Security Hardening

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2016-5303 CVE-2021-26929 Upstream summary: Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2007-3528 Upstream summary: The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2025-9670 Upstream summary: A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2012-1102 Upstream summary: It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2005-0129 CVE-2005-0130 CVE-2005-0131 CVE-2007-4400 CVE-2009-5050 CVE-2014-8483 CVE-2017-15923 Upstream summary: The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2010-2529 CVE-2011-4862 CVE-2014-3634 CVE-2019-0053 CVE-2020-10188 CVE-2021-40491 CVE-2022-39028 CVE-2023-40303  +4 more Upstream summary: Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2024-43380 Upstream summary: fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2023-2142 Upstream summary: In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2021-26291 Upstream summary: Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2011-1522 CVE-2015-5723 Upstream summary: Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL […]