What is the debian CNA?
debian is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 642 CVE records since 2005.
How many CVEs has debian published?
debian has published 642 CVE records, including 9 in the last two years.
What is debian's CVE data quality grade?
RadicalNotion.AI grades debian's CVE data quality as F, with an overall completeness score of 8.6%. This reflects how consistently its CVE records include vendor (11.8%), product (20.7%), CVSS (0%), and CWE (2%) information.
What products does debian publish CVEs for?
debian most frequently publishes CVEs for debian linux, ubuntu linux, imagemagick, fedora, leap.
Which vendors does debian cover?
debian publishes CVEs across 34 distinct vendors, most often Debian, canonical, opensuse, imagemagick, fedoraproject.
Is debian actively publishing CVEs?
debian is currently active, based on 9 CVEs in the last two years.
How many critical CVEs has debian published?
debian has published 9 critical-severity CVEs and 5 high-severity CVEs.
Are any of debian's CVEs in CISA's Known Exploited Vulnerabilities catalog?
Yes. 3 of debian's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
What are the most common weakness types in debian's CVEs?
debian's CVEs most often map to these CWE weakness types: CWE-120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')), CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-276 (Incorrect Default Permissions), CWE-862 (Missing Authorization).
How does debian rank among CNAs?
By total CVE volume, debian ranks #48 of 370 CNAs, and it reports more complete CVE records than 1% of all CNAs.
