Debian Debian_linux
2568 CVEs affecting Debian Debian_linux. Latest disclosed: 2026-04-22. Critical: 182, High: 762.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-16845 | Critical | 10.0 | 2017-11-17 | hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. |
CVE-2015-8104 | Critical | 10.0 | 2015-11-16 | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by… |
CVE-2021-44732 | Critical | 9.8 | 2021-12-20 | Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. |
CVE-2020-9546 | Critical | 9.8 | 2020-03-02 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zax… |
CVE-2019-17571 | Critical | 9.8 | 2019-12-20 | Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code… |
CVE-2019-11068 | Critical | 9.8 | 2019-04-10 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error… |
CVE-2014-4914 | Critical | 9.8 | 2017-12-29 | The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection… |
CVE-2017-17499 | Critical | 9.8 | 2017-12-11 | ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. |
CVE-2017-17480 | Critical | 9.8 | 2017-12-08 | In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write… |
CVE-2017-17458 | Critical | 9.8 | 2017-12-07 | In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks… |
CVE-2017-17434 | Critical | 9.8 | 2017-12-06 | The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv… |
CVE-2016-1253 | Critical | 9.8 | 2017-12-05 | The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers… |
CVE-2017-8817 | Critical | 9.8 | 2017-11-29 | The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or… |
CVE-2017-8816 | Critical | 9.8 | 2017-11-29 | The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resul… |
CVE-2017-14746 | Critical | 9.8 | 2017-11-27 | Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. |
CVE-2017-16943 | Critical | 9.8 | 2017-11-25 | The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (… |
CVE-2017-16613 | Critical | 9.8 | 2017-11-21 | An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy serv… |
CVE-2017-16840 | Critical | 9.8 | 2017-11-21 | The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer… |
CVE-2017-16872 | Critical | 9.8 | 2017-11-17 | An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, po… |
CVE-2017-1000158 | Critical | 9.8 | 2017-11-17 | CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer… |