Debian Security Vulnerabilities (CVEs)
Track 1,415 security vulnerabilities affecting Debian products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This CVE describes memory safety bugs in Firefox, Firefox ESR, and Thunderbird that could lead to memory corruption. With sufficient effort, attackers...
Sep 27, 2023This vulnerability allows arbitrary code execution when processing malicious web content in Apple's WebKit browser engine. It affects users of Safari ...
Sep 27, 2023This CVE-2023-42753 is an array indexing vulnerability in the Linux kernel's netfilter subsystem that allows local attackers to perform out-of-bounds ...
Sep 25, 2023A Type Confusion vulnerability in Netatalk's afpd service allows remote attackers to potentially execute arbitrary code by sending malicious Spotlight...
Sep 20, 2023CVE-2019-19450 is a critical remote code execution vulnerability in ReportLab's paraparser module. Attackers can execute arbitrary Python code by craf...
Sep 20, 2023A denial-of-service vulnerability in BIND 9's DNS-over-TLS implementation causes the named service to crash when handling high volumes of DNS-over-TLS...
Sep 20, 2023This CVE describes a use-after-free vulnerability in the Linux kernel's qfq scheduler component that allows local attackers to escalate privileges. Th...
Sep 12, 2023This vulnerability is a race condition in OpenPMIx that allows attackers to gain ownership of arbitrary files when the library code runs with root pri...
Sep 9, 2023This CVE describes a use-after-free vulnerability in the Linux kernel's af_unix component that allows local attackers to escalate privileges. The race...
Sep 6, 2023This CVE describes a use-after-free vulnerability in the Linux kernel's net/sched: cls_route component that allows local attackers to escalate privile...
Sep 6, 2023This CVE describes a use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 traffic control subsystem. It allows a local attacker to es...
Sep 6, 2023This CVE describes a use-after-free vulnerability in the Linux kernel's netfilter nf_tables component. It allows a local attacker to escalate privileg...
Sep 6, 2023This is a type confusion vulnerability in Chrome's V8 JavaScript engine that allows remote attackers to execute arbitrary code by tricking the browser...
Sep 5, 2023This vulnerability in FRRouting FRR allows remote attackers to cause a denial of service (crash) by sending specially crafted BGP flowspec requests wi...
Sep 5, 2023This CVE describes a use-after-free vulnerability in FreeRDP's processing of RDPGFX_CMDID_RESETGRAPHICS packets. When context->maxPlaneSize is 0, the ...
Aug 31, 2023This CVE describes a privilege escalation vulnerability in VMware vSphere where a malicious actor with Guest Operation Privileges in a target virtual ...
Aug 31, 2023This vulnerability allows remote attackers to cause denial of service (DoS) in FRRouting and Pica8 PICOS systems by sending specially crafted BGP upda...
Aug 29, 2023CVE-2023-41361 is a buffer overflow vulnerability in FRRouting's BGP daemon (bgpd) that occurs when processing BGP OPEN messages with overly large sof...
Aug 29, 2023A NULL pointer dereference vulnerability in FRRouting's BGP daemon allows remote attackers to cause denial of service by sending specially crafted BGP...
Aug 29, 2023This cross-site scripting (XSS) vulnerability in Prometheus Alertmanager allows attackers with POST permission to the /api/v1/alerts endpoint to injec...
Aug 25, 2023This is a use-after-free vulnerability in Chrome's Loader component that allows remote attackers to potentially exploit heap corruption via a crafted ...
Aug 23, 2023This vulnerability allows a remote attacker to read memory outside the intended bounds in Google Chrome's font processing component. Attackers can exp...
Aug 23, 2023This CVE describes an XML External Entity (XXE) vulnerability in Python's plistlib module through version 3.9.1. Attackers can exploit this by craftin...
Aug 22, 2023A stack overflow vulnerability in BusyBox's ash shell allows remote attackers to execute arbitrary code via crafted commands. This affects all systems...
Aug 22, 2023CVE-2022-48560 is a use-after-free vulnerability in Python's heapq.heappushpop function that can lead to memory corruption. This affects Python applic...
Aug 22, 2023This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Apache XML Graphics Batik version 1.16. A malicious SVG file can trigger the ...
Aug 22, 2023This vulnerability in Qt's XML parsing component (QXmlStreamReader) allows a crafted XML string to trigger an application crash due to a buffer length...
Aug 20, 2023This heap buffer overflow vulnerability in Google Chrome's Mojom IDL allows a remote attacker who has already compromised the renderer process to pote...
Aug 15, 2023This is a use-after-free vulnerability in Google Chrome's extension system that allows heap corruption. Attackers can exploit it by tricking users int...
Aug 15, 2023This vulnerability allows attackers to bypass enterprise policies in Google Chrome by convincing users to install malicious extensions. It affects Chr...
Aug 15, 2023This vulnerability in Google Chrome allows attackers to bypass file access restrictions through malicious XML input in crafted HTML pages. It affects ...
Aug 15, 2023This is a use-after-free vulnerability in Chrome's Network component that allows remote attackers to potentially exploit heap corruption via a crafted...
Aug 15, 2023This vulnerability is a heap buffer overflow in ANGLE (Almost Native Graphics Layer Engine) component of Google Chrome that allows remote attackers to...
Aug 15, 2023This vulnerability allows remote attackers to exploit heap corruption in Chrome's V8 JavaScript engine through out-of-bounds memory access. Attackers ...
Aug 15, 2023This is a use-after-free vulnerability in Google Chrome's Device Trust Connectors that allows remote attackers to potentially exploit heap corruption ...
Aug 15, 2023A vulnerability in eprosima Fast DDS allows remote attackers to cause denial of service by sending a specially crafted GAP submessage that triggers an...
Aug 11, 2023CVE-2023-39946 is a heap overflow vulnerability in eprosima Fast DDS that allows remote attackers to crash any Fast-DDS process by sending a specially...
Aug 11, 2023This vulnerability in eprosima Fast DDS allows remote attackers to crash any Fast DDS process by triggering an uncaught BadParamException. It affects ...
Aug 11, 2023This SQL injection vulnerability in PostgreSQL allows attackers with database-level CREATE privilege to execute arbitrary code as the bootstrap superu...
Aug 11, 2023This CVE describes a stack buffer overflow vulnerability in PHP's PHAR file handling that could lead to memory corruption or remote code execution. It...
Aug 11, 2023This vulnerability allows a privileged user on affected Intel Xeon processors to inject errors into Intel SGX or TDX enclaves, potentially enabling es...
Aug 11, 2023This vulnerability in Intel PROSet/Wireless WiFi and Killer WiFi software allows a privileged user to escalate privileges via local access due to impr...
Aug 11, 2023This vulnerability allows a privileged user on a local system to escalate privileges through improper access control in Intel PROSet/Wireless WiFi and...
Aug 11, 2023This CVE describes memory safety bugs, including potential memory corruption, in multiple Mozilla products that could allow an attacker to execute arb...
Aug 1, 2023This vulnerability in Firefox causes cookie jar inconsistencies when domain cookie limits are exceeded, potentially sending requests with missing cook...
Aug 1, 2023This vulnerability allows an attacker to cause a stack buffer overflow by sending untrusted input without proper size validation. If exploited, it cou...
Aug 1, 2023This vulnerability allows attackers to manipulate popup notification timing in Firefox browsers, tricking users into granting unintended permissions. ...
Aug 1, 2023Thunderbird email client vulnerability allows attackers to disguise executable files as document attachments using Unicode text direction override cha...
Jul 24, 2023This CVE describes a use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component that allows local privilege escalation. Attackers...
Jul 21, 2023This CVE-2023-3611 is an out-of-bounds write vulnerability in the Linux kernel's QFQ scheduler component that allows local attackers to escalate privi...
Jul 21, 2023Why Monitor Debian Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 1,415+ known vulnerabilities affecting Debian products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Debian packages in under 60 seconds. No agents required - completely agentless scanning that works across Debian deployments.
Free vulnerability database: Access detailed information about every Debian CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Debian CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
