NGINX
nginx ("engine x") is an HTTP web server, reverse proxy, content cache, load balancer, TCP/UDP proxy server, and mail proxy server.
19 tags
Updated Jul 11, 2025
0 Vulnerabilities Fixed
SBOM Available
Signature Verified
Loading security data...
nginx ("engine x") is an HTTP web server, reverse proxy, content cache, load balancer, TCP/UDP proxy server, and mail proxy server.
| CVE ID | Severity | Description | Package | Version | Actions |
|---|---|---|---|---|---|
| CVE-2023-44487 | High | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | nginx | 1.29.0-1~bookworm | |
| CVE-2023-31484 | High | CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. | perl-base | 5.36.0-7+deb12u2 | |
| CVE-2023-2953 | High | A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. | libldap-2.5-0 | 2.5.13+dfsg-5 | |
| CVE-2024-56433 | Low | shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid. | login | 1:4.13+dfsg1-1+deb12u1 | |
| CVE-2024-56433 | Low | shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid. | passwd | 1:4.13+dfsg1-1+deb12u1 | |
| CVE-2023-52425 | High | libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | libexpat1 | 2.5.0-1+deb12u1 | |
| CVE-2011-3389 | Negligible | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | libgnutls30 | 3.7.9-2+deb12u4 | |
| CVE-2024-8176 | High | A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. | libexpat1 | 2.5.0-1+deb12u1 | |
| CVE-2023-6277 | Medium | An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. | libtiff6 | 4.5.0-6+deb12u2 | |
| CVE-2013-0337 | Low | The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. | nginx | 1.29.0-1~bookworm | |
| CVE-2023-6879 | Critical | Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). | libaom3 | 3.6.0-1+deb12u1 | |
| CVE-2017-17740 | Negligible | contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. | libldap-2.5-0 | 2.5.13+dfsg-5 | |
| CVE-2005-2541 | Negligible | Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. | tar | 1.34+dfsg-1.2+deb12u1 | |
| CVE-2018-20796 | Negligible | In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. | libc-bin | 2.36-9+deb12u10 | |
| CVE-2018-20796 | Negligible | In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. | libc6 | 2.36-9+deb12u10 | |
| CVE-2023-52355 | High | An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. | libtiff6 | 4.5.0-6+deb12u2 | |
| CVE-2015-3276 | Negligible | The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. | libldap-2.5-0 | 2.5.13+dfsg-5 | |
| CVE-2017-16232 | Negligible | LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue | libtiff6 | 4.5.0-6+deb12u2 | |
| CVE-2024-38950 | Medium | Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function. | libde265-0 | 1.0.11-1+deb12u2 | |
| CVE-2011-3374 | Negligible | It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. | apt | 2.6.1 | |
| CVE-2011-3374 | Negligible | It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. | libapt-pkg6.0 | 2.6.1 | |
| CVE-2025-49794 | Critical | A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors. | libxml2 | 2.9.14+dfsg-1.3~deb12u2 | |
| CVE-2018-6829 | Negligible | cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation. | libgcrypt20 | 1.10.1-3 | |
| CVE-2025-6297 | High | It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions. | dpkg | 1.21.22 | |
| CVE-2025-49796 | Critical | A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. | libxml2 | 2.9.14+dfsg-1.3~deb12u2 | |
| CVE-2015-9019 | Negligible | In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. | libxslt1.1 | 1.1.35-1+deb12u1 | |
| CVE-2009-4487 | Negligible | nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | nginx | 1.29.0-1~bookworm | |
| CVE-2025-6021 | High | A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | libxml2 | 2.9.14+dfsg-1.3~deb12u2 | |
| CVE-2024-22365 | Medium | linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. | libpam-modules | 1.5.2-6+deb12u1 | |
| CVE-2024-22365 | Medium | linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. | libpam-modules-bin | 1.5.2-6+deb12u1 | |
| CVE-2024-22365 | Medium | linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. | libpam-runtime | 1.5.2-6+deb12u1 | |
| CVE-2024-22365 | Medium | linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. | libpam0g | 1.5.2-6+deb12u1 | |
| CVE-2011-4116 | Negligible | _is_safe in the File::Temp module for Perl does not properly handle symlinks. | perl-base | 5.36.0-7+deb12u2 | |
| CVE-2023-31486 | Negligible | HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. | perl-base | 5.36.0-7+deb12u2 | |
| CVE-2023-32570 | Medium | VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. | libdav1d6 | 1.0.0-2+deb12u1 | |
| CVE-2019-1010023 | Negligible | GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. | libc-bin | 2.36-9+deb12u10 | |
| CVE-2019-1010023 | Negligible | GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. | libc6 | 2.36-9+deb12u10 | |
| CVE-2023-50495 | Medium | NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). | libtinfo6 | 6.4-4 | |
| CVE-2023-50495 | Medium | NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). | ncurses-base | 6.4-4 | |
| CVE-2023-50495 | Medium | NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). | ncurses-bin | 6.4-4 | |
| CVE-2025-32990 | Medium | libgnutls30 | 3.7.9-2+deb12u4 | ||
| CVE-2016-2781 | Low | chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | coreutils | 9.1-1 | |
| CVE-2024-28757 | Negligible | libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). | libexpat1 | 2.5.0-1+deb12u1 | |
| CVE-2024-50602 | Medium | An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. | libexpat1 | 2.5.0-1+deb12u1 | |
| CVE-2018-5709 | Negligible | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | |
| CVE-2018-5709 | Negligible | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. | libk5crypto3 | 1.20.1-2+deb12u3 | |
| CVE-2018-5709 | Negligible | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. | libkrb5-3 | 1.20.1-2+deb12u3 | |
| CVE-2018-5709 | Negligible | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. | libkrb5support0 | 1.20.1-2+deb12u3 | |
| CVE-2025-32988 | Medium | libgnutls30 | 3.7.9-2+deb12u4 | ||
| CVE-2017-5563 | Negligible | LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. | libtiff6 | 4.5.0-6+deb12u2 | |
| CVE-2018-10126 | Negligible | ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c. | libtiff6 | 4.5.0-6+deb12u2 | |
| CVE-2023-39616 | High | AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h. | libaom3 | 3.6.0-1+deb12u1 | |
| CVE-2024-38949 | Medium | Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc | libde265-0 | 1.0.11-1+deb12u2 | |
| CVE-2019-1010024 | Negligible | GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. | libc-bin | 2.36-9+deb12u10 | |
| CVE-2019-1010024 | Negligible | GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. | libc6 | 2.36-9+deb12u10 | |
| CVE-2010-4756 | Negligible | The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. | libc-bin | 2.36-9+deb12u10 | |
| CVE-2010-4756 | Negligible | The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. | libc6 | 2.36-9+deb12u10 | |
| CVE-2020-15719 | Negligible | libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux. | libldap-2.5-0 | 2.5.13+dfsg-5 | |
| CVE-2025-6020 | High | A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. | libpam-modules | 1.5.2-6+deb12u1 | |
| CVE-2025-6020 | High | A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. | libpam-modules-bin | 1.5.2-6+deb12u1 | |
| CVE-2025-6020 | High | A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. | libpam-runtime | 1.5.2-6+deb12u1 | |
| CVE-2025-6020 | High | A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. | libpam0g | 1.5.2-6+deb12u1 | |
| CVE-2023-40403 | Negligible | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. | libxslt1.1 | 1.1.35-1+deb12u1 | |
| CVE-2024-10041 | Medium | A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. | libpam-modules | 1.5.2-6+deb12u1 | |
| CVE-2024-10041 | Medium | A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. | libpam-modules-bin | 1.5.2-6+deb12u1 | |
| CVE-2024-10041 | Medium | A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. | libpam-runtime | 1.5.2-6+deb12u1 | |
| CVE-2024-10041 | Medium | A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. | libpam0g | 1.5.2-6+deb12u1 | |
| CVE-2024-2379 | Negligible | libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. | curl | 7.88.1-10+deb12u12 | |
| CVE-2024-2379 | Negligible | libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. | libcurl4 | 7.88.1-10+deb12u12 | |
| CVE-2017-17973 | Negligible | In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue | libtiff6 | 4.5.0-6+deb12u2 | |
| CVE-2017-9937 | Negligible | In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. | libjbig0 | 2.1-6.1 | |
| CVE-2007-5686 | Negligible | initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. | login | 1:4.13+dfsg1-1+deb12u1 | |
| CVE-2007-5686 | Negligible | initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. | passwd | 1:4.13+dfsg1-1+deb12u1 | |
| CVE-2025-3576 | Medium | A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | |
| CVE-2025-3576 | Medium | A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. | libk5crypto3 | 1.20.1-2+deb12u3 | |
| CVE-2025-3576 | Medium | A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. | libkrb5-3 | 1.20.1-2+deb12u3 | |
| CVE-2025-3576 | Medium | A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. | libkrb5support0 | 1.20.1-2+deb12u3 | |
| CVE-2019-1010025 | Negligible | GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. | libc-bin | 2.36-9+deb12u10 | |
| CVE-2019-1010025 | Negligible | GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. | libc6 | 2.36-9+deb12u10 | |
| CVE-2025-0725 | Negligible | When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. | curl | 7.88.1-10+deb12u12 | |
| CVE-2025-0725 | Negligible | When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. | libcurl4 | 7.88.1-10+deb12u12 | |
| CVE-2025-40909 | Medium | Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6 | perl-base | 5.36.0-7+deb12u2 | |
| CVE-2025-32989 | Medium | libgnutls30 | 3.7.9-2+deb12u4 | ||
| CVE-2023-49463 | Negligible | libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc. | libheif1 | 1.15.1-1+deb12u1 | |
| CVE-2019-9192 | Negligible | In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern | libc-bin | 2.36-9+deb12u10 | |
| CVE-2019-9192 | Negligible | In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern | libc6 | 2.36-9+deb12u10 | |
| CVE-2023-51792 | Low | Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000. | libde265-0 | 1.0.11-1+deb12u2 | |
| CVE-2024-2236 | Negligible | A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts. | libgcrypt20 | 1.10.1-3 | |
| CVE-2024-26458 | Negligible | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | |
| CVE-2024-26458 | Negligible | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. | libk5crypto3 | 1.20.1-2+deb12u3 | |
| CVE-2024-26458 | Negligible | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. | libkrb5-3 | 1.20.1-2+deb12u3 | |
| CVE-2024-26458 | Negligible | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. | libkrb5support0 | 1.20.1-2+deb12u3 | |
| CVE-2019-1010022 | Negligible | GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. | libc-bin | 2.36-9+deb12u10 | |
| CVE-2019-1010022 | Negligible | GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. | libc6 | 2.36-9+deb12u10 | |
| CVE-2023-31437 | Negligible | An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | libsystemd0 | 252.38-1~deb12u1 | |
| CVE-2023-31437 | Negligible | An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | libudev1 | 252.38-1~deb12u1 | |
| CVE-2017-14159 | Negligible | slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. | libldap-2.5-0 | 2.5.13+dfsg-5 | |
| CVE-2025-4802 | High | Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). | libc-bin | 2.36-9+deb12u10 | |
| CVE-2025-4802 | High | Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). | libc6 | 2.36-9+deb12u10 | |
| CVE-2023-31438 | Negligible | An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | libsystemd0 | 252.38-1~deb12u1 | |
| CVE-2023-31438 | Negligible | An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | libudev1 | 252.38-1~deb12u1 | |
| CVE-2017-9117 | Negligible | In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release). | libtiff6 | 4.5.0-6+deb12u2 | |
| CVE-2023-31439 | Negligible | An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | libsystemd0 | 252.38-1~deb12u1 | |
| CVE-2023-31439 | Negligible | An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | libudev1 | 252.38-1~deb12u1 | |
| CVE-2025-6141 | Low | A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. | libtinfo6 | 6.4-4 | |
| CVE-2025-6141 | Low | A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. | ncurses-base | 6.4-4 | |
| CVE-2025-6141 | Low | A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. | ncurses-bin | 6.4-4 | |
| CVE-2024-26461 | Negligible | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | |
| CVE-2024-26461 | Negligible | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. | libk5crypto3 | 1.20.1-2+deb12u3 | |
| CVE-2024-26461 | Negligible | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. | libkrb5-3 | 1.20.1-2+deb12u3 | |
| CVE-2024-26461 | Negligible | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. | libkrb5support0 | 1.20.1-2+deb12u3 | |
| CVE-2013-4392 | Negligible | systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. | libsystemd0 | 252.38-1~deb12u1 | |
| CVE-2013-4392 | Negligible | systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. | libudev1 | 252.38-1~deb12u1 | |
| CVE-2025-30258 | Low | In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." | gpgv | 2.2.40-1.1 | |
| CVE-2024-25269 | Negligible | libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack. | libheif1 | 1.15.1-1+deb12u1 | |
| CVE-2017-18018 | Negligible | In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. | coreutils | 9.1-1 | |
| CVE-2022-27943 | Negligible | libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. | gcc-12-base | 12.2.0-14+deb12u1 | |
| CVE-2022-27943 | Negligible | libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. | libgcc-s1 | 12.2.0-14+deb12u1 | |
| CVE-2022-27943 | Negligible | libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. | libstdc++6 | 12.2.0-14+deb12u1 | |
| CVE-2025-27587 | Negligible | OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system. | libssl3 | 3.0.16-1~deb12u1 | |
| CVE-2025-27587 | Negligible | OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system. | openssl | 3.0.16-1~deb12u1 | |
| CVE-2021-4214 | Negligible | A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. | libpng16-16 | 1.6.39-2 | |
| CVE-2022-1210 | Negligible | A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. | libtiff6 | 4.5.0-6+deb12u2 | |
| CVE-2022-0563 | Negligible | A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | bsdutils | 1:2.38.1-5+deb12u3 | |
| CVE-2022-0563 | Negligible | A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | libblkid1 | 2.38.1-5+deb12u3 | |
| CVE-2022-0563 | Negligible | A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | libmount1 | 2.38.1-5+deb12u3 | |
| CVE-2022-0563 | Negligible | A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | libsmartcols1 | 2.38.1-5+deb12u3 | |
| CVE-2022-0563 | Negligible | A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | libuuid1 | 2.38.1-5+deb12u3 | |
| CVE-2022-0563 | Negligible | A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | mount | 2.38.1-5+deb12u3 | |
| CVE-2022-0563 | Negligible | A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | util-linux | 2.38.1-5+deb12u3 | |
| CVE-2022-0563 | Negligible | A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | util-linux-extra | 2.38.1-5+deb12u3 | |
| CVE-2023-52426 | Negligible | libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. | libexpat1 | 2.5.0-1+deb12u1 | |
| CVE-2023-1916 | Negligible | A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x. | libtiff6 | 4.5.0-6+deb12u2 | |
| CVE-2025-5278 | Negligible | A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data. | coreutils | 9.1-1 | |
| CVE-2025-6170 | Negligible | A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections. | libxml2 | 2.9.14+dfsg-1.3~deb12u2 | |
| CVE-2023-6228 | Negligible | An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. | libtiff6 | 4.5.0-6+deb12u2 | |
| CVE-2022-3219 | Negligible | GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. | gpgv | 2.2.40-1.1 | |
| CVE-2023-3164 | Negligible | A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. | libtiff6 | 4.5.0-6+deb12u2 | |
| CVE-2025-7424 | High | libxslt1.1 | 1.1.35-1+deb12u1 | ||
| CVE-2025-7425 | High | libxslt1.1 | 1.1.35-1+deb12u1 | ||
| CVE-2025-6395 | Medium | libgnutls30 | 3.7.9-2+deb12u4 |
This image version has no known security vulnerabilities.