Debian Security Vulnerabilities (CVEs)
Track 1,457 security vulnerabilities affecting Debian products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2022-1652 is a use-after-free vulnerability in the Linux kernel's floppy disk driver that allows local attackers to execute arbitrary code or caus...
Jun 2, 2022CVE-2022-31001 is an out-of-bounds read vulnerability in Sofia-SIP library that can cause crashes when processing malicious SDP messages. Attackers ca...
May 31, 2022CVE-2022-31003 is a heap-based buffer overflow vulnerability in Sofia-SIP library's SDP parsing that allows out-of-bounds memory writes. Attackers can...
May 31, 2022CVE-2022-1897 is an out-of-bounds write vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code by tri...
May 27, 2022CVE-2022-1898 is a use-after-free vulnerability in Vim text editor that allows attackers to execute arbitrary code by tricking users into opening spec...
May 27, 2022This is a critical code injection vulnerability in Ruby on Rails Active Storage that allows attackers to execute arbitrary code by manipulating image_...
May 26, 2022CVE-2022-30788 is a heap-based buffer overflow vulnerability in NTFS-3G's ntfs_mft_rec_alloc function. Attackers can exploit this by mounting a specia...
May 26, 2022This vulnerability in NTFS-3G allows a specially crafted NTFS filesystem image to trigger heap exhaustion via the ntfs_get_attribute_value function, p...
May 26, 2022CVE-2022-30786 is a heap-based buffer overflow vulnerability in NTFS-3G's ntfs_names_full_collate function that allows attackers to execute arbitrary ...
May 26, 2022This vulnerability in dpkg allows directory traversal when extracting specially crafted source packages, enabling attackers to write arbitrary files o...
May 26, 2022Guzzle PHP HTTP client versions prior to 6.5.6 and 7.4.3 have a cookie domain validation vulnerability that allows malicious servers to set cookies fo...
May 25, 2022This vulnerability in Smarty template engine allows template authors to inject PHP code through malicious {block} names or {include} file names. It af...
May 24, 2022This vulnerability in Apache Maven's maven-shared-utils allows shell injection attacks when the Commandline class processes double-quoted strings with...
May 23, 2022A use-after-free vulnerability in the Linux kernel's NFC Marvell driver allows attackers to potentially execute arbitrary code or cause denial of serv...
May 18, 2022A local privilege escalation vulnerability in the Linux kernel's net/sched subsystem allows attackers with local access to gain root privileges. This ...
May 17, 2022CVE-2022-1679 is a use-after-free vulnerability in the Linux kernel's Atheros wireless adapter driver (ath9k_htc). It allows a local attacker to crash...
May 16, 2022CVE-2022-1650 is an information exposure vulnerability in the eventsource JavaScript library where sensitive information (like authentication tokens) ...
May 12, 2022This vulnerability is a buffer over-read in Ruby's String-to-Float conversion functions (Kernel#Float and String#to_f). It allows attackers to read me...
May 9, 2022CVE-2022-1619 is a heap-based buffer overflow vulnerability in Vim's command-line editing function that could allow attackers to crash the application...
May 8, 2022CVE-2022-1616 is a use-after-free vulnerability in Vim's append_command function that allows attackers to crash the application, bypass memory protect...
May 7, 2022A heap-based buffer overflow vulnerability in WebKitGTK's TextureMapperLayer component allows memory corruption when processing malicious web content....
May 6, 2022This vulnerability in ecdsautils allows attackers to forge ECDSA signatures by providing zero-value signatures that are always considered valid. This ...
May 6, 2022Rsyslog's TCP syslog reception modules contain a heap buffer overflow vulnerability when octet-counted framing is used. This can cause segmentation fa...
May 6, 2022This CVE describes a SQL injection vulnerability in OpenLDAP's experimental back-sql backend. Attackers can execute arbitrary SQL commands via special...
May 4, 2022A vulnerability in the CHM file parser of ClamAV allows an unauthenticated remote attacker to cause a denial of service condition on affected devices....
May 4, 2022CVE-2022-1292 is a command injection vulnerability in the c_rehash script distributed with OpenSSL. It allows attackers to execute arbitrary commands ...
May 3, 2022CVE-2021-42529 is a stack-based buffer overflow vulnerability in Adobe XMP Toolkit SDK that could allow arbitrary code execution when a user opens a m...
May 2, 2022CVE-2021-42531 is a stack-based buffer overflow vulnerability in Adobe XMP Toolkit SDK that could allow arbitrary code execution when a user opens a m...
May 2, 2022This CVE describes a path traversal vulnerability in Sinatra web framework versions before 2.2.0. It allows attackers to bypass directory restrictions...
May 2, 2022CVE-2022-25647 is a deserialization vulnerability in Google's Gson library versions before 2.8.9. Attackers can exploit the writeReplace() method in i...
May 1, 2022This vulnerability in QEMU's QXL display device emulation allows a malicious privileged guest user to trigger an integer overflow and subsequent heap ...
Apr 29, 2022A use-after-free vulnerability in the Linux kernel's sound subsystem allows local attackers to trigger race conditions in ALSA PCM ioctl operations. T...
Apr 29, 2022A local privilege escalation vulnerability in the Linux kernel's pfkey_register function allows unprivileged local users to access kernel memory. This...
Apr 29, 2022A stack-based buffer overflow vulnerability in cifs-utils versions through 6.14 allows local attackers to escalate privileges to root when parsing the...
Apr 27, 2022CVE-2022-1441 is a buffer overflow vulnerability in MP4Box (part of GPAC) that occurs when parsing malicious MP4 files. Attackers can exploit this to ...
Apr 25, 2022Artifex Ghostscript through version 9.26 contains a vulnerability in its .completefont handling that could allow arbitrary code execution. This affect...
Apr 25, 2022CVE-2022-29582 is a use-after-free vulnerability in the Linux kernel's io_uring subsystem caused by a race condition in timeout handling. This allows ...
Apr 22, 2022This vulnerability in Oracle Java SE and GraalVM Enterprise Edition allows unauthenticated remote attackers to access sensitive data from Java applica...
Apr 19, 2022This vulnerability in Oracle Java SE and GraalVM Enterprise Edition allows unauthenticated attackers with network access to modify critical data witho...
Apr 19, 2022CVE-2022-25648 is a command injection vulnerability in the ruby-git library that allows attackers to execute arbitrary commands on affected systems by...
Apr 19, 2022CVE-2022-29458 is an out-of-bounds read vulnerability in ncurses' terminfo library that can cause segmentation faults and potentially lead to informat...
Apr 18, 2022CVE-2021-3624 is an integer overflow vulnerability in dcraw, a RAW image decoder. When processing a malicious X3F image file, this vulnerability can l...
Apr 18, 2022This vulnerability in CGAL library allows remote code execution through specially crafted polygon files. Attackers can exploit out-of-bounds read and ...
Apr 18, 2022CVE-2020-35631 is a critical vulnerability in CGAL library's Nef polygon-parsing functionality that allows remote code execution through specially cra...
Apr 18, 2022CVE-2020-28616 is an out-of-bounds read vulnerability in CGAL's Nef polygon-parsing functionality that can lead to type confusion and potential remote...
Apr 18, 2022This vulnerability in CGAL library allows remote code execution through specially crafted polygon files. Attackers can exploit out-of-bounds read and ...
Apr 18, 2022This vulnerability allows remote code execution through specially crafted files in CGAL library's Nef polygon-parsing functionality. Attackers can exp...
Apr 18, 2022This vulnerability in CGAL library allows remote code execution through specially crafted polygon files. Attackers can exploit out-of-bounds read and ...
Apr 18, 2022This vulnerability in CGAL library allows remote code execution through specially crafted polygon files. Attackers can exploit out-of-bounds read and ...
Apr 18, 2022This vulnerability in CGAL library allows remote code execution through specially crafted polygon files. Attackers can exploit out-of-bounds read and ...
Apr 18, 2022Why Monitor Debian Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 1,457+ known vulnerabilities affecting Debian products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Debian packages in under 60 seconds. No agents required - completely agentless scanning that works across Debian deployments.
Free vulnerability database: Access detailed information about every Debian CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Debian CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
