Debian Security Vulnerabilities (CVEs)

CVE-2025-21605 is a memory exhaustion vulnerability in Redis where unauthenticated clients can cause unlimited growth of output buffers, leading to se...

A Linux kernel vulnerability in the SKBPRIO queue discipline (qdisc) causes assertion failures when used as a child qdisc under TBF (Token Bucket Filt...

This vulnerability in PgBouncer allows attackers to authenticate with expired passwords when using auth_query mode. The connection pooler fails to che...

A race condition vulnerability in the Linux kernel's cfg80211 WiFi subsystem where wiphy_work_lock is accessed before proper initialization when rfkil...

OpenSSH versions before 10.0 have a bug where the DisableForwarding directive fails to properly disable X11 and agent forwarding as documented. This a...

A heap buffer overflow vulnerability in libvips' heifsave operation when processing specially crafted TIFF images with 4 channels. This could cause ap...

CVE-2025-3155 is a vulnerability in Yelp (the GNOME help application) that allows malicious help documents to execute arbitrary scripts. This could en...

This CVE describes an information disclosure vulnerability in the Linux kernel's ACRN hypervisor subsystem. The vulnerability allows uninitialized ker...

This is a race condition vulnerability in the Linux kernel's memory management subsystem (khugepaged) that can lead to use-after-free access. It affec...

A vulnerability in containerd allows containers launched with UID/GID values exceeding 32-bit signed integer limits to overflow and run as root (UID 0...

This Linux kernel vulnerability in the netfilter subsystem allows expectations (exp) to remain in hash tables when they should be removed, potentially...

This CVE describes an out-of-bounds write vulnerability in FreeType versions 2.13.0 and below when parsing TrueType GX and variable font files. The vu...

A denial-of-service vulnerability exists in Django's text wrapping functions when processing extremely long strings. Attackers can cause excessive CPU...

A use-after-free vulnerability in the Linux kernel's max96712 media driver causes a kernel oops (crash) when removing the module. This affects systems...

CVE-2025-27516 is a sandbox escape vulnerability in Jinja templating engine that allows attackers who control template content to execute arbitrary Py...

This vulnerability in LibreOffice allows attackers to craft malicious links using the 'vnd.libreoffice.command' URI scheme that can execute internal m...

A NULL pointer dereference vulnerability in DCMTK's DICOM file processing component allows attackers to cause denial of service by sending specially c...

This vulnerability in FFmpeg's JPEG2000 decoder allows attackers to cause a segmentation fault (crash) by processing specially crafted JPEG2000 images...

This OpenSSH vulnerability allows machine-in-the-middle attacks when VerifyHostKeyDNS is enabled. Attackers can impersonate legitimate servers by expl...

This CVE describes a client certificate authentication bypass vulnerability in nginx when multiple server blocks share the same IP/port. Attackers can...

CVE-2025-0781 is a sandbox escape vulnerability in FlightGear's Nasal scripting engine that allows attackers to write arbitrary files to any location ...

This vulnerability in MySQL Server's InnoDB component allows high-privileged attackers with network access to cause a denial of service by crashing or...

This vulnerability allows attackers to craft malicious Git repository URLs containing ANSI escape sequences that manipulate terminal output during cre...

This vulnerability allows attackers to inject malicious commands into Git credential helpers by exploiting how some ecosystems interpret carriage retu...

This vulnerability in Django allows attackers to cause denial-of-service by sending specially crafted IPv6 addresses to vulnerable validation function...

CVE-2023-27539 is a denial-of-service vulnerability in Rack's header parsing component that allows attackers to cause excessive memory consumption by ...

This CVE describes a use-after-free vulnerability in Redis where an authenticated user can craft a malicious Lua script to manipulate the garbage coll...

This CVE describes a memory leak vulnerability in the Linux kernel's IPv6 networking stack where expired exception destination cache entries are not p...

This vulnerability in the Linux kernel's ALSA USB audio subsystem allows a malicious USB device to trigger out-of-bounds memory accesses. Attackers co...

This vulnerability in the Linux kernel's USB audio driver allows out-of-bounds memory reads when processing malicious USB audio device descriptors. At...

A path traversal vulnerability in the action_listcategories() function of Asterisk allows attackers to access files outside the intended directory. Th...

This CVE is an out-of-bounds write vulnerability in the Linux kernel's UVC video driver (uvcvideo). Attackers could exploit this to crash the system o...

This vulnerability in Apple's Safari browser and related operating systems allows cross-site scripting (XSS) attacks due to improper cookie management...

This PostgreSQL vulnerability allows a less-privileged application user to view or modify unintended database rows when the application uses SET ROLE ...

This vulnerability in Artifex Ghostscript allows buffer overflow during PDF XRef stream handling, potentially enabling remote code execution. It affec...

This vulnerability in Ghostscript allows out-of-bounds memory access in the filenameforall function, which could lead to arbitrary code execution. It ...

CVE-2024-41311 is an out-of-bounds read/write vulnerability in Libheif's ImageOverlay::parse() function when processing malicious HEIF files with forg...

CVE-2024-47175 is a vulnerability in CUPS libppd where the ppdCreatePPDFromIPP2 function fails to sanitize IPP attributes when creating PPD buffers. T...

This vulnerability allows local users on Unix-like systems to view and modify shared memory containing mod_jk configuration due to incorrect default p...