Package Management

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2005-0372 CVE-2006-7221 Upstream summary: Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 10 (buster) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2021-33054 Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis Quick Triage Step-by-Step Diagnosis Solution – Primary Fix Solution – Alternative Approaches Verification & Acceptance […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2002-1403 CVE-2005-1848 CVE-2012-2152 CVE-2012-6698 CVE-2012-6699 CVE-2012-6700 Upstream summary: dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 Upstream summary: An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2002-1405 CVE-2004-1617 CVE-2005-3120 CVE-2016-9179 CVE-2017-1000211 CVE-2021-38165 Upstream summary: CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-13867 Upstream summary: Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). Table of contents Symptom & Impact Environment & […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 9 (stretch) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2018-10886 Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis Quick Triage Step-by-Step Diagnosis Solution – Primary Fix Solution – Alternative Approaches Verification & Acceptance […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-13936 Upstream summary: An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-11888 CVE-2021-26813 Upstream summary: python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-7041 CVE-2020-7042 CVE-2020-7043 Upstream summary: An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error […]