Debian Linux vulnerabilities

CVE-2025-63261 [HIGH] CWE-78 CVE-2025-63261: AWStats 8.0 is vulnerable to Command Injection via the open function AWStats 8.0 is vulnerable to Command Injection via the open function

CVE-2026-25506 [HIGH] CWE-787 CVE-2026-25506: MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process memory. With the leaked key material, the attacker could forge arbitrary MUNGE credentials to imperso

CVE-2025-62799 [HIGH] CWE-122 CVE-2025-62799: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATA_FRAG receive path. An un authenticated sender can transmit a single malformed RTPS DATA_FRAG packet where `fragmentSize` and `sampleSize` a

CVE-2025-62600 [HIGH] CWE-190 CVE-2025-62600: eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termina

CVE-2025-62599 [HIGH] CWE-190 CVE-2025-62599: eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termina

CVE-2025-64098 [LOW] CWE-125 CVE-2025-64098: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS

CVE-2025-62602 [LOW] CWE-122 CVE-2025-62602: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow, resulting in remote termination of Fast-DDS. If the f

CVE-2025-62603 [LOW] CWE-125 CVE-2025-62603: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such as crypto-token exchange, rekeying, re-authentication, and

CVE-2026-25061 [MEDIUM] CWE-787 CVE-2026-25061: tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802. tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past `tim.bitmap[251]`. The overflow is small and DoS is the like

CVE-2025-68670 [CRITICAL] CWE-121 CVE-2025-68670: xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffe xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote attackers to execute arbitrary code on the target syst

CVE-2026-24765 [HIGH] CWE-502 CVE-2026-24765: PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12. PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the `cleanupForCoverage()` method, which deserializes code coverage files without validation, potentiall

CVE-2026-24061 [CRITICAL] CWE-88 CVE-2026-24061: telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

CVE-2026-23490 [HIGH] CWE-770 CVE-2026-23490: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been fou pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

CVE-2025-68615 [CRITICAL] CWE-119 CVE-2025-68615: net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a s net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.

CVE-2025-6966 [MEDIUM] CWE-476 CVE-2025-6966: NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a loca NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

CVE-2025-63498 [MEDIUM] CWE-79 CVE-2025-63498: alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter. alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.

CVE-2025-64512 [HIGH] CWE-502 CVE-2025-64512: Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting informat Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The `CMapDB._load_data()` function in pdfminer.six uses `pickle.loads()` to deserialize pickl

CVE-2025-10921 [HIGH] CWE-122 CVE-2025-10921: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerabi GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi

CVE-2025-10922 [HIGH] CWE-122 CVE-2025-10922: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerabi GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi

CVE-2025-10934 [HIGH] CWE-122 CVE-2025-10934: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerabi GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi