Debian Security Vulnerabilities (CVEs)
Track 1,836 security vulnerabilities affecting Debian products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This is a use-after-free vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. It...
Aug 24, 2021CVE-2021-30851 is a memory corruption vulnerability in Apple's WebKit browser engine that could allow remote code execution when processing malicious ...
Aug 24, 2021This OpenSSL vulnerability allows attackers to cause buffer overruns when applications directly construct ASN.1 strings without proper NUL termination...
Aug 24, 2021CVE-2021-38714 is an integer overflow vulnerability in Plib's ssgLoadTGA() function that can lead to arbitrary code execution when processing maliciou...
Aug 24, 2021This vulnerability in Exiv2 image metadata library allows attackers to read beyond allocated memory boundaries when processing specially crafted Nikon...
Aug 23, 2021CVE-2021-39150 is a deserialization vulnerability in XStream library that allows remote attackers to access internal resources by manipulating XML inp...
Aug 23, 2021CVE-2021-39154 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input s...
Aug 23, 2021CVE-2021-39144 is a remote code execution vulnerability in XStream library versions before 1.4.18. Attackers with sufficient privileges can execute ar...
Aug 23, 2021CVE-2021-39146 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input s...
Aug 23, 2021CVE-2021-39148 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input s...
Aug 23, 2021CVE-2021-39151 is a remote code execution vulnerability in XStream library versions before 1.4.18. Attackers can manipulate XML input to execute arbit...
Aug 23, 2021CVE-2021-39139 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input s...
Aug 23, 2021This is a cross-site scripting (XSS) vulnerability in LedgerSMB that allows attackers to inject malicious HTML fragments into the DOM. When exploited,...
Aug 23, 2021This vulnerability in Mbed TLS allows attackers to bypass certificate validation by exploiting a parsing flaw where NULL algorithm parameters are inco...
Aug 23, 2021This vulnerability in Mbed TLS allows sensitive application data to remain in memory after SSL/TLS sessions, potentially exposing it to attackers who ...
Aug 23, 2021This CVE describes an XML External Entity (XXE) injection vulnerability in PyWPS and potentially OWSLib. It allows attackers to read arbitrary files o...
Aug 23, 2021CVE-2021-21858 is an integer overflow vulnerability in GPAC's MPEG-4 decoder that can lead to heap-based buffer overflow and memory corruption when pr...
Aug 18, 2021This vulnerability allows attackers to execute arbitrary code or cause denial of service by tricking users into opening specially crafted MPEG-4 video...
Aug 18, 2021This vulnerability allows attackers to execute arbitrary code or cause denial of service by tricking users into opening specially crafted MPEG-4 video...
Aug 18, 2021This vulnerability allows remote code execution through a heap-based buffer overflow in the GPAC library's MPEG-4 decoder. Attackers can exploit it by...
Aug 18, 2021This vulnerability allows remote code execution through a heap-based buffer overflow in GPAC's MPEG-4 decoder. Attackers can exploit it by tricking us...
Aug 18, 2021This vulnerability allows attackers to execute arbitrary code or cause denial of service by tricking users into opening specially crafted MPEG-4 video...
Aug 18, 2021HAProxy versions before 2.2.16, 2.3.13, and 2.4.3 have a URI validation vulnerability where the proxy fails to properly validate scheme and path chara...
Aug 17, 2021This vulnerability in HAProxy allows attackers to manipulate HTTP Host headers to bypass security controls or cause request processing errors. It affe...
Aug 17, 2021An integer truncation vulnerability in GPAC's MPEG-4 decoder allows memory corruption when processing specially crafted video files. Attackers can exp...
Aug 16, 2021CVE-2021-21861 is an integer truncation vulnerability in GPAC's MPEG-4 decoder that allows heap-based buffer overflow via specially crafted video file...
Aug 16, 2021CVE-2021-22940 is a use-after-free vulnerability in Node.js that allows memory corruption attacks. An attacker could exploit this to potentially execu...
Aug 16, 2021CVE-2021-33193 is an HTTP/2 request smuggling vulnerability in Apache HTTP Server's mod_proxy module. Attackers can send specially crafted HTTP/2 requ...
Aug 16, 2021CVE-2021-37695 is a cross-site scripting (XSS) vulnerability in CKEditor 4's Fake Objects plugin that allows attackers to inject malicious HTML that c...
Aug 13, 2021CVE-2020-21688 is a heap-use-after-free vulnerability in FFmpeg's memory management function that allows attackers to execute arbitrary code on affect...
Aug 10, 2021CVE-2021-38173 is a command injection vulnerability in Btrbk's SSH filtering script that allows authenticated remote users to execute arbitrary comman...
Aug 7, 2021CVE-2021-38166 is an integer overflow vulnerability in the Linux kernel's BPF hashtab implementation that can lead to out-of-bounds writes. This vulne...
Aug 7, 2021This vulnerability in the Linux kernel's virtio_console driver allows an untrusted virtual device to supply a buffer length value exceeding the actual...
Aug 7, 2021CVE-2021-3580 is a vulnerability in nettle's RSA decryption functions where specially crafted ciphertext can cause application crashes and denial of s...
Aug 5, 2021This vulnerability in QEMU's USB redirector device emulation allows a malicious SPICE client to trigger a heap corruption when packet queues fill duri...
Aug 5, 2021This is a use-after-free vulnerability in Chrome's Blink XSLT processor that allows remote attackers to potentially exploit heap corruption. Attackers...
Aug 3, 2021This vulnerability in Go's archive/zip package allows attackers to cause denial-of-service by triggering a panic when processing specially crafted ZIP...
Aug 2, 2021This vulnerability in RDoc (Ruby's documentation generator) allows arbitrary code execution when processing filenames containing pipe (|) or backtick ...
Jul 30, 2021This vulnerability in Asterisk IAX2 channel driver allows remote attackers to crash the service by sending packets with unsupported media formats. It ...
Jul 30, 2021This CVE describes an integer overflow vulnerability in Exiv2's CrwMap::encode0x1810 function that allows attackers to trigger a heap-based buffer ove...
Jul 26, 2021This vulnerability in glibc's wordexp function allows attackers to cause denial of service or potentially read arbitrary memory when processing malici...
Jul 22, 2021CVE-2021-3246 is a heap buffer overflow vulnerability in libsndfile's msadpcm_decode_block function that allows attackers to execute arbitrary code by...
Jul 20, 2021This vulnerability in Wireshark's DNP (Distributed Network Protocol) dissector allows attackers to cause a denial of service crash by injecting malici...
Jul 20, 2021This vulnerability in Arm Mbed TLS allows a remote attacker to recover plaintext from encrypted communications due to an incomplete Lucky 13 counterme...
Jul 19, 2021This vulnerability in Arm Mbed TLS allows attackers to read one byte beyond the allocated buffer when parsing Certificate Revocation Lists (CRLs) in D...
Jul 19, 2021This vulnerability allows malicious websites to cause denial of service in uBlock Origin and uMatrix browser extensions through crafted filter rules t...
Jul 18, 2021Icinga 2 monitoring system exposes sensitive credentials (database, Redis, Elasticsearch passwords) through its API to authenticated users with read p...
Jul 15, 2021This CVE describes a buffer overflow vulnerability in Pillow (Python Imaging Library) that allows attackers to pass controlled parameters to trigger m...
Jul 13, 2021A local privilege escalation vulnerability in Linux kernel versions before 5.9-rc1 allows attackers with local access to crash systems or gain root pr...
Jul 9, 2021A buffer overflow vulnerability in the ptp4l program of the linuxptp package allows remote attackers to leak information, crash systems, or potentiall...
Jul 9, 2021Why Monitor Debian Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 1,836+ known vulnerabilities affecting Debian products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Debian packages in under 60 seconds. No agents required - completely agentless scanning that works across Debian deployments.
Free vulnerability database: Access detailed information about every Debian CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Debian CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
