Debian Security Vulnerabilities (CVEs)
Track 1,960 security vulnerabilities affecting Debian products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2018-14469 is a buffer over-read vulnerability in tcpdump's IKEv1 parser that allows attackers to cause denial of service or potentially leak sens...
Oct 3, 2019This vulnerability allows remote code execution via Java deserialization in Jackson databind when Default Typing is enabled and commons-dbcp is in the...
Oct 1, 2019CVE-2019-16276 is an HTTP request smuggling vulnerability in Go's net/http package that allows attackers to bypass security controls and potentially p...
Sep 30, 2019CVE-2019-16928 is a heap-based buffer overflow vulnerability in Exim mail servers that allows remote attackers to execute arbitrary code by sending a ...
Sep 27, 2019This vulnerability in libexif allows an attacker to trigger an integer overflow leading to out-of-bounds write. When exploited, it could enable remote...
Sep 27, 2019CVE-2019-9232 is an out-of-bounds read vulnerability in libvpx (VP8/VP9 video codec library) that allows remote attackers to read memory beyond alloca...
Sep 27, 2019CVE-2019-8075 is a Same Origin Policy bypass vulnerability in Adobe Flash Player that allows malicious websites to access data from other domains. Thi...
Sep 27, 2019This vulnerability allows attackers to bypass access control rules in LemonLDAP::NG's OpenID Connect Issuer by crafting malicious authorization reques...
Sep 25, 2019This is a critical buffer overflow vulnerability in the Linux kernel's wireless networking subsystem (nl80211). Attackers can exploit it by sending sp...
Sep 24, 2019CVE-2019-16729 is a privilege escalation vulnerability in pam-python that allows local users to gain root privileges by manipulating Python environmen...
Sep 24, 2019A heap-based buffer overflow vulnerability exists in the Marvell WiFi chip driver in Linux kernel versions up to (but excluding) 5.3. This allows loca...
Sep 20, 2019This CVE describes a buffer overflow vulnerability in the Linux kernel's vhost functionality during live migration. A privileged guest user in a virtu...
Sep 17, 2019OpenDMARC versions through 1.3.2 and 1.4.x through 1.4.0-Beta1 contain a signature bypass vulnerability when emails contain multiple From: addresses. ...
Sep 17, 2019CVE-2019-5481 is a double-free vulnerability in cURL's FTP-kerberos code that allows remote attackers to execute arbitrary code or cause denial of ser...
Sep 16, 2019CVE-2019-14540 is a deserialization vulnerability in FasterXML jackson-databind that allows remote code execution through polymorphic type handling. A...
Sep 15, 2019CVE-2019-16335 is a deserialization vulnerability in Jackson databind that allows remote code execution through polymorphic type handling. Attackers c...
Sep 15, 2019This vulnerability in Wireshark allows an attacker to cause a denial of service by triggering an infinite loop in the Gryphon protocol dissector. When...
Sep 15, 2019CVE-2019-16235 is an origin validation vulnerability in Dino's XMPP message carbons implementation that allows attackers to spoof message sources. Thi...
Sep 11, 2019CVE-2019-16237 is an origin validation vulnerability in Dino's Message Archive Management (MAM) implementation that allows attackers to spoof message ...
Sep 11, 2019The Python email module incorrectly parses email addresses containing multiple @ characters, allowing attackers to bypass email validation checks. App...
Sep 6, 2019This vulnerability in Ghostscript versions 9.x before 9.50 allows specially crafted PostScript files to bypass the -dSAFER security sandbox. Attackers...
Sep 6, 2019CVE-2019-15846 is a critical remote code execution vulnerability in Exim mail servers where a trailing backslash in certain commands allows attackers ...
Sep 6, 2019A heap buffer overflow vulnerability in OpenJPEG's color profile processing allows attackers to execute arbitrary code or cause denial of service. Thi...
Sep 5, 2019This vulnerability in the Linux kernel's ath6kl wireless driver allows out-of-bounds memory access when processing specific WMI events. Attackers coul...
Sep 4, 2019This CVE describes a use-after-free vulnerability in the Linux kernel's Bluetooth HCI UART driver. When hci_uart_register_dev() fails during protocol ...
Sep 4, 2019CVE-2019-15892 is a denial-of-service vulnerability in Varnish Cache HTTP/1 parser. Attackers can send crafted HTTP/1 requests that trigger an asserti...
Sep 3, 2019This vulnerability in Ghostscript allows specially crafted PostScript files to bypass the -dSAFER security sandbox. Attackers could gain file system a...
Sep 3, 2019This vulnerability is a heap-based buffer over-read in FreeType's Type 1 font parser. It allows attackers to read sensitive memory contents, potential...
Sep 3, 2019CVE-2019-13273 is a critical buffer overflow vulnerability in Xymon's csvinfo CGI script that allows remote code execution. Attackers can exploit it b...
Aug 27, 2019CVE-2019-13451 is a buffer overflow vulnerability in Xymon's history.c component that allows remote attackers to execute arbitrary code or cause denia...
Aug 27, 2019CVE-2019-13455 is a critical stack-based buffer overflow vulnerability in Xymon's alert acknowledgment CGI tool. Attackers can exploit this by sending...
Aug 27, 2019CVE-2019-13485 is a critical stack-based buffer overflow vulnerability in Xymon's history viewer component. Attackers can exploit this by sending spec...
Aug 27, 2019This vulnerability in Apache Commons Beanutils allows attackers to access the classloader property on Java objects, potentially leading to remote code...
Aug 20, 2019This CVE describes a use-after-free vulnerability in the Linux kernel's TCP implementation that was introduced through an incorrect backport of a secu...
Aug 20, 2019CVE-2019-5477 is a command injection vulnerability in Nokogiri v1.10.3 and earlier that allows remote code execution via unsafe user input passed to t...
Aug 16, 2019This vulnerability allows attackers to bypass LibreOffice's script execution protection through insufficient URL validation. Malicious documents can e...
Aug 15, 2019CVE-2019-9852 is a directory traversal vulnerability in LibreOffice that allows attackers to bypass URL encoding protections and execute arbitrary Pyt...
Aug 15, 2019CVE-2019-13220 is an uninitialized variable vulnerability in stb_vorbis audio decoder that allows attackers to cause denial of service or information ...
Aug 15, 2019This vulnerability in stb_vorbis library allows attackers to cause denial of service or leak sensitive memory contents by tricking applications into p...
Aug 15, 2019This vulnerability allows authentication bypass in GONICUS GOsa LDAP systems. An attacker can log into any account containing the substring 'success' ...
Aug 15, 2019CVE-2019-13217 is a heap buffer overflow vulnerability in stb_vorbis audio decoder library that allows attackers to cause denial of service or execute...
Aug 15, 2019This is a Linux kernel vulnerability in IPv6 multicast routing that allows attackers with root privileges or CAP_NET_ADMIN capability to trigger a gen...
Aug 13, 2019This vulnerability in PDFResurrect allows attackers to trigger a malloc failure and out-of-bounds write by providing a malicious PDF file with an inva...
Aug 11, 2019This vulnerability in PHP's EXIF extension allows attackers to cause buffer over-read when parsing EXIF data from images via functions like exif_read_...
Aug 9, 2019This SQL injection vulnerability in Django's PostgreSQL JSONField and HStoreField allows attackers to execute arbitrary SQL queries through crafted ke...
Aug 9, 2019CVE-2019-14744 is a code execution vulnerability in KDE Frameworks KConfig where malicious .desktop or .directory files can execute arbitrary shell co...
Aug 7, 2019CVE-2019-14513 is a buffer overflow vulnerability in Dnsmasq DNS server software caused by improper bounds checking when processing large DNS packets....
Aug 1, 2019This vulnerability is a stack-based buffer overflow in MilkyTracker's LoaderXM::load function. Attackers can exploit this by crafting malicious XM mod...
Aug 1, 2019CVE-2019-14493 is a NULL pointer dereference vulnerability in OpenCV's XML parser that can cause denial of service (crash) when processing malicious X...
Aug 1, 2019CVE-2019-0193 is a remote code execution vulnerability in Apache Solr's DataImportHandler module. Attackers can exploit the debug mode's 'dataConfig' ...
Aug 1, 2019Why Monitor Debian Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 1,960+ known vulnerabilities affecting Debian products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Debian packages in under 60 seconds. No agents required - completely agentless scanning that works across Debian deployments.
Free vulnerability database: Access detailed information about every Debian CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Debian CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
