Debian Security Vulnerabilities (CVEs)
Track 1,877 security vulnerabilities affecting Debian products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This is a buffer overflow vulnerability in Python's ctypes module that could allow remote code execution. It affects Python applications that process ...
Jan 19, 2021This vulnerability in Archive_Tar allows attackers to write files outside the intended extraction directory via directory traversal in symbolic link h...
Jan 18, 2021This CVE allows malicious or compromised Flatpak applications to escape their sandbox and execute arbitrary code on the host Linux system. The vulnera...
Jan 14, 2021This vulnerability in XMLBeans XML parsers allows attackers to perform XML Entity Expansion (XXE) attacks by submitting malicious XML input. It affect...
Jan 14, 2021This vulnerability allows remote attackers with access to an iSCSI LUN to perform directory traversal attacks via XCOPY requests in the Linux kernel's...
Jan 13, 2021This vulnerability in Pillow's PCX file decoder allows attackers to read beyond allocated memory buffers when processing malicious PCX files. It affec...
Jan 12, 2021This is a use-after-free vulnerability in Google Chrome's safe browsing component that allows a remote attacker to potentially escape the browser sand...
Jan 8, 2021This is a use-after-free vulnerability in Chrome's Blink rendering engine that allows remote attackers to potentially execute arbitrary code or cause ...
Jan 8, 2021This is a use-after-free vulnerability in Chrome's audio component that allows remote attackers to potentially exploit heap corruption. Attackers can ...
Jan 8, 2021This is a use-after-free vulnerability in Chrome's safe browsing component that allows a compromised renderer process to escape the browser sandbox. A...
Jan 8, 2021This vulnerability in Google Chrome's networking component allows remote attackers to bypass discretionary access control through malicious network tr...
Jan 8, 2021This is a use-after-free vulnerability in Chrome's autofill feature that allows an attacker who has already compromised the renderer process to escape...
Jan 8, 2021This is a critical use-after-free vulnerability in Google Chrome's media component that allows a remote attacker who has already compromised the rende...
Jan 8, 2021This vulnerability allows attackers to execute arbitrary code on systems running vulnerable versions of VLC media player by tricking users into openin...
Jan 8, 2021This vulnerability in NVIDIA GPU Display Driver for Linux allows attackers to bypass file system permissions on GPU devices, potentially leading to de...
Jan 8, 2021This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...
Jan 7, 2021This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. It affects applications using...
Jan 7, 2021This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...
Jan 6, 2021This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. It affects applications using...
Jan 6, 2021This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...
Jan 6, 2021This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...
Jan 6, 2021This CVE describes a use-after-free vulnerability in Node.js TLS implementation that can lead to memory corruption. Attackers could exploit this to ca...
Jan 6, 2021CVE-2020-27844 is an out-of-bounds write vulnerability in OpenJPEG's t2.c file that allows attackers to compromise confidentiality, integrity, and ava...
Jan 5, 2021CVE-2020-35965 is an out-of-bounds write vulnerability in FFmpeg's EXR image decoder that could allow attackers to execute arbitrary code or cause den...
Jan 4, 2021CVE-2020-12658 is a critical vulnerability in gssproxy (GSS-API proxy daemon) where improper mutex handling during shutdown can cause denial of servic...
Dec 31, 2020This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...
Dec 27, 2020CVE-2020-28169 is a privilege escalation vulnerability in td-agent-builder plugin for Fluentd on Windows systems. Attackers can write malicious files ...
Dec 24, 2020This is a cross-site scripting (XSS) vulnerability in MediaWiki's user rights management interface. It allows attackers to inject malicious scripts th...
Dec 18, 2020This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...
Dec 17, 2020CVE-2020-29361 is an integer overflow vulnerability in p11-kit library versions 0.21.1 through 0.23.21. Missing overflow checks before memory allocati...
Dec 16, 2020This vulnerability is a heap-based buffer overflow in p11-kit's RPC protocol that allows remote attackers to execute arbitrary code or cause denial of...
Dec 16, 2020This Xen vulnerability allows a newly created guest domain to inherit access rights to Xenstore nodes from previously destroyed domains with the same ...
Dec 15, 2020CVE-2020-29479 is a privilege escalation vulnerability in Xen's Ocaml xenstored implementation where unprivileged guests can perform unauthorized oper...
Dec 15, 2020A use-after-free vulnerability in the Linux kernel's Xen PV block backend allows a malicious guest VM to crash the host (dom0) by rapidly connecting a...
Dec 15, 2020CVE-2020-8177 is a vulnerability in curl that allows arbitrary file overwrite when using the -J flag. Attackers can overwrite local files by manipulat...
Dec 14, 2020CVE-2020-8285 is a stack overflow vulnerability in curl's FTP wildcard parsing that allows remote attackers to crash applications or potentially execu...
Dec 14, 2020CVE-2020-7788 is a prototype pollution vulnerability in the ini npm package that allows attackers to modify object prototypes by submitting malicious ...
Dec 11, 2020This CVE describes a use-after-free vulnerability in the Linux kernel's tty subsystem that allows attackers to potentially escalate privileges or cras...
Dec 9, 2020CVE-2020-27918 is a use-after-free vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web c...
Dec 8, 2020This vulnerability in ImageMagick allows attackers to trigger undefined behavior by submitting specially crafted image files. The flaw involves intege...
Dec 4, 2020CVE-2020-27778 is a vulnerability in Poppler's pdftohtml utility that allows remote attackers to cause denial of service through a malicious PDF file....
Dec 3, 2020CVE-2020-14351 is a use-after-free vulnerability in the Linux kernel's perf subsystem that allows local attackers with permission to monitor performan...
Dec 3, 2020This SQL injection vulnerability in Hibernate Core allows attackers to inject malicious SQL through JPA Criteria API comments, potentially accessing u...
Dec 2, 2020CVE-2020-27813 is an integer overflow vulnerability in websocket frame length handling that allows attackers to cause denial of service on HTTP server...
Dec 2, 2020This CVE describes a buffer overflow vulnerability in the dlt-daemon component of GENIVI Diagnostic Log and Trace. The flaw allows arbitrary code exec...
Nov 30, 2020CVE-2020-27745 is a critical buffer overflow vulnerability in Slurm's PMIx MPI plugin that allows remote code execution. Attackers can exploit this by...
Nov 27, 2020This vulnerability in x11vnc 0.9.16 allows unauthorized access to shared memory segments due to insecure permissions (IPC_CREAT|0777) in shmget calls....
Nov 25, 2020This CVE describes an access control list (ACL) bypass vulnerability in Pacemaker cluster resource manager. Attackers with local accounts in the hacli...
Nov 24, 2020This vulnerability allows remote code execution through PostgreSQL's psql interactive terminal when using the \gset command against a compromised serv...
Nov 23, 2020CVE-2020-28984 is a critical vulnerability in SPIP CMS that allows unauthenticated attackers to execute arbitrary code on affected systems. The vulner...
Nov 23, 2020Why Monitor Debian Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 1,877+ known vulnerabilities affecting Debian products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Debian packages in under 60 seconds. No agents required - completely agentless scanning that works across Debian deployments.
Free vulnerability database: Access detailed information about every Debian CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Debian CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
