This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 2001-07-02
Product Debian Linux Last view 2018-11-12
Version 3.1 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:debian:debian_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2018-11-12 CVE-2018-19200

An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.

7.8 2017-09-25 CVE-2014-8156

The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.

8.8 2016-06-16 CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

8.5 2008-01-24 CVE-2007-6415

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.

9.3 2008-01-18 CVE-2007-6427

The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

5 2008-01-11 CVE-2007-6284

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

4 2008-01-09 CVE-2007-4772

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

4.3 2008-01-03 CVE-2007-6599

Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.

2.1 2007-12-03 CVE-2007-6206

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.

6.5 2007-11-29 CVE-2007-6170

SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.

7.2 2007-10-30 CVE-2007-5729

The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability.

7.2 2007-10-11 CVE-2007-5365

Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

7.2 2007-10-04 CVE-2007-5191

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

7.5 2007-09-04 CVE-2007-4657

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.

7.5 2007-09-04 CVE-2007-4476

Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

5 2007-09-04 CVE-2007-3998

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.

6.8 2007-07-30 CVE-2007-3387

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

9 2007-06-26 CVE-2007-2798

Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.

8.3 2007-06-26 CVE-2007-2443

Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.

10 2007-06-26 CVE-2007-2442

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

2.1 2007-06-11 CVE-2007-2875

Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.

4.9 2007-05-15 CVE-2007-2691

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

4.3 2007-05-14 CVE-2007-2650

The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

7.5 2007-05-08 CVE-2007-1864

Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

2.1 2007-05-02 CVE-2007-1366

QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.

CWE : Common Weakness Enumeration

%idName
17% (8) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (4) CWE-476 NULL Pointer Dereference
8% (4) CWE-399 Resource Management Errors
8% (4) CWE-264 Permissions, Privileges, and Access Controls
6% (3) CWE-787 Out-of-bounds Write
6% (3) CWE-189 Numeric Errors
6% (3) CWE-20 Improper Input Validation
4% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
4% (2) CWE-200 Information Exposure
4% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
4% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (1) CWE-415 Double Free
2% (1) CWE-362 Race Condition
2% (1) CWE-306 Missing Authentication for Critical Function
2% (1) CWE-254 Security Features
2% (1) CWE-252 Unchecked Return Value
2% (1) CWE-193 Off-by-one Error
2% (1) CWE-190 Integer Overflow or Wraparound
2% (1) CWE-134 Uncontrolled Format String
2% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (1) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-26 Leveraging Race Conditions
CAPEC-28 Fuzzing
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-63 Simple Script Injection
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-66 SQL Injection

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
58824 PhpMyAdmin sql.php pos Parameter XSS
58823 PhpMyAdmin querywindow.php Multiple Parameter XSS
58822 PhpMyAdmin db_operations.php Multiple Parameter XSS
58821 PhpMyAdmin db_create.php db Parameter XSS
42986 QEMU NE2000 Emulator slirp Library Local Overflow
42843 scponly -Fo Restricted Shell Bypass Arbitrary Code Execution
42149 GNU tar safer_name_suffix Function Unspecified Overflow
41687 Multiple Vendor dhcpd options.c cons_options Function DHCP Request Remote Ove...
40942 X.Org Xserver XInput Extension Multiple Function Arbitrary Code Execution
40912 util-linux Multiple Utilities Function Check Weakness Local Privilege Escalat...
40905 TCL in PostgreSQL Crafted Regexp Infinite Loop Remote DoS
40194 libxml2 xmlCurrentChar Function UTF-8 Parsing DoS
40127 PDFedit StreamPredictor::StreamPredictor() PDF Handling Overflow
39864 OpenAFS fileserver GiveUpAllCallBacks DoS
39243 Linux Kernel fs/exec.c do_coredump() Function Local Information Disclosure
38932 Asterisk Call Detail Record Postgres Multiple Strings SQL Injection
38120 Xpdf StreamPredictor::StreamPredictor() PDF Handling Overflow
37121 Linux Kernel fib_props (fib_semantics.c, IPv4) RTA_MAX DoS
37120 Linux Kernel dn_fib_props (dn_fib.c, DECNet) RTA_MAX DoS
37113 Linux Kernel cpuset_tasks_read Function Local Underflow
36862 PHP strcspn Function Overflow
36861 PHP strspn Function Overflow
36858 PHP wordwrap Function breakcharlen Variable DoS
36597 MIT Kerberos 5 RPC Library gssrpc__svcauth_unix Function Remote Code Execution
36596 MIT Kerberos 5 RPC Library gssrpc__svcauth_gssapi Function Remote Code Execution

ExploitDB Exploits

id Description
28726 OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service Vulnerability
4773 OpenSSL < 0.9.7l / 0.9.8d - SSLv2 Client Crash Exploit
4601 Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-06-21 Name : PHP version smaller than 4.4.8
File : nvt/nopsec_php_4_4_8.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:0001-01 centos2 i386
File : nvt/gb_CESA-2009_0001-01_kernel_centos2_i386.nasl
2011-08-09 Name : CentOS Update for tar CESA-2010:0141 centos5 i386
File : nvt/gb_CESA-2010_0141_tar_centos5_i386.nasl
2011-08-09 Name : CentOS Update for cpio CESA-2010:0144 centos5 i386
File : nvt/gb_CESA-2010_0144_cpio_centos5_i386.nasl
2010-09-10 Name : SuSE Update for kernel SUSE-SA:2010:036
File : nvt/gb_suse_2010_036.nasl
2010-05-12 Name : Mac OS X Security Update 2008-007
File : nvt/macosx_secupd_2008-007.nasl
2010-03-22 Name : CentOS Update for tar CESA-2010:0141 centos4 i386
File : nvt/gb_CESA-2010_0141_tar_centos4_i386.nasl
2010-03-22 Name : RedHat Update for tar RHSA-2010:0141-01
File : nvt/gb_RHSA-2010_0141-01_tar.nasl
2010-03-22 Name : RedHat Update for cpio RHSA-2010:0144-01
File : nvt/gb_RHSA-2010_0144-01_cpio.nasl
2010-02-03 Name : Solaris Update for Kernel 122300-48
File : nvt/gb_solaris_122300_48.nasl
2010-02-03 Name : Solaris Update for Kernel 122301-48
File : nvt/gb_solaris_122301_48.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13 Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-20
File : nvt/gb_solaris_112837_20.nasl
2009-10-13 Name : Solaris Update for pkg utilities 113713-28
File : nvt/gb_solaris_113713_28.nasl
2009-10-13 Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-19
File : nvt/gb_solaris_114265_19.nasl
2009-10-13 Name : Solaris Update for /usr/bin/ssh 114356-19
File : nvt/gb_solaris_114356_19.nasl
2009-10-13 Name : Solaris Update for /usr/bin/ssh 114357-18
File : nvt/gb_solaris_114357_18.nasl
2009-10-13 Name : Solaris Update for Mozilla 1.7 119115-35
File : nvt/gb_solaris_119115_35.nasl
2009-10-13 Name : Solaris Update for Mozilla 1.7_x86 119116-35
File : nvt/gb_solaris_119116_35.nasl
2009-10-13 Name : Solaris Update for Kernel 122300-44
File : nvt/gb_solaris_122300_44.nasl
2009-10-13 Name : Solaris Update for Kernel 122301-44
File : nvt/gb_solaris_122301_44.nasl
2009-10-13 Name : SLES10: Security update for PostgreSQL
File : nvt/sles10_postgresql1.nasl
2009-10-10 Name : SLES9: Security update for bzip2
File : nvt/sles9p5010943.nasl
2009-10-10 Name : SLES9: Security update for PHP4
File : nvt/sles9p5012110.nasl
2009-10-10 Name : SLES9: Security update for Mozilla suite
File : nvt/sles9p5012115.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0150 Multiple Security Vulnerabilities in Juniper Networks CTPView
Severity: Category I - VMSKEY: V0061073
2014-A-0009 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0043395

Snort® IPS/IDS

Date Description
2017-08-29 Sun Solaris dhcpd malformed bootp denial of service attempt
RuleID : 43752 - Type : SERVER-OTHER - Revision : 2
2014-01-10 MIT Kerberos V% KAdminD klog_vsyslog server overflow attempt
RuleID : 16207 - Type : SERVER-WEBAPP - Revision : 11
2014-01-10 MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code executi...
RuleID : 13268 - Type : RPC - Revision : 5
2014-01-10 MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code executi...
RuleID : 13223 - Type : PROTOCOL-RPC - Revision : 6
2014-01-10 MIT Kerberos kadmind auth buffer overflow attempt
RuleID : 12708 - Type : PROTOCOL-RPC - Revision : 7
2014-01-10 portmap 2112 udp rename_principal attempt
RuleID : 12188 - Type : PROTOCOL-RPC - Revision : 8
2014-01-10 portmap 2112 tcp rename_principal attempt
RuleID : 12187 - Type : PROTOCOL-RPC - Revision : 11
2014-01-10 portmap 2112 udp request
RuleID : 12186 - Type : PROTOCOL-RPC - Revision : 9
2014-01-10 portmap 2112 tcp request
RuleID : 12185 - Type : PROTOCOL-RPC - Revision : 9
2014-01-10 MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code executi...
RuleID : 12075 - Type : PROTOCOL-RPC - Revision : 10
2014-01-10 MIT Kerberos kadmind RPC Library unix authentication buffer overflow attempt
RuleID : 12046 - Type : PROTOCOL-RPC - Revision : 10
2014-01-10 Mozilla Network Security Services SSLv2 stack overflow attempt
RuleID : 11672 - Type : BROWSER-OTHER - Revision : 8
2014-01-10 kerberos login environment variable authentication bypass attempt
RuleID : 10464 - Type : PROTOCOL-TELNET - Revision : 8

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4003413459.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-96b48b34ae.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a3ef0a026f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c5c72a45ea.nasl - Type: ACT_GATHER_INFO
2018-12-03 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_3563fae5f60c11e8b5135404a68ad561.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote Debian host is missing a security update.
File: debian_DLA-1581.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201705-08.nasl - Type: ACT_GATHER_INFO
2016-06-28 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-779.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security update.
File: debian_DLA-515.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3603.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0677-1.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0013_remote.nasl - Type: ACT_GATHER_INFO
2016-02-26 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-271.nasl - Type: ACT_GATHER_INFO
2016-02-25 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0555-1.nasl - Type: ACT_GATHER_INFO
2016-02-24 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-253.nasl - Type: ACT_GATHER_INFO
2016-02-23 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0539-1.nasl - Type: ACT_GATHER_INFO
2015-09-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL8106.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2009-0018.nasl - Type: ACT_GATHER_INFO
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL6734.nasl - Type: ACT_GATHER_INFO
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL7859.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2006-0617.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2006-0661.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2006-0695.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2006-0710.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2006-0758.nasl - Type: ACT_GATHER_INFO