Debian Security Vulnerabilities (CVEs)

Track 1,469 security vulnerabilities affecting Debian products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

197 Critical

972 High

300 Medium

Sort by:

🔔 Get Alerts for Debian

CVE-2020-28628 8.8

This vulnerability in CGAL library allows remote code execution through specially crafted polygon files. Attackers can exploit out-of-bounds read and ...

CVE-2020-28630 8.8

This vulnerability allows remote code execution through specially crafted polygon files in CGAL library versions up to 5.1.1. Attackers can exploit ou...

CVE-2020-28632 8.8

This vulnerability in CGAL library allows remote code execution through specially crafted polygon files. Attackers can exploit out-of-bounds read and ...

CVE-2020-28634 8.8

This vulnerability in CGAL library allows remote code execution through specially crafted polygon files. Attackers can exploit out-of-bounds read and ...

CVE-2020-28602 8.8

This vulnerability in CGAL library allows remote code execution through specially crafted polygon files. Attackers can exploit out-of-bounds read and ...

CVE-2020-28604 8.8

This vulnerability in CGAL library allows remote code execution through specially crafted polygon files. Attackers can exploit out-of-bounds read and ...

CVE-2020-28606 8.8

This vulnerability in CGAL library allows remote code execution through specially crafted polygon files. Attackers can exploit out-of-bounds read and ...

CVE-2020-28608 8.8

This vulnerability in CGAL library allows remote code execution through specially crafted polygon files. Attackers can exploit out-of-bounds read and ...

CVE-2020-28610 8.8

This vulnerability in CGAL library allows remote code execution through specially crafted files that trigger out-of-bounds read and type confusion in ...

CVE-2020-28612 8.8

This vulnerability in CGAL library allows remote code execution through specially crafted polygon files. Attackers can exploit out-of-bounds read and ...

CVE-2020-28614 8.8

This vulnerability in CGAL library allows remote code execution through specially crafted polygon files. An attacker can exploit out-of-bounds read an...

CVE-2022-24851 8.1

CVE-2022-24851 is a stored cross-site scripting (XSS) vulnerability in LDAP Account Manager (LAM) that allows authenticated attackers to inject malici...

CVE-2022-28042 8.8

CVE-2022-28042 is a heap-based use-after-free vulnerability in stb_image.h v2.27's JPEG decoder that allows attackers to execute arbitrary code or cau...

CVE-2022-28044 9.8

CVE-2022-28044 is a heap memory corruption vulnerability in lrzip's initialise_control function that allows attackers to execute arbitrary code or cau...

CVE-2022-26499 9.1

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Asterisk VoIP software when using STIR/SHAKEN caller ID authentication. Attac...

CVE-2022-27445 7.5

This vulnerability in MariaDB Server causes a segmentation fault via the sql/sql_window.cc component, which can lead to denial of service (DoS) by cra...

CVE-2022-27447 7.5

CVE-2022-27447 is a use-after-free vulnerability in MariaDB Server that occurs in the Binary_string::free_buffer() function. This memory corruption fl...

CVE-2022-27449 7.5

CVE-2022-27449 is a segmentation fault vulnerability in MariaDB Server that can cause denial of service (DoS) by crashing the database service. It aff...

CVE-2022-27376 7.5

CVE-2022-27376 is a use-after-free vulnerability in MariaDB Server's Item_args::walk_arg component that can be exploited via specially crafted SQL sta...

CVE-2022-27378 7.5

This vulnerability in MariaDB Server allows attackers to cause Denial of Service (DoS) by sending specially crafted SQL statements that trigger a flaw...

CVE-2022-27380 7.5

A vulnerability in MariaDB Server's my_decimal::operator= component allows attackers to cause Denial of Service (DoS) through specially crafted SQL st...

CVE-2022-27384 7.5

This vulnerability in MariaDB Server allows attackers to cause a Denial of Service (DoS) by sending specially crafted SQL statements. It affects Maria...

CVE-2022-27386 7.5

CVE-2022-27386 is a SQL injection vulnerability in MariaDB Server that can cause a segmentation fault via sql/sql_class.cc, potentially leading to den...

CVE-2022-24070 7.5

This CVE describes a use-after-free vulnerability in Subversion's mod_dav_svn module that can lead to memory corruption. When processing path-based au...

CVE-2022-28346 9.8

This SQL injection vulnerability in Django allows attackers to execute arbitrary SQL commands through crafted dictionary parameters in QuerySet method...

CVE-2022-24836 7.5

Nokogiri versions before 1.13.4 contain an inefficient regular expression that causes excessive backtracking when detecting encoding in HTML documents...

CVE-2022-28893 7.8

This vulnerability in the Linux kernel's SUNRPC subsystem allows a use-after-free condition when freeing transport structures before sockets are prope...

CVE-2022-24793 7.5

CVE-2022-24793 is a buffer overflow vulnerability in PJSIP's DNS resolution component affecting versions 2.12 and prior. It allows attackers to execut...

CVE-2022-26357 7.0

This CVE describes a race condition vulnerability in Xen's VT-d (Virtualization Technology for Directed I/O) domain ID cleanup mechanism. It allows at...

CVE-2022-26359 7.8

This vulnerability affects systems with Intel VT-d or AMD-Vi IOMMU technology when certain PCI devices use reserved memory regions. It allows DMA or i...

CVE-2022-26361 7.8

This vulnerability affects systems using Intel VT-d or AMD-Vi IOMMU technologies where PCI devices have Reserved Memory Regions (RMRR) or Unity Mappin...

CVE-2022-24801 8.1

This vulnerability in Twisted's HTTP 1.1 server allows HTTP request smuggling due to non-RFC-compliant parsing of HTTP requests. Attackers can exploit...

CVE-2022-28390 7.8

This vulnerability is a double-free memory corruption flaw in the EMS CAN-USB driver in the Linux kernel. It allows local attackers to potentially cra...

CVE-2022-24790 9.1

CVE-2022-24790 is an HTTP request smuggling vulnerability in Puma HTTP server that allows attackers to bypass front-end proxies and send malicious req...

CVE-2022-24763 7.5

CVE-2022-24763 is a denial-of-service vulnerability in PJSIP's XML parsing functionality that can cause applications to crash or become unresponsive. ...

CVE-2022-1154 7.8

CVE-2022-1154 is a use-after-free vulnerability in Vim's utf_ptr2char function that could allow an attacker to execute arbitrary code or cause a denia...

CVE-2018-25032 7.5

This vulnerability in zlib allows memory corruption during compression (deflating) when processing input with many distant matches. It affects any sof...

CVE-2021-43666 7.5

This vulnerability in mbed TLS allows attackers to cause a Denial of Service by providing an empty password to the mbedtls_pkcs12_derivation function....

CVE-2021-4156 7.1

An out-of-bounds read vulnerability in libsndfile's FLAC codec allows attackers to crash applications or potentially leak memory information by submit...

CVE-2021-4197 7.8

This Linux kernel vulnerability allows a local unprivileged user to write to file handlers in the cgroups subsystem, potentially leading to system cra...

CVE-2021-3618 7.4

ALPACA is a TLS protocol confusion attack that allows man-in-the-middle attackers to redirect traffic between different services sharing compatible ce...

CVE-2021-44040 7.5

CVE-2021-44040 is an improper input validation vulnerability in Apache Traffic Server's request line parsing that allows attackers to send invalid req...

CVE-2022-27666 7.8

CVE-2022-27666 is a heap buffer overflow vulnerability in the Linux kernel's IPsec ESP transformation code. It allows local attackers with standard us...

CVE-2022-24764 7.5

CVE-2022-24764 is a stack buffer overflow vulnerability in PJSIP multimedia communication library affecting versions 2.12 and prior. It allows attacke...

CVE-2022-0547 9.8

This vulnerability allows authentication bypass in OpenVPN when using external authentication plugins with deferred authentication replies. Attackers ...

CVE-2022-1011 7.8

A use-after-free vulnerability in the Linux kernel's FUSE filesystem allows a local attacker to trigger write() operations that can lead to unauthoriz...

CVE-2022-26353 7.5

A memory leak vulnerability in QEMU's virtio-net device occurs when cached virtqueue elements aren't unmapped during error conditions. This flaw affec...

CVE-2022-27223 8.8

This vulnerability allows a malicious USB device host to manipulate endpoint indexes in the Linux kernel's Xilinx USB gadget driver, leading to out-of...

CVE-2022-0778 7.5

CVE-2022-0778 is a denial-of-service vulnerability in OpenSSL's BN_mod_sqrt() function that can cause infinite loops when parsing specially crafted ce...

CVE-2021-43304 8.8

CVE-2021-43304 is a heap buffer overflow vulnerability in ClickHouse's LZ4 compression codec that allows attackers to execute arbitrary code or cause ...

← Previous Page 18 of 30 Next →

Why Monitor Debian Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 1,469+ known vulnerabilities affecting Debian products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Debian packages in under 60 seconds. No agents required - completely agentless scanning that works across Debian deployments.

Free vulnerability database: Access detailed information about every Debian CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Debian CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Debian CVEs Free