Fix Prevention

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2017-14604 CVE-2019-11461 CVE-2022-37290 Upstream summary: GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2006-0467 CVE-2006-2441 CVE-2007-5933 CVE-2007-6010 Upstream summary: Unspecified vulnerability in Pioneers (formerly gnocatan) before 0.9.49 allows remote attackers to cause a denial of service (application crash) via long chat […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2015-6673 Upstream summary: Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis Quick Triage Step-by-Step Diagnosis Solution – […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2026-22703 CVE-2026-24122 CVE-2026-39395 Upstream summary: Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2010-2496 Upstream summary: stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2012-4433 CVE-2018-10111 CVE-2018-10112 CVE-2018-10113 CVE-2018-10114 CVE-2021-45463 CVE-2025-10921 CVE-2026-2049  +1 more Upstream summary: Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2009-1194 CVE-2010-0421 CVE-2011-0020 CVE-2011-0064 CVE-2011-3193 CVE-2018-15120 CVE-2019-1010238 Upstream summary: Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2008-3931 CVE-2016-8714 CVE-2020-27637 CVE-2024-27322 Upstream summary: javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files. Table of contents Symptom […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2008-4939 Upstream summary: apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####.lex.cc, (b) /tmp/#####.deformat.l, (c) /tmp/#####.reformat.l, (d) /tmp/#####docxorig, (e) /tmp/#####docxsalida.zip, (f) […]