Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-11 | CVE-2025-27363 | An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. | 8.1 |
| 2025-03-10 | CVE-2025-24813 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue. | 9.8 |
| 2025-02-28 | CVE-2025-26466 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the OpenSSH package. | 5.9 |
| 2025-02-18 | CVE-2025-26465 | A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. | 6.8 |
| 2024-12-12 | CVE-2024-47606 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products GStreamer is a library for constructing graphs of media-handling components. | 9.8 |
| 2024-11-14 | CVE-2024-10978 | Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. | 4.2 |
| 2024-11-10 | CVE-2024-46952 | Classic Buffer Overflow vulnerability in multiple products An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. | 7.8 |
| 2024-11-10 | CVE-2024-46953 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. | 7.8 |
| 2024-11-10 | CVE-2024-46955 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. | 5.5 |
| 2024-11-10 | CVE-2024-46956 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. | 7.8 |