This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 2018-01-19
Product Debian Linux Last view 2024-10-09
Version 11.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:debian:debian_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.8 2024-10-09 CVE-2024-9680

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

9.1 2024-06-28 CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

0 2024-04-16 CVE-2024-21096

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).

9.8 2024-02-11 CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)

7.5 2024-01-16 CVE-2024-0567

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

8.8 2023-12-21 CVE-2023-7024

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8 2023-12-19 CVE-2023-6873

Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121.

6.1 2023-12-19 CVE-2023-6867

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

6.5 2023-12-19 CVE-2023-6865

`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

8.8 2023-12-19 CVE-2023-6864

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

8.8 2023-12-19 CVE-2023-6863

The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

8.8 2023-12-19 CVE-2023-6862

A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.

8.8 2023-12-19 CVE-2023-6861

The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

6.5 2023-12-19 CVE-2023-6860

The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

8.8 2023-12-19 CVE-2023-6859

A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

8.8 2023-12-19 CVE-2023-6858

Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

8.8 2023-12-19 CVE-2023-6856

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

4.3 2023-12-19 CVE-2023-50762

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.

4.3 2023-12-19 CVE-2023-50761

The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6.

6.5 2023-12-18 CVE-2023-51385

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

5.5 2023-12-18 CVE-2023-51384

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.

7.8 2023-12-13 CVE-2023-6377

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

5.5 2023-12-12 CVE-2023-42883

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.

8.8 2023-12-11 CVE-2023-6186

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.

In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.

8.8 2023-12-11 CVE-2023-6185

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.

In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
19% (150) CWE-787 Out-of-bounds Write
16% (128) CWE-416 Use After Free
6% (47) CWE-125 Out-of-bounds Read
5% (44) CWE-190 Integer Overflow or Wraparound
3% (28) CWE-476 NULL Pointer Dereference
3% (26) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (23) CWE-770 Allocation of Resources Without Limits or Throttling
2% (18) CWE-362 Race Condition
2% (18) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (16) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
1% (13) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (12) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
1% (11) CWE-674 Uncontrolled Recursion
1% (11) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (10) CWE-755 Improper Handling of Exceptional Conditions
1% (10) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (10) CWE-295 Certificate Issues
1% (10) CWE-20 Improper Input Validation
1% (9) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
1% (8) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
1% (8) CWE-369 Divide By Zero
0% (7) CWE-502 Deserialization of Untrusted Data
0% (7) CWE-459 Incomplete Cleanup
0% (7) CWE-346 Origin Validation Error
0% (7) CWE-252 Unchecked Return Value

SAINT Exploits

Description Link
Apache Log4j JNDI message lookup vulnerability More info here
VMware Cloud Foundation XStream Deserialization More info here
SPIP password reset serialization vulnerability More info here

Nessus® Vulnerability Scanner

id Description
2016-05-13 Name: The remote Debian host is missing a security update.
File: debian_DLA-469.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-20df66892b.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-277cc63d9f.nasl - Type: ACT_GATHER_INFO
2015-06-23 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2651-1.nasl - Type: ACT_GATHER_INFO
2015-06-10 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1019-1.nasl - Type: ACT_GATHER_INFO
2014-01-06 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2836.nasl - Type: ACT_GATHER_INFO