Debian Security Vulnerabilities (CVEs)
Track 1,936 security vulnerabilities affecting Debian products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows remote code execution in Ruby applications using the Shell#[] or Shell#test methods with untrusted input. Attackers can inje...
Nov 26, 2019This Squid vulnerability exposes heap memory pointer values in nonce tokens during HTTP Digest Authentication, weakening ASLR protections. Attackers c...
Nov 26, 2019This Squid vulnerability allows attackers to bypass access controls by making URN requests that trigger HTTP requests without proper authorization che...
Nov 26, 2019This vulnerability in Yubico PAM Module allows authentication bypass when attackers provide a NULL password (Ctrl-D sequence). It affects systems usin...
Nov 26, 2019CVE-2011-3632 is a symlink attack vulnerability in Hardlink versions before 0.1.2 that allows local attackers to manipulate file operations by exploit...
Nov 26, 2019CVE-2011-3630 is a stack-based buffer overflow vulnerability in the Hardlink utility that allows remote attackers to execute arbitrary code by trickin...
Nov 26, 2019CVE-2011-3596 is a denial-of-service vulnerability in Polipo caching web proxy where specially crafted HTTP POST or PUT requests can cause the service...
Nov 26, 2019CVE-2012-6639 is a privilege escalation vulnerability in Cloud-init versions before 0.7.0 that allows local attackers to gain root privileges by submi...
Nov 25, 2019CVE-2015-1396 is a directory traversal vulnerability in GNU patch versions before 2.7.4 that allows attackers to write to arbitrary files via symlink ...
Nov 25, 2019This vulnerability allows attackers to cause a denial of service (DoS) in RabbitMQ's web management plugin by sending specially crafted HTTP requests ...
Nov 23, 2019CVE-2014-6310 is a buffer overflow vulnerability in CHICKEN Scheme's 'select' function that allows remote attackers to execute arbitrary code. This af...
Nov 22, 2019A NULL pointer dereference vulnerability in Asterisk's PJSIP T.38 fax handling causes crashes when receiving malformed re-invite messages. This affect...
Nov 22, 2019CVE-2014-5255 is a local privilege escalation vulnerability in xcfa (XCFA audio file converter) where insecure temporary file creation allows local at...
Nov 21, 2019CVE-2019-19204 is a heap-based buffer over-read vulnerability in Oniguruma regular expression library versions 6.x before 6.9.4_rc2. This vulnerabilit...
Nov 21, 2019An integer overflow vulnerability in xcftools allows memory corruption when processing specially crafted XCF files. This could lead to arbitrary code ...
Nov 21, 2019CVE-2014-1936 is a vulnerability in rc (run commands) software where temporary files are created insecurely, allowing local attackers to perform symli...
Nov 21, 2019CVE-2012-3543 is a hash collision denial-of-service vulnerability in Mono's ASP.NET Web Forms implementation. Attackers can craft malicious POST reque...
Nov 21, 2019This vulnerability in PostgreSQL's pgcrypto extension leaks information through different error responses when incorrect encryption keys are used. Att...
Nov 20, 2019CVE-2013-1816 is a denial of service vulnerability in MediaWiki where remote attackers can crash the application by sending specially crafted requests...
Nov 20, 2019This vulnerability in Smarty3 allows remote attackers to execute arbitrary PHP code through the $smarty.template variable. It affects web applications...
Nov 20, 2019This vulnerability allows attackers to execute arbitrary code on systems running vulnerable versions of Sniffit network sniffer. By crafting a malicio...
Nov 19, 2019This vulnerability allows XML external entity (XXE) attacks in org.codehaus.jackson:jackson-mapper-asl libraries version 1.9.x. Attackers can exploit ...
Nov 18, 2019A memory leak vulnerability in the ath9k_wmi_cmd() function in the Linux kernel's Atheros wireless driver allows attackers to cause denial of service ...
Nov 18, 2019This vulnerability is a memory leak in the Linux kernel's CAN-USB driver that allows attackers to cause denial of service by consuming all available m...
Nov 18, 2019An integer overflow vulnerability in Oniguruma's regexec.c allows attackers to trigger an out-of-bounds read via crafted regular expressions. This aff...
Nov 17, 2019This vulnerability in gksu-polkit allows attackers to inject arbitrary commands into xauth source files, potentially hijacking administrator X11 sessi...
Nov 15, 2019This CVE describes a null pointer dereference vulnerability in Mozilla Network Security Services (NSS) that allows remote attackers to cause denial of...
Nov 15, 2019CVE-2013-7087 is a heap memory corruption vulnerability in ClamAV's WWPack file unpacking module. Attackers can exploit this by crafting malicious WWP...
Nov 15, 2019CVE-2013-7089 is an information disclosure vulnerability in ClamAV's dbg_printhex function that could leak sensitive memory contents. This affects Cla...
Nov 15, 2019CVE-2019-18928 is an authentication bypass vulnerability in Cyrus IMAP where HTTP requests on the same connection can inherit authentication context f...
Nov 15, 2019CVE-2012-1155 is an information disclosure vulnerability in Moodle's database activity module. It allows authenticated users to export all database en...
Nov 14, 2019CVE-2011-1930 is a command injection vulnerability in klibc's DHCP client (ipconfig) where specially crafted DHCP responses can execute arbitrary code...
Nov 14, 2019A buffer overflow vulnerability in unixODBC's SQLDriverConnect() function allows attackers to execute arbitrary code or cause denial of service by pro...
Nov 14, 2019Thunar file manager versions before 1.3.1 contain a format string vulnerability when handling file names with percent characters. This could allow an ...
Nov 14, 2019CVE-2010-5108 is an improper permission check vulnerability in Trac 0.11.6 that allows attackers to modify ticket status and resolution without proper...
Nov 13, 2019CVE-2010-4664 is a privilege escalation vulnerability in ConsoleKit versions before 0.4.2 that allows authenticated local users to bypass security res...
Nov 13, 2019This vulnerability in PHP5 allows attackers to pass invalid UTF-8 strings to xmlTextWriterWriteAttribute, causing libxml2 to misparse them and leak me...
Nov 13, 2019CVE-2010-4654 is a stack corruption vulnerability in poppler PDF rendering library versions before 0.16.3. Malformed PDF commands can corrupt the inte...
Nov 13, 2019CVE-2010-4533 is a vulnerability in offlineimap where SSL v2 protocol support remains enabled despite known security flaws in that protocol. This allo...
Nov 13, 2019A buffer overflow vulnerability in GNU FriBidi's fribidi_get_par_embedding_levels_ex() function allows attackers to cause denial of service or potenti...
Nov 13, 2019This vulnerability in ettercap before version 0.7.5 allows remote attackers to execute arbitrary code via a buffer overflow in an sscanf() call when p...
Nov 12, 2019This vulnerability in libpoe-component-irc-perl allows attackers to inject arbitrary IRC commands by exploiting improper input sanitization of carriag...
Nov 12, 2019CVE-2012-1572 is a denial-of-service vulnerability in OpenStack Keystone where extremely long passwords can crash the service by exhausting stack spac...
Nov 12, 2019CVE-2011-3618 is a symlink attack vulnerability in the atop system monitoring tool due to insecure temporary file handling. Attackers can exploit this...
Nov 12, 2019This vulnerability in the json-jwt Ruby gem allows improper authentication due to missing element count validation when splitting JWE strings. Attacke...
Nov 12, 2019CVE-2011-2897 is a critical buffer overflow vulnerability in gdk-pixbuf's GIF loader that occurs during decompression table initialization. This allow...
Nov 12, 2019CVE-2008-7291 is an insecure temporary file creation vulnerability in gri (GNU Image Manipulation Program) that allows local attackers to overwrite ar...
Nov 8, 2019CVE-2007-6745 is a floating point exception vulnerability in ClamAV 0.91.2's ScanOLE2 component that can cause denial of service. When exploited, it c...
Nov 7, 2019CVE-2019-3465 is a signature validation bypass vulnerability in XmlSecLibs that allows authenticated attackers to forge XML signatures. This enables i...
Nov 7, 2019CVE-2012-0051 is an integrity vulnerability in Tahoe-LAFS 1.9.0 where remote attackers can corrupt mutable files or directories during retrieval. This...
Nov 7, 2019Why Monitor Debian Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 1,936+ known vulnerabilities affecting Debian products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Debian packages in under 60 seconds. No agents required - completely agentless scanning that works across Debian deployments.
Free vulnerability database: Access detailed information about every Debian CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Debian CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
