Debian Linux vulnerabilities

CVE-2026-31431 [HIGH] CWE-669 CVE-2026-31431: In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the comp

CVE-2026-34757 [MEDIUM] CWE-416 CVE-2026-34757: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from fre

CVE-2026-4775 [HIGH] CWE-190 CVE-2026-4775: A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow v A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) o

CVE-2026-1940 [HIGH] CVE-2026-1940: An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() funct An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.

CVE-2025-63261 [HIGH] CWE-78 CVE-2025-63261: AWStats 8.0 is vulnerable to Command Injection via the open function AWStats 8.0 is vulnerable to Command Injection via the open function

CVE-2026-3497 [MEDIUM] CWE-908 CVE-2026-3497: Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerabilit Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAP

CVE-2026-25506 [HIGH] CWE-787 CVE-2026-25506: MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process memory. With the leaked key material, the attacker could forge arbitrary MUNGE credentials to imperso

CVE-2025-62799 [HIGH] CWE-122 CVE-2025-62799: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATA_FRAG receive path. An un authenticated sender can transmit a single malformed RTPS DATA_FRAG packet where `fragmentSize` and `sampleSize` a

CVE-2025-62600 [HIGH] CWE-190 CVE-2025-62600: eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termina

CVE-2025-62599 [HIGH] CWE-190 CVE-2025-62599: eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termina

CVE-2025-64098 [LOW] CWE-125 CVE-2025-64098: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS

CVE-2025-62602 [LOW] CWE-122 CVE-2025-62602: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow, resulting in remote termination of Fast-DDS. If the f

CVE-2025-62603 [LOW] CWE-125 CVE-2025-62603: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such as crypto-token exchange, rekeying, re-authentication, and

CVE-2026-25061 [MEDIUM] CWE-787 CVE-2026-25061: tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802. tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past `tim.bitmap[251]`. The overflow is small and DoS is the like

CVE-2025-68670 [CRITICAL] CWE-121 CVE-2025-68670: xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffe xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote attackers to execute arbitrary code on the target syst

CVE-2026-24765 [HIGH] CWE-502 CVE-2026-24765: PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12. PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the `cleanupForCoverage()` method, which deserializes code coverage files without validation, potentiall

CVE-2026-24061 [CRITICAL] CWE-88 CVE-2026-24061: telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

CVE-2026-23490 [HIGH] CWE-770 CVE-2026-23490: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been fou pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

CVE-2025-68615 [CRITICAL] CWE-119 CVE-2025-68615: net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a s net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.

CVE-2025-6966 [MEDIUM] CWE-476 CVE-2025-6966: NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a loca NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.