IT, Cloud & DevOps Blog

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2013-10031 CVE-2014-125112 CVE-2025-40923 Upstream summary: Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks Table of contents Symptom & Impact Environment & Reproduction Root Cause […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-11863 CVE-2020-11864 CVE-2020-11865 CVE-2020-11866 CVE-2020-13999 Upstream summary: libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2). Table of contents Symptom & Impact […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2005-1704 CVE-2005-1705 CVE-2006-4146 CVE-2011-4355 CVE-2014-8501 CVE-2014-9939 CVE-2017-9778 CVE-2023-39128  +2 more Upstream summary: Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2004-2386 CVE-2004-2387 Upstream summary: Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2014-2570 Upstream summary: Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2008-6393 Upstream summary: PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2015-8026 CVE-2022-29973 Upstream summary: Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2006-2288 CVE-2006-2289 CVE-2006-5461 CVE-2006-6870 CVE-2007-3372 CVE-2008-5081 CVE-2009-0758 CVE-2010-2244  +12 more Upstream summary: Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2004-1297 CVE-2014-9274 CVE-2014-9275 CVE-2016-10091 CVE-2025-65410 CVE-2025-65411 Upstream summary: Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2021-29136 Upstream summary: Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or […]