Summary
Detail | |||
---|---|---|---|
Vendor | Debian | First view | 2018-01-19 |
Product | Debian Linux | Last view | 2024-10-09 |
Version | 11.0 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:debian:debian_linux |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.8 | 2024-10-09 | CVE-2024-9680 | An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0. |
9.1 | 2024-06-28 | CVE-2024-37371 | In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. |
0 | 2024-04-16 | CVE-2024-21096 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). |
9.8 | 2024-02-11 | CVE-2024-25714 | In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.) |
7.5 | 2024-01-16 | CVE-2024-0567 | A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. |
8.8 | 2023-12-21 | CVE-2023-7024 | Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
8.8 | 2023-12-19 | CVE-2023-6873 | Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121. |
6.1 | 2023-12-19 | CVE-2023-6867 | The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. |
6.5 | 2023-12-19 | CVE-2023-6865 | `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. |
8.8 | 2023-12-19 | CVE-2023-6864 | Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. |
8.8 | 2023-12-19 | CVE-2023-6863 | The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. |
8.8 | 2023-12-19 | CVE-2023-6862 | A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6. |
8.8 | 2023-12-19 | CVE-2023-6861 | The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. |
6.5 | 2023-12-19 | CVE-2023-6860 | The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. |
8.8 | 2023-12-19 | CVE-2023-6859 | A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. |
8.8 | 2023-12-19 | CVE-2023-6858 | Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. |
8.8 | 2023-12-19 | CVE-2023-6856 | The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. |
4.3 | 2023-12-19 | CVE-2023-50762 | When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6. |
4.3 | 2023-12-19 | CVE-2023-50761 | The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6. |
6.5 | 2023-12-18 | CVE-2023-51385 | In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. |
5.5 | 2023-12-18 | CVE-2023-51384 | In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys. |
7.8 | 2023-12-13 | CVE-2023-6377 | A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. |
5.5 | 2023-12-12 | CVE-2023-42883 | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service. |
8.8 | 2023-12-11 | CVE-2023-6186 | Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user. |
8.8 | 2023-12-11 | CVE-2023-6185 | Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
19% (150) | CWE-787 | Out-of-bounds Write |
16% (128) | CWE-416 | Use After Free |
6% (47) | CWE-125 | Out-of-bounds Read |
5% (44) | CWE-190 | Integer Overflow or Wraparound |
3% (28) | CWE-476 | NULL Pointer Dereference |
3% (26) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
2% (23) | CWE-770 | Allocation of Resources Without Limits or Throttling |
2% (18) | CWE-362 | Race Condition |
2% (18) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
2% (16) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
1% (13) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
1% (12) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
1% (11) | CWE-674 | Uncontrolled Recursion |
1% (11) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
1% (10) | CWE-755 | Improper Handling of Exceptional Conditions |
1% (10) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
1% (10) | CWE-295 | Certificate Issues |
1% (10) | CWE-20 | Improper Input Validation |
1% (9) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
1% (8) | CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli... |
1% (8) | CWE-369 | Divide By Zero |
0% (7) | CWE-502 | Deserialization of Untrusted Data |
0% (7) | CWE-459 | Incomplete Cleanup |
0% (7) | CWE-346 | Origin Validation Error |
0% (7) | CWE-252 | Unchecked Return Value |
SAINT Exploits
Description | Link |
---|---|
Apache Log4j JNDI message lookup vulnerability | More info here |
VMware Cloud Foundation XStream Deserialization | More info here |
SPIP password reset serialization vulnerability | More info here |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2016-05-13 | Name: The remote Debian host is missing a security update. File: debian_DLA-469.nasl - Type: ACT_GATHER_INFO |
2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-20df66892b.nasl - Type: ACT_GATHER_INFO |
2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-277cc63d9f.nasl - Type: ACT_GATHER_INFO |
2015-06-23 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-2651-1.nasl - Type: ACT_GATHER_INFO |
2015-06-10 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1019-1.nasl - Type: ACT_GATHER_INFO |
2014-01-06 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2836.nasl - Type: ACT_GATHER_INFO |