Debian Security Vulnerabilities (CVEs)
Track 1,891 security vulnerabilities affecting Debian products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This CVE describes a denial-of-service vulnerability in Wireshark's BACapp dissector where excessive recursion could cause the application to crash. I...
Apr 10, 2020This vulnerability in Varnish Cache causes assertion failures and daemon restarts when using PROXY version 2 protocol with TLS termination proxies. Th...
Apr 8, 2020This is a deserialization vulnerability in FasterXML jackson-databind that allows remote code execution when untrusted data is deserialized with polym...
Apr 7, 2020CVE-2020-11612 is a memory allocation vulnerability in Netty's ZlibDecoders that allows attackers to cause denial of service through memory exhaustion...
Apr 7, 2020CVE-2019-14868 is a command injection vulnerability in ksh (KornShell) that allows attackers to bypass environment restrictions and execute arbitrary ...
Apr 2, 2020This vulnerability allows remote attackers to write arbitrary bytes to heap memory via a crafted HTTP/2 request to HAProxy's HPACK decoder. Successful...
Apr 2, 2020A buffer overflow vulnerability in PHP's mb_strtolower() function when using UTF-32LE encoding allows attackers to corrupt memory. This could lead to ...
Apr 1, 2020This vulnerability in Bubblewrap (bwrap) allows local attackers to gain root privileges when the software is installed in setuid mode and the kernel s...
Mar 31, 2020A heap use-after-free vulnerability in systemd before version v245-rc1 allows local unprivileged attackers to crash systemd services or potentially ex...
Mar 31, 2020CVE-2020-10595 is a buffer overflow vulnerability in pam-krb5 authentication module that could allow remote code execution when attackers respond to s...
Mar 31, 2020This CVE allows remote code execution through deserialization of untrusted data in FasterXML jackson-databind. It affects applications using Jackson 2...
Mar 31, 2020This is a deserialization vulnerability in FasterXML jackson-databind that allows remote code execution when processing untrusted JSON content. It aff...
Mar 31, 2020This vulnerability in FasterXML jackson-databind allows remote code execution (RCE) via deserialization of untrusted data, exploiting a gadget chain i...
Mar 26, 2020CVE-2020-6071 is a denial-of-service vulnerability in Videolabs libmicrodns 0.1.0 where improper handling of compressed labels in mDNS messages allows...
Mar 24, 2020CVE-2020-6072 is a critical double-free vulnerability in Videolabs libmicrodns 0.1.0 that allows remote code execution via specially crafted mDNS mess...
Mar 24, 2020CVE-2020-6077 is an out-of-bounds read vulnerability in Videolabs libmicrodns 0.1.0 that allows remote attackers to cause denial of service by sending...
Mar 24, 2020CVE-2020-6079 is a memory leak vulnerability in libmicrodns 0.1.0 that allows denial-of-service attacks via resource exhaustion. An attacker can repea...
Mar 24, 2020This vulnerability in GraphicsMagick allows attackers to trigger an integer overflow and heap-based buffer overflow when processing specially crafted ...
Mar 24, 2020This vulnerability in Ansible Engine allows attackers to manipulate ansible_facts data when using specific configurations, potentially leading to priv...
Mar 24, 2020Apache Traffic Server versions 6.0.0-6.2.3, 7.0.0-7.1.8, and 8.0.0-8.0.5 contain an HTTP request smuggling vulnerability via chunked encoding manipula...
Mar 23, 2020This is a use-after-free vulnerability in Chrome's WebGL implementation that allows remote attackers to potentially exploit heap corruption. Attackers...
Mar 23, 2020This is a use-after-free vulnerability in Chrome's audio component that allows remote attackers to potentially exploit heap corruption. Attackers can ...
Mar 23, 2020This is a use-after-free vulnerability in Chrome's audio component that allows remote attackers to potentially exploit heap corruption. Attackers can ...
Mar 23, 2020A buffer overflow vulnerability in WeeChat IRC client versions 0.3.4 through 2.7 allows remote attackers to crash the application or potentially execu...
Mar 23, 2020This SQL injection vulnerability in phpMyAdmin allows attackers to execute arbitrary SQL queries by crafting malicious database or table names. Users ...
Mar 22, 2020CVE-2020-10672 is a deserialization vulnerability in FasterXML jackson-databind that allows remote code execution when processing untrusted JSON conte...
Mar 18, 2020CVE-2020-0556 is an improper access control vulnerability in BlueZ (Linux Bluetooth stack) that allows unauthenticated attackers within Bluetooth rang...
Mar 12, 2020This CVE describes an integer overflow leading to heap-based buffer overflow in ICU's UnicodeString::doAppend() function. Attackers can exploit this t...
Mar 12, 2020CVE-2020-10108 is an HTTP request splitting vulnerability in Twisted Web that allows attackers to bypass security controls by sending HTTP requests wi...
Mar 12, 2020This CVE describes an out-of-bounds read vulnerability in Android's VP8 video decoder. An attacker could remotely disclose information from affected d...
Mar 10, 2020CVE-2020-5258 is a prototype pollution vulnerability in the Dojo Toolkit's deepCopy method that allows attackers to inject malicious properties into J...
Mar 10, 2020This CVE describes a critical stack buffer overflow vulnerability in The Sleuth Kit (TSK) forensic analysis tool. Attackers can exploit this by provid...
Mar 9, 2020This CVE describes a buffer overflow vulnerability in netkit telnetd's utility.c that allows remote attackers to execute arbitrary code via short writ...
Mar 6, 2020This CVE allows SQL injection in Django when untrusted data is used as the tolerance parameter in GIS functions and aggregates on Oracle databases. At...
Mar 5, 2020CVE-2020-8659 is a memory exhaustion vulnerability in CNCF Envoy proxy that allows attackers to cause denial of service by sending HTTP/1.1 requests w...
Mar 4, 2020This CVE describes a critical memory corruption vulnerability (use-after-free) in WebKitGTK and WPE WebKit browsers that could allow remote attackers ...
Mar 2, 2020CVE-2020-9548 is a deserialization vulnerability in FasterXML jackson-databind that allows remote code execution by exploiting the interaction between...
Mar 2, 2020This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...
Mar 2, 2020This vulnerability is a type confusion flaw in Chrome's V8 JavaScript engine that allows a remote attacker to potentially exploit heap corruption via ...
Feb 27, 2020This is a use-after-free vulnerability in the speech component of Google Chrome that allows a remote attacker to potentially exploit heap corruption v...
Feb 27, 2020This vulnerability is a type confusion flaw in Chrome's V8 JavaScript engine that allows an attacker to execute arbitrary code or cause heap corruptio...
Feb 27, 2020This CVE describes a null pointer dereference vulnerability in PHP's file upload progress tracking feature. When upload progress tracking is enabled w...
Feb 27, 2020CVE-2020-9274 is an uninitialized pointer vulnerability in Pure-FTPd 1.0.49 that can cause denial of service or potentially allow arbitrary code execu...
Feb 26, 2020CVE-2020-8794 is a critical out-of-bounds read vulnerability in OpenSMTPD that allows remote code execution. Attackers can exploit this during bounce ...
Feb 25, 2020This vulnerability in the Linux kernel's floppy driver allows an out-of-bounds read when accessing the Floppy Disk Controller (FDC) index without prop...
Feb 25, 2020CVE-2020-1938 (GhostCat) is a critical vulnerability in Apache Tomcat's AJP connector that allows attackers to read arbitrary files from the server an...
Feb 24, 2020This vulnerability in Go's SSH package allows attackers to cause denial of service through panic during signature verification. Both SSH servers accep...
Feb 20, 2020CVE-2020-9273 is a use-after-free vulnerability in ProFTPD 1.3.7 that allows remote attackers to corrupt memory pools by interrupting data transfer ch...
Feb 20, 2020CVE-2014-4678 is a critical remote code execution vulnerability in Ansible's safe_eval function that allows attackers to execute arbitrary code on tar...
Feb 20, 2020CVE-2020-6061 is a critical heap out-of-bounds read vulnerability in CoTURN 4.5.1.1 web server that allows attackers to leak sensitive information or ...
Feb 19, 2020Why Monitor Debian Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 1,891+ known vulnerabilities affecting Debian products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Debian packages in under 60 seconds. No agents required - completely agentless scanning that works across Debian deployments.
Free vulnerability database: Access detailed information about every Debian CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Debian CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
