📦 Debian Linux

A heap buffer overflow vulnerability in Fast DDS allows unauthenticated attackers to send a single malformed RTPS DATA_FRAG packet, causing immediate crashes (DoS) and potentially enabling remote code...

CVE-2025-68670 is an unauthenticated stack-based buffer overflow vulnerability in xrdp (open source RDP server) that allows remote attackers to execute arbitrary code on affected systems. The vulnerab...

This vulnerability in GNU Inetutils telnetd allows remote attackers to bypass authentication by setting the USER environment variable to '-f root'. This affects all systems running vulnerable versions...

A buffer overflow vulnerability in net-snmp's snmptrapd daemon allows remote attackers to crash the service via specially crafted SNMP trap packets. This affects all systems running vulnerable version...

This vulnerability in Sudo allows local users to escalate privileges to root by exploiting the --chroot option to load a malicious /etc/nsswitch.conf file from a user-controlled directory. It affects ...

CVE-2014-7210 is a privilege escalation vulnerability in pdns-backend-mysql where Debian maintainer scripts grant excessive database permissions to the pdns user. This allows attackers with database a...

CVE-2025-49113 is a critical remote code execution vulnerability in Roundcube Webmail affecting authenticated users. It allows attackers to execute arbitrary PHP code on the server by exploiting impro...

This CVE describes a critical vulnerability in Erlang/OTP's SSH server that allows unauthenticated remote code execution. Attackers can exploit a flaw in SSH protocol message handling to execute arbit...

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via an out-of-bounds write issue, potentially enabling arbitrary code execution. It affects Apple devic...

This vulnerability in Apache Tomcat allows path traversal attacks via internal dot handling in filenames, potentially leading to remote code execution, information disclosure, or file corruption. It a...

This CVE describes a heap buffer overflow vulnerability in Abseil-cpp's hash containers where oversized size arguments can cause integer overflow and out-of-bounds memory writes. Any application using...

This vulnerability in GStreamer's qtdemux component allows integer underflow leading to heap corruption and arbitrary code execution. Attackers can exploit it by tricking users into opening malicious ...

This vulnerability in Apache Tomcat allows authentication bypass when using custom Jakarta Authentication components that throw exceptions without setting proper HTTP failure status. It affects Tomcat...

CVE-2024-49369 is a critical TLS certificate validation flaw in Icinga 2 that allows attackers to impersonate trusted cluster nodes and API users using TLS client certificates. This enables unauthoriz...

This vulnerability is a buffer overflow in GLib's SOCKS4 proxy implementation due to an off-by-one error. It allows attackers to execute arbitrary code or cause denial of service by sending specially ...

This CVE-2024-47685 is a Linux kernel vulnerability in the netfilter IPv6 rejection module where uninitialized memory from TCP header reserved bits could be leaked in reset packets. This affects syste...

This critical vulnerability allows remote attackers to execute arbitrary code by exploiting a use-after-free flaw in Firefox's animation timeline implementation. Attackers can achieve code execution i...

This vulnerability in Flatpak allows malicious or compromised applications using persistent directories to escape sandbox restrictions and access/write files outside their intended scope. It affects L...

This vulnerability in MIT Kerberos 5 allows attackers to trigger invalid memory reads by sending specially crafted GSS message tokens with invalid length fields. This could potentially lead to denial ...

This CVE describes integer overflow vulnerabilities in libvpx (VP8/VP9 video codec library) that can occur when processing large image dimensions or alignment parameters. Attackers could exploit these...

A buffer overflow vulnerability in MUNGE authentication daemon (munged) versions 0.5 to 0.5.17 allows local attackers to leak cryptographic key material from process memory. With the leaked key materi...

This vulnerability in Fast DDS allows remote attackers to cause denial-of-service by sending specially crafted SPDP packets with manipulated DATA Submessage fields. When security mode is enabled, tamp...

Fast DDS versions prior to 3.4.1, 3.3.1, and 2.6.11 contain a vulnerability where malicious ParticipantGenericMessage packets can trigger excessive memory allocation during CDR parsing, leading to out...

This vulnerability in Fast DDS allows remote attackers to cause a denial-of-service (DoS) by sending specially crafted SPDP packets with modified DATA Submessage fields. When security mode is enabled,...

This vulnerability in Fast DDS allows remote attackers to cause a denial of service by triggering an out-of-memory condition. When security mode is enabled, tampering with specific fields in SPDP pack...

This vulnerability in tcpflow's wifipcap component allows a 1-byte out-of-bounds write when parsing specially crafted 802.11 management frames with large TIM elements. Attackers could potentially caus...

This CVE describes a remote code execution vulnerability in PHPUnit's PHPT test execution when code coverage instrumentation is enabled. Attackers with local file write access can place malicious seri...

CVE-2025-64512 is a remote code execution vulnerability in pdfminer.six where malicious PDF files can trigger deserialization of arbitrary pickle files, leading to arbitrary code execution. This affec...

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious XWD image files in GIMP. The heap-based buffer overflow occurs due to improper length vali...

A heap-based buffer overflow vulnerability in GIMP's HDR file parser allows remote attackers to execute arbitrary code when users open malicious HDR files. This affects all GIMP installations that pro...

A Linux kernel vulnerability in the i40e network driver causes incorrect IRQ cleanup during error handling, leading to kernel warnings and potential system instability. This affects systems using Inte...

A memory management vulnerability in the Linux kernel's TCP BPF subsystem where failure to allocate memory for corked data doesn't properly clean up socket resources, leading to a use-after-free condi...

This CVE describes an information leak vulnerability in the Linux kernel's mwifiex WiFi driver. Uninitialized memory in the chan_stats array could allow attackers to read kernel memory contents. Syste...

This CVE describes a local privilege escalation vulnerability in VMware Aria Operations and VMware Tools. A malicious local user with non-administrative privileges on a VM can exploit this to gain roo...

A use-after-free vulnerability in the Linux kernel's DAMON sysfs interface allows race conditions where freed memory is accessed. This can lead to kernel crashes or potential privilege escalation. Aff...

A type confusion vulnerability in the Linux kernel's libceph component allows reading/writing to incorrect memory locations when using the msgr2 protocol. This affects systems using Ceph distributed s...

This CVE describes a double-free vulnerability in the Linux kernel's dmaengine idxd driver. The bug occurs during error handling in the idxd_setup_wqs() function, which can lead to memory corruption a...

This is a use-after-free vulnerability in the Linux kernel's Xilinx CAN driver that occurs when transmitting network packets. It allows attackers with local access to potentially crash the system or e...

A use-after-free vulnerability in the Linux kernel's __mark_inode_dirty() function allows attackers to potentially crash the system or execute arbitrary code with kernel privileges. This affects Linux...

This CVE describes a memory access vulnerability in the Linux kernel's i40e network driver. When the MAC address list is empty, the driver uses list_first_entry() which can return a pointer to invalid...

This CVE describes a memory corruption vulnerability in the Linux kernel's WiFi subsystem where SSID length validation is missing in the __cfg80211_connect_result() function. Attackers could exploit t...

This vulnerability in the Linux kernel's batman-adv network coding module allows out-of-bounds memory read/write operations. Attackers could potentially crash systems, leak sensitive information, or e...

This CVE describes a use-after-free vulnerability in the Linux kernel's lpfc SCSI driver. An attacker could exploit this to cause a kernel panic (denial of service) or potentially execute arbitrary co...

A Linux kernel XFS filesystem vulnerability where disk medium errors returning ENODATA are incorrectly interpreted as 'attribute not found' by xattr code. This can cause kernel oops (crashes) or incor...

This CVE-2025-39828 is a Linux kernel vulnerability in the ATM subsystem that allows arbitrary kernel memory writes via specially crafted sendmsg() calls. Attackers can exploit this to potentially exe...

This CVE describes a use-after-free vulnerability in the Linux kernel's ROSE networking protocol implementation. The vulnerability occurs due to non-atomic reference counting in the rose_neigh structu...

This CVE addresses a speculative execution side-channel vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem for x86 systems. Guest-controlled indices (min and dest_id) wer...

A slab-out-of-bounds memory access vulnerability in the Linux kernel's efivarfs filesystem allows attackers to cause kernel memory corruption through parallel directory lookups with specially crafted ...

This vulnerability allows a malicious HID device to trigger a slab out-of-bounds memory access in the Linux kernel's multitouch driver. Attackers could potentially cause kernel crashes or achieve arbi...

A NULL pointer dereference vulnerability in the Linux kernel's VMCI subsystem allows local attackers to cause a general protection fault (GPF) and potentially crash the system. This affects systems wi...

A Linux kernel vulnerability in the UFS (Universal Flash Storage) driver for Exynos chipsets allows undefined behavior due to integer overflow when programming hardware registers. This affects devices...

A double-free vulnerability in the Linux kernel's MHI host driver allows a malicious or compromised remote device to trigger memory corruption. This affects systems using the MHI bus for communication...

A use-after-free vulnerability in the Linux kernel's PCI endpoint subsystem allows local attackers to potentially crash the system or execute arbitrary code with kernel privileges. This affects system...

A use-after-free vulnerability in the Linux kernel's debug_vm_pgtable test module allows stale page table entries to persist after test completion. When another process allocates memory at the same ad...

A Linux kernel vulnerability in the CAKE (Common Applications Kept Enhanced) queuing discipline causes incorrect congestion notification when packets are dropped due to low buffer limits. This can tri...

A Linux kernel vulnerability in the ALSA USB audio subsystem allows out-of-bounds memory access when processing malicious UAC3 audio device descriptors. This affects systems using USB audio devices wi...

A race condition in the Linux kernel's Btrfs filesystem allows use-after-free of qgroup records when quota disable and quota rescan operations occur simultaneously. This vulnerability can lead to kern...

This is a data race vulnerability in the Linux kernel's RCU (Read-Copy Update) subsystem where concurrent access to the ->defer_qs_iw_pending field could cause undefined behavior. It affects Linux sys...

A Linux kernel vulnerability in the JFS filesystem where inode pages aren't properly truncated when a hard link count reaches zero, potentially causing kernel panic or system crash. This affects syste...

A Linux kernel Btrfs filesystem vulnerability allows transaction aborts when relocating partially dropped subvolumes, causing filesystem corruption and potential system crashes. This affects systems u...

This vulnerability in Fast DDS allows remote attackers to cause a denial of service by triggering an out-of-memory condition through specially crafted SPDP packets. When security mode is enabled, tamp...

A NULL pointer dereference vulnerability in python-apt's TagSection.keys() function allows local attackers to crash processes by providing malformed deb822 files with non-UTF-8 keys. This affects APT-...

CVE-2025-63498 is a cross-site scripting (XSS) vulnerability in alinto SOGo 5.12.3 that allows attackers to inject malicious scripts via the 'userName' parameter. When exploited, this can lead to sess...

A NULL pointer dereference vulnerability in the Linux kernel's PCMCIA subsystem could allow local attackers to cause a kernel panic or potentially execute arbitrary code. This affects systems with PCM...

A Linux kernel vulnerability in the Qualcomm BAM DMA driver allows early boot crashes when device tree configurations are missing required properties. This affects Linux systems using Qualcomm SoCs wi...

A divide-by-zero vulnerability in the Linux kernel's DAMON_RECLAIM subsystem can cause kernel crashes when creating new memory reclamation schemes. This affects Linux systems using DAMON_RECLAIM for p...

This is a double-free vulnerability in the Linux kernel's tracing subsystem where fault injection during memory allocation can cause the same tracepoint to be registered twice, leading to a kernel war...

A DMA mapping vulnerability in the Linux kernel's STM32 FMC2 NAND controller driver causes overlapping memory mappings when handling ECC buffers, triggering kernel warnings and potential system instab...

A divide-by-zero vulnerability in the Linux kernel's DAMON LRU_SORT module allows local attackers to trigger a kernel panic by setting certain parameters to zero. This affects systems running vulnerab...

A NULL pointer dereference vulnerability in the Linux kernel's SLUB memory allocator can cause kernel crashes when debugging code attempts to access invalid object metadata. This affects Linux systems...

A race condition vulnerability in the Linux kernel's netfilter bridge module (br_netfilter) can cause kernel warnings and potential denial-of-service when handling broadcast packets on bridged tap dev...

This CVE describes a recursive semaphore deadlock vulnerability in the OCFS2 filesystem implementation in the Linux kernel. When performing a FIEMAP ioctl operation on a specially crafted mmap file, t...

A NULL pointer dereference vulnerability in the Linux kernel's FEC (Fast Ethernet Controller) driver could cause kernel panic and system crashes when the of_phy_find_device function returns NULL. This...

A NULL pointer dereference vulnerability in the Linux kernel's TEE (Trusted Execution Environment) subsystem allows local attackers to cause a kernel panic and system crash. This affects systems using...

A NULL pointer dereference vulnerability in the Linux kernel's SMC (Shared Memory Communications) module allows local attackers to cause a kernel panic (denial of service) when using software RoCE (RD...

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's PCMCIA subsystem. If exploited, it could cause a kernel panic or system crash, affecting systems with PCMCIA hardware ...

A Linux kernel memory management vulnerability causes kernel panics during boot when systems with 4-level paging and large persistent memory initialize vmemmap structures. The issue occurs when top-le...

A memory management vulnerability in the Linux kernel causes intermittent boot failures and crashes on systems with 4-level paging and large persistent memory. The issue occurs when page tables aren't...

This CVE describes a memory leak vulnerability in the Linux kernel's PPP (Point-to-Point Protocol) implementation. When the pad_compress_skb() function fails to allocate memory for compression, it doe...

A memory corruption vulnerability in the Linux kernel's AX.25 protocol implementation allows attackers to cause kernel crashes or potentially execute arbitrary code by sending specially crafted KISS (...

A race condition vulnerability exists in the Linux kernel's SMB client implementation during rename operations. This allows concurrent file opens to interfere with rename processes, potentially causin...

A reference counting bug in the Linux kernel's SMB client implementation could cause resource leaks when memory allocation fails during compound operations. This affects Linux systems using the SMB cl...

This CVE describes a race condition in the Linux kernel's ftrace subsystem that can trigger a kernel warning when ftrace_dump is called concurrently with reading trace_pipe. The vulnerability affects ...

This CVE describes an uninitialized memory vulnerability in the Linux kernel's SCTP IPv6 implementation. When sin6_scope_id and sin6_flowinfo fields are not properly cleared in sctp_v6_from_sk(), it c...

A null pointer dereference vulnerability in the Linux kernel's HID ntrig driver allows local attackers to trigger a kernel page fault by sending crafted descriptors to /dev/uhid. This affects Linux sy...

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's ACPI processor idle driver. If exploited, it could cause a kernel panic leading to denial of service. This affects Lin...

This CVE addresses a kernel panic vulnerability in the Linux kernel's USB DWC3 driver. When 'panic_on_warn' is enabled, endpoint command timeouts during rapid USB connect/disconnect sequences trigger ...

VMSCAPE is a vulnerability in the Linux kernel that allows a malicious guest VM to poison branch predictors, potentially enabling speculative execution attacks against userspace hypervisors like QEMU....

A Linux kernel vulnerability in the jbd2 journaling subsystem can cause softlockups (system hangs) when processing filesystem operations. This affects systems using ext4 filesystems with journaling en...

A Linux kernel vulnerability in the bridge networking module allows a local attacker to cause a denial of service (soft lockup) by setting multicast query intervals to extremely large values. This aff...