This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 1996-07-16
Product Debian Linux Last view 2018-11-12
Version 3.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:debian:debian_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2018-11-12 CVE-2018-19200

An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.

7.8 2017-09-25 CVE-2014-8156

The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.

8.8 2016-06-16 CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

7.5 2007-02-05 CVE-2007-0454

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

2.6 2006-04-25 CVE-2006-2016

Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.

1.2 2006-03-23 CVE-2006-0050

snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.

5 2006-02-18 CVE-2006-0042

Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.

5 2005-12-31 CVE-2005-4347

The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver.

5 2005-12-31 CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

10 2005-12-31 CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

5 2005-12-31 CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

6.5 2005-12-12 CVE-2005-4178

Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.

7.5 2005-10-27 CVE-2005-3323

docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.

5 2005-05-19 CVE-2005-1260

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

7.5 2005-05-02 CVE-2005-0211

Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.

7.2 2005-05-02 CVE-2005-0076

Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library.

7.5 2005-04-27 CVE-2005-0206

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

4.6 2005-04-27 CVE-2005-0159

The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

7.5 2005-04-14 CVE-2004-1176

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

7.5 2005-04-14 CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

5 2005-04-14 CVE-2004-1174

direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

5 2005-04-14 CVE-2004-1093

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

5 2005-04-14 CVE-2004-1092

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.

5 2005-04-14 CVE-2004-1091

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

5 2005-04-14 CVE-2004-1090

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

CWE : Common Weakness Enumeration

%idName
16% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (2) CWE-787 Out-of-bounds Write
11% (2) CWE-415 Double Free
11% (2) CWE-399 Resource Management Errors
11% (2) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
5% (1) CWE-476 NULL Pointer Dereference
5% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
5% (1) CWE-264 Permissions, Privileges, and Access Controls
5% (1) CWE-189 Numeric Errors
5% (1) CWE-134 Uncontrolled Format String
5% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
5% (1) CWE-20 Improper Input Validation

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
44330 CUPS on Red Hat 64-bit pdftops Crafted PDF File Handling Overflow
33101 Samba VFS Plugin afsacl.so Format String
30403 Debian Linux kernel-patch-vserver chroot barrier Bypass
24794 phpLDAPadmin template_engine.php Multiple Parameter XSS
24793 phpLDAPadmin search.php scope Parameter XSS
24792 phpLDAPadmin delete_form.php dn Parameter XSS
24790 phpLDAPadmin rename_form.php dn Parameter XSS
24789 phpLDAPadmin copy_form.php dn Parameter XSS
24788 phpLDAPadmin compare_form.php dn Parameter XSS
24032 snmptrapfmt Symlink Arbitrary File Overwrite
23124 Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
22235 Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS
22234 Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS
22233 Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function...
21847 Dropbear SSH Server svr_ses.childpidsize Remote Overflow
19951 Zope Unspecified RestructuredText Functionality Disclosure
16894 Xpdf Integer Overflow Patch 64 Bit Architecture Failure
16767 bzip2 Malformed Archive Decompression DoS
14513 NIS ypserv ypdb_open Function Memory Consumption Remote DoS
13779 Debian toolchain-source Multiple Script Symlink Arbitrary File Overwrite
13672 XView xv_parse_one() Local Overflow
13350 cpio -O Parameter umask Permission Weakness
13319 Squid WCCP recvfrom() Function Overflow
13203 Debian pam_radius_auth.conf Local Information Disclosure
13149 Xpdf Multiple Unspecified Remote Overflows

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for bzip2
File : nvt/sles9p5010943.nasl
2009-10-10 Name : SLES9: Security update for Midnight Commander
File : nvt/sles9p5011441.nasl
2009-10-10 Name : SLES9: Security update for CUPS
File : nvt/sles9p5014529.nasl
2009-10-10 Name : SLES9: Security update for squid
File : nvt/sles9p5015273.nasl
2009-10-10 Name : SLES9: Security update for MySQL
File : nvt/sles9p5015996.nasl
2009-10-10 Name : SLES9: Security update for MySQL
File : nvt/sles9p5020865.nasl
2009-04-09 Name : Mandriva Update for samba MDKSA-2007:034 (samba)
File : nvt/gb_mandriva_MDKSA_2007_034.nasl
2009-03-23 Name : Ubuntu Update for samba vulnerabilities USN-419-1
File : nvt/gb_ubuntu_USN_419_1.nasl
2009-03-06 Name : RedHat Update for cups RHSA-2008:0206-01
File : nvt/gb_RHSA-2008_0206-01_cups.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0206 centos3 i386
File : nvt/gb_CESA-2008_0206_cups_centos3_i386.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0206 centos3 x86_64
File : nvt/gb_CESA-2008_0206_cups_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0206 centos4 i386
File : nvt/gb_CESA-2008_0206_cups_centos4_i386.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0206 centos4 x86_64
File : nvt/gb_CESA-2008_0206_cups_centos4_x86_64.nasl
2009-01-28 Name : SuSE Update for samba SUSE-SA:2007:016
File : nvt/gb_suse_2007_016.nasl
2008-10-24 Name : apcupsd overflows
File : nvt/apcupsd_overflows.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200405-13 (neon)
File : nvt/glsa_200405_13.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200405-15 (cadaver)
File : nvt/glsa_200405_15.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200405-23 (Heimdal)
File : nvt/glsa_200405_23.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200406-10 (gallery)
File : nvt/glsa_200406_10.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200406-12 (webmin)
File : nvt/glsa_200406_12.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200406-15 (Usermin)
File : nvt/glsa_200406_15.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200406-22 (Pavuk)
File : nvt/glsa_200406_22.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200409-09 (mit-krb5)
File : nvt/glsa_200409_09.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200410-20 (Xpdf)
File : nvt/glsa_200410_20.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 portmap ypserv request UDP
RuleID : 590-community - Type : PROTOCOL-RPC - Revision : 22
2014-01-10 portmap ypserv request UDP
RuleID : 590 - Type : PROTOCOL-RPC - Revision : 22
2019-09-10 nfs-utils TCP connection termination denial-of-service attempt
RuleID : 50913 - Type : SERVER-OTHER - Revision : 1
2014-01-10 ypserv maplist request TCP
RuleID : 2034-community - Type : PROTOCOL-RPC - Revision : 13
2014-01-10 ypserv maplist request TCP
RuleID : 2034 - Type : PROTOCOL-RPC - Revision : 13
2014-01-10 ypserv maplist request UDP
RuleID : 2033-community - Type : PROTOCOL-RPC - Revision : 16
2014-01-10 ypserv maplist request UDP
RuleID : 2033 - Type : PROTOCOL-RPC - Revision : 16
2014-01-10 successful kadmind buffer overflow attempt
RuleID : 1901-community - Type : SERVER-OTHER - Revision : 16
2014-01-10 successful kadmind buffer overflow attempt
RuleID : 1901 - Type : SERVER-OTHER - Revision : 16
2014-01-10 successful kadmind buffer overflow attempt
RuleID : 1900-community - Type : SERVER-OTHER - Revision : 15
2014-01-10 successful kadmind buffer overflow attempt
RuleID : 1900 - Type : SERVER-OTHER - Revision : 15
2014-01-10 kadmind buffer overflow attempt
RuleID : 1899-community - Type : INDICATOR-SHELLCODE - Revision : 12
2014-01-10 kadmind buffer overflow attempt
RuleID : 1899 - Type : INDICATOR-SHELLCODE - Revision : 12
2014-01-10 kadmind buffer overflow attempt
RuleID : 1898-community - Type : INDICATOR-SHELLCODE - Revision : 12
2014-01-10 kadmind buffer overflow attempt
RuleID : 1898 - Type : INDICATOR-SHELLCODE - Revision : 12
2014-01-10 kadmind buffer overflow attempt
RuleID : 1897-community - Type : INDICATOR-SHELLCODE - Revision : 12
2014-01-10 kadmind buffer overflow attempt
RuleID : 1897 - Type : INDICATOR-SHELLCODE - Revision : 12
2014-01-10 kadmind buffer overflow attempt
RuleID : 1896-community - Type : INDICATOR-SHELLCODE - Revision : 12
2014-01-10 kadmind buffer overflow attempt
RuleID : 1896 - Type : INDICATOR-SHELLCODE - Revision : 12
2014-01-10 kadmind buffer overflow attempt
RuleID : 1895-community - Type : INDICATOR-SHELLCODE - Revision : 13
2014-01-10 kadmind buffer overflow attempt
RuleID : 1895 - Type : INDICATOR-SHELLCODE - Revision : 13
2014-01-10 kadmind buffer overflow attempt
RuleID : 1894-community - Type : INDICATOR-SHELLCODE - Revision : 14
2014-01-10 kadmind buffer overflow attempt
RuleID : 1894 - Type : INDICATOR-SHELLCODE - Revision : 14
2014-01-10 portmap ypserv request TCP
RuleID : 1276-community - Type : PROTOCOL-RPC - Revision : 21
2014-01-10 portmap ypserv request TCP
RuleID : 1276 - Type : PROTOCOL-RPC - Revision : 21

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4003413459.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-96b48b34ae.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a3ef0a026f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c5c72a45ea.nasl - Type: ACT_GATHER_INFO
2018-12-03 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_3563fae5f60c11e8b5135404a68ad561.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote Debian host is missing a security update.
File: debian_DLA-1581.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201705-08.nasl - Type: ACT_GATHER_INFO
2016-06-28 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-779.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security update.
File: debian_DLA-515.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3603.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0206.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-041.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2005-042.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2005-043.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-044.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-056.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080401_cups_on_SL3_x.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_10057.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_9797.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_253ea131bd1211d8b07100e08110b673.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_446dbecb9edc11d893660020ed76ef5a.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_76904dceccf311d8babb000854d03344.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_86a98b57fb8e11d89343000a95bc6fae.nasl - Type: ACT_GATHER_INFO