Debian 11

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2018-4056 CVE-2018-4058 CVE-2018-4059 CVE-2020-26262 CVE-2020-4067 CVE-2020-6061 CVE-2020-6062 CVE-2026-27624  +1 more Upstream summary: An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2021-21366 CVE-2021-32796 CVE-2022-37616 CVE-2022-39353 CVE-2026-34601 CVE-2026-41672 CVE-2026-41673 CVE-2026-41674  +1 more Upstream summary: xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2002-1347 CVE-2004-0884 CVE-2005-0373 CVE-2006-1721 CVE-2009-0688 CVE-2013-4122 CVE-2019-19906 CVE-2022-24407 Upstream summary: Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2018-20433 CVE-2019-5427 CVE-2026-27830 Upstream summary: c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis Quick […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2004-0984 CVE-2005-1520 CVE-2005-1521 CVE-2005-1522 CVE-2005-1523 CVE-2005-1824 CVE-2005-2878 CVE-2019-18862 Upstream summary: Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2005-0758 CVE-2005-0953 CVE-2005-1260 CVE-2008-1372 CVE-2010-0405 CVE-2011-4089 CVE-2016-3189 CVE-2019-12900 Upstream summary: zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2006-5873 Upstream summary: Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-11880 Upstream summary: An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=…" parameter, a website (or other source of mailto links) can […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-12658 Upstream summary: gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-13756 Upstream summary: Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called […]