Package Management

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4491 CVE-2016-4492 CVE-2016-4493  +2 more Upstream summary: Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2007-5200 CVE-2024-25442 CVE-2024-25443 CVE-2024-25445 CVE-2024-25446 Upstream summary: hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2023-37154 Upstream summary: check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2007-3476 CVE-2007-3477 CVE-2007-3996 CVE-2009-3546 CVE-2021-32773 Upstream summary: Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2017-18021 Upstream summary: It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2017-10140 CVE-2019-8457 Upstream summary: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2004-0408 Upstream summary: Buffer overflow in the child_service function in the ident2 ident daemon allows remote attackers to execute arbitrary code. Table of contents Symptom & Impact Environment […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2007-6061 CVE-2009-0490 CVE-2009-3560 CVE-2009-3720 CVE-2016-2540 CVE-2016-2541 CVE-2020-11867 Upstream summary: Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2026-23949 Upstream summary: jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2016-9243 CVE-2018-10903 CVE-2020-25659 CVE-2020-36242 CVE-2023-23931 CVE-2023-49083 CVE-2023-50782 CVE-2024-26130  +2 more Upstream summary: HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than […]