Debian Security Vulnerabilities (CVEs)
Track 1,877 security vulnerabilities affecting Debian products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in Samba's libldb allows an attacker to crash the LDAP server process by sending LDAP requests with multiple consecutive leading sp...
May 12, 2021This CVE describes an integer overflow vulnerability in ImageMagick's thumbnail generation function. Attackers can craft malicious image files that tr...
May 11, 2021A race condition in the Linux kernel's Bluetooth HCI controller removal allows local attackers to cause a use-after-free condition. This can lead to s...
May 10, 2021CVE-2021-20204 is a critical heap memory corruption vulnerability (use-after-free) in libgetdata v0.10.0 that allows attackers to execute arbitrary co...
May 6, 2021This vulnerability in Chrome's V8 JavaScript engine allows remote attackers to potentially execute arbitrary code or cause denial of service through h...
Apr 30, 2021This is a type confusion vulnerability in Chrome's V8 JavaScript engine that could allow a remote attacker to execute arbitrary code or cause heap cor...
Apr 30, 2021This is a use-after-free vulnerability in Chrome's Dev Tools that allows remote attackers to potentially exploit heap corruption via a crafted HTML pa...
Apr 30, 2021CVE-2021-31870 is an integer overflow vulnerability in klibc's calloc() function that can lead to heap buffer overflow. This allows attackers to poten...
Apr 30, 2021This vulnerability in klibc's cpio command allows integer overflows on 32-bit systems that can lead to buffer overflows. Attackers could potentially e...
Apr 30, 2021This CVE describes a buffer overflow vulnerability in Graphviz graph visualization tools that allows remote attackers to execute arbitrary code or cau...
Apr 29, 2021This vulnerability in BIND DNS servers allows remote attackers to cause denial of service by sending specially crafted DNS queries that trigger an ass...
Apr 29, 2021This vulnerability allows authenticated Redmine users to read arbitrary local files accessible by the application server process due to insufficient i...
Apr 28, 2021CVE-2019-25032 is an integer overflow vulnerability in Unbound DNS resolver's regional allocator that could allow memory corruption. The vendor disput...
Apr 27, 2021CVE-2019-25034 is an integer overflow vulnerability in Unbound DNS resolver's sldns_str2wire_dname_buf_origin function that can lead to out-of-bounds ...
Apr 27, 2021CVE-2019-25036 is an assertion failure vulnerability in Unbound DNS resolver's synth_cname function that can cause denial of service. The vendor dispu...
Apr 27, 2021CVE-2019-25038 is an integer overflow vulnerability in Unbound DNS resolver's dnscrypt component that could allow memory corruption. The vulnerability...
Apr 27, 2021Unbound DNS resolver versions before 1.9.5 contain a vulnerability where specially crafted DNS responses with compressed domain names can trigger an i...
Apr 27, 2021CVE-2019-25042 is an out-of-bounds write vulnerability in Unbound DNS resolver versions before 1.9.5, triggered by specially crafted compressed DNS na...
Apr 27, 2021This is a use-after-free vulnerability in Google Chrome's permissions system that allows an attacker who has already compromised the renderer process ...
Apr 26, 2021This is a use-after-free vulnerability in Google Chrome's Blink rendering engine that allows remote attackers to potentially exploit heap corruption. ...
Apr 26, 2021This vulnerability allows attackers to bypass navigation restrictions in Google Chrome on iOS by using a specially crafted HTML page. It affects users...
Apr 26, 2021This is a use-after-free vulnerability in Chrome's IndexedDB component that allows sandbox escape. Attackers can exploit it by convincing users to ins...
Apr 26, 2021This is a use-after-free vulnerability in Chrome's WebMIDI implementation that allows remote attackers to potentially exploit heap corruption. Attacke...
Apr 26, 2021This CVE describes an integer overflow vulnerability in Chrome's Mojo IPC framework that could allow a remote attacker who has already compromised the...
Apr 26, 2021This vulnerability allows remote attackers to exploit heap corruption in Chrome's V8 JavaScript engine through out-of-bounds memory access. Attackers ...
Apr 26, 2021This is a use-after-free vulnerability in Google Chrome's navigation component that allows a compromised renderer process to escape the browser sandbo...
Apr 26, 2021CVE-2021-3472 is an integer underflow vulnerability in xorg-x11-server that allows local attackers to escalate privileges on affected systems. This fl...
Apr 26, 2021CVE-2021-31598 is a heap-based buffer overflow vulnerability in ezXML library's ezxml_decode() function that occurs when parsing malicious XML files. ...
Apr 24, 2021This vulnerability in GStreamer's Matroska demuxer allows attackers to trigger use-after-free conditions by processing specially crafted media files. ...
Apr 19, 2021WordPress users with file upload permissions (like Authors) can exploit an XML parsing vulnerability in the Media Library to perform XXE attacks when ...
Apr 15, 2021This CVE-2021-20288 vulnerability in Ceph allows attackers to reuse authentication keys by exploiting improper sanitization of other_keys during CEPHX...
Apr 15, 2021This vulnerability in Linux kernel BPF JIT compilers allows attackers to execute arbitrary code within kernel context due to incorrect branch displace...
Apr 8, 2021This vulnerability in ClamAV's email parsing module allows an unauthenticated remote attacker to cause a denial of service by sending a crafted email,...
Apr 8, 2021This vulnerability in phpseclib allows attackers to forge RSA PKCS#1 v1.5 signatures, potentially bypassing authentication or authorization checks. It...
Apr 6, 2021This vulnerability allows attackers to bypass the 'add_issue_notes' permission requirement in Redmine by exploiting the Issues API. Attackers can add ...
Apr 6, 2021This vulnerability in Nettle cryptographic library allows attackers to forge digital signatures by exploiting incorrect elliptic curve multiplication ...
Apr 5, 2021This format string vulnerability in libpano13 allows attackers to read and write arbitrary memory values, potentially leading to remote code execution...
Apr 5, 2021This vulnerability in ircII IRC client allows remote attackers to crash the client via a specially crafted CTCP UTC message, causing denial of service...
Mar 30, 2021CVE-2020-1946 is a critical vulnerability in Apache SpamAssassin that allows malicious rule configuration files to execute arbitrary system commands w...
Mar 25, 2021This vulnerability in Pygments' SMLLexer causes an infinite loop when processing Standard ML source files containing only the 'exception' keyword, lea...
Mar 23, 2021CVE-2021-21341 is a denial-of-service vulnerability in XStream library where specially crafted XML input can cause 100% CPU consumption on target syst...
Mar 23, 2021This is a buffer overflow vulnerability in the rtl8188eu Wi-Fi driver staging code in Linux kernels up to 5.11.6. It allows writing beyond the end of ...
Mar 17, 2021CVE-2021-27291 is a Regular Expression Denial of Service (ReDoS) vulnerability in Pygments syntax highlighting library versions 1.1 through 2.7.3. Att...
Mar 17, 2021This vulnerability in Subversion's mod_authz_svn module causes a server crash when using in-repository authz rules with AuthzSVNReposRelativeAccessFil...
Mar 17, 2021This vulnerability allows remote attackers to execute arbitrary code or cause denial of service via heap corruption by tricking users into visiting a ...
Mar 16, 2021CVE-2020-36281 is a heap-based buffer over-read vulnerability in Leptonica's color quantization function. This allows attackers to read memory beyond ...
Mar 12, 2021This CVE describes a heap-based buffer over-read vulnerability in Leptonica image processing library versions before 1.80.0. The flaw in rasteropGener...
Mar 12, 2021Flatpak's file forwarding feature contains a vulnerability where malicious app publishers can embed special tokens (@@ or @@u) in .desktop files to tr...
Mar 11, 2021This CVE describes a use-after-free vulnerability in lib3mf's ZIP file handling that allows remote code execution. Attackers can exploit it by trickin...
Mar 10, 2021This vulnerability allows remote code execution when cloning malicious Git repositories on case-insensitive file systems (Windows/macOS default). Atta...
Mar 9, 2021Why Monitor Debian Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 1,877+ known vulnerabilities affecting Debian products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Debian packages in under 60 seconds. No agents required - completely agentless scanning that works across Debian deployments.
Free vulnerability database: Access detailed information about every Debian CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Debian CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
