Some issues have not been assigned CVE names, but are still tracked by this database. In this case, the system automatically assigns a unique name. These names are not stable and can change when the database is updated, so they should not be used in external references.
The automatically generated names come in two flavors:
the first kind starts with the string "TEMP-000000-
". This means that no Debian bug has been assigned to this
issue (or a bug has been created and is not recorded in this database).
In the second kind of names, there is a Debian bug for the issue, and the "000000
"part of the name is replaced with the
Debian bug number.
Bug | Description |
---|---|
TEMP-0000000-07A77D | php-gettext XSS |
TEMP-0000000-0EB5E1 | node-d3-color redos |
TEMP-0000000-11FDF8 | RUSTSEC-2023-0074 |
TEMP-0000000-137F0A | quoteless attributes in templates can lead to content injection |
TEMP-0000000-205E15 | RUSTSEC-2024-0408 |
TEMP-0000000-345A3B | handlebars: quoteless attributes in templates can lead to content injection |
TEMP-0000000-3A226A | RUSTSEC-2023-0018 |
TEMP-0000000-556BB5 | tor TROVE-2023-006 |
TEMP-0000000-66FC9C | RUSTSEC-2024-0332: Degradation of service in h2 servers with CONTINUATION Flood |
TEMP-0000000-7CC552 | tor TROVE-2023-004 |
TEMP-0000000-95CBBF | uudecode: stack out of bounds read access |
TEMP-0000000-96AFF4 | spip: Use a dedicated function to clean author data when preparing a session |
TEMP-0000000-9B1564 | tryton zipbomb DoS |
TEMP-0000000-ACBC4C | buffer overflows in init_cups |
TEMP-0000000-C1FFDC | RUSTSEC-2023-0038: Out-of-bounds array access leads to panic |
TEMP-0000000-C6840A | RUSTSEC-2022-0020 |
TEMP-0000000-D7B410 | RUSTSEC-2022-0021 |
TEMP-0000000-DD0D8E | RUSTSEC-2023-0015 |
TEMP-0000000-DD1424 | RUSTSEC-2023-0041 |
TEMP-0000000-EA9109 | RUSTSEC-2024-0006 |
TEMP-0000000-ED74C7 | RUSTSEC-2023-0045 |
TEMP-0000000-F7A20F | Kernel: Unprivileged user can freeze journald |
TEMP-0290435-0B57B5 | tar's rmt command may have undesired side effects |
TEMP-0517018-A83CE6 | sysvinit: no-root option in expert installer exposes locally exploitable security flaw |
TEMP-0517020-915121 | thunar: potential exploits via application launchers |
TEMP-0528250-2E3658 | hex-a-hop: buffer overflow in loading save games |
TEMP-0532514-9137E0 | predictable random number generator used in web browsers |
TEMP-0537604-F35BD7 | insecure tmp file vulnerability in slim |
TEMP-0560108-565B70 | browser-based css info disclosure |
TEMP-0601525-BEBB65 | libgd2: gdImageColorTransparent can write outside buffer |
TEMP-0608980-E8B8DF | Crash with long HOME environment variable |
TEMP-0628843-DBAD28 | more related to CVE-2005-4890 |
TEMP-0772585-D41D8C | |
TEMP-0841856-B18BAF | Privilege escalation possible to other user than root |
TEMP-0995562-06835D | RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist |
TEMP-0996913-660A41 | RUSTSEC-2020-0159: Potential segfault in localtime_r invocations |
TEMP-1031542-93CC2D | XSS Vulnerability in matrix.pl |
TEMP-1032088-3E13DF | RUSTSEC-2022-0078 |
TEMP-1036689-1CA7FB | Block themes parsing shortcodes in user-generated data |
TEMP-1037018-0CB39E | RUSTSEC-2023-0039 |
TEMP-1050298-39CD6D | RUSTSEC-2023-0053: rustls-webpki: CPU denial of service in certificate path building |
TEMP-1050299-7F4591 | RUSTSEC-2023-0052 webpki: CPU denial of service in certificate path building |
TEMP-1051808-528792 | RUSTSEC-2023-0059: Unaligned read of *const *const c_char pointer |
TEMP-1082053-F368BB | RUSTSEC-2023-0086 |
Bug | Description |
---|---|
TEMP-0000000-00657F | pure-ftpd-mysql: any problems with a home dir will allow rw to the entire filesystem |
TEMP-0000000-018938 | SQL Injection in host_templates.php |
TEMP-0000000-01E656 | Possible SQL injection in freeradius |
TEMP-0000000-02F7AB | file descriptor leak when a Compose file uses the "include" directive |
TEMP-0000000-0477AA | get_groups does not always returns the group of the action |
TEMP-0000000-050E10 | mailutils: sql injection vulnerability in sql authentication module |
TEMP-0000000-076325 | RUSTSEC-2023-0035: enumflags2: Adverserial use of make_bitflags! macro can cause undefined behavior |
TEMP-0000000-077068 | gitlab: Persistent XSS in Pipeline Tooltip |
TEMP-0000000-09234C | insecure usage of temporary files in flash-kernel |
TEMP-0000000-0999A8 | syslog-ng dos |
TEMP-0000000-099EAC | werkzeug hashes its secret instead of using hmac |
TEMP-0000000-0CA7E3 | XSS in press-this of wordpress |
TEMP-0000000-0EB5E1 | node-d3-color redos |
TEMP-0000000-106DD8 | linux-ftpd: null ptr dereference |
TEMP-0000000-11FDF8 | RUSTSEC-2023-0074 |
TEMP-0000000-15DB04 | RUSTSEC-2024-0359 |
TEMP-0000000-196897 | htmlpurifier various |
TEMP-0000000-19B927 | Partial SMAP bypass on 64-bit Linux kernels |
TEMP-0000000-1BAE4D | GNUTLS-SA-2016-2: certificate verification issue |
TEMP-0000000-1CC548 | Cross-site scripting (XSS) vulnerability in cgit's "txt2html" filter |
TEMP-0000000-1E2093 | Linux ASLR mmap weakness: Reducing entropy by half |
TEMP-0000000-1F321D | BUG/MAJOR: http: don't read past buffer's end in http_replace_value |
TEMP-0000000-2025B8 | Missing normalization |
TEMP-0000000-23C1BD | Sidekiq::Web lacks CSRF protection |
TEMP-0000000-2480C7 | RUSTSEC-2024-0404 |
TEMP-0000000-24F61A | Enforce use of HTTPS for MathJax in IPython |
TEMP-0000000-269968 | X launcher doesn't drop group privileges |
TEMP-0000000-271E1A | vpnc: config file path security hole |
TEMP-0000000-283B1A | Quassel: /var/lib/quassel/quasselCert.pem world-readable |
TEMP-0000000-28C30A | RUSTSEC-2023-0058: Exposes reference to non-Sync data to an arbitrary thread |
TEMP-0000000-2A36A7 | remote DoS when case of the characters of a nickname is modified |
TEMP-0000000-2C7EFD | incorrect handling of {$smarty.template} and {$smarty.current_dir} |
TEMP-0000000-2D36D7 | cyassl: RSA Padding check vulnerability |
TEMP-0000000-2D8F93 | isc-dhcp: omapi dos |
TEMP-0000000-3336BA | htdig: several unspecified security problems |
TEMP-0000000-375947 | RUSTSEC-2022-0092 |
TEMP-0000000-37DBC3 | use after free / double free |
TEMP-0000000-3815A2 | Avoid unbounded SFTP extended attribute key/values |
TEMP-0000000-3A226A | RUSTSEC-2023-0018 |
TEMP-0000000-3D1157 | information leak in event device handling |
TEMP-0000000-3D82DC | axel URL parser buffer overflow |
TEMP-0000000-3E4AC3 | first_boot: Use session to verify first boot welcome step |
TEMP-0000000-3EB501 | Possible problem with insecure usage of sscanf in obexftp client |
TEMP-0000000-3F0E00 | tor insufficient authentication on control port |
TEMP-0000000-404599 | Multiple security problems in lbreakout2 |
TEMP-0000000-42228B | spip DoS |
TEMP-0000000-425714 | argyll unsafe udev rules |
TEMP-0000000-43D999 | Insecure temp files in firehol |
TEMP-0000000-4677DE | spip: XSS alowing priviledge escalation |
TEMP-0000000-47717A | gunicorn fails to drop supplemental groups |
TEMP-0000000-47E1CE | crashes found with afl |
TEMP-0000000-481246 | libxslt segfault / DoS |
TEMP-0000000-4C54C0 | atftp DoS |
TEMP-0000000-4D04B7 | maradns: More frequent rekeying to mitigate possible AES attacks |
TEMP-0000000-4DA0A8 | dbus format string vulnerability |
TEMP-0000000-4DAA44 | out of bounds reads in ASF demuxer |
TEMP-0000000-4E21BA | xscreensaver: symlink attack enables local information disclosure |
TEMP-0000000-4E8C51 | RUSTSEC-2024-0409 |
TEMP-0000000-4F0A4A | Access to records of report are not checked |
TEMP-0000000-516A9E | NTFS driver for FUSE unspecified issue |
TEMP-0000000-523402 | auth bypass |
TEMP-0000000-52FF39 | dokuwiki ACL bypass |
TEMP-0000000-5337A6 | lhasa: several directory traversal vulnerabilities |
TEMP-0000000-54045E | more to CVE-2015-2059 |
TEMP-0000000-556BB5 | tor TROVE-2023-006 |
TEMP-0000000-561D64 | RUSTSEC-2022-0019 |
TEMP-0000000-56C871 | Fixes permission check in QueriesController |
TEMP-0000000-582CD7 | ruzstd uninit and out-of-bounds memory reads |
TEMP-0000000-583651 | nspr, nss: unprotected environment variables |
TEMP-0000000-58BE54 | lintian disclosure of file presense |
TEMP-0000000-5AF47F | Remote DoS vulnerabilities in postgrey |
TEMP-0000000-604AC4 | crashes on crafted upack packed file |
TEMP-0000000-62CF51 | Buffer overflow in libotr |
TEMP-0000000-62D57E | apt-cacher arbitrary command execution |
TEMP-0000000-66FC9C | RUSTSEC-2024-0332: Degradation of service in h2 servers with CONTINUATION Flood |
TEMP-0000000-673AE0 | ikiwiki allows web user to edit images and other non-page format files in the wiki |
TEMP-0000000-6D001C | smb4k security issue |
TEMP-0000000-6F6CD4 | Insecure mailbox generation in passwd's useradd |
TEMP-0000000-70147B | Memory corruption |
TEMP-0000000-70AB0A | gix-transport indirect code execution via malicious username |
TEMP-0000000-711222 | RUSTSEC-2023-0057: Fails to prohibit standard library access prior to initialization of Rust standard library runtime |
TEMP-0000000-71A9D4 | Unspecified buffer overflow in Convert::UUlib perl module |
TEMP-0000000-73A1D3 | RUSTSEC-2023-0005 |
TEMP-0000000-758242 | RUSTSEC-2022-0022 |
TEMP-0000000-75B37A | insufficient form variable escaping |
TEMP-0000000-760107 | rtkit: failure to drop supplemental groups |
TEMP-0000000-7C9547 | docker VMM breakout |
TEMP-0000000-7CC552 | tor TROVE-2023-004 |
TEMP-0000000-7D3048 | Logging bypassing through SIGHUP in syslog-ng |
TEMP-0000000-803658 | several security fixes: PHP injections, XSS and secrets stored in session file |
TEMP-0000000-80376F | integer overflow |
TEMP-0000000-80BA67 | Rorster vulnerability similar to CVE-2015-8688 |
TEMP-0000000-835FB2 | rust-atty: Potential unaligned read |
TEMP-0000000-838979 | Escape href attribute in auto links |
TEMP-0000000-84AA65 | DoS against clamav through infinite loop in cli_rmdirs |
TEMP-0000000-8B87A6 | mediawiki issues from 1.26.3, 1.25.6 and 1.23.14 |
TEMP-0000000-8F74CD | unsafe temporary file in lintian's objdump-info |
TEMP-0000000-9164B4 | unspecified steam cache vulnerability |
TEMP-0000000-94515F | xile buffer overrun in terminal code |
TEMP-0000000-964ED9 | AST-2016-005 |
TEMP-0000000-96AFF4 | spip: Use a dedicated function to clean author data when preparing a session |
TEMP-0000000-96B2E9 | hardening for RSA-CRT leak |
TEMP-0000000-970209 | Invalid read in ensure_filepath |
TEMP-0000000-9862C2 | RUSTSEC-2023-0078 |
TEMP-0000000-9AC543 | mono xsp file disclosure |
TEMP-0000000-9B1564 | tryton zipbomb DoS |
TEMP-0000000-9B3182 | schroot may use outdated configuration information |
TEMP-0000000-9BB4B1 | tryton-server lack of record validation |
TEMP-0000000-A2D002 | prelude-manager: password world-readable |
TEMP-0000000-A2EB44 | Insecure tempfile in x-face-el |
TEMP-0000000-A4EF31 | Null pointer access in inflatehd tool |
TEMP-0000000-A4F3DE | Invalid read in create_output_name |
TEMP-0000000-A5538F | libpam-ssh: Inproper caching of pwd data with potential security implications |
TEMP-0000000-AA638E | SQL Injection in graph_templates.php |
TEMP-0000000-AB5257 | dojo can be used as a redirector |
TEMP-0000000-ACBC4C | buffer overflows in init_cups |
TEMP-0000000-B138FB | gstreamer ffmpeg missing checks of packet sizes, chunk sizes, and fragment positions |
TEMP-0000000-B2A20C | RUSTSEC-2024-0021 |
TEMP-0000000-B446CF | iodine: DoS against iodined triggerable by authenticated users |
TEMP-0000000-B4B71F | Fix file indirectory injection |
TEMP-0000000-B5C878 | backuppc: web frontend installed insecurely by default |
TEMP-0000000-B9CD89 | BUG/MAJOR: http: prevent risk of reading past end with balance url_param |
TEMP-0000000-BBB7D8 | remote memory disclosure |
TEMP-0000000-BBBF43 | Crypto weakness in Tor's handshaking process |
TEMP-0000000-BC4C2F | nautilus: file preview html script execution |
TEMP-0000000-BCCC32 | vlc issues fixed in 3.0.13 |
TEMP-0000000-BD209F | XSS via queue name in Sidekiq::Web |
TEMP-0000000-BD3902 | sogo SOGoForbidUnknownDomainsAuth issue |
TEMP-0000000-C04FE8 | dcerpc: exit()'s on malloc failure |
TEMP-0000000-C0C622 | gstreamer-ffmpeg unspecified issue related to sps and pps ids |
TEMP-0000000-C1FFDC | RUSTSEC-2023-0038: Out-of-bounds array access leads to panic |
TEMP-0000000-C3CEDB | fscanf format string security bug in flashrom layout code |
TEMP-0000000-C6840A | RUSTSEC-2022-0020 |
TEMP-0000000-C6AAE1 | Catch overflows in AVC/HEVC NAL unit length calculations |
TEMP-0000000-C7DD3B | RUSTSEC-2024-0402 |
TEMP-0000000-CD327C | remctl ACL bypass vulnerability |
TEMP-0000000-CDF09E | TOCTOU race when expanding JAR files |
TEMP-0000000-CE3B44 | XSA-166: ioreq handling possibly susceptible to multiple read issue |
TEMP-0000000-CED930 | RUSTSEC-2024-0020 |
TEMP-0000000-CFFE57 | cakephp: local file inclusion |
TEMP-0000000-D41D8C | |
TEMP-0000000-D61692 | unace unspecified security issue related to uninitialized variable |
TEMP-0000000-D75F8B | RCE in gitlab-shell 2.6.6-2.6.7 |
TEMP-0000000-D7B410 | RUSTSEC-2022-0021 |
TEMP-0000000-D87CDB | validate a server certificate in a TLS-based server-server connection |
TEMP-0000000-D8C3F4 | stack corruption when handling files with more than 64 audio channels |
TEMP-0000000-D91305 | tcpdf code execution via tcpdf tag |
TEMP-0000000-DAA254 | fai tempfile vulnerability |
TEMP-0000000-DAE756 | clamav: DoS through multiple empty Content-Disposition header lines |
TEMP-0000000-DD0D8E | RUSTSEC-2023-0015 |
TEMP-0000000-DD73A0 | Unexpected database bindings via requests (follow-up) |
TEMP-0000000-DD8D83 | crash during algorithmic detection on crafted PE file |
TEMP-0000000-DE2DCD | gitlab: Missing CSRF in System Hooks |
TEMP-0000000-DEED53 | unrar: opens /tmp/debug_unrar.txt |
TEMP-0000000-E06059 | backup-manager: make sure password is not written to world-readable files |
TEMP-0000000-E10713 | Multiple buffer overflows in gtetrinet |
TEMP-0000000-E3DB33 | Several DoS possibilities of clients against the server in Freeciv |
TEMP-0000000-E43D47 | SQL Injection in cdef.php |
TEMP-0000000-E52D56 | Integer overflow in binutils' ELF parsing |
TEMP-0000000-E57E4E | Remotely triggerable buffer overflow in OpenSMTPD |
TEMP-0000000-E6792F | irssi missing null terminator |
TEMP-0000000-E9A545 | libetpan NULL deref |
TEMP-0000000-EA2D06 | Endlees loop issue |
TEMP-0000000-EA9109 | RUSTSEC-2024-0006 |
TEMP-0000000-ED74C7 | RUSTSEC-2023-0045 |
TEMP-0000000-ED76D0 | Sanitizing and other XSS protections |
TEMP-0000000-EFA573 | SQL Injection Vulnerability in data sources |
TEMP-0000000-F00632 | node-marked: multiple content injection vulnerabilities |
TEMP-0000000-F090BB | directory traversal in servefile |
TEMP-0000000-F32736 | SQL Injection Vulnerability in graph items and graph template items |
TEMP-0000000-F41FA7 | DoS |
TEMP-0000000-F4C8D1 | ejabberd HTML code injection |
TEMP-0000000-F6033C | SQL Injection in data_templates.php |
TEMP-0000000-F707E4 | MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server value |
TEMP-0000000-F99584 | "slowloris" denial-of-service vulnerability in webservers |
TEMP-0000000-F9A459 | XSS via job arguments display class in Sidekiq::Web |
TEMP-0000000-FC713A | pythonpaste web root esacpe |
TEMP-0000000-FD1F92 | root path disclosure |
TEMP-0000000-FDAB26 | Transaction cache overrides the current user |
TEMP-0046709-935F97 | Insecure access control on GNU Mach's IO ports |
TEMP-0105562-0FE13B | crypt++ passes passwords through the command line |
TEMP-0149799-ABFD7C | sanitizer bypassal through quoted file names |
TEMP-0169793-0E1404 | libnss-ldap: DoS through truncated DNS queries |
TEMP-0183047-CE70BA | fuzz: Insecure temp file usage |
TEMP-0216566-EA84C5 | Insecure bounds checking in mpack's content parser |
TEMP-0250106-DF1988 | Unspecified buffer overflow in libmng |
TEMP-0253838-2AD268 | Minor local DoS as libldap |
TEMP-0254101-876546 | Multiple buffer overflows in isoqlog |
TEMP-0259987-89C19C | bash-completion: does not properly quote characters |
TEMP-0269186-FFE79F | asciijump: /var/games/asciijump world writable |
TEMP-0274229-6E02C2 | base-passwd: sets valid shells for system services |
TEMP-0282583-19BE25 | microcode.ctl downloads microcode w/o user confirmation |
TEMP-0291452-29156B | gs-esp: Insecure usage of /tmp in source code |
TEMP-0291613-A6DD69 | xshisen follows symlinks for shared gid games files |
TEMP-0296112-517ED6 | libnet-ssleay-perl: /tmp/entropy insecure |
TEMP-0298114-36C546 | nvi: init.d recover file security bugs |
TEMP-0298929-838146 | Multiple security issues when using distcc without ssh auth |
TEMP-0302454-1EA4A5 | trackballs: Follows symlinks as gid games |
TEMP-0302790-27DC0A | hdup inproperly preserves permissions on directories |
TEMP-0306076-4B7D89 | coreutils ignores umask when using -m in mkdir, mkfifo and mknod |
TEMP-0308737-BABD6A | Heap overflow in libosip URI parsing |
TEMP-0313081-3428D4 | DoS triggering endless loops in findutils -follow option |
TEMP-0319686-D21D67 | xgalaga score file segfault |
TEMP-0320150-40E143 | Integer overflow in ffmpeg's MPEG encoding |
TEMP-0321447-C22A86 | Insecure usage of temporary files in x11perfcomp and other security issues |
TEMP-0321470-3DB8C5 | wine: Unsafe use of temporary files in winelauncher |
TEMP-0321566-40512D | fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script |
TEMP-0325080-CF0752 | user password file created by gajim is world-readable |
TEMP-0327261-B6AE8F | wine-safe does not prompt the user/is registered in mailcap |
TEMP-0330627-887F38 | rkhunter: Insecure temporary file |
TEMP-0331720-9168FE | adduser's deluser creates backup files with world readable permissions |
TEMP-0334193-23D83A | xscreensaver does not maintain screen locks during upgrade |
TEMP-0337492-CFA0CD | Insecure temp files in note |
TEMP-0340079-E5FD8C | Insecure tempfile in libjpeg6b's exifautotran |
TEMP-0340105-EE3BB8 | unsafe file permissions in vpnc |
TEMP-0352723-F61961 | dpkg-sig: insecure temp file bug |
TEMP-0358139-D2A6EE | gauche-config rpath set to user home |
TEMP-0358142-0BC2FF | unixodbc rpath set to /home |
TEMP-0358157-34A070 | fftw rpath set to user home |
TEMP-0358166-12F63F | hamlib3-perl rpath set to user home |
TEMP-0359745-ECBE05 | webalizer: symlink vulnerability |
TEMP-0361653-A94AFD | librsvg2 crash on certain svg files |
TEMP-0361913-F8E45A | linphone insecure password leakage |
TEMP-0368804-259562 | ldap account manager sets trivial password instead of disabling it |
TEMP-0369014-6AE03E | 'Cache' shell injection vulnerability |
TEMP-0369542-32FFCA | ssmtp password leak |
TEMP-0370144-2CA0D8 | specialy crafted WAV turns mkvmerge into a malloc bomb |
TEMP-0375453-4F9189 | ldap account manager wrongly unlocks some passwords |
TEMP-0378411-57ACA8 | Buffer overflow in XML::Parser::Expat triggered by utf8 |
TEMP-0378412-67AD3D | Buffer overflow in XML::Parser::Expat triggered by deep nesting |
TEMP-0378571-06BD02 | courier-authdaemon: wrong socket permissions may lead to password disclosure |
TEMP-0379922-FA0DE2 | double-free vulnerability in the Real Media demuxer |
TEMP-0382132-C0E39C | diffmon information leakage |
TEMP-0388608-F17697 | logrotate race condition could lead to file disclosure |
TEMP-0391388-8371AD | zabbix buffer overflows |
TEMP-0391388-A7E978 | zabbix format string vulnerabilities |
TEMP-0393846-B78E90 | motion insecure tempfile creation |
TEMP-0397297-E6F2D0 | obexpushd arbitrary command execution |
TEMP-0399226-A0B8DF | yacas insecure rpath |
TEMP-0400624-86BB88 | dsniff urlsnarf missing output sanitization |
TEMP-0403141-57B365 | znc file access security hole |
TEMP-0407003-DA457C | various crashes and infinite loops in ffmpeg |
TEMP-0407116-23D9EF | wordpress unregister_globals workaround from 2.0.7 |
TEMP-0407605-7D944E | netpbm heap corruption |
TEMP-0407607-240F77 | python-django flup/FastCGI/debugging issue |
TEMP-0410557-009D67 | dokuwiki conf directory accessible by web users |
TEMP-0410588-2CACBB | amavids-new uses contrib/non-free packers without security support in default config |
TEMP-0412618-38583E | apg generates insecure passwords on 64-bit architectures |
TEMP-0417995-6A1CD7 | initramfs-tools creates /dev/root world-readable |
TEMP-0425254-0F9CE1 | insecure tempfile in wdiff |
TEMP-0427715-C31B61 | webpy HTTP response splitting vulnerability |
TEMP-0434134-B27890 | dokuwiki XSS in spellchecker |
TEMP-0454297-EACDD7 | exempi buffer overflow in GIF ReadHeader() function |
TEMP-0464084-305C70 | greylistd bypass |
TEMP-0464778-7EAAA3 | tdiary XSS |
TEMP-0465561-A017B1 | minor cyrus sasl DoS |
TEMP-0482385-09F6D5 | resizing the monitor with xrandr can crash xscreensaver |
TEMP-0484639-8D3138 | missing sanity checks allow DoS via mis-formated timestamp |
TEMP-0496462-B3176F | insecure temp file in nvi |
TEMP-0497005-8CD734 | Overwrite certain images without notice |
TEMP-0497005-A51CB0 | Overwrite symlink without check |
TEMP-0497452-F45308 | nfdump vulnerable to symlink attacks |
TEMP-0500295-A176F7 | possible script injection via /etc/wordpress/wp-config.php |
TEMP-0500611-22A0F0 | jumpnbump: insecure temp file |
TEMP-0506961-3C07AF | auctex insecure temp file |
TEMP-0507482-9415A7 | Insecure tmpdir creation |
TEMP-0508111-173336 | Insecure tempfile creation |
TEMP-0514151-B17364 | samba: Account locking out doesnt work with an LDAP backend |
TEMP-0515104-609AB4 | nautilus: potential exploits via application launchers |
TEMP-0523476-4CE9EF | pptp-linux: unrestrictive pptpsetup permissions |
TEMP-0525820-07BBE3 | More file buffer overflows |
TEMP-0528434-FDFF92 | cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked |
TEMP-0531735-61C2C9 | OCS Inventory NG SQL Injection Vulnerability |
TEMP-0532514-9137E0 | predictable random number generator used in web browsers |
TEMP-0532740-DB1B64 | libdkim: signature parsing is not thread-safe |
TEMP-0533670-BB9FF7 | pcsc-lite: creates world-writable directory |
TEMP-0535159-76AB98 | ser2net DoS |
TEMP-0535881-957F77 | clamav scanner bypass with archives |
TEMP-0535886-8B62DC | apache2: htaccess override |
TEMP-0535946-7636B8 | libio-socket-ssl-perl: partial hostname matching vulnerability |
TEMP-0539699-BC7A2B | xscreensaver: local screen lock bypassable via low resolution video devices |
TEMP-0548909-2413C6 | xen-tools: world readable disk image files |
TEMP-0551907-963784 | mandos 0600 file being included in initrd |
TEMP-0552518-ADA4BA | eglibc: ldd arbitrary code execution |
TEMP-0555308-79E91C | xserver-xorg: inherits user's mask |
TEMP-0560087-F084E6 | xpat2: save game permissions issue |
TEMP-0560895-39B4B0 | gnome-screensaver inhibitor not removed when connection is closed |
TEMP-0566326-9A899F | sqlite: info leak |
TEMP-0567175-3A30A9 | gmetad incorrect file permissions |
TEMP-0568925-CB8E83 | esmtp: world-readable config file |
TEMP-0570713-FED4BB | ffmpeg potentially remaining vulnerabilities after DSA 2000 |
TEMP-0579087-7F12A8 | prosody password world-readable |
TEMP-0592115-F98F5C | signature verification issue |
TEMP-0593829-E6A4BC | config file world readable |
TEMP-0597382-058DA8 | mingetty directory traversal |
TEMP-0601325-4C9A5B | insecure handling of /tmp files in debian/preinst |
TEMP-0601525-BEBB65 | libgd2: gdImageColorTransparent can write outside buffer |
TEMP-0601585-D41D8C | |
TEMP-0605160-28DAD2 | insecure python path handling |
TEMP-0607494-376E2E | XSS in ftpls |
TEMP-0608822-E0260C | calibre XSS |
TEMP-0608822-EF2F16 | calibre file disclosure |
TEMP-0608979-E8B8DF | Crash with long HOME environment variable |
TEMP-0609212-CA8607 | multiple spip issues |
TEMP-0612034-33CBAD | aptitude tempfile |
TEMP-0612668-CE1EF5 | evince segfault |
TEMP-0632260-7A1354 | stardict: minor information disclosure |
TEMP-0635836-4F6C5C | minissdpd multiple issues |
TEMP-0646758-12F1BD | spip path disclosure |
TEMP-0649113-5F7BC7 | spip privilege escalation |
TEMP-0649113-869F0D | spip XSS |
TEMP-0672435-7C494C | Option -localhost seems to fail to restrict ipv6 access |
TEMP-0672961-92221C | two XSS |
TEMP-0678189-8A5546 | packagekit insecure temp file |
TEMP-0678512-2E167C | remotely triggerable crash |
TEMP-0682869-4EFB12 | insecure default configuration / authentication bypass |
TEMP-0683667-E2E855 | base name disclosure |
TEMP-0684143-02E960 | redeclipse code execution through map files |
TEMP-0698189-BE9FC4 | buffer overflow in commandline parsing |
TEMP-0706095-6DFA71 | autopostgresqlbackup code injection |
TEMP-0706099-FAF305 | automysqlbackup code injection |
TEMP-0729276-2DADFA | staden-io-lib buffer overflow |
TEMP-0740268-4CE61C | buffer overflow |
TEMP-0745580-D90EF4 | Insecure default permissions for ~/.virtualenvs and scripts |
TEMP-0764645-2E1644 | iptables-persistent minor local info leak |
TEMP-0764814-3B6657 | freecad downloads and executes code |
TEMP-0769606-4AA6CF | a2p: buffer overflow |
TEMP-0769937-FD49EE | formail: memory corruption |
TEMP-0770647-53FAC2 | libclamunrar: double-free error libclamunrar_iface/unrar_iface.c |
TEMP-0773308-EE1012 | crashes on crafted ELF |
TEMP-0773751-AD275E | race condition between fur and fex_cleanup may create internal instead of external user |
TEMP-0774171-B2A845 | symlink directory traversal |
TEMP-0774555-E962AD | insecure LUA default load path |
TEMP-0774769-57BAAA | saves unknown host's fingerprint in known_hosts without any prompt |
TEMP-0774897-BC9A31 | denial of service with specific packets |
TEMP-0774898-681A65 | fails to detect silent driver failure to change MAC |
TEMP-0775193-7F000E | djvudigital: insecure use of /tmp |
TEMP-0775199-D05A9E | smime_keys: insecure use of /tmp |
TEMP-0775479-AC2272 | insecure configuration permissions |
TEMP-0775662-9BBEA1 | Insufficient validation of USB device descriptors |
TEMP-0776271-06C3A9 | Infinite loop in patch |
TEMP-0777522-650525 | denial of service under memory stress |
TEMP-0777706-EB0F2E | insecure storage of password in the NUT-monitor app |
TEMP-0778511-AAAFE7 | more to CVE-2014-6585 |
TEMP-0779573-6C7D15 | heap buffer overflow |
TEMP-0780100-E2856F | tcllib XSS |
TEMP-0780178-BE09AB | several security vulnerabilities and network packets can terminate the connection |
TEMP-0780503-1359A5 | Incomplete fix for CVE-2014-7940 |
TEMP-0780712-D0DD02 | permissive file access allowed from nasal |
TEMP-0780716-B04986 | nasal scripts can ready any file |
TEMP-0780817-7C5137 | Insufficient escaping in user manager allows XSS attack |
TEMP-0781608-198474 | caja automounts USB flash drives and CD/DVD drives while session is locked |
TEMP-0781640-F16931 | Signature Bypass in several JSON Web Token Libraries |
TEMP-0783007-4C0B51 | http uri parsing issue |
TEMP-0783347-555527 | files with invalid or unsafe names could be uploaded |
TEMP-0783347-AEABE2 | Some plugins were vulnerable to an SQL injection vulnerability |
TEMP-0784712-056A32 | incorrect parsing of from header when assigning pgp keys |
TEMP-0784712-E83200 | incorrect substring matching when assigning pgp keys |
TEMP-0784889-495CCA | pdf2djvu: insecure use of /tmp when executing c44 |
TEMP-0785364-25992B | XSS in group administration |
TEMP-0786423-948688 | rsync collision attack |
TEMP-0786804-C23D2B | hwclock(8) SUID privilege escalation |
TEMP-0795062-DA89AB | publicfile-installer: insecure use of /tmp |
TEMP-0805638-5AC56F | Insecure permissions for backup directory |
TEMP-0805657-81BB13 | Missing bounds checking and verification of data type causes segfault |
TEMP-0807341-84E914 | uses non-random tempdir /tmp/tmprepo.0/.git/ |
TEMP-0811308-B63DA1 | Multiple minor security issues |
TEMP-0816034-9C45DC | unsafe use of /tmp |
TEMP-0820594-BC6826 | out of bound read and write issues |
TEMP-0825151-E80EFA | CSRF protection for POST requests |
TEMP-0827346-22ED59 | install-sh: insecure use of /tmp |
TEMP-0827564-93E4E3 | Stack corruption from crafted pattern |
TEMP-0830660-09AE85 | Insecure use of /tmp |
TEMP-0832169-0F9220 | insecure default PATH |
TEMP-0832283-698CF7 | cakephp: XML class SSRF vulnerability |
TEMP-0841257-B7CD60 | sendmail: Privilege escalation from group smmsp to root |
TEMP-0846838-9738BD | tiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing |
TEMP-0850432-8BD66F | multiple new security issues |
TEMP-0853951-A77B7B | iio-sensor-proxy: insecure dbus policy |
TEMP-0855108-573218 | irssi memory leak |
TEMP-0856196-13C562 | scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c) |
TEMP-0856648-2BC2C9 | dns: out of bound memory read |
TEMP-0857546-8B0EB6 | Server certificates are not verified |
TEMP-0860565-9E8C4B | XSA-206: xenstore denial of service via repeated update |
TEMP-0868134-294030 | out-of-bounds read in eexec_line() |
TEMP-0869722-31618B | memory leak in quantize |
TEMP-0870233-1DD19E | executes javascript code downloaded from insecure URL |
TEMP-0876540-D98160 | pcb code injection by malicious layout file |
TEMP-0887330-0F8779 | Multiple vulnerabilities in CiviCRM |
TEMP-0894867-E5064B | Confidential issue comments in Slack, Mattermost, and webhook integrations |
TEMP-0900522-27F98D | gitlab: Persistent XSS - Selecting users as allowed merge request approvers |
TEMP-0900522-298D01 | gitlab: Persistent XSS - Multiple locations of user selection drop downs |
TEMP-0900522-3AD97C | gitlab: Permissions issue in Merge Requests Create Service |
TEMP-0900522-4405E2 | gitlab: Removing public deploy keys regression |
TEMP-0900522-7DE480 | gitlab: Arbitrary assignment of project fields using Import project |
TEMP-0900522-A18AAE | gitlab: include directive in .gitlab-ci.yml allows SSRF requests |
TEMP-0902726-3BBE24 | gitlab: Activity feed publicly displaying internal project names |
TEMP-0902726-51ACFE | gitlab: Content injection via username |
TEMP-0904191-9063D5 | Incomplete fix for CVE-2018-10886 |
TEMP-0905332-CB57BF | Default KeyInfo resolver doesn't check for empty element content. |
TEMP-0913136-041770 | DSA verification crashes OpenSSL on invalid combinations of key content |
TEMP-0913137-22A98C | VirtualBox E1000 Guest-to-Host Escape |
TEMP-0921565-C5FF8E | netmask: buffer overflow vulnerability |
TEMP-0922080-E6D428 | fuse mount exposes backup to unauthorized users |
TEMP-0923926-B85BA9 | high memory usage with some long running sessions |
TEMP-0925959-45DD25 | insecure handling of /tmp/VMwareDnD |
TEMP-0930387-988530 | security issues fixed in 1.8.5 |
TEMP-0950121-6A81FC | opensmtpd DoS via opportunistic TLS downgrade |
TEMP-0950816-47D88A | mpv insecure lua loadpath |
TEMP-0964568-93C065 | veyon-configurator tmp handling |
TEMP-0987831-866E01 | SQL Server LIMIT / OFFSET SQL Injection |
TEMP-0993866-37A39B | jwe cbc tag computation error |
TEMP-0993866-50C165 | jws alg:none signature verification issue |
TEMP-0995562-06835D | RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist |
TEMP-0996913-660A41 | RUSTSEC-2020-0159: Potential segfault in localtime_r invocations |
TEMP-1007145-ABA7D9 | wordpress 5.9.2 |
TEMP-1022575-434581 | wordpress 6.0.3 |
TEMP-1027282-04F215 | RUSTSEC-2022-0074 |
TEMP-1031542-93CC2D | XSS Vulnerability in matrix.pl |
TEMP-1032088-3E13DF | RUSTSEC-2022-0078 |
TEMP-1034374-6E2515 | https://rustsec.org/advisories/RUSTSEC-2023-0031.html |
TEMP-1036689-1CA7FB | Block themes parsing shortcodes in user-generated data |
TEMP-1037018-0CB39E | RUSTSEC-2023-0039 |
TEMP-1050299-7F4591 | RUSTSEC-2023-0052 webpki: CPU denial of service in certificate path building |
TEMP-1052200-1C589C | receiving with Lightning: partial MPP might be accepted |
TEMP-1053115-9454E3 | code execution via malformed XTGETTCAP |
TEMP-1055895-2C681F | RUSTSEC-2023-0070: Insufficient covariance check makes self_cell unsound |
TEMP-1059234-46A2BA | RUSTSEC-2023-0075 |
TEMP-1062663-AD972F | GHSA-7g9j-g5jg-3vv3: Unauthenticated Nonce Increment in snow |
TEMP-1074351-F7BBA7 | RUSTSEC-2024-0344 |
TEMP-1074352-DEF3AE | RUSTSEC-2024-0345 |
TEMP-1079517-4BBE9B | RUSTSEC-2024-0363: Binary Protocol Misinterpretation caused by Truncat ... |