Debian Linux Operating System

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Debian product.

RSS Feeds for Debian security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Debian products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Debian Sorted by Most Security Vulnerabilities since 2018

Debian Linux7312 vulnerabilities
OS

Debian Dpkg3 vulnerabilities

Debian Yubiserver2 vulnerabilities

Debian Devscripts2 vulnerabilities

Debian Matplotlib1 vulnerability

Debian Initramfs Tools1 vulnerability

Debian Nss Ldap1 vulnerability

Debian Os Prober1 vulnerability

Debian Pdns1 vulnerability

Debian Pycode Browser1 vulnerability

Debian Pyftpd1 vulnerability

Debian Tin1 vulnerability

Debian Lintian1 vulnerability

Debian Freedombox1 vulnerability

Debian Dpkg Cross1 vulnerability

Debian Apache21 vulnerability

By the Year

In 2026 there have been 1 vulnerability in Debian with an average score of 7.5 out of ten. Last year, in 2025 Debian had 24 security vulnerabilities published. Right now, Debian is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.57.

Year	Vulnerabilities	Average Score
2026	1	7.50
2025	24	6.93
2024	313	6.35
2023	509	6.92
2022	966	7.20
2021	1079	7.19
2020	1044	6.44
2019	1010	7.26
2018	1167	7.24

It may take a day or so for new Debian vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Debian Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2026-2219	Mar 07, 2026	Debian dpkg zstd DOS via stream validation flaw CVE-2026-2219 It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).	Dpkg
CVE-2025-68462	Dec 18, 2025	Freedombox v25.17.1 Backup-DATA Dir Missing Permissions DB Dump Access Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.	Freedombox
CVE-2025-8454	Aug 01, 2025	uscan in devscripts Skips OpenPGP Verification - Supply Chain Risk It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.	Devscripts
CVE-2025-6297	Jul 01, 2025	dpkg-deb Temp File DoS via Unsanitized Dir Perms It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.	Dpkg
CVE-2025-32463	Jun 30, 2025	Sudo <1.9.17p1 LPE via chroot /etc/nsswitch.conf Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.	Debian Linux
CVE-2015-0842	Jun 26, 2025	Yubico Yubiserver <0.6 SQLi Auth Bypass yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.	Yubiserver
CVE-2015-0843	Jun 26, 2025	YubiServer <0.6 Buffer Overflow via sprintf misuse yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.	Yubiserver
CVE-2015-0849	Jun 26, 2025	pycode-browser <=0.9: Predictable temp file vulnerability pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.	Pycode Browser
CVE-2014-7210	Jun 26, 2025	PowerDNS pdns-backend-mysql: Overly privileged MySQL user in Debian <3.3.1-1 pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected.	Pdns Debian Linux
CVE-2013-1424	Jun 26, 2025	matplotlib Buffer Overflow CVE-2013-1424 Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787.	Matplotlib
CVE-2025-3887	May 22, 2025	GStreamer H265 Codec Parsing Stack BOverflow CVE-2025-3887 GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596.	Debian Linux
CVE-2025-47273	May 17, 2025	setuptools <78.1.1 Path Traversal via PackageIndex allows file write setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.	Debian Linux
CVE-2025-4215	May 02, 2025	uBlock Origin <=1.63.3b16: UI RegExp DoS via currentStateChanged A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.63.3b17 is able to address this issue. The patch is identified as eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c. It is recommended to upgrade the affected component.	Debian Linux
CVE-2025-3891	Apr 29, 2025	Apache mod_auth_openidc POST Crash via OIDCPreservePost A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.	Debian Linux
CVE-2025-32728	Apr 10, 2025	OpenSSH <10.0: DisableForwarding fails to disable X11/agent forwarding In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.	Debian Linux
CVE-2025-3155	Apr 03, 2025	Yelp GNOME Help Viewer RCE: Arbitrary Script Exec via Help Docs A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.	Debian Linux
CVE-2025-27363	Mar 11, 2025	FreeType<2.13 OOB Write in TrueType GX parsing – arbitrary code exec An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.	Debian Linux
CVE-2025-24813	Mar 10, 2025	Tomcat RCE in Write Enabled Default Servlet caused by internal dot Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.	Debian Linux
CVE-2025-26466	Feb 28, 2025	OpenSSH DoS via Ping-Pong Packet Queue Overflow A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.	Debian Linux
CVE-2024-55581	Feb 26, 2025	Ada Web Server 25.0.0: AWS.Client MITM via missing cert verification When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate (unless the using program specifies a TLS configuration).	Debian Linux
CVE-2025-0838	Feb 21, 2025	Abseil-cpp Heap Buffer Overflow in hash{set,map} Without Size Bounds There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1	Debian Linux
CVE-2025-26465	Feb 18, 2025	OpenSSH VerifyHostKeyDNS DoS via Host Key Verification Error A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.	Debian Linux
CVE-2025-0781	Jan 28, 2025	IoT Nasal Script Sandbox Bypass Allows Arbitrary File Write An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.	Debian Linux
CVE-2025-21502	Jan 21, 2025	Oracle GraalVM JDK Hotspot CVE-2025-21502: Unauth Data Access (8u431-23.0.1) Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).	Debian Linux
CVE-2025-21490	Jan 21, 2025	Oracle MySQL InnoDB DOS in 8.0.40/8.4.3/9.1.0 & prior Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	Debian Linux
CVE-2024-47606	Dec 12, 2024	GStreamer <1.24.10: Integer Underflow Function Pointer Hijack in qtdemux GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.	Debian Linux
CVE-2024-46901	Dec 09, 2024	Apache Subversion mod_dav_svn Filename Validation Bypass Vulnerability Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.	Debian Linux
CVE-2024-10978	Nov 14, 2024	PostgreSQL: Incorrect Privilege Assignment Vulnerability in SET ROLE and SET SESSION AUTHORIZATION Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.	Debian Linux
CVE-2024-52533	Nov 11, 2024	GNOME GLib 2.x SOCKS4 Proxy Buffer Overflow Vulnerability gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.	Debian Linux
CVE-2024-46955	Nov 10, 2024	Ghostscript 10.03 Indexed Color OOB Read An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.	Debian Linux
CVE-2024-46953	Nov 10, 2024	Ghostscript 10.03 Path Traversal Overflow An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.	Debian Linux
CVE-2024-46952	Nov 10, 2024	Ghostscript PDF XRef Buffer Overflow An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).	Debian Linux
CVE-2024-46956	Nov 10, 2024	Ghostscript 10.03 Out-of-Bounds Access An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.	Debian Linux
CVE-2024-46951	Nov 10, 2024	Ghostscript 10.03 Pattern Color Space RCE An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.	Debian Linux
CVE-2024-41311	Oct 15, 2024	libheif 1.17.6 ImageOverlay::parse OOB Read/Write In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.	Debian Linux
CVE-2024-9680	Oct 09, 2024	Firefox/Thunderbird <131: UAF in Animation Timelines -> Code Exec An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.	Debian Linux
CVE-2024-8508	Oct 03, 2024	Unbound DNS DDoS via Unbounded Name Compression 1.21.0 NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.	Debian Linux
CVE-2024-46544	Sep 23, 2024	Apache Tomcat Connectors Default Permissions flaw (1.2.9-beta-1.2.49) Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue.	Debian Linux
CVE-2024-8096	Sep 11, 2024	curl OCSP Stapling fails to reject nonrevoked error statuses When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.	Debian Linux
CVE-2024-42472	Aug 15, 2024	Flatpak <1.15.10: Persisted Subdir Symlink Escape (Write Outside Sandbox) Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox. Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `--bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `--with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `--without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code. For the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson "wrap" subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`--persist`) permission.	Debian Linux
CVE-2024-6387	Jul 01, 2024	OpenSSH Race Condition leading to RCE, known as regreSSHion A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.	Debian Linux
CVE-2024-37371	Jun 28, 2024	MIT Kerberos 5 (krb5) <1.21.3 GSS Token Invalid Length Causing Mem Read In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.	Debian Linux
CVE-2024-5690	Jun 11, 2024	Time-based Leak via Proto Handlers in FX<127/ESR<115.12/TB<115.12 By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.	Debian Linux
CVE-2024-5696	Jun 11, 2024	Firefox <input> Memory Corruption (<127, ESR/<115.12, Thunderbird/<115.12) By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.	Debian Linux
CVE-2024-37384	Jun 07, 2024	Roundcube Webmail <=1.5.7/1.6.x<1.6.7 XSS via user preference list columns Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.	Debian Linux
CVE-2024-37383	Jun 07, 2024	Roundcube Webmail XSS via SVG animate (<=1.5.6/1.6.6) Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.	Debian Linux
CVE-2024-5629	Jun 05, 2024	PyMongo 4.6.2 BSON Module OOB Read Vulnerability An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.	Debian Linux
CVE-2024-5197	Jun 03, 2024	Integer Overflow in libvpx <=1.14.0 via vpx_img_alloc()/wrap There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond	Debian Linux
CVE-2024-36960	Jun 03, 2024	Linux Kernel DRM vmwgfx OOB Read in Fence Events In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure instead of to the drm_vmw_event_fence which is supposed to be read. drm_read uses the length parameter to copy the event to the user space thus resuling in oob reads.	Debian Linux
CVE-2024-36940	May 30, 2024	Linux Kernel pinctrl doublefree in pinctrl_enable() In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.	Debian Linux