Summary
Detail | |||
---|---|---|---|
Vendor | Debian | First view | 2001-07-02 |
Product | Debian Linux | Last view | 2018-11-12 |
Version | 3.1 | Type | Os |
Update | * | ||
Edition | m68k | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:debian:debian_linux |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2018-11-12 | CVE-2018-19200 | An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. |
7.8 | 2017-09-25 | CVE-2014-8156 | The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service. |
8.8 | 2016-06-16 | CVE-2016-3062 | The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. |
5 | 2008-01-11 | CVE-2007-6284 | The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences. |
4.6 | 2007-04-10 | CVE-2006-4250 | Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag. |
7.5 | 2007-02-05 | CVE-2007-0454 | Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. |
1.9 | 2006-12-17 | CVE-2006-6614 | The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash. |
3.6 | 2006-04-18 | CVE-2006-1753 | A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. |
7.2 | 2006-04-13 | CVE-2006-1772 | debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin_pass record, which allows local users to view the password. |
4.6 | 2006-03-31 | CVE-2006-1566 | Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the tunepimp.so module, which might allow local users to gain privileges by installing malicious libraries in that directory. |
4.6 | 2006-03-31 | CVE-2006-1565 | Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory. |
4.6 | 2006-03-31 | CVE-2006-1564 | Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory. |
1.2 | 2006-03-23 | CVE-2006-0050 | snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file. |
7.6 | 2006-03-15 | CVE-2006-1244 | Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature. |
5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
2.1 | 2005-10-05 | CVE-2005-2960 | cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. |
4.3 | 2005-09-28 | CVE-2005-2557 | Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090. |
2.1 | 2005-08-30 | CVE-2005-1855 | Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information. |
3.6 | 2001-07-02 | CVE-2001-0430 | Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
37% (3) | CWE-399 | Resource Management Errors |
12% (1) | CWE-476 | NULL Pointer Dereference |
12% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
12% (1) | CWE-189 | Numeric Errors |
12% (1) | CWE-134 | Uncontrolled Format String |
12% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
40194 | libxml2 xmlCurrentChar Function UTF-8 Parsing DoS |
34813 | man/man-db -H Argument Local Overflow |
33101 | Samba VFS Plugin afsacl.so Format String |
32262 | Fully Automatic Installation (FAI) /var/log/fai/ current/fai.log root Passwor... |
30356 | Linux libtunepimp-perl Search Path Subversion Local Privilege Escalation |
30355 | Linux libgpib-perl Path Subversion Local Privilege Escalation |
30354 | Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escala... |
24633 | fcheck Cron Temporary File Symlink Arbitrary File Overwrite |
24509 | Debian debconf mnogosearch config.dat Plaintext Password Disclosure |
24032 | snmptrapfmt Symlink Arbitrary File Overwrite |
23834 | Multiple Products Xpdf/kpdf Multiple Unspecified Issues |
22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
19819 | Cfengine contrib/vicf.in Symlink Arbitrary File Overwrite |
18901 | Mantis view_all_set.php dir Parameter XSS |
17199 | Backup Manager Unauthorized Archive Repository Access |
5642 | Exuberant Ctags Insecure Temporary File Creation |
OpenVAS Exploits
id | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for man File : nvt/sles9p5021681.nasl |
2009-10-10 | Name : SLES9: Security update for libxml2 File : nvt/sles9p5020669.nasl |
2009-04-09 | Name : Mandriva Update for libxml2 MDVSA-2008:010 (libxml2) File : nvt/gb_mandriva_MDVSA_2008_010.nasl |
2009-04-09 | Name : Mandriva Update for samba MDKSA-2007:034 (samba) File : nvt/gb_mandriva_MDKSA_2007_034.nasl |
2009-03-23 | Name : Ubuntu Update for libxml2 vulnerability USN-569-1 File : nvt/gb_ubuntu_USN_569_1.nasl |
2009-03-23 | Name : Ubuntu Update for samba vulnerabilities USN-419-1 File : nvt/gb_ubuntu_USN_419_1.nasl |
2009-03-06 | Name : RedHat Update for libxml2 RHSA-2008:0032-01 File : nvt/gb_RHSA-2008_0032-01_libxml2.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0032-03 centos2 i386 File : nvt/gb_CESA-2008_0032-03_libxml2_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0032 centos3 i386 File : nvt/gb_CESA-2008_0032_libxml2_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0032 centos3 x86_64 File : nvt/gb_CESA-2008_0032_libxml2_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0032 centos4 i386 File : nvt/gb_CESA-2008_0032_libxml2_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0032 centos4 x86_64 File : nvt/gb_CESA-2008_0032_libxml2_centos4_x86_64.nasl |
2009-02-17 | Name : Fedora Update for libxml2 FEDORA-2008-0477 File : nvt/gb_fedora_2008_0477_libxml2_fc7.nasl |
2009-02-17 | Name : Fedora Update for libxml2 FEDORA-2008-0462 File : nvt/gb_fedora_2008_0462_libxml2_fc8.nasl |
2009-01-28 | Name : SuSE Update for samba SUSE-SA:2007:016 File : nvt/gb_suse_2007_016.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-17 (xpdf poppler gpdf libextractor pdfto... File : nvt/glsa_200601_17.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200801-20 (libxml2) File : nvt/glsa_200801_20.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200509-16 (Mantis) File : nvt/glsa_200509_16.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-02 (kdegraphics, kpdf, koffice, kword) File : nvt/glsa_200601_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200702-01 (samba) File : nvt/glsa_200702_01.nasl |
2008-09-04 | Name : FreeBSD Ports: samba, ja-samba File : nvt/freebsd_samba9.nasl |
2008-09-04 | Name : FreeBSD Ports: cfengine File : nvt/freebsd_cfengine.nasl |
2008-01-31 | Name : Debian Security Advisory DSA 1461-1 (libxml2) File : nvt/deb_1461_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1013-1 (snmptrapfmt) File : nvt/deb_1013_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 937-1 (tetex-bin) File : nvt/deb_937_1.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-c5c72a45ea.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4003413459.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-96b48b34ae.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-a3ef0a026f.nasl - Type: ACT_GATHER_INFO |
2018-12-03 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_3563fae5f60c11e8b5135404a68ad561.nasl - Type: ACT_GATHER_INFO |
2018-11-21 | Name: The remote Debian host is missing a security update. File: debian_DLA-1581.nasl - Type: ACT_GATHER_INFO |
2017-05-10 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201705-08.nasl - Type: ACT_GATHER_INFO |
2016-06-28 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-779.nasl - Type: ACT_GATHER_INFO |
2016-06-15 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3603.nasl - Type: ACT_GATHER_INFO |
2016-06-15 | Name: The remote Debian host is missing a security update. File: debian_DLA-515.nasl - Type: ACT_GATHER_INFO |
2014-11-26 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2009-0018.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0032.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20080111_libxml2_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_12032.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_11492.nasl - Type: ACT_GATHER_INFO |
2009-07-27 | Name: The remote VMware ESX host is missing a security-related patch. File: vmware_VMSA-2008-0006.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2008-010.nasl - Type: ACT_GATHER_INFO |
2008-06-30 | Name: The remote Windows host contains a media player that is affected by several v... File: vlc_0_8_6h.nasl - Type: ACT_GATHER_INFO |
2008-02-01 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200801-20.nasl - Type: ACT_GATHER_INFO |
2008-01-27 | Name: The remote openSUSE host is missing a security update. File: suse_libxml2-4841.nasl - Type: ACT_GATHER_INFO |
2008-01-27 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_libxml2-4840.nasl - Type: ACT_GATHER_INFO |
2008-01-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-569-1.nasl - Type: ACT_GATHER_INFO |
2008-01-14 | Name: The remote Fedora host is missing a security update. File: fedora_2008-0462.nasl - Type: ACT_GATHER_INFO |