Fix Prevention

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2016-1239 Upstream summary: duck before 0.10 did not properly handle loading of untrusted code from the current directory. Table of contents Symptom & Impact Environment & Reproduction Root Cause […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2013-7447 CVE-2014-1949 CVE-2024-6655 Upstream summary: Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2018-16848 CVE-2018-16849 CVE-2019-3866 Upstream summary: A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2021-37819 Upstream summary: PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java. Table of contents Symptom & Impact Environment & Reproduction Root Cause […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2006-1058 CVE-2011-2716 CVE-2011-5325 CVE-2013-1813 CVE-2014-4607 CVE-2014-9645 CVE-2015-9261 CVE-2016-2147  +12 more Upstream summary: BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2026-33186 Upstream summary: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2008-4551 CVE-2009-0790 CVE-2009-1957 CVE-2009-1958 CVE-2009-2185 CVE-2009-2661 CVE-2010-2628 CVE-2012-2388  +12 more Upstream summary: strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2008-6398 Upstream summary: sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2018-19871 CVE-2020-23884 CVE-2025-5683 Upstream summary: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. Table of contents Symptom & Impact Environment & Reproduction […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2008-6547 Upstream summary: schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors. Table […]