Summary
Detail | |||
---|---|---|---|
Vendor | Debian | First view | 2001-07-02 |
Product | Debian Linux | Last view | 2018-11-12 |
Version | 3.0 | Type | Os |
Update | * | ||
Edition | alpha | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:debian:debian_linux |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2018-11-12 | CVE-2018-19200 | An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. |
7.8 | 2017-09-25 | CVE-2014-8156 | The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service. |
8.8 | 2016-06-16 | CVE-2016-3062 | The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. |
7.5 | 2007-02-05 | CVE-2007-0454 | Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. |
1.2 | 2006-03-23 | CVE-2006-0050 | snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file. |
5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
7.5 | 2005-05-02 | CVE-2005-0005 | Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers. |
7.5 | 2005-04-27 | CVE-2005-0206 | The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. |
4.6 | 2005-04-27 | CVE-2005-0159 | The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. |
4.6 | 2005-04-14 | CVE-2005-0004 | The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. |
7.5 | 2005-04-14 | CVE-2004-1176 | Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
7.5 | 2005-04-14 | CVE-2004-1175 | fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. |
5 | 2005-04-14 | CVE-2004-1174 | direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." |
5 | 2005-04-14 | CVE-2004-1093 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory." |
5 | 2005-04-14 | CVE-2004-1092 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. |
5 | 2005-04-14 | CVE-2004-1091 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference. |
5 | 2005-04-14 | CVE-2004-1090 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header." |
5 | 2005-04-14 | CVE-2004-1009 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. |
7.5 | 2005-04-14 | CVE-2004-1005 | Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. |
7.5 | 2005-04-14 | CVE-2004-1004 | Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. |
10 | 2005-03-01 | CVE-2004-1052 | Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters. |
7.2 | 2005-03-01 | CVE-2004-1051 | sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. |
7.5 | 2005-03-01 | CVE-2004-0986 | Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
28% (2) | CWE-399 | Resource Management Errors |
14% (1) | CWE-476 | NULL Pointer Dereference |
14% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
14% (1) | CWE-189 | Numeric Errors |
14% (1) | CWE-134 | Uncontrolled Format String |
14% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
44330 | CUPS on Red Hat 64-bit pdftops Crafted PDF File Handling Overflow |
33101 | Samba VFS Plugin afsacl.so Format String |
24032 | snmptrapfmt Symlink Arbitrary File Overwrite |
22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
16894 | Xpdf Integer Overflow Patch 64 Bit Architecture Failure |
14513 | NIS ypserv ypdb_open Function Memory Consumption Remote DoS |
13779 | Debian toolchain-source Multiple Script Symlink Arbitrary File Overwrite |
13203 | Debian pam_radius_auth.conf Local Information Disclosure |
13149 | Xpdf Multiple Unspecified Remote Overflows |
13028 | ImageMagick PSD Image Decoding Module Overflow |
13013 | MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation |
12911 | Midnight Commander Unspecified Underflow DoS |
12910 | Midnight Commander Insecure Filename Quoting Arbitrary Command Execution |
12909 | Midnight Commander Nonexistent File Descriptor Handling DoS |
12908 | Midnight Commander Unspecified Freed Memory DoS |
12907 | Midnight Commander Unspecified Unallocated Memory Issue |
12906 | Midnight Commander Unspecified Null Dereference DoS |
12905 | Midnight Commander Corrupted Selection Header DoS |
12904 | Midnight Commander Unspecified Infinite Loop DoS |
12903 | Midnight Commander Multiple Unspecified Overflows |
12902 | Midnight Commander Multiple Unspecified Format Strings |
12512 | KDE Konqueror Restricted Class Access Java Sandbox Bypass |
12383 | Ethereal Malformed SMB Packet DoS |
OpenVAS Exploits
id | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for ethereal File : nvt/sles9p5010966.nasl |
2009-10-10 | Name : SLES9: Security update for Midnight Commander File : nvt/sles9p5011441.nasl |
2009-10-10 | Name : SLES9: Security update for kdelibs3 File : nvt/sles9p5011912.nasl |
2009-10-10 | Name : SLES9: Security update for CUPS File : nvt/sles9p5014529.nasl |
2009-10-10 | Name : SLES9: Security update for ethereal File : nvt/sles9p5016846.nasl |
2009-06-03 | Name : Solaris Update for Perl 119449-01 File : nvt/gb_solaris_119449_01.nasl |
2009-06-03 | Name : Solaris Update for Perl 119450-01 File : nvt/gb_solaris_119450_01.nasl |
2009-06-03 | Name : Solaris Update for S9 perl 5.005_03`s CGI.pm and Safe.pm modules 121996-01 File : nvt/gb_solaris_121996_01.nasl |
2009-06-03 | Name : Solaris Update for S9 perl 5.005_03`s CGI.pm and Safe.pm modules 121997-02 File : nvt/gb_solaris_121997_02.nasl |
2009-06-03 | Name : Solaris Update for perl 122091-01 File : nvt/gb_solaris_122091_01.nasl |
2009-06-03 | Name : Solaris Update for perl 122092-01 File : nvt/gb_solaris_122092_01.nasl |
2009-04-09 | Name : Mandriva Update for samba MDKSA-2007:034 (samba) File : nvt/gb_mandriva_MDKSA_2007_034.nasl |
2009-03-23 | Name : Ubuntu Update for samba vulnerabilities USN-419-1 File : nvt/gb_ubuntu_USN_419_1.nasl |
2009-03-06 | Name : RedHat Update for cups RHSA-2008:0206-01 File : nvt/gb_RHSA-2008_0206-01_cups.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos3 i386 File : nvt/gb_CESA-2008_0206_cups_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos3 x86_64 File : nvt/gb_CESA-2008_0206_cups_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos4 i386 File : nvt/gb_CESA-2008_0206_cups_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos4 x86_64 File : nvt/gb_CESA-2008_0206_cups_centos4_x86_64.nasl |
2009-01-28 | Name : SuSE Update for samba SUSE-SA:2007:016 File : nvt/gb_suse_2007_016.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-10 (gallery) File : nvt/glsa_200406_10.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-12 (webmin) File : nvt/glsa_200406_12.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-15 (Usermin) File : nvt/glsa_200406_15.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-22 (Pavuk) File : nvt/glsa_200406_22.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200410-20 (Xpdf) File : nvt/glsa_200410_20.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | portmap ypserv request UDP RuleID : 590-community - Type : PROTOCOL-RPC - Revision : 22 |
2014-01-10 | portmap ypserv request UDP RuleID : 590 - Type : PROTOCOL-RPC - Revision : 22 |
2019-09-10 | nfs-utils TCP connection termination denial-of-service attempt RuleID : 50913 - Type : SERVER-OTHER - Revision : 1 |
2014-01-10 | ypserv maplist request TCP RuleID : 2034-community - Type : PROTOCOL-RPC - Revision : 13 |
2014-01-10 | ypserv maplist request TCP RuleID : 2034 - Type : PROTOCOL-RPC - Revision : 13 |
2014-01-10 | ypserv maplist request UDP RuleID : 2033-community - Type : PROTOCOL-RPC - Revision : 16 |
2014-01-10 | ypserv maplist request UDP RuleID : 2033 - Type : PROTOCOL-RPC - Revision : 16 |
2014-01-10 | portmap ypserv request TCP RuleID : 1276-community - Type : PROTOCOL-RPC - Revision : 21 |
2014-01-10 | portmap ypserv request TCP RuleID : 1276 - Type : PROTOCOL-RPC - Revision : 21 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4003413459.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-96b48b34ae.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-a3ef0a026f.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-c5c72a45ea.nasl - Type: ACT_GATHER_INFO |
2018-12-03 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_3563fae5f60c11e8b5135404a68ad561.nasl - Type: ACT_GATHER_INFO |
2018-11-21 | Name: The remote Debian host is missing a security update. File: debian_DLA-1581.nasl - Type: ACT_GATHER_INFO |
2017-05-10 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201705-08.nasl - Type: ACT_GATHER_INFO |
2016-06-28 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-779.nasl - Type: ACT_GATHER_INFO |
2016-06-15 | Name: The remote Debian host is missing a security update. File: debian_DLA-515.nasl - Type: ACT_GATHER_INFO |
2016-06-15 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3603.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0206.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-041.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2005-042.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2005-043.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-044.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-056.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20080401_cups_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2012-01-18 | Name: Arbitrary files could be read or overwritten via the remote database server. File: mysql_client_symlink_attack.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9797.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_253ea131bd1211d8b07100e08110b673.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_76904dceccf311d8babb000854d03344.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_e69ba632326f11d9b5b7000854d03344.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_eeb1c12833e711d9a9e70001020eed82.nasl - Type: ACT_GATHER_INFO |