Debian Security Vulnerabilities (CVEs)
Track 1,879 security vulnerabilities affecting Debian products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2020-3811 is a mail-address verification bypass vulnerability in qmail-verify used in netqmail 1.06. It allows attackers to bypass email address v...
May 26, 2020CVE-2020-13398 is an out-of-bounds write vulnerability in FreeRDP's RSA crypto implementation that allows attackers to write data beyond allocated mem...
May 22, 2020This vulnerability in Puma web server allows attackers to perform HTTP response smuggling by sending requests with invalid Transfer-Encoding headers. ...
May 22, 2020This CVE describes an authentication bypass vulnerability in Slurm workload manager when Message Aggregation is enabled. A race condition allows attac...
May 21, 2020This vulnerability in libexif allows attackers to read beyond allocated memory buffers when processing EXIF MakerNote data, potentially exposing sensi...
May 21, 2020This vulnerability in Google Chrome's developer tools allowed malicious extensions to escape the browser's security sandbox. Attackers could exploit t...
May 21, 2020This is a use-after-free vulnerability in Chrome's Blink rendering engine that allows remote attackers to potentially exploit heap corruption. Attacke...
May 21, 2020This is a use-after-free vulnerability in Chrome's storage component that allows a remote attacker who has already compromised the renderer process to...
May 21, 2020CVE-2020-6463 is a use-after-free vulnerability in ANGLE (Almost Native Graphics Layer Engine) component of Google Chrome that could allow remote atta...
May 21, 2020CVE-2020-6465 is a use-after-free vulnerability in Chrome's reader mode on Android that allows a compromised renderer process to escape the browser sa...
May 21, 2020This is a use-after-free vulnerability in Chrome's WebRTC component that allows remote attackers to potentially exploit heap corruption. Attackers can...
May 21, 2020This vulnerability in Google Chrome's developer tools allowed malicious extensions to escape the browser's security sandbox. Attackers could exploit t...
May 21, 2020A use-after-free vulnerability in Chrome's speech recognizer component allows remote attackers to potentially escape the browser sandbox via a crafted...
May 21, 2020This is a use-after-free vulnerability in Google Chrome's payments component that allows remote attackers to potentially exploit heap corruption. Atta...
May 21, 2020CVE-2020-12662 is a DNS amplification vulnerability in Unbound DNS resolver where attackers can trigger random subdomain queries via malicious NS reco...
May 19, 2020CVE-2020-8616 is a DNS vulnerability that allows attackers to cause recursive DNS servers to perform excessive queries through malicious referrals, po...
May 19, 2020A heap buffer overflow vulnerability in ClamAV's ARJ archive parsing module allows remote attackers to cause denial of service by crashing the scannin...
May 13, 2020CVE-2020-12823 is a buffer overflow vulnerability in OpenConnect VPN client versions 8.09 and earlier. Attackers can exploit this by sending crafted c...
May 12, 2020CVE-2020-8159 is a path traversal vulnerability in the actionpack_page-caching gem that allows attackers to write arbitrary files to a web server. Thi...
May 12, 2020CVE-2020-12783 is an out-of-bounds read vulnerability in Exim's SPA/NTLM authentication module that could allow authentication bypass. Attackers could...
May 11, 2020This vulnerability allows an unauthenticated attacker to trigger a stack overflow in Samba when configured as an Active Directory Domain Controller LD...
May 6, 2020CVE-2020-12672 is a heap-based buffer overflow vulnerability in GraphicsMagick's PNG/MNG image processing code. Attackers can exploit this by tricking...
May 6, 2020CVE-2020-11651 is an authentication bypass vulnerability in SaltStack Salt that allows unauthenticated remote attackers to execute arbitrary commands ...
Apr 30, 2020This CVE describes a race condition vulnerability in the Linux kernel on s390 platforms that could allow local attackers to execute arbitrary code or ...
Apr 29, 2020This vulnerability in the JSON gem for Ruby allows attackers to create malicious objects during JSON parsing, potentially leading to arbitrary code ex...
Apr 28, 2020This vulnerability in OpenLDAP's slapd daemon allows attackers to crash the LDAP service by sending specially crafted search filters with nested boole...
Apr 28, 2020This vulnerability allows remote attackers to execute arbitrary code or cause denial of service via a specially crafted JPEG file. It affects systems ...
Apr 28, 2020Apache Traffic Server (ATS) versions 6.0.0-6.2.3, 7.0.0-7.1.9, and 8.0.0-8.0.6 are vulnerable to HTTP/2 slow read attacks, which allow attackers to ca...
Apr 27, 2020This vulnerability in libgit2 allows remote code execution when cloning repositories from malicious sources. It affects applications using vulnerable ...
Apr 27, 2020This vulnerability in HTCondor allows attackers to bypass configured authentication methods and impersonate other users when submitting or removing jo...
Apr 27, 2020CVE-2020-12268 is a critical heap-based buffer overflow vulnerability in jbig2dec's image composition function. Attackers can exploit this to execute ...
Apr 27, 2020This vulnerability in LibVNCServer allows remote attackers to execute arbitrary code or cause denial of service via integer overflow and heap-based bu...
Apr 23, 2020CVE-2020-11945 is a critical integer overflow vulnerability in Squid proxy server's Digest Authentication mechanism. A remote attacker can replay snif...
Apr 23, 2020CVE-2020-1983 is a use-after-free vulnerability in libslirp's IP packet reassembly function that allows specially crafted network packets to cause den...
Apr 22, 2020CVE-2020-12066 is a denial-of-service vulnerability in Teeworlds game servers where remote attackers can send specially crafted messages to crash the ...
Apr 22, 2020This vulnerability in ntpd allows an off-path attacker to spoof NTP server responses and block time synchronization for unauthenticated clients. It af...
Apr 17, 2020CVE-2019-12519 is a stack-based buffer overflow vulnerability in Squid proxy server's ESI (Edge Side Includes) parser. When ESI is enabled and process...
Apr 15, 2020This vulnerability allows attackers to bypass Squid's Cache Manager access controls by URL-encoding their requests. Attackers can access sensitive ser...
Apr 15, 2020This vulnerability in Oracle Java SE and Java SE Embedded allows an attacker to compromise Java deployments via multiple network protocols. It primari...
Apr 15, 2020This vulnerability in Oracle Java SE and Java SE Embedded libraries allows an attacker to compromise Java deployments via multiple network protocols. ...
Apr 15, 2020CVE-2020-5260 is a Git vulnerability where specially crafted URLs with encoded newlines can trick Git into sending private credentials to attacker-con...
Apr 14, 2020A memory barrier vulnerability in Xen's read-write unlock paths allows guest OS users to exploit race conditions, potentially causing denial of servic...
Apr 14, 2020CVE-2020-11741 is a vulnerability in Xen's xenoprof profiling component where guest operating systems with active profiling enabled can manipulate sha...
Apr 14, 2020This vulnerability allows a remote attacker to exploit heap corruption via an out-of-bounds read in WebSQL in Google Chrome. Attackers can craft malic...
Apr 13, 2020This is a use-after-free vulnerability in Google Chrome's window management component that allows remote attackers to potentially exploit heap corrupt...
Apr 13, 2020This vulnerability in Google Chrome allows attackers to bypass security user interface (UI) warnings and prompts by exploiting insufficient policy enf...
Apr 13, 2020This vulnerability in Google Chrome's developer tools allows remote attackers to execute arbitrary code on a user's system by tricking them into using...
Apr 13, 2020This vulnerability in Google Chrome's developer tools allows a remote attacker to potentially exploit heap corruption by convincing a user to open dev...
Apr 13, 2020This is a use-after-free vulnerability in Chrome's audio component that allows remote attackers to potentially exploit heap corruption. Attackers can ...
Apr 13, 2020CVE-2020-6434 is a use-after-free vulnerability in Chrome's DevTools that allows remote attackers to potentially exploit heap corruption via a crafted...
Apr 13, 2020Why Monitor Debian Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 1,879+ known vulnerabilities affecting Debian products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Debian packages in under 60 seconds. No agents required - completely agentless scanning that works across Debian deployments.
Free vulnerability database: Access detailed information about every Debian CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Debian CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
