Debian Linux vulnerabilities

CVE-2025-3891 [HIGH] CWE-248 CVE-2025-3891: A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthe A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.

CVE-2025-21605 [HIGH] CWE-770 CVE-2025-21605: Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and p Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients (see client-output-buffer-lim

CVE-2025-43965 [HIGH] CWE-131 CVE-2025-43965: In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumF In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.

CVE-2025-38637 [MEDIUM] CWE-617 CVE-2025-38637: In the Linux kernel, the following vulnerability has been resolved: net_sched: skbprio: Remove over In the Linux kernel, the following vulnerability has been resolved: net_sched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain conditions when SKBPRIO is used as a child qdisc under TBF with specific parameters. The failure occurs because TBF somet

CVE-2025-38575 [MEDIUM] CVE-2025-38575: In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aead_request_free to In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aead_request_free to match aead_request_alloc Use aead_request_free() instead of kfree() to properly free memory allocated by aead_request_alloc(). This ensures sensitive crypto data is zeroed before being freed.

CVE-2025-32433 [CRITICAL] CWE-306 CVE-2025-32433: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems a

CVE-2025-2291 [CRITICAL] CWE-324 CVE-2025-2291: Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

CVE-2025-22040 [HIGH] CWE-416 CVE-2025-22040: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-fr In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbd_sessions_deregister. The session can be freed before the connection is added to channel list of session. This patch check reference count of session before freeing

CVE-2025-22042 [MEDIUM] CVE-2025-22042: In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for cre In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for create lease context Add missing bounds check for create lease context.

CVE-2025-22119 [MEDIUM] CWE-908 CVE-2025-22119: In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphy_work In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphy_work before allocating rfkill fails syzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_free. [1] After rfkill allocation fails, the wiphy release process will be performed, which will cause cfg80211_dev_free to access the uninitialized wiph

CVE-2025-23138 [MEDIUM] CVE-2025-23138: In the Linux kernel, the following vulnerability has been resolved: watch_queue: fix pipe accountin In the Linux kernel, the following vulnerability has been resolved: watch_queue: fix pipe accounting mismatch Currently, watch_queue_set_size() modifies the pipe buffers charged to user->pipe_bufs without updating the pipe->nr_accounted on the pipe itself, due to the if (!pipe_has_watch_queue()) test in pipe_resize_ring(). This means that when the pipe is

CVE-2025-32728 [LOW] CWE-440 CVE-2025-32728: In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

CVE-2025-29769 [HIGH] CWE-122 CVE-2025-29769: libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't many ways to create a "multiband" input, but it is possi

CVE-2025-3155 [HIGH] CWE-601 CVE-2025-3155: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitr A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

CVE-2025-21950 [HIGH] CVE-2025-21950: In the Linux kernel, the following vulnerability has been resolved: drivers: virt: acrn: hsm: Use k In the Linux kernel, the following vulnerability has been resolved: drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl In the "pmcmd_ioctl" function, three memory objects allocated by kmalloc are initialized by "hcall_get_cpu_state", which are then copied to user space. The initializer is indeed implemented in "acrn_hypercall2" (arch/x8

CVE-2023-52935 [HIGH] CWE-416 CVE-2023-52935: In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix ->anon_vma r In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix ->anon_vma race If an ->anon_vma is attached to the VMA, collapse_and_free_pmd() requires it to be locked. Page table traversal is allowed under any one of the mmap lock, the anon_vma lock (if the VMA is associated with an anon_vma), and the mapping lock (if the

CVE-2024-40635 [HIGH] CWE-190 CVE-2024-40635: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for en

CVE-2023-52927 [HIGH] CWE-416 CVE-2023-52927: In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS

CVE-2025-24201 [CRITICAL] CWE-787 CVE-2025-24201: An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. Thi An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break ou

CVE-2025-27363 [HIGH] CWE-787 CVE-2025-27363: An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too