Common Problems

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2017-14339 Upstream summary: The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2008-4960 Upstream summary: impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-tmp.ps and (2) /tmp/bboxx-* temporary files. Table of […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2010-3364 CVE-2018-7998 CVE-2019-6976 CVE-2020-20739 CVE-2021-27847 CVE-2023-40032 CVE-2025-29769 CVE-2025-59933  +9 more Upstream summary: The vips-7.22 script in VIPS 7.22.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2015-7514 CVE-2016-4985 CVE-2024-44082 CVE-2024-47211 CVE-2025-44021 CVE-2026-42510 CVE-2026-42997 CVE-2026-44916  +1 more Upstream summary: OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2026-44353 Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis Quick Triage Step-by-Step Diagnosis Solution – Primary Fix Solution – Alternative Approaches Verification & Acceptance […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2019-13453 Upstream summary: Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2015-7578 CVE-2015-7579 CVE-2015-7580 CVE-2018-3741 CVE-2022-23517 CVE-2022-23518 CVE-2022-23519 CVE-2022-23520  +1 more Upstream summary: Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2010-2480 CVE-2022-40023 CVE-2026-41205 Upstream summary: Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2008-1569 CVE-2008-1570 Upstream summary: policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2022-40899 Upstream summary: An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious […]