Package Management

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 11 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2019-11471 CVE-2020-19498 CVE-2020-19499 CVE-2020-23109 CVE-2023-0996 CVE-2023-29659 CVE-2023-49463 CVE-2024-25269  +11 more Upstream summary: libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images. […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2025-22620 Upstream summary: gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2019-12760 Upstream summary: A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2025-22868 Upstream summary: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. Table of contents Symptom & Impact Environment & Reproduction […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2015-7810 Upstream summary: libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis Quick […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-36659 CVE-2026-8503 Upstream summary: In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2015-8851 CVE-2026-41907 CVE-2026-41988 Upstream summary: node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2022-24953 Upstream summary: The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions. Table […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2026-4739 Upstream summary: Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (‎Modules/ThirdParty/Expat/src/expat modules).This issue affects ITK: before 2.7.1. Table of contents Symptom & Impact Environment & Reproduction Root Cause […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 12 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2007-4974 CVE-2009-0186 CVE-2009-1788 CVE-2009-1791 CVE-2009-4835 CVE-2011-2696 CVE-2014-9496 CVE-2014-9756  +12 more Upstream summary: Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to […]