Debian Security Vulnerabilities (CVEs)
Track 1,810 security vulnerabilities affecting Debian products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in Xen hypervisor allows x86 HVM and PVH guests to crash the host system through misaligned page operations in populate-on-demand m...
Nov 24, 2021This is a use-after-free vulnerability in Google Chrome's sign-in functionality that allows remote attackers to potentially exploit heap corruption. A...
Nov 23, 2021This vulnerability is a type confusion flaw in Chrome's V8 JavaScript engine that could allow an attacker to trigger heap corruption by tricking the b...
Nov 23, 2021This is a use-after-free vulnerability in Chrome's Web Transport component that allows a remote attacker to potentially escape the browser sandbox via...
Nov 23, 2021A heap overflow vulnerability in mbsync component of isync allows remote code execution when processing malicious email messages from a compromised IM...
Nov 22, 2021This vulnerability allows remote code execution through a specially crafted DWG file in LibreCAD's libdxfrw library. Attackers can exploit an out-of-b...
Nov 19, 2021This CVE describes a use-after-free vulnerability in LibreCAD's libdxfrw library that allows remote code execution. Attackers can exploit it by tricki...
Nov 19, 2021This CVE describes a critical out-of-bounds write vulnerability in Gerbv, a Gerber file viewer used in PCB design. Attackers can execute arbitrary cod...
Nov 19, 2021A NULL pointer dereference vulnerability in Wireshark's Modbus dissector allows attackers to cause denial of service via specially crafted Modbus pack...
Nov 19, 2021A denial-of-service vulnerability in Wireshark's PNRP dissector allows attackers to crash the application by processing specially crafted network pack...
Nov 19, 2021A buffer overflow vulnerability in Wireshark's Bluetooth SDP dissector allows attackers to cause denial of service via packet injection or specially c...
Nov 19, 2021This vulnerability allows denial of service attacks against Wireshark through uncontrolled recursion in the Bluetooth DHT dissector. Attackers can cra...
Nov 19, 2021CVE-2021-3974 is a use-after-free vulnerability in Vim text editor that could allow an attacker to execute arbitrary code by tricking a user into open...
Nov 19, 2021This SQL injection vulnerability in Roundcube webmail allows attackers to execute arbitrary SQL commands via search or search_params parameters. It af...
Nov 19, 2021CVE-2021-43618 is an integer overflow vulnerability in GNU Multiple Precision Arithmetic Library (GMP) that leads to buffer overflow when processing c...
Nov 15, 2021CVE-2021-3918 is a prototype pollution vulnerability in the json-schema library that allows attackers to modify object prototypes, potentially leading...
Nov 13, 2021OctoRPKI has a path traversal vulnerability where malicious repositories can write files outside the designated cache directory using '..' sequences i...
Nov 11, 2021CVE-2021-43173 is a denial-of-service vulnerability in NLnet Labs Routinator where malicious RRDP repositories can stall validation by slowly feeding ...
Nov 9, 2021This vulnerability in Go's debug/macho package allows attackers to read memory beyond allocated buffer boundaries when parsing Mach-O files. It affect...
Nov 8, 2021This vulnerability allows attackers to bypass ModSecurity Core Rule Set request body inspection by appending a trailing pathname to requests. This aff...
Nov 5, 2021CVE-2021-3928 is a use-after-free vulnerability in Vim's undo functionality that occurs when handling specially crafted files. This vulnerability coul...
Nov 5, 2021This vulnerability in BlueZ (Linux Bluetooth stack) allows a use-after-free condition when a client disconnects during D-Bus processing of a WriteValu...
Nov 4, 2021This CVE describes an improper input validation vulnerability in Apache Traffic Server's header parsing that allows attackers to smuggle HTTP requests...
Nov 3, 2021CVE-2021-37147 is an improper input validation vulnerability in Apache Traffic Server's header parsing that allows HTTP request smuggling. Attackers c...
Nov 3, 2021This CVE describes memory safety bugs in Mozilla Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could...
Nov 3, 2021CVE-2021-37981 is a heap buffer overflow vulnerability in Chrome's Skia graphics engine that allows an attacker who has already compromised the render...
Nov 2, 2021This is a use-after-free vulnerability in Chrome's Dev Tools that allows remote attackers to potentially exploit heap corruption. Attackers can craft ...
Nov 2, 2021This is a use-after-free vulnerability in Chrome's V8 JavaScript engine that allows remote attackers to potentially exploit heap corruption. Attackers...
Nov 2, 2021This is a use-after-free vulnerability in Chrome's Network APIs that allows remote attackers to potentially exploit heap corruption via a crafted HTML...
Nov 2, 2021This vulnerability is a race condition in Chrome's V8 JavaScript engine that could allow a remote attacker to trigger heap corruption by tricking user...
Nov 2, 2021This is a use-after-free vulnerability in Google Chrome's PDF accessibility features that allows remote attackers to potentially exploit heap corrupti...
Nov 2, 2021This is a use-after-free vulnerability in Chrome's garbage collection that allows remote attackers to potentially exploit heap corruption. Attackers c...
Nov 2, 2021This vulnerability is a heap buffer overflow in WebRTC in Google Chrome that allows remote attackers to potentially exploit heap corruption. Attackers...
Nov 2, 2021CVE-2021-42097 is a Cross-Site Request Forgery (CSRF) vulnerability in GNU Mailman that allows privilege escalation. An attacker can obtain a CSRF tok...
Oct 21, 2021CVE-2021-37136 is a denial-of-service vulnerability in Netty's Bzip2Decoder that allows attackers to trigger out-of-memory errors by sending specially...
Oct 19, 2021This is a memory corruption vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content....
Oct 19, 2021CVE-2021-41990 is an integer overflow vulnerability in the gmp plugin of strongSwan VPN software. Attackers can trigger this by sending a specially cr...
Oct 18, 2021This vulnerability in Best Practical Request Tracker (RT) allows attackers to perform timing attacks against the REST2 authentication middleware, pote...
Oct 18, 2021This CVE describes a buffer overflow vulnerability in the stb_image.h library's JPEG parsing function. Attackers can exploit it by crafting a maliciou...
Oct 15, 2021LibreOffice has an improper certificate validation vulnerability that allows attackers to modify digitally signed ODF documents and insert bogus signi...
Oct 12, 2021CVE-2021-42260 is an infinite loop vulnerability in TinyXML's parsing function that can be triggered by a specially crafted XML message. This leads to...
Oct 11, 2021This vulnerability allows attackers to create digitally signed LibreOffice documents that appear valid but contain manipulated content unrelated to th...
Oct 11, 2021This vulnerability allows a remote attacker to escalate privileges on Windows systems running vulnerable versions of Google Chrome. By tricking a user...
Oct 8, 2021This vulnerability is an out-of-bounds read in libjpeg-turbo in Google Chrome that could allow a remote attacker to exploit heap corruption via a craf...
Oct 8, 2021This is a use-after-free vulnerability in Google Chrome's Portals feature that allows a remote attacker who has already compromised the renderer proce...
Oct 8, 2021This is a use-after-free vulnerability in Chrome's V8 JavaScript engine that allows remote attackers to potentially exploit heap corruption. Attackers...
Oct 8, 2021This is a use-after-free vulnerability in Google Chrome for Android that allows a remote attacker who has already compromised the renderer process to ...
Oct 8, 2021This is a use-after-free vulnerability in Google Chrome's Task Manager that allows an attacker to potentially exploit heap corruption. Attackers can t...
Oct 8, 2021This is a use-after-free vulnerability in Chrome's Performance Manager component that allows a remote attacker who has already compromised the rendere...
Oct 8, 2021CVE-2021-22930 is a use-after-free vulnerability in Node.js that allows memory corruption attacks. An attacker could exploit this to execute arbitrary...
Oct 7, 2021Why Monitor Debian Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 1,810+ known vulnerabilities affecting Debian products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Debian packages in under 60 seconds. No agents required - completely agentless scanning that works across Debian deployments.
Free vulnerability database: Access detailed information about every Debian CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Debian CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
