Debian Security Vulnerabilities (CVEs)
Track 1,587 security vulnerabilities affecting Debian products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows remote code execution via a buffer overflow in the PJSUA API's pjsua_call_dump function. Attackers can exploit it by providi...
Feb 16, 2022CVE-2021-3560 is a privilege escalation vulnerability in polkit's D-Bus authentication mechanism that allows unprivileged local users to bypass creden...
Feb 16, 2022A use-after-free vulnerability in the Linux kernel's Bluetooth subsystem allows local attackers to crash the system or potentially escalate privileges...
Feb 16, 2022CVE-2021-3760 is a use-after-free vulnerability in the Linux kernel's NFC (Near Field Communication) subsystem. This flaw allows local attackers to po...
Feb 16, 2022A stack-based buffer overflow vulnerability in KiCad's Gerber/Excellon file parsers allows remote code execution when processing malicious files. User...
Feb 16, 2022CVE-2022-25235 is a critical vulnerability in Expat (libexpat) XML parser where improper UTF-8 character validation allows attackers to bypass securit...
Feb 16, 2022CVE-2022-23633 is a data leakage vulnerability in Ruby on Rails Action Pack where response bodies may not be properly closed, causing thread local sta...
Feb 11, 2022This vulnerability in debian-edu-config versions before 2.12.16 sets insecure permissions for user web shares (~/public_html), allowing local users to...
Feb 11, 2022CVE-2022-23772 is an integer overflow vulnerability in Go's math/big.Rat.SetString function that allows attackers to trigger uncontrolled memory consu...
Feb 11, 2022This vulnerability in Go's elliptic curve cryptography library allows Curve.IsOnCurve to incorrectly return true for invalid field elements. This coul...
Feb 11, 2022This vulnerability in the Twisted Python networking engine exposes sensitive authentication data (cookies and authorization headers) when following cr...
Feb 7, 2022CVE-2021-38172 is a buffer overflow vulnerability in perM 0.4.0 caused by improper use of strncpy. This allows attackers to execute arbitrary code or ...
Feb 5, 2022CVE-2022-23614 is a code injection vulnerability in Twig's sandbox mode that allows attackers to execute arbitrary PHP functions when using the sort f...
Feb 4, 2022A stack-based buffer overflow vulnerability in KiCad's Gerber/Excellon file parsers allows remote code execution when processing malicious files. User...
Feb 4, 2022CVE-2022-23833 is a denial-of-service vulnerability in Django's MultiPartParser that allows attackers to cause infinite loops by submitting specially ...
Feb 3, 2022CVE-2022-0443 is a use-after-free vulnerability in Vim text editor versions prior to 8.2. This memory corruption flaw could allow attackers to execute...
Feb 2, 2022CVE-2022-24300 is an ItemStack meta injection vulnerability in Minetest that allows attackers to modify arbitrary metadata fields of item stacks using...
Feb 2, 2022CVE-2022-0417 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code ...
Feb 1, 2022This CVE describes a use-after-free vulnerability in MariaDB's BIGINT data type handling that allows attackers to potentially crash the database serve...
Feb 1, 2022This vulnerability in strongSwan allows a malicious VPN responder to bypass authentication by sending an EAP-Success message prematurely. Attackers ca...
Jan 31, 2022CVE-2022-0408 is a stack-based buffer overflow vulnerability in Vim text editor that allows attackers to execute arbitrary code by tricking users into...
Jan 30, 2022CVE-2022-0392 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This vulnerability allows attackers to execute a...
Jan 28, 2022This vulnerability in Connman's DNS proxy allows attackers to read memory beyond intended boundaries due to improper string length handling. It affect...
Jan 28, 2022This CVE describes a time-of-check-time-of-use (TOCTOU) vulnerability in Apache Tomcat that allows local attackers to escalate privileges. The vulnera...
Jan 27, 2022CVE-2022-21722 is an out-of-bounds read vulnerability in PJSIP multimedia communication library affecting versions 2.11.1 and prior. This allows attac...
Jan 27, 2022CVE-2022-23990 is an integer overflow vulnerability in Expat (libexpat) XML parser library that can lead to denial of service or arbitrary code execut...
Jan 26, 2022CVE-2022-0361 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This vulnerability allows attackers to execute a...
Jan 26, 2022CVE-2022-0359 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This vulnerability allows attackers to execute a...
Jan 26, 2022This CVE describes an HTTP request smuggling vulnerability in Varnish Cache and Varnish Enterprise. Attackers can exploit this to bypass security cont...
Jan 26, 2022CVE-2021-3850 is an authentication bypass vulnerability in ADOdb database abstraction library versions prior to 5.20.21. Attackers can bypass authenti...
Jan 25, 2022This Xen hypervisor vulnerability on ARM systems allows guest virtual machines to retain access to memory pages after returning them to Xen, potential...
Jan 25, 2022CVE-2021-45844 is an OS command injection vulnerability in FreeCAD's ODA File Converter that allows attackers to execute arbitrary commands on the sys...
Jan 25, 2022A buffer overflow vulnerability in LibreCAD's jwwlib component allows remote code execution when processing malicious JWW documents. Attackers can exp...
Jan 25, 2022CVE-2022-23852 is a signed integer overflow vulnerability in Expat (libexpat) XML parser that can lead to buffer overflow. When XML_CONTEXT_BYTES is c...
Jan 24, 2022CVE-2022-0318 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code ...
Jan 21, 2022CVE-2021-45417 is a heap-based buffer overflow vulnerability in AIDE (Advanced Intrusion Detection Environment) that allows local users to escalate pr...
Jan 20, 2022CVE-2022-21699 is an arbitrary code execution vulnerability in IPython where improper management of cross-user temporary files allows one user to exec...
Jan 19, 2022This vulnerability allows remote attackers to execute arbitrary code on H2 Database Console by exploiting a flaw in JDBC URL parsing. Attackers can cr...
Jan 19, 2022A race condition vulnerability in the Linux kernel's Unix domain socket garbage collection allows local users to trigger a read-after-free memory flaw...
Jan 18, 2022This vulnerability in the Linux kernel's BPF verifier allows local users to perform privilege escalation through pointer arithmetic with certain *_OR_...
Jan 14, 2022A buffer overflow vulnerability in glibc's sunrpc module allows attackers to execute arbitrary code or cause denial of service. This affects applicati...
Jan 14, 2022This vulnerability in ClamAV's OOXML parsing module allows remote attackers to crash the antivirus scanning process by sending specially crafted OOXML...
Jan 14, 2022Flatpak versions before 1.12.3 and 1.10.6 contain a path traversal vulnerability in flatpak-builder when using the --mirror-screenshots-url option. Th...
Jan 13, 2022This vulnerability in Flatpak allows malicious applications to grant themselves hidden permissions without user consent by exploiting a null byte in m...
Jan 12, 2022CVE-2021-36409 is a vulnerability in libde265 v1.0.8 where a failed assertion during video file decoding causes a denial of service. Attackers can cra...
Jan 10, 2022CVE-2021-21408 is a vulnerability in Smarty PHP template engine that allows template authors to execute restricted static PHP methods, potentially lea...
Jan 10, 2022CVE-2022-22826 is an integer overflow vulnerability in Expat's XML parser that can lead to heap memory corruption. Attackers can exploit this by provi...
Jan 10, 2022CVE-2022-22822 is an integer overflow vulnerability in Expat's XML parser that can lead to heap buffer overflow. This allows attackers to execute arbi...
Jan 10, 2022CVE-2022-22824 is an integer overflow vulnerability in Expat's defineAttribute function in xmlparse.c. This allows attackers to cause heap-based buffe...
Jan 10, 2022CVE-2022-22817 is a critical vulnerability in Pillow's ImageMath.eval function that allows arbitrary Python code execution through expression evaluati...
Jan 10, 2022Why Monitor Debian Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 1,587+ known vulnerabilities affecting Debian products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Debian packages in under 60 seconds. No agents required - completely agentless scanning that works across Debian deployments.
Free vulnerability database: Access detailed information about every Debian CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Debian CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
