Security Hardening

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2016-9811 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 CVE-2019-9928 CVE-2021-3522 CVE-2023-37328  +12 more Upstream summary: The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2019-10751 CVE-2022-0430 CVE-2022-24737 Upstream summary: All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2021-4048 Upstream summary: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2019-11358 CVE-2020-11022 CVE-2020-11023 Upstream summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution. If an unsanitized […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2026-3994 Upstream summary: A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2011-4363 Upstream summary: ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2004-1256 CVE-2006-1514 Upstream summary: Multiple buffer overflows in the (1) event_text and (2) event_specific functions in abc2midi 2004.12.04 allow remote attackers to execute arbitrary code via crafted ABC […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2018-1059 CVE-2019-14818 CVE-2020-10722 CVE-2020-10723 CVE-2020-10724 CVE-2020-10725 CVE-2020-10726 CVE-2020-14374  +10 more Upstream summary: The DPDK vhost-user interface does not check to verify that all the requested guest physical range […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2004-1294 CVE-2014-8517 Upstream summary: The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2011-1136 CVE-2021-36081 Upstream summary: In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's […]