 2034-community - Type : PROTOCOL-RPC - Revision : 13 |
2014-01-10 | ypserv maplist request TCP RuleID : 2034 - Type : PROTOCOL-RPC - Revision : 13 |
2014-01-10 | ypserv maplist request UDP RuleID : 2033-community - Type : PROTOCOL-RPC - Revision : 16 |
2014-01-10 | ypserv maplist request UDP RuleID : 2033 - Type : PROTOCOL-RPC - Revision : 16 |
2014-01-10 | successful kadmind buffer overflow attempt RuleID : 1901-community - Type : SERVER-OTHER - Revision : 16 |
2014-01-10 | successful kadmind buffer overflow attempt RuleID : 1901 - Type : SERVER-OTHER - Revision : 16 |
2014-01-10 | successful kadmind buffer overflow attempt RuleID : 1900-community - Type : SERVER-OTHER - Revision : 15 |
2014-01-10 | successful kadmind buffer overflow attempt RuleID : 1900 - Type : SERVER-OTHER - Revision : 15 |
2014-01-10 | kadmind buffer overflow attempt RuleID : 1899-community - Type : INDICATOR-SHELLCODE - Revision : 12 |
2014-01-10 | kadmind buffer overflow attempt RuleID : 1899 - Type : INDICATOR-SHELLCODE - Revision : 12 |
2014-01-10 | kadmind buffer overflow attempt RuleID : 1898-community - Type : INDICATOR-SHELLCODE - Revision : 12 |
2014-01-10 | kadmind buffer overflow attempt RuleID : 1898 - Type : INDICATOR-SHELLCODE - Revision : 12 |
2014-01-10 | kadmind buffer overflow attempt RuleID : 1897-community - Type : INDICATOR-SHELLCODE - Revision : 12 |
2014-01-10 | kadmind buffer overflow attempt RuleID : 1897 - Type : INDICATOR-SHELLCODE - Revision : 12 |
2014-01-10 | kadmind buffer overflow attempt RuleID : 1896-community - Type : INDICATOR-SHELLCODE - Revision : 12 |
2014-01-10 | kadmind buffer overflow attempt RuleID : 1896 - Type : INDICATOR-SHELLCODE - Revision : 12 |
2014-01-10 | kadmind buffer overflow attempt RuleID : 1895-community - Type : INDICATOR-SHELLCODE - Revision : 13 |
2014-01-10 | kadmind buffer overflow attempt RuleID : 1895 - Type : INDICATOR-SHELLCODE - Revision : 13 |
2014-01-10 | kadmind buffer overflow attempt RuleID : 1894-community - Type : INDICATOR-SHELLCODE - Revision : 14 |
2014-01-10 | kadmind buffer overflow attempt RuleID : 1894 - Type : INDICATOR-SHELLCODE - Revision : 14 |
2014-01-10 | portmap ypserv request TCP RuleID : 1276-community - Type : PROTOCOL-RPC - Revision : 21 |
2014-01-10 | portmap ypserv request TCP RuleID : 1276 - Type : PROTOCOL-RPC - Revision : 21 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4003413459.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-96b48b34ae.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-a3ef0a026f.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-c5c72a45ea.nasl - Type: ACT_GATHER_INFO |
2018-12-03 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_3563fae5f60c11e8b5135404a68ad561.nasl - Type: ACT_GATHER_INFO |
2018-11-21 | Name: The remote Debian host is missing a security update. File: debian_DLA-1581.nasl - Type: ACT_GATHER_INFO |
2017-05-10 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201705-08.nasl - Type: ACT_GATHER_INFO |
2016-06-28 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-779.nasl - Type: ACT_GATHER_INFO |
2016-06-15 | Name: The remote Debian host is missing a security update. File: debian_DLA-515.nasl - Type: ACT_GATHER_INFO |
2016-06-15 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3603.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0206.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-041.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2005-042.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2005-043.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-044.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-056.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20080401_cups_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_10057.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9797.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_253ea131bd1211d8b07100e08110b673.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_446dbecb9edc11d893660020ed76ef5a.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_76904dceccf311d8babb000854d03344.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_86a98b57fb8e11d89343000a95bc6fae.nasl - Type: ACT_GATHER_INFO |