Package Management

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2022-37599 CVE-2022-37601 CVE-2022-37603 Upstream summary: A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2019-11471 CVE-2020-19498 CVE-2020-19499 CVE-2020-23109 CVE-2023-0996 CVE-2023-29659 CVE-2023-49460 CVE-2023-49462  +12 more Upstream summary: libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2024-31852 CVE-2024-7883 Upstream summary: LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 10 (buster) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2019-19783 Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis Quick Triage Step-by-Step Diagnosis Solution – Primary Fix Solution – Alternative Approaches Verification & Acceptance […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2012-2751 CVE-2012-4528 CVE-2013-1915 CVE-2013-2765 CVE-2013-5705 CVE-2021-42717 CVE-2022-48279 CVE-2023-24021  +3 more Upstream summary: ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2002-1580 CVE-2004-1012 CVE-2004-1013 CVE-2019-11356 CVE-2019-18928 CVE-2019-19783 CVE-2021-32056 CVE-2021-33582  +1 more Upstream summary: Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2010-4203 CVE-2010-4489 CVE-2012-0823 CVE-2014-1578 CVE-2015-1258 CVE-2015-4485 CVE-2015-4486 CVE-2015-4506  +12 more Upstream summary: WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2015-8789 CVE-2015-8790 CVE-2015-8791 CVE-2019-13615 CVE-2021-3405 CVE-2023-52339 Upstream summary: Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2023-41334 Upstream summary: Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2024-29864 Upstream summary: Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. Table of contents Symptom & Impact Environment & Reproduction Root Cause […]