This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 2015-05-29
Product Debian Linux Last view 2020-09-09
Version 9.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:debian:debian_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2020-09-09 CVE-2020-25219

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.

7.1 2020-09-03 CVE-2020-7729

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

7.3 2020-08-24 CVE-2020-14350

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.

6.5 2020-08-21 CVE-2020-7923

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.5 versions prior to 4.5.1; v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19.

7.5 2020-08-19 CVE-2020-24368

Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.

5.5 2020-08-13 CVE-2020-16304

A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16302

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.

7.5 2020-08-12 CVE-2020-12674

In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.

7.5 2020-08-12 CVE-2020-12673

In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.

7.5 2020-08-12 CVE-2020-12100

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

5.9 2020-07-29 CVE-2020-16135

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.

5.9 2020-07-29 CVE-2020-16117

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

6.5 2020-07-27 CVE-2020-15954

KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.

7.5 2020-07-21 CVE-2020-15890

LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.

5.9 2020-07-17 CVE-2020-14928

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

9.8 2020-07-17 CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.

6.5 2020-07-09 CVE-2020-10756

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.

8.8 2020-07-02 CVE-2020-8163

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

7.5 2020-06-29 CVE-2020-4067

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.

5.5 2020-06-29 CVE-2020-15393

In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.

6.5 2020-06-29 CVE-2020-15389

jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.

5.9 2020-06-21 CVE-2020-14954

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."

9.8 2020-06-19 CVE-2020-8165

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

7.5 2020-06-19 CVE-2020-8164

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

6.1 2020-06-09 CVE-2020-13965

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
11% (192) CWE-20 Improper Input Validation
10% (166) CWE-125 Out-of-bounds Read
10% (163) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (130) CWE-416 Use After Free
7% (128) CWE-787 Out-of-bounds Write
5% (91) CWE-200 Information Exposure
5% (89) CWE-190 Integer Overflow or Wraparound
3% (63) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (55) CWE-476 NULL Pointer Dereference
2% (36) CWE-772 Missing Release of Resource after Effective Lifetime
1% (27) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (25) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (22) CWE-502 Deserialization of Untrusted Data
1% (19) CWE-269 Improper Privilege Management
1% (18) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
1% (17) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
1% (17) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (16) CWE-362 Race Condition
0% (16) CWE-287 Improper Authentication
0% (16) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
0% (13) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (13) CWE-704 Incorrect Type Conversion or Cast
0% (11) CWE-415 Double Free
0% (11) CWE-352 Cross-Site Request Forgery (CSRF)
0% (11) CWE-347 Improper Verification of Cryptographic Signature

SAINT Exploits

Description Link
Exim SMTP listener base64d function one-character buffer overflow More info here
Drupal Form API command execution More info here
Ruby on Rails local names command execution More info here
OpenSMTPD MAIL FROM command injection More info here
libssh authentication bypass More info here
Horde Imp Unauthenticated Remote Command Execution More info here

Open Source Vulnerability Database (OSVDB)

id Description
78564 Postfix Admin Unspecified XSS
78563 Postfix Admin edit-alias.php Unspecified XSS
78562 Postfix Admin create-alias.php Unspecified XSS
78561 Postfix Admin create-domain.php Unspecified XSS
78560 Postfix Admin templates/edit-vacation.php domain Parameter XSS
78559 Postfix Admin templates/menu.php domain Parameter XSS
78134 pithos Predictable Name Temporary File Symlink Arbitrary File Overwrite
77581 yaws URI Traversal Arbitrary File Access
75192 rsyslog Multiple Ruleset Message Handling Memory Exhaustion Local DoS (2011-1...
75191 rsyslog Multiple Ruleset Message Handling Memory Exhaustion Local DoS (2011-1...
75190 rsyslog RepeatedMsgReduction Function Memory Exhaustion Local DoS
74915 ax25-tools ax25d Return Value Checking Weakness Remote Privilege Escalation
74685 xpdf Font CharCodes Parsing Integer Overflow
74684 xpdf Malformed Command Handling Gfx Content Memory Corruption
74646 ConsoleKit VNC Session is-local Property Handling Remote Privilege Escalation
74150 Drupal Comment Attachment Access Restriction Bypass
73394 klibc DHCP Response Handling Metacharacter Shell Command Execution
71849 Thunar thunar/thunar-transfer-job.c thunar_transfer_job_copy_node() Function ...
71478 unixODBC SQLDriverConnect() SAVEFILE Parameter Overflow
68866 Ettercap src/interfaces/gtk/ec_gtk_conf.c gtkui_conf_read() Function Local Ov...

ExploitDB Exploits

id Description
29519 Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability
29274 Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-11-26 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD20.nasl
2012-10-09 Name : Fedora Update for phpldapadmin FEDORA-2012-14363
File : nvt/gb_fedora_2012_14363_phpldapadmin_fc16.nasl
2012-10-09 Name : Fedora Update for phpldapadmin FEDORA-2012-14344
File : nvt/gb_fedora_2012_14344_phpldapadmin_fc17.nasl
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-18 (postfixadmin)
File : nvt/glsa_201209_18.nasl
2012-08-30 Name : Fedora Update for openstack-keystone FEDORA-2012-4690
File : nvt/gb_fedora_2012_4690_openstack-keystone_fc17.nasl
2012-08-30 Name : Fedora Update for uzbl FEDORA-2012-2321
File : nvt/gb_fedora_2012_2321_uzbl_fc17.nasl
2012-08-30 Name : Fedora Update for openttd FEDORA-2012-12198
File : nvt/gb_fedora_2012_12198_openttd_fc16.nasl
2012-08-30 Name : Fedora Update for ecryptfs-utils FEDORA-2012-11069
File : nvt/gb_fedora_2012_11069_ecryptfs-utils_fc17.nasl
2012-08-10 Name : Debian Security Advisory DSA 2524-1 (openttd)
File : nvt/deb_2524_1.nasl
2012-08-06 Name : Fedora Update for ecryptfs-utils FEDORA-2012-11049
File : nvt/gb_fedora_2012_11049_ecryptfs-utils_fc16.nasl
2012-06-28 Name : Ubuntu Update for network-manager-applet USN-1483-2
File : nvt/gb_ubuntu_USN_1483_2.nasl
2012-06-28 Name : Ubuntu Update for network-manager USN-1483-1
File : nvt/gb_ubuntu_USN_1483_1.nasl
2012-04-11 Name : Fedora Update for openstack-keystone FEDORA-2012-4960
File : nvt/gb_fedora_2012_4960_openstack-keystone_fc16.nasl
2012-04-02 Name : Fedora Update for openttd FEDORA-2012-0647
File : nvt/gb_fedora_2012_0647_openttd_fc16.nasl
2012-04-02 Name : Fedora Update for foomatic FEDORA-2011-11118
File : nvt/gb_fedora_2011_11118_foomatic_fc16.nasl
2012-03-19 Name : Fedora Update for polipo FEDORA-2012-0840
File : nvt/gb_fedora_2012_0840_polipo_fc16.nasl
2012-03-19 Name : Fedora Update for hardlink FEDORA-2011-14727
File : nvt/gb_fedora_2011_14727_hardlink_fc16.nasl
2012-03-19 Name : Fedora Update for uzbl FEDORA-2012-2384
File : nvt/gb_fedora_2012_2384_uzbl_fc16.nasl
2012-03-07 Name : Fedora Update for uzbl FEDORA-2012-2364
File : nvt/gb_fedora_2012_2364_uzbl_fc15.nasl
2012-02-12 Name : FreeBSD Ports: openttd
File : nvt/freebsd_openttd4.nasl
2012-02-12 Name : FreeBSD Ports: surf
File : nvt/freebsd_surf.nasl
2012-02-12 Name : FreeBSD Ports: postfixadmin
File : nvt/freebsd_postfixadmin.nasl
2012-02-03 Name : Fedora Update for polipo FEDORA-2012-0849
File : nvt/gb_fedora_2012_0849_polipo_fc15.nasl
2012-02-01 Name : Fedora Update for openttd FEDORA-2012-0623
File : nvt/gb_fedora_2012_0623_openttd_fc15.nasl
2011-12-12 Name : Fedora Update for hardlink FEDORA-2011-14753
File : nvt/gb_fedora_2011_14753_hardlink_fc15.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0160 Multiple Vulnerabilities in Oracle Linux and Virtualization
Severity: Category I - VMSKEY: V0061123
2015-B-0068 Multiple Vulnerabilities in PostgreSQL
Severity: Category I - VMSKEY: V0060809

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-09-02 BIND DNS server TSIG denial of service attempt
RuleID : 54630 - Type : PROTOCOL-DNS - Revision : 1
2020-07-07 Apache Tomcat FileStore directory traversal attempt
RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54033 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54032 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54031 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54030 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54023 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54022 - Type : SERVER-OTHER - Revision : 3
2020-05-27 Google Chrome ObjectCreate type confusion attempt
RuleID : 53754 - Type : BROWSER-CHROME - Revision : 1
2020-05-27 Google Chrome ObjectCreate type confusion attempt
RuleID : 53753 - Type : BROWSER-CHROME - Revision : 1
2020-05-27 Google Chrome ObjectCreate type confusion attempt
RuleID : 53752 - Type : BROWSER-CHROME - Revision : 1
2020-05-27 Google Chrome ObjectCreate type confusion attempt
RuleID : 53751 - Type : BROWSER-CHROME - Revision : 1
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53534 - Type : BROWSER-CHROME - Revision : 1
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53533 - Type : BROWSER-CHROME - Revision : 1
2020-04-14 OpenSMTPD smtp_mailaddr command injection attempt
RuleID : 53432 - Type : SERVER-MAIL - Revision : 1
2020-04-14 OpenSMTPD smtp_mailaddr command injection attempt
RuleID : 53431 - Type : SERVER-MAIL - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53378 - Type : SERVER-OTHER - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53377 - Type : SERVER-OTHER - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53376 - Type : SERVER-OTHER - Revision : 1
2020-02-13 Google V8 engine type confusion attempt
RuleID : 52602 - Type : BROWSER-CHROME - Revision : 1
2020-02-13 Google V8 engine type confusion attempt
RuleID : 52601 - Type : BROWSER-CHROME - Revision : 1
2020-02-04 dnsmasq crafted OPT record denial of service attempt
RuleID : 52524 - Type : PROTOCOL-DNS - Revision : 1
2020-01-23 Google Chrome V8 AwaitedPromise memory corruption attempt
RuleID : 52504 - Type : BROWSER-CHROME - Revision : 1
2020-01-23 Google Chrome V8 AwaitedPromise memory corruption attempt
RuleID : 52503 - Type : BROWSER-CHROME - Revision : 1
2020-01-21 ZeroMQ libzmq pointer overflow attempt
RuleID : 52501 - Type : SERVER-OTHER - Revision : 1

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-18 Name: The remote Fedora host is missing a security update.
File: fedora_2019-a8ffcff7ee.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2019-0059.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_6_43.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_7_25.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_8_0_14.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2019-0049.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Debian host is missing a security update.
File: debian_DLA-1634.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: A PHP application running on the remote web server is affected by multiple vu...
File: drupal_8_6_6.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-e6ca5847c7.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-f6ff819834.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote database server is affected by multiple vulnerabilities
File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO
2019-01-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4368.nasl - Type: ACT_GATHER_INFO
2019-01-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4369.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2019-011-01.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2019-1146.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2019-1147.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4365.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4366.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4367.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Fedora host is missing a security update.
File: fedora_2019-18b3a10c7f.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2018-075.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Fedora host is missing a security update.
File: fedora_2019-a7b53ed5a3.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: An application installed on the remote MacOS / MacOSX host is affected by mul...
File: macosx_wireshark_2_4_12.nasl - Type: ACT_GATHER_INFO