This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 2008-01-10
Product Debian Linux Last view 2019-11-06
Version 5.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:debian:debian_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.5 2019-11-06 CVE-2011-4900

TYPO3 before 4.5.4 allows Information Disclosure in the backend.

6.1 2019-11-06 CVE-2010-2471

drupal6 version 6.16 has open redirection

6.1 2019-11-05 CVE-2010-3674

TYPO3 before 4.4.1 allows XSS in the frontend search box.

7.5 2018-11-12 CVE-2018-19200

An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.

7.8 2017-09-25 CVE-2014-8156

The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.

8.8 2016-06-16 CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

7.5 2012-01-07 CVE-2011-3919

Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

5 2011-12-24 CVE-2011-4362

Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.

5 2011-12-13 CVE-2011-3905

libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

6.8 2011-09-19 CVE-2011-2834

Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

7.5 2011-08-29 CVE-2011-2821

Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.

7.8 2011-08-15 CVE-2011-2749

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.

7.8 2011-08-15 CVE-2011-2748

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.

4.3 2011-07-07 CVE-2011-2192

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

7.5 2011-04-08 CVE-2011-0997

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

7.5 2010-12-07 CVE-2010-4494

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

4.3 2010-11-16 CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

1.9 2010-09-29 CVE-2010-3310

Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions.

7.8 2010-04-06 CVE-2010-1087

The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible.

7.8 2010-04-06 CVE-2010-1086

The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE.

4.9 2010-02-22 CVE-2010-0410

drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages.

10 2010-02-22 CVE-2010-0159

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.

4.7 2010-02-17 CVE-2010-0307

The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function.

4.6 2010-02-15 CVE-2010-0291

The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess."

5.4 2010-01-26 CVE-2010-0003

The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address.

CWE : Common Weakness Enumeration

%idName
14% (6) CWE-20 Improper Input Validation
12% (5) CWE-264 Permissions, Privileges, and Access Controls
12% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9% (4) CWE-399 Resource Management Errors
9% (4) CWE-189 Numeric Errors
7% (3) CWE-415 Double Free
7% (3) CWE-200 Information Exposure
7% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (1) CWE-787 Out-of-bounds Write
2% (1) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
2% (1) CWE-476 NULL Pointer Dereference
2% (1) CWE-310 Cryptographic Issues
2% (1) CWE-255 Credentials Management
2% (1) CWE-125 Out-of-bounds Read
2% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
2% (1) CWE-16 Configuration

SAINT Exploits

Description Link
MySQL yaSSL SSL Hello message buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
78148 Google Chrome libxml2 parser.c xmlStringLenDecodeEntities() Function Remote O...
77832 Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint...
77707 Google Chrome libxml Out-of-bounds Read Remote DoS
77366 lighttpd src/http_auth.c base64_decode() Function Base64 Data Parsing Out-of-...
75622 Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection
75560 Google Chrome Double-free libxml XPath Handling Remote Code Execution
74695 Google Chrome Double Free Unspecified libxml XPath Handling Issue
74557 ISC DHCP Crafted BOOTP Packet Remote DoS
74556 ISC DHCP Crafted DHCP Packet Remote DoS
74335 Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection
73686 libcurl http_negotiate.c Curl_input_negotiate Function GSSAPI Credential Dele...
73328 cURL GSSAPI Client Credential Remote Disclosure
71961 Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes ...
71951 Oracle Multiple Products Oracle Security Service TLS Renegotiation Handshakes...
71493 ISC DHCP dhclient Response Handling Metacharacter Shell Command Execution
70620 mGuard TLS Renegotiation Handshakes MiTM Plaintext Data Injection
70055 Oracle Supply Chain Transportation Management TLS Renegotiation Handshakes Mi...
69673 Google Chrome XPath Handling Double-free Remote DoS
69561 IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Handshake MiTM Plaintex...
69205 libxml2 Crafted XML File XPath Axis Traversal DoS
69032 Oracle Java SE / Java for Business TLS Renegotiation Handshake MiTM Plaintext...
68163 Linux Kernel net/rose/af_rose.c Multiple Function Signedness Error Local DoS
67029 HP Threat Management Services zl Module TLS Renegotiation Handshakes MiTM Pla...
66315 HP Insight Manager TLS Renegotiation Handshakes MiTM Plaintext Data Injection
65202 OpenOffice.org (OOo) TLS Renegotiation Handshakes MiTM Plaintext Data Injection

ExploitDB Exploits

id Description
18295 lighttpd Denial of Service Vulnerability PoC
10579 TLS Renegotiation Vulnerability PoC Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-10-03 Name : Fedora Update for libxml2 FEDORA-2012-13824
File : nvt/gb_fedora_2012_13824_libxml2_fc16.nasl
2012-09-27 Name : Fedora Update for libxml2 FEDORA-2012-13820
File : nvt/gb_fedora_2012_13820_libxml2_fc17.nasl
2012-08-30 Name : Fedora Update for lighttpd FEDORA-2012-9040
File : nvt/gb_fedora_2012_9040_lighttpd_fc17.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-18 (GnuTLS)
File : nvt/glsa_201206_18.nasl
2012-08-02 Name : SuSE Update for libxml2 openSUSE-SU-2012:0107-1 (libxml2)
File : nvt/gb_suse_2012_0107_1.nasl
2012-07-30 Name : CentOS Update for dhclient CESA-2011:0428 centos4 x86_64
File : nvt/gb_CESA-2011_0428_dhclient_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for dhclient CESA-2011:0428 centos5 x86_64
File : nvt/gb_CESA-2011_0428_dhclient_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for curl CESA-2011:0918 centos4 x86_64
File : nvt/gb_CESA-2011_0918_curl_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for curl CESA-2011:0918 centos5 x86_64
File : nvt/gb_CESA-2011_0918_curl_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for dhclient CESA-2011:1160 centos4 x86_64
File : nvt/gb_CESA-2011_1160_dhclient_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for dhclient CESA-2011:1160 centos5 x86_64
File : nvt/gb_CESA-2011_1160_dhclient_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for libxml2 CESA-2012:0016 centos4
File : nvt/gb_CESA-2012_0016_libxml2_centos4.nasl
2012-07-30 Name : CentOS Update for libxml2 CESA-2012:0017 centos5
File : nvt/gb_CESA-2012_0017_libxml2_centos5.nasl
2012-07-30 Name : CentOS Update for libxml2 CESA-2012:0018 centos6
File : nvt/gb_CESA-2012_0018_libxml2_centos6.nasl
2012-07-13 Name : VMSA-2012-0012 VMware ESXi update addresses several security issues.
File : nvt/gb_VMSA-2012-0012.nasl
2012-07-09 Name : RedHat Update for libxml2 RHSA-2011:1749-03
File : nvt/gb_RHSA-2011_1749-03_libxml2.nasl
2012-07-09 Name : RedHat Update for libxml2 RHSA-2012:0018-01
File : nvt/gb_RHSA-2012_0018-01_libxml2.nasl
2012-06-28 Name : Fedora Update for lighttpd FEDORA-2012-9078
File : nvt/gb_fedora_2012_9078_lighttpd_fc16.nasl
2012-05-18 Name : Mac OS X Multiple Vulnerabilities (2012-002)
File : nvt/gb_macosx_su12-002.nasl
2012-04-30 Name : Gentoo Security Advisory GLSA 201203-22 (nginx)
File : nvt/glsa_201203_22.nasl
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2012-04-02 Name : Fedora Update for dhcp FEDORA-2011-10667
File : nvt/gb_fedora_2011_10667_dhcp_fc16.nasl
2012-03-16 Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2012-03-16 Name : VMSA-2011-0009.3 VMware hosted product updates, ESX patches and VI Client upd...
File : nvt/gb_VMSA-2011-0009.nasl
2012-03-16 Name : Ubuntu Update for mysql-5.1 USN-1397-1
File : nvt/gb_ubuntu_USN_1397_1.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2012-A-0153 Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity: Category I - VMSKEY: V0033884
2012-A-0073 Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity: Category I - VMSKEY: V0032171
2012-B-0048 Multiple Vulnerabilities in HP Systems Insight Manager
Severity: Category I - VMSKEY: V0032178
2012-B-0038 Multiple Vulnerabilities in HP Onboard Administrator
Severity: Category I - VMSKEY: V0031972
2012-A-0020 Multiple Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity: Category I - VMSKEY: V0031252
2011-A-0108 Multiple Vulnerabilities in VMware ESX Service Console
Severity: Category I - VMSKEY: V0029562
2011-A-0075 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0028311
2011-A-0066 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0027158

Snort® IPS/IDS

Date Description
2020-01-07 yaSSL SSL Hello Message buffer overflow attempt
RuleID : 52366 - Type : SERVER-MYSQL - Revision : 1
2019-08-31 ISC DHCP command injection attempt
RuleID : 50831 - Type : SERVER-OTHER - Revision : 1
2019-08-31 ISC DHCP command injection attempt
RuleID : 50830 - Type : SERVER-OTHER - Revision : 1
2015-03-10 libxml2 entity reference name heap buffer overflow attempt
RuleID : 33310 - Type : FILE-OTHER - Revision : 2
2015-03-10 libxml2 entity reference name heap buffer overflow attempt
RuleID : 33309 - Type : FILE-OTHER - Revision : 2
2014-01-10 ISC dhcpd bootp request missing options field DOS attempt
RuleID : 25342 - Type : SERVER-OTHER - Revision : 8
2014-01-10 yaSSL SSL Hello Message Buffer Overflow attempt
RuleID : 18513 - Type : SERVER-MYSQL - Revision : 13
2014-01-10 yaSSL SSLv3 Client Hello Message Cipher Specs Buffer Overflow attempt
RuleID : 13714 - Type : SERVER-MYSQL - Revision : 16
2014-01-10 yaSSL SSLv2 Client Hello Message Challenge Buffer Overflow attempt
RuleID : 13713 - Type : MYSQL - Revision : 9
2014-01-10 yaSSL SSLv2 Client Hello Message Session ID Buffer Overflow attempt
RuleID : 13712 - Type : MYSQL - Revision : 9
2014-01-10 yaSSL SSLv2 Client Hello Message Cipher Length Buffer Overflow attempt
RuleID : 13711 - Type : MYSQL - Revision : 9
2014-01-10 yaSSL SSL Hello Message Buffer Overflow attempt
RuleID : 13593 - Type : MYSQL - Revision : 7

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4003413459.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-96b48b34ae.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a3ef0a026f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c5c72a45ea.nasl - Type: ACT_GATHER_INFO
2018-12-03 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_3563fae5f60c11e8b5135404a68ad561.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote Debian host is missing a security update.
File: debian_DLA-1581.nasl - Type: ACT_GATHER_INFO
2018-04-03 Name: The remote web server may allow remote code execution.
File: iis_7_pci.nasl - Type: ACT_GATHER_INFO
2018-03-09 Name: The remote web server is affected by multiple vulnerabilities.
File: nginx_0_7_64.nasl - Type: ACT_GATHER_INFO
2017-11-17 Name: The remote host is affected by a MITM vulnerability.
File: fortios_FG-IR-17-137.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201705-08.nasl - Type: ACT_GATHER_INFO
2016-06-28 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-779.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0056.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0058.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security update.
File: debian_DLA-515.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3603.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0006_remote.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2010-0009_remote.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0015_remote.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0019_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2011-0003_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2011-0009_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2011-0010_remote.nasl - Type: ACT_GATHER_INFO
2016-03-03 Name: The remote host is missing a security-related patch.
File: vmware_VMSA-2009-0016_remote.nasl - Type: ACT_GATHER_INFO
2016-03-03 Name: The remote VMware ESXi / ESX host is missing a security-related patch.
File: vmware_VMSA-2012-0001_remote.nasl - Type: ACT_GATHER_INFO
2016-03-03 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2012-0008_remote.nasl - Type: ACT_GATHER_INFO