Operations

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2022-41862 CVE-2023-2454 CVE-2023-2455 CVE-2023-39417 CVE-2023-39418 CVE-2023-5868 CVE-2023-5869 CVE-2023-5870  +12 more Upstream summary: In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2016-6129 CVE-2018-0739 CVE-2018-12437 CVE-2019-17362 Upstream summary: The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2011-1716 CVE-2013-4173 CVE-2015-1430 CVE-2016-2054 CVE-2016-2055 CVE-2016-2056 CVE-2016-2057 CVE-2016-2058  +8 more Upstream summary: Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2026-7246 Upstream summary: Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2012-2320 CVE-2012-2321 CVE-2012-2322 CVE-2012-6459 CVE-2017-12865 CVE-2021-26675 CVE-2021-26676 CVE-2021-33833  +8 more Upstream summary: ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2005-2966 CVE-2006-1550 CVE-2006-2453 CVE-2006-2480 CVE-2008-5984 CVE-2019-19451 Upstream summary: The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-15271 Upstream summary: In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2022-0699 Upstream summary: A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-13822 CVE-2020-28498 CVE-2024-42459 CVE-2024-42460 CVE-2024-42461 CVE-2024-48948 CVE-2024-48949 CVE-2025-14505 Upstream summary: The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-8189 CVE-2020-8225 CVE-2020-8227 CVE-2021-22879 CVE-2021-22895 CVE-2021-32728 CVE-2022-39331 CVE-2022-39332  +10 more Upstream summary: A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local […]