Summary
Detail | |||
---|---|---|---|
Vendor | Debian | First view | 2015-01-16 |
Product | Debian Linux | Last view | 2021-02-16 |
Version | 9.0 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:debian:debian_linux |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
8.8 | 2021-02-16 | CVE-2021-27229 | Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. |
7.5 | 2021-02-14 | CVE-2021-27212 | In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. |
9.8 | 2021-02-10 | CVE-2021-27135 | xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence. |
6.5 | 2021-02-09 | CVE-2021-26676 | gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. |
8.8 | 2021-02-09 | CVE-2021-26675 | A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. |
7 | 2021-02-08 | CVE-2021-26910 | Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. |
5.5 | 2021-02-08 | CVE-2021-21290 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user. |
8.3 | 2021-02-02 | CVE-2021-21289 | Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel.open method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: Mechanize::CookieJar#load, Mechanize::CookieJar#save_as, Mechanize#download, Mechanize::Download#save, Mechanize::File#save, and Mechanize::FileResponse#read_body. This is fixed in version 2.7.7. |
7.5 | 2021-01-26 | CVE-2020-36230 | A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. |
7.5 | 2021-01-26 | CVE-2020-36229 | A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. |
7.5 | 2021-01-26 | CVE-2020-36228 | An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. |
7.5 | 2021-01-26 | CVE-2020-36227 | A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. |
7.5 | 2021-01-26 | CVE-2020-36226 | A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. |
7.5 | 2021-01-26 | CVE-2020-36225 | A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. |
7.5 | 2021-01-26 | CVE-2020-36224 | A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. |
7.5 | 2021-01-26 | CVE-2020-36223 | A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). |
7.5 | 2021-01-26 | CVE-2020-36222 | A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. |
7.5 | 2021-01-26 | CVE-2020-36221 | An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). |
6.5 | 2021-01-19 | CVE-2021-3181 | rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons. |
5.4 | 2021-01-19 | CVE-2020-14410 | SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. |
7.8 | 2021-01-19 | CVE-2020-14409 | SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. |
7.5 | 2021-01-18 | CVE-2020-36193 | Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. |
6.8 | 2021-01-18 | CVE-2020-28473 | The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. |
7.8 | 2021-01-12 | CVE-2020-35459 | An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges. |
7.8 | 2021-01-11 | CVE-2021-0308 | In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
11% (205) | CWE-125 | Out-of-bounds Read |
10% (202) | CWE-20 | Improper Input Validation |
8% (165) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
8% (162) | CWE-787 | Out-of-bounds Write |
7% (134) | CWE-416 | Use After Free |
5% (102) | CWE-200 | Information Exposure |
5% (101) | CWE-190 | Integer Overflow or Wraparound |
3% (72) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
3% (62) | CWE-476 | NULL Pointer Dereference |
2% (38) | CWE-772 | Missing Release of Resource after Effective Lifetime |
1% (35) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
1% (32) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
1% (26) | CWE-502 | Deserialization of Untrusted Data |
1% (23) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
1% (21) | CWE-362 | Race Condition |
1% (21) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
1% (21) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
1% (20) | CWE-269 | Improper Privilege Management |
0% (18) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
0% (17) | CWE-287 | Improper Authentication |
0% (14) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
0% (14) | CWE-415 | Double Free |
0% (13) | CWE-704 | Incorrect Type Conversion or Cast |
0% (12) | CWE-617 | Reachable Assertion |
0% (12) | CWE-295 | Certificate Issues |
SAINT Exploits
Description | Link |
---|---|
Exim SMTP listener base64d function one-character buffer overflow | More info here |
Drupal Form API command execution | More info here |
Ruby on Rails local names command execution | More info here |
OpenSMTPD MAIL FROM command injection | More info here |
libssh authentication bypass | More info here |
Horde Imp Unauthenticated Remote Command Execution | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
78564 | Postfix Admin Unspecified XSS |
78563 | Postfix Admin edit-alias.php Unspecified XSS |
78562 | Postfix Admin create-alias.php Unspecified XSS |
78561 | Postfix Admin create-domain.php Unspecified XSS |
78560 | Postfix Admin templates/edit-vacation.php domain Parameter XSS |
78559 | Postfix Admin templates/menu.php domain Parameter XSS |
78134 | pithos Predictable Name Temporary File Symlink Arbitrary File Overwrite |
77581 | yaws URI Traversal Arbitrary File Access |
75192 | rsyslog Multiple Ruleset Message Handling Memory Exhaustion Local DoS (2011-1... |
75191 | rsyslog Multiple Ruleset Message Handling Memory Exhaustion Local DoS (2011-1... |
75190 | rsyslog RepeatedMsgReduction Function Memory Exhaustion Local DoS |
74915 | ax25-tools ax25d Return Value Checking Weakness Remote Privilege Escalation |
74685 | xpdf Font CharCodes Parsing Integer Overflow |
74684 | xpdf Malformed Command Handling Gfx Content Memory Corruption |
74646 | ConsoleKit VNC Session is-local Property Handling Remote Privilege Escalation |
74150 | Drupal Comment Attachment Access Restriction Bypass |
73394 | klibc DHCP Response Handling Metacharacter Shell Command Execution |
71849 | Thunar thunar/thunar-transfer-job.c thunar_transfer_job_copy_node() Function ... |
71478 | unixODBC SQLDriverConnect() SAVEFILE Parameter Overflow |
68866 | Ettercap src/interfaces/gtk/ec_gtk_conf.c gtkui_conf_read() Function Local Ov... |
ExploitDB Exploits
id | Description |
---|---|
29519 | Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability |
29274 | Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability |
OpenVAS Exploits
id | Description |
---|---|
2012-11-26 | Name : FreeBSD Ports: FreeBSD File : nvt/freebsd_FreeBSD20.nasl |
2012-10-09 | Name : Fedora Update for phpldapadmin FEDORA-2012-14363 File : nvt/gb_fedora_2012_14363_phpldapadmin_fc16.nasl |
2012-10-09 | Name : Fedora Update for phpldapadmin FEDORA-2012-14344 File : nvt/gb_fedora_2012_14344_phpldapadmin_fc17.nasl |
2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-18 (postfixadmin) File : nvt/glsa_201209_18.nasl |
2012-08-30 | Name : Fedora Update for openstack-keystone FEDORA-2012-4690 File : nvt/gb_fedora_2012_4690_openstack-keystone_fc17.nasl |
2012-08-30 | Name : Fedora Update for uzbl FEDORA-2012-2321 File : nvt/gb_fedora_2012_2321_uzbl_fc17.nasl |
2012-08-30 | Name : Fedora Update for openttd FEDORA-2012-12198 File : nvt/gb_fedora_2012_12198_openttd_fc16.nasl |
2012-08-30 | Name : Fedora Update for ecryptfs-utils FEDORA-2012-11069 File : nvt/gb_fedora_2012_11069_ecryptfs-utils_fc17.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2524-1 (openttd) File : nvt/deb_2524_1.nasl |
2012-08-06 | Name : Fedora Update for ecryptfs-utils FEDORA-2012-11049 File : nvt/gb_fedora_2012_11049_ecryptfs-utils_fc16.nasl |
2012-06-28 | Name : Ubuntu Update for network-manager-applet USN-1483-2 File : nvt/gb_ubuntu_USN_1483_2.nasl |
2012-06-28 | Name : Ubuntu Update for network-manager USN-1483-1 File : nvt/gb_ubuntu_USN_1483_1.nasl |
2012-04-11 | Name : Fedora Update for openstack-keystone FEDORA-2012-4960 File : nvt/gb_fedora_2012_4960_openstack-keystone_fc16.nasl |
2012-04-02 | Name : Fedora Update for openttd FEDORA-2012-0647 File : nvt/gb_fedora_2012_0647_openttd_fc16.nasl |
2012-04-02 | Name : Fedora Update for foomatic FEDORA-2011-11118 File : nvt/gb_fedora_2011_11118_foomatic_fc16.nasl |
2012-03-19 | Name : Fedora Update for polipo FEDORA-2012-0840 File : nvt/gb_fedora_2012_0840_polipo_fc16.nasl |
2012-03-19 | Name : Fedora Update for hardlink FEDORA-2011-14727 File : nvt/gb_fedora_2011_14727_hardlink_fc16.nasl |
2012-03-19 | Name : Fedora Update for uzbl FEDORA-2012-2384 File : nvt/gb_fedora_2012_2384_uzbl_fc16.nasl |
2012-03-07 | Name : Fedora Update for uzbl FEDORA-2012-2364 File : nvt/gb_fedora_2012_2364_uzbl_fc15.nasl |
2012-02-12 | Name : FreeBSD Ports: openttd File : nvt/freebsd_openttd4.nasl |
2012-02-12 | Name : FreeBSD Ports: surf File : nvt/freebsd_surf.nasl |
2012-02-12 | Name : FreeBSD Ports: postfixadmin File : nvt/freebsd_postfixadmin.nasl |
2012-02-03 | Name : Fedora Update for polipo FEDORA-2012-0849 File : nvt/gb_fedora_2012_0849_polipo_fc15.nasl |
2012-02-01 | Name : Fedora Update for openttd FEDORA-2012-0623 File : nvt/gb_fedora_2012_0623_openttd_fc15.nasl |
2011-12-12 | Name : Fedora Update for hardlink FEDORA-2011-14753 File : nvt/gb_fedora_2011_14753_hardlink_fc15.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0160 | Multiple Vulnerabilities in Oracle Linux and Virtualization Severity: Category I - VMSKEY: V0061123 |
2015-B-0068 | Multiple Vulnerabilities in PostgreSQL Severity: Category I - VMSKEY: V0060809 |
Snort® IPS/IDS
Date | Description |
---|---|
2021-01-12 | Apache Server mod_proxy Error Page cross site scripting attempt RuleID : 56563 - Type : SERVER-WEBAPP - Revision : 1 |
2020-10-27 | Ruby on Rails command injection attempt RuleID : 55821 - Type : SERVER-WEBAPP - Revision : 1 |
2020-09-02 | BIND DNS server TSIG denial of service attempt RuleID : 54630 - Type : PROTOCOL-DNS - Revision : 1 |
2020-07-07 | Apache Tomcat FileStore directory traversal attempt RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1 |
2020-06-23 | SaltStack wheel directory traversal attempt RuleID : 54033 - Type : SERVER-OTHER - Revision : 3 |
2020-06-23 | SaltStack wheel directory traversal attempt RuleID : 54032 - Type : SERVER-OTHER - Revision : 3 |
2020-06-23 | SaltStack wheel directory traversal attempt RuleID : 54031 - Type : SERVER-OTHER - Revision : 3 |
2020-06-23 | SaltStack wheel directory traversal attempt RuleID : 54030 - Type : SERVER-OTHER - Revision : 3 |
2020-06-23 | SaltStack authentication bypass attempt RuleID : 54023 - Type : SERVER-OTHER - Revision : 3 |
2020-06-23 | SaltStack authentication bypass attempt RuleID : 54022 - Type : SERVER-OTHER - Revision : 3 |
2020-05-27 | Google Chrome ObjectCreate type confusion attempt RuleID : 53754 - Type : BROWSER-CHROME - Revision : 1 |
2020-05-27 | Google Chrome ObjectCreate type confusion attempt RuleID : 53753 - Type : BROWSER-CHROME - Revision : 1 |
2020-05-27 | Google Chrome ObjectCreate type confusion attempt RuleID : 53752 - Type : BROWSER-CHROME - Revision : 1 |
2020-05-27 | Google Chrome ObjectCreate type confusion attempt RuleID : 53751 - Type : BROWSER-CHROME - Revision : 1 |
2020-05-05 | Google Chrome desktopMediaPickerController use after free attempt RuleID : 53534 - Type : BROWSER-CHROME - Revision : 1 |
2020-05-05 | Google Chrome desktopMediaPickerController use after free attempt RuleID : 53533 - Type : BROWSER-CHROME - Revision : 1 |
2020-04-21 | Apache Log4j SocketServer insecure deserialization remote code execution attempt RuleID : 53475 - Type : SERVER-OTHER - Revision : 1 |
2020-04-14 | OpenSMTPD smtp_mailaddr command injection attempt RuleID : 53432 - Type : SERVER-MAIL - Revision : 1 |
2020-04-14 | OpenSMTPD smtp_mailaddr command injection attempt RuleID : 53431 - Type : SERVER-MAIL - Revision : 1 |
2020-04-02 | Exim unauthenticated remote code execution attempt RuleID : 53378 - Type : SERVER-OTHER - Revision : 1 |
2020-04-02 | Exim unauthenticated remote code execution attempt RuleID : 53377 - Type : SERVER-OTHER - Revision : 1 |
2020-04-02 | Exim unauthenticated remote code execution attempt RuleID : 53376 - Type : SERVER-OTHER - Revision : 1 |
2020-02-13 | Google V8 engine type confusion attempt RuleID : 52602 - Type : BROWSER-CHROME - Revision : 1 |
2020-02-13 | Google V8 engine type confusion attempt RuleID : 52601 - Type : BROWSER-CHROME - Revision : 1 |
2020-12-05 | TRUFFLEHUNTER TALOS-2019-0973 attack attempt RuleID : 52571 - Type : FILE-OTHER - Revision : 1 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-18 | Name: The remote Fedora host is missing a security update. File: fedora_2019-a8ffcff7ee.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2019-0059.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_6_43.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_7_25.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_8_0_14.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2019-0049.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote Debian host is missing a security update. File: debian_DLA-1634.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: A PHP application running on the remote web server is affected by multiple vu... File: drupal_8_6_6.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-e6ca5847c7.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-f6ff819834.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO |
2019-01-15 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4368.nasl - Type: ACT_GATHER_INFO |
2019-01-15 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4369.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2019-011-01.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2019-1146.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2019-1147.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4365.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4366.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4367.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Fedora host is missing a security update. File: fedora_2019-18b3a10c7f.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2018-075.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Fedora host is missing a security update. File: fedora_2019-a7b53ed5a3.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote device is missing a vendor-supplied security patch. File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: An application installed on the remote MacOS / MacOSX host is affected by mul... File: macosx_wireshark_2_4_12.nasl - Type: ACT_GATHER_INFO |