Common Problems

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2015-8851 CVE-2026-41907 CVE-2026-41988 Upstream summary: node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2021-28117 Upstream summary: libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2004-1561 CVE-2004-2027 CVE-2005-0837 CVE-2005-0838 CVE-2011-4612 CVE-2014-9018 CVE-2014-9091 CVE-2015-3026  +1 more Upstream summary: Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2003-0620 CVE-2003-0645 CVE-2006-4250 CVE-2015-1336 Upstream summary: Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2017-12950 CVE-2017-12951 CVE-2017-12952 CVE-2017-12953 CVE-2017-12954 CVE-2018-14449 CVE-2018-14450 CVE-2018-14451  +12 more Upstream summary: The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2015-8371 CVE-2021-29472 CVE-2022-24828 CVE-2023-43655 CVE-2024-24821 CVE-2024-35241 CVE-2024-35242 CVE-2025-67746  +3 more Upstream summary: Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2015-9284 CVE-2017-18076 CVE-2020-36599 Upstream summary: The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2017-10140 CVE-2019-8457 Upstream summary: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2009-4404 Upstream summary: Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 allows remote attackers to cause a denial of service via unspecified vectors related to the "–maxlines" option […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2009-1255 CVE-2009-1494 CVE-2009-2415 CVE-2010-1152 CVE-2011-4971 CVE-2013-0179 CVE-2013-7239 CVE-2013-7290  +12 more Upstream summary: The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents […]