This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 2001-07-02
Product Debian Linux Last view 2018-11-12
Version 3.1 Type Os
Update *  
Edition amd64  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:debian:debian_linux

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2018-11-12 CVE-2018-19200

An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.

7.8 2017-09-25 CVE-2014-8156

The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.

8.8 2016-06-16 CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

5 2008-01-11 CVE-2007-6284

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

4.6 2007-04-10 CVE-2006-4250

Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.

7.5 2007-02-05 CVE-2007-0454

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

1.9 2006-12-17 CVE-2006-6614

The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash.

3.6 2006-04-18 CVE-2006-1753

A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

7.2 2006-04-13 CVE-2006-1772

debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin_pass record, which allows local users to view the password.

4.6 2006-03-31 CVE-2006-1566

Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the tunepimp.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.

4.6 2006-03-31 CVE-2006-1565

Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.

4.6 2006-03-31 CVE-2006-1564

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.

1.2 2006-03-23 CVE-2006-0050

snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.

7.6 2006-03-15 CVE-2006-1244

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.

5 2005-12-31 CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

10 2005-12-31 CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

5 2005-12-31 CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

2.1 2005-10-05 CVE-2005-2960

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

4.3 2005-09-28 CVE-2005-2557

Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.

2.1 2005-08-30 CVE-2005-1855

Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information.

3.6 2001-07-02 CVE-2001-0430

Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.

CWE : Common Weakness Enumeration

%idName
37% (3) CWE-399 Resource Management Errors
12% (1) CWE-476 NULL Pointer Dereference
12% (1) CWE-264 Permissions, Privileges, and Access Controls
12% (1) CWE-189 Numeric Errors
12% (1) CWE-134 Uncontrolled Format String
12% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

id Description
40194 libxml2 xmlCurrentChar Function UTF-8 Parsing DoS
34813 man/man-db -H Argument Local Overflow
33101 Samba VFS Plugin afsacl.so Format String
32262 Fully Automatic Installation (FAI) /var/log/fai/ current/fai.log root Passwor...
30356 Linux libtunepimp-perl Search Path Subversion Local Privilege Escalation
30355 Linux libgpib-perl Path Subversion Local Privilege Escalation
30354 Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escala...
24633 fcheck Cron Temporary File Symlink Arbitrary File Overwrite
24509 Debian debconf mnogosearch config.dat Plaintext Password Disclosure
24032 snmptrapfmt Symlink Arbitrary File Overwrite
23834 Multiple Products Xpdf/kpdf Multiple Unspecified Issues
22235 Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS
22234 Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS
22233 Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function...
19819 Cfengine contrib/vicf.in Symlink Arbitrary File Overwrite
18901 Mantis view_all_set.php dir Parameter XSS
17199 Backup Manager Unauthorized Archive Repository Access
5642 Exuberant Ctags Insecure Temporary File Creation

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-10-10 Name : SLES9: Security update for man
File : nvt/sles9p5021681.nasl
2009-10-10 Name : SLES9: Security update for libxml2
File : nvt/sles9p5020669.nasl
2009-04-09 Name : Mandriva Update for libxml2 MDVSA-2008:010 (libxml2)
File : nvt/gb_mandriva_MDVSA_2008_010.nasl
2009-04-09 Name : Mandriva Update for samba MDKSA-2007:034 (samba)
File : nvt/gb_mandriva_MDKSA_2007_034.nasl
2009-03-23 Name : Ubuntu Update for libxml2 vulnerability USN-569-1
File : nvt/gb_ubuntu_USN_569_1.nasl
2009-03-23 Name : Ubuntu Update for samba vulnerabilities USN-419-1
File : nvt/gb_ubuntu_USN_419_1.nasl
2009-03-06 Name : RedHat Update for libxml2 RHSA-2008:0032-01
File : nvt/gb_RHSA-2008_0032-01_libxml2.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0032-03 centos2 i386
File : nvt/gb_CESA-2008_0032-03_libxml2_centos2_i386.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0032 centos3 i386
File : nvt/gb_CESA-2008_0032_libxml2_centos3_i386.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0032 centos3 x86_64
File : nvt/gb_CESA-2008_0032_libxml2_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0032 centos4 i386
File : nvt/gb_CESA-2008_0032_libxml2_centos4_i386.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0032 centos4 x86_64
File : nvt/gb_CESA-2008_0032_libxml2_centos4_x86_64.nasl
2009-02-17 Name : Fedora Update for libxml2 FEDORA-2008-0477
File : nvt/gb_fedora_2008_0477_libxml2_fc7.nasl
2009-02-17 Name : Fedora Update for libxml2 FEDORA-2008-0462
File : nvt/gb_fedora_2008_0462_libxml2_fc8.nasl
2009-01-28 Name : SuSE Update for samba SUSE-SA:2007:016
File : nvt/gb_suse_2007_016.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200601-17 (xpdf poppler gpdf libextractor pdfto...
File : nvt/glsa_200601_17.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200801-20 (libxml2)
File : nvt/glsa_200801_20.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200509-16 (Mantis)
File : nvt/glsa_200509_16.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200601-02 (kdegraphics, kpdf, koffice, kword)
File : nvt/glsa_200601_02.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200702-01 (samba)
File : nvt/glsa_200702_01.nasl
2008-09-04 Name : FreeBSD Ports: samba, ja-samba
File : nvt/freebsd_samba9.nasl
2008-09-04 Name : FreeBSD Ports: cfengine
File : nvt/freebsd_cfengine.nasl
2008-01-31 Name : Debian Security Advisory DSA 1461-1 (libxml2)
File : nvt/deb_1461_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1013-1 (snmptrapfmt)
File : nvt/deb_1013_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 937-1 (tetex-bin)
File : nvt/deb_937_1.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c5c72a45ea.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4003413459.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-96b48b34ae.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a3ef0a026f.nasl - Type: ACT_GATHER_INFO
2018-12-03 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_3563fae5f60c11e8b5135404a68ad561.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote Debian host is missing a security update.
File: debian_DLA-1581.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201705-08.nasl - Type: ACT_GATHER_INFO
2016-06-28 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-779.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3603.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security update.
File: debian_DLA-515.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2009-0018.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0032.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080111_libxml2_on_SL3_x.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12032.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_11492.nasl - Type: ACT_GATHER_INFO
2009-07-27 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2008-0006.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-010.nasl - Type: ACT_GATHER_INFO
2008-06-30 Name: The remote Windows host contains a media player that is affected by several v...
File: vlc_0_8_6h.nasl - Type: ACT_GATHER_INFO
2008-02-01 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200801-20.nasl - Type: ACT_GATHER_INFO
2008-01-27 Name: The remote openSUSE host is missing a security update.
File: suse_libxml2-4841.nasl - Type: ACT_GATHER_INFO
2008-01-27 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_libxml2-4840.nasl - Type: ACT_GATHER_INFO
2008-01-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-569-1.nasl - Type: ACT_GATHER_INFO
2008-01-14 Name: The remote Fedora host is missing a security update.
File: fedora_2008-0462.nasl - Type: ACT_GATHER_INFO