Debian Security Vulnerabilities (CVEs)
Track 1,323 security vulnerabilities affecting Debian products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A buffer overflow vulnerability in MUNGE authentication daemon (munged) versions 0.5 to 0.5.17 allows local attackers to leak cryptographic key materi...
Feb 10, 2026This vulnerability in Fast DDS allows remote attackers to cause a denial of service by triggering an out-of-memory condition through specially crafted...
Feb 3, 2026This vulnerability in Fast DDS allows remote attackers to cause denial-of-service by sending specially crafted SPDP packets with manipulated DATA Subm...
Feb 3, 2026Fast DDS versions prior to 3.4.1, 3.3.1, and 2.6.11 contain a vulnerability where malicious ParticipantGenericMessage packets can trigger excessive me...
Feb 3, 2026A heap buffer overflow vulnerability in Fast DDS allows unauthenticated attackers to send a single malformed RTPS DATA_FRAG packet, causing immediate ...
Feb 3, 2026This vulnerability in Fast DDS allows remote attackers to cause a denial-of-service (DoS) by sending specially crafted SPDP packets with modified DATA...
Feb 3, 2026This vulnerability in Fast DDS allows remote attackers to cause a denial of service by triggering an out-of-memory condition. When security mode is en...
Feb 3, 2026This vulnerability in tcpflow's wifipcap component allows a 1-byte out-of-bounds write when parsing specially crafted 802.11 management frames with la...
Jan 29, 2026This CVE describes a remote code execution vulnerability in PHPUnit's PHPT test execution when code coverage instrumentation is enabled. Attackers wit...
Jan 27, 2026CVE-2025-68670 is an unauthenticated stack-based buffer overflow vulnerability in xrdp (open source RDP server) that allows remote attackers to execut...
Jan 27, 2026This vulnerability in GNU Inetutils telnetd allows remote attackers to bypass authentication by setting the USER environment variable to '-f root'. Th...
Jan 21, 2026A buffer overflow vulnerability in net-snmp's snmptrapd daemon allows remote attackers to crash the service via specially crafted SNMP trap packets. T...
Dec 23, 2025A NULL pointer dereference vulnerability in python-apt's TagSection.keys() function allows local attackers to crash processes by providing malformed d...
Dec 5, 2025CVE-2025-63498 is a cross-site scripting (XSS) vulnerability in alinto SOGo 5.12.3 that allows attackers to inject malicious scripts via the 'userName...
Nov 24, 2025CVE-2025-64512 is a remote code execution vulnerability in pdfminer.six where malicious PDF files can trigger deserialization of arbitrary pickle file...
Nov 10, 2025This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious XWD image files in GIMP. The heap-based ...
Oct 29, 2025A heap-based buffer overflow vulnerability in GIMP's HDR file parser allows remote attackers to execute arbitrary code when users open malicious HDR f...
Oct 29, 2025A NULL pointer dereference vulnerability in the Linux kernel's PCMCIA subsystem could allow local attackers to cause a kernel panic or potentially exe...
Oct 1, 2025A Linux kernel vulnerability in the Qualcomm BAM DMA driver allows early boot crashes when device tree configurations are missing required properties....
Oct 1, 2025A Linux kernel vulnerability in the i40e network driver causes incorrect IRQ cleanup during error handling, leading to kernel warnings and potential s...
Oct 1, 2025A memory management vulnerability in the Linux kernel's TCP BPF subsystem where failure to allocate memory for corked data doesn't properly clean up s...
Oct 1, 2025This is a double-free vulnerability in the Linux kernel's tracing subsystem where fault injection during memory allocation can cause the same tracepoi...
Oct 1, 2025A divide-by-zero vulnerability in the Linux kernel's DAMON_RECLAIM subsystem can cause kernel crashes when creating new memory reclamation schemes. Th...
Oct 1, 2025A DMA mapping vulnerability in the Linux kernel's STM32 FMC2 NAND controller driver causes overlapping memory mappings when handling ECC buffers, trig...
Oct 1, 2025A divide-by-zero vulnerability in the Linux kernel's DAMON LRU_SORT module allows local attackers to trigger a kernel panic by setting certain paramet...
Oct 1, 2025A NULL pointer dereference vulnerability in the Linux kernel's SLUB memory allocator can cause kernel crashes when debugging code attempts to access i...
Oct 1, 2025This CVE describes an information leak vulnerability in the Linux kernel's mwifiex WiFi driver. Uninitialized memory in the chan_stats array could all...
Oct 1, 2025A race condition vulnerability in the Linux kernel's netfilter bridge module (br_netfilter) can cause kernel warnings and potential denial-of-service ...
Oct 1, 2025This CVE describes a local privilege escalation vulnerability in VMware Aria Operations and VMware Tools. A malicious local user with non-administrati...
Sep 29, 2025This CVE describes a recursive semaphore deadlock vulnerability in the OCFS2 filesystem implementation in the Linux kernel. When performing a FIEMAP i...
Sep 23, 2025A NULL pointer dereference vulnerability in the Linux kernel's FEC (Fast Ethernet Controller) driver could cause kernel panic and system crashes when ...
Sep 23, 2025A use-after-free vulnerability in the Linux kernel's DAMON sysfs interface allows race conditions where freed memory is accessed. This can lead to ker...
Sep 23, 2025A type confusion vulnerability in the Linux kernel's libceph component allows reading/writing to incorrect memory locations when using the msgr2 proto...
Sep 23, 2025This CVE describes a double-free vulnerability in the Linux kernel's dmaengine idxd driver. The bug occurs during error handling in the idxd_setup_wqs...
Sep 23, 2025This is a use-after-free vulnerability in the Linux kernel's Xilinx CAN driver that occurs when transmitting network packets. It allows attackers with...
Sep 23, 2025A NULL pointer dereference vulnerability in the Linux kernel's TEE (Trusted Execution Environment) subsystem allows local attackers to cause a kernel ...
Sep 19, 2025A use-after-free vulnerability in the Linux kernel's __mark_inode_dirty() function allows attackers to potentially crash the system or execute arbitra...
Sep 19, 2025This CVE describes a memory access vulnerability in the Linux kernel's i40e network driver. When the MAC address list is empty, the driver uses list_f...
Sep 19, 2025A NULL pointer dereference vulnerability in the Linux kernel's SMC (Shared Memory Communications) module allows local attackers to cause a kernel pani...
Sep 19, 2025A Linux kernel memory management vulnerability causes kernel panics during boot when systems with 4-level paging and large persistent memory initializ...
Sep 19, 2025A memory management vulnerability in the Linux kernel causes intermittent boot failures and crashes on systems with 4-level paging and large persisten...
Sep 19, 2025This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's PCMCIA subsystem. If exploited, it could cause a kernel panic or sys...
Sep 19, 2025This CVE describes a memory leak vulnerability in the Linux kernel's PPP (Point-to-Point Protocol) implementation. When the pad_compress_skb() functio...
Sep 19, 2025A memory corruption vulnerability in the Linux kernel's AX.25 protocol implementation allows attackers to cause kernel crashes or potentially execute ...
Sep 19, 2025This CVE describes a memory corruption vulnerability in the Linux kernel's WiFi subsystem where SSID length validation is missing in the __cfg80211_co...
Sep 19, 2025This vulnerability in the Linux kernel's batman-adv network coding module allows out-of-bounds memory read/write operations. Attackers could potential...
Sep 19, 2025This CVE describes a use-after-free vulnerability in the Linux kernel's lpfc SCSI driver. An attacker could exploit this to cause a kernel panic (deni...
Sep 19, 2025A Linux kernel XFS filesystem vulnerability where disk medium errors returning ENODATA are incorrectly interpreted as 'attribute not found' by xattr c...
Sep 16, 2025This CVE-2025-39828 is a Linux kernel vulnerability in the ATM subsystem that allows arbitrary kernel memory writes via specially crafted sendmsg() ca...
Sep 16, 2025This CVE describes a use-after-free vulnerability in the Linux kernel's ROSE networking protocol implementation. The vulnerability occurs due to non-a...
Sep 16, 2025Why Monitor Debian Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 1,323+ known vulnerabilities affecting Debian products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Debian packages in under 60 seconds. No agents required - completely agentless scanning that works across Debian deployments.
Free vulnerability database: Access detailed information about every Debian CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Debian CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
