Dashboard

Package : webkit2gtk CVE ID : CVE-2025-43392 CVE-2025-43425 CVE-2025-43427 CVE-2025-43429 CVE-2025-43430 CVE-2025-43431 CVE-2025-43432 CVE-2025-43434 CVE-2025-43440 CVE-2025-43443 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-43392 Tom Van Goethem discovered that a website may exfiltrate image data cross-origin. CVE-2025-43425 An anonymous researcher discovered that processing maliciously crafted web content may lead…

Package : openvpn CVE ID : CVE-2025-13086 Debian Bug : 1121086 It was discovered that openvpn, a virtual private network application, does not properly handle HMAC verification checks. A remote attacker can take advantage of this flaw to bypass source IP address validation. For the oldstable distribution (bookworm), this problem has been fixed in version 2.6.3-1+deb12u4. For the stable distribution (trixie), this problem has been fixed in version 2.6.14-1+deb13u1.…

Package : xen CVE ID : CVE-2024-28956 CVE-2024-36350 CVE-2024-36357 CVE-2025-27465 CVE-2025-27466 CVE-2025-58142 CVE-2025-58143 CVE-2025-58144 CVE-2025-58145 CVE-2025-58147 CVE-2025-58148 CVE-2025-58149 CVE-2025-1713 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in memory disclosure, denial of service or privilege escalation. For the oldstable distribution (bookworm), these problems have been fixed in version…

Package : containerd CVE ID : CVE-2024-25621 CVE-2025-64329 Two security vulnerabilities were discovered in the Containerd container runtime, which may result in denial of service or local privilege escalation. For the oldstable distribution (bookworm), these problems have been fixed in version 1.6.20~ds1-1+deb12u2. For the stable distribution (trixie), these problems have been fixed in version 1.7.24~ds1-6+deb13u1. We recommend that you upgrade your containerd…

Package : gnome-shell-extension-gsconnect CVE ID : CVE-2025-66270 It was discovered that missing validation of the device ID during handshakes in KDE Connect, a tool to integrate smart phones to a desktop, could allow an attacker to impersonate another device. The oldstable distribution (bookworm) is not affected. For the stable distribution (trixie), this problem has been fixed in version 62-1+deb13u1. We recommend that you upgrade your…

Package : krita CVE ID : CVE-2025-59820 It was discovered that a buffer overflow in the TGA parser of Krita, a creative application for raster images, could potentially result in the execution of arbitrary code if malformed images are opened. For the oldstable distribution (bookworm), this problem has been fixed in version 1:5.1.5+dfsg-2+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 1:5.2.9+dfsg-1+deb13u1. We recommend that you…

Package : tryton-server CVE ID : not yet available Several security vulnerabilities were discovered in the server of the Tryton application platform, which could lead to information disclosure. For the oldstable distribution (bookworm), this problem has been fixed in version 6.0.29-2+deb12u4. For the stable distribution (trixie), this problem has been fixed in version 7.0.30-1+deb13u1. We recommend that you upgrade your tryton-server packages. For the detailed…

Package : kdeconnect CVE ID : CVE-2025-66270 It was discovered that missing validation of the device ID during handshakes in KDE Connect, a tool to integrate smart phones to a desktop, could allow an attacker to impersonate another device. The oldstable distribution (bookworm) is not affected. For the stable distribution (trixie), this problem has been fixed in version 25.04.2-1+deb13u1. We recommend that you upgrade your kdeconnect packages. For the detailed…

Package : pdfminer CVE ID : CVE-2025-64512 Debian Bug : 1120642 A vulnerability was discovered in pdfminer, a tool for extracting information from PDF documents, which may result in the execution of arbitrary code if a specially crafted PDF file is processed. For the oldstable distribution (bookworm), this problem has been fixed in version 20221105+dfsg-1.1~deb12u1. For the stable distribution (trixie), this problem has been fixed in version…

Package : tryton-sao CVE ID : not yet available Abdulfatah Abdillahi discovered a cross-site scripting vulnerability in the web client of the Tryton application platform. For the oldstable distribution (bookworm), this problem has been fixed in version 6.0.28+ds1-2+deb12u2. For the stable distribution (trixie), this problem has been fixed in version 7.0.28+ds1-1+deb13u2. We recommend that you upgrade your tryton-sao packages. For the detailed security status of…