Operations

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2016-3697 CVE-2016-9962 CVE-2019-16884 CVE-2019-19921 CVE-2019-5736 CVE-2021-30465 CVE-2021-43784 CVE-2022-29162  +8 more Upstream summary: libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 9 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2018-14912 Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis Quick Triage Step-by-Step Diagnosis Solution – Primary Fix Solution – Alternative Approaches Verification & Acceptance Criteria […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 10 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2021-44730 Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis Quick Triage Step-by-Step Diagnosis Solution – Primary Fix Solution – Alternative Approaches Verification & Acceptance Criteria […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2005-4683 CVE-2006-0512 Upstream summary: PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2017-5330 CVE-2020-16116 CVE-2020-24654 CVE-2024-57966 Upstream summary: ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. Table of […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2013-1438 CVE-2015-3885 CVE-2015-8366 CVE-2018-19565 CVE-2018-19566 CVE-2018-19567 CVE-2018-19568 CVE-2018-19655  +1 more Upstream summary: Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2022-23491 CVE-2023-37920 CVE-2024-39689 Upstream summary: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2017-17523 CVE-2018-10992 CVE-2020-17353 CVE-2020-17354 Upstream summary: lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2025-40918 Upstream summary: Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2019-16779 Upstream summary: In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave […]