Security Hardening

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2014-0486 CVE-2016-6171 CVE-2017-11104 Upstream summary: Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message. Table of contents Symptom […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2006-1319 Upstream summary: chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2021-38193 Upstream summary: An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 12 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2002-1335 CVE-2002-1348 CVE-2006-6772 CVE-2010-2074 CVE-2016-9422 CVE-2016-9423 CVE-2016-9424 CVE-2016-9425  +12 more Upstream summary: Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2011-4407 CVE-2012-0955 CVE-2013-1061 CVE-2020-15709 Upstream summary: ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2018-25033 CVE-2022-38072 CVE-2026-2653 Upstream summary: ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a. Table of contents Symptom & Impact Environment […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2026-34444 Upstream summary: Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently applied when attributes are accessed through built-in functions […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2004-0969 CVE-2004-1296 CVE-2009-5044 CVE-2009-5078 CVE-2009-5079 CVE-2009-5080 CVE-2009-5081 CVE-2009-5082 Upstream summary: The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2008-7291 Upstream summary: gri before 2.12.18 generates temporary files in an insecure way. Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis Quick Triage Step-by-Step Diagnosis […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2014-7828 CVE-2014-7850 CVE-2015-5179 CVE-2016-5404 CVE-2016-7030 CVE-2016-9575 CVE-2017-12169 CVE-2019-10195  +10 more Upstream summary: FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass […]