Automatically generated issue names

Some issues have not been assigned CVE names, but are still tracked by this database. In this case, the system automatically assigns a unique name. These names are not stable and can change when the database is updated, so they should not be used in external references.

The automatically generated names come in two flavors: the first kind starts with the string "TEMP-000000-". This means that no Debian bug has been assigned to this issue (or a bug has been created and is not recorded in this database). In the second kind of names, there is a Debian bug for the issue, and the "000000"part of the name is replaced with the Debian bug number.

With unfixed issues

BugDescription
TEMP-0000000-0404C1phpMyAdmin PMASA-2017-1 - PMASA-2017-7
TEMP-0000000-07A77Dphp-gettext XSS
TEMP-0000000-137F0Aquoteless attributes in templates can lead to content injection
TEMP-0000000-1BAE4DGNUTLS-SA-2016-2: certificate verification issue
TEMP-0000000-1C4729net/http: broken trailers don't close a server connection
TEMP-0000000-1F321DBUG/MAJOR: http: don't read past buffer's end in http_replace_value
TEMP-0000000-23C1BDSidekiq::Web lacks CSRF protection
TEMP-0000000-29F04AZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1
TEMP-0000000-2C7EFDincorrect handling of {$smarty.template} and {$smarty.current_dir}
TEMP-0000000-345A3Bhandlebars: quoteless attributes in templates can lead to content injection
TEMP-0000000-35D7C1Output of stream_get_meta_data can be falsified by its input
TEMP-0000000-3815A2Avoid unbounded SFTP extended attribute key/values
TEMP-0000000-4DA0A8dbus format string vulnerability
TEMP-0000000-5337A6lhasa: several directory traversal vulnerabilities
TEMP-0000000-54045Emore to CVE-2015-2059
TEMP-0000000-583651nspr, nss: unprotected environment variables
TEMP-0000000-5909B0Use-after-free in WDDX Packet Deserialization
TEMP-0000000-750F16regular expression DoS
TEMP-0000000-8B2928ruby-mail: SMTP injection via recipient email addresses
TEMP-0000000-8B87A6mediawiki issues from 1.26.3, 1.25.6 and 1.23.14
TEMP-0000000-95CBBFuudecode: stack out of bounds read access
TEMP-0000000-96B2E9hardening for RSA-CRT leak
TEMP-0000000-970209Invalid read in ensure_filepath
TEMP-0000000-A4EF31Null pointer access in inflatehd tool
TEMP-0000000-A4F3DEInvalid read in create_output_name
TEMP-0000000-A9D025Crash on bad SOAP request
TEMP-0000000-ACBC4Cbuffer overflows in init_cups
TEMP-0000000-B00722Insecure permission on directory when using spacewalk inventory
TEMP-0000000-B391CAexec functions ignore length but look for NULL termination
TEMP-0000000-B9CD89BUG/MAJOR: http: prevent risk of reading past end with balance url_param
TEMP-0000000-BBB7D8remote memory disclosure
TEMP-0000000-BD209FXSS via queue name in Sidekiq::Web
TEMP-0000000-BD69C5ZF2015-09: Potential Information Disclosure and Insufficient Entropy vulnerability in Zend/Captcha/Word
TEMP-0000000-C04FE8dcerpc: exit()'s on malloc failure
TEMP-0000000-C3CEDBfscanf format string security bug in flashrom layout code
TEMP-0000000-CE3B44XSA-166: ioreq handling possibly susceptible to multiple read issue
TEMP-0000000-D591DCInteger overflow in iptcembed()
TEMP-0000000-E6792Firssi missing null terminator
TEMP-0000000-EA5272NULL Pointer Dereference in phar_tar_setupmetadata()
TEMP-0000000-F090BBdirectory traversal in servefile
TEMP-0000000-F1CA5FType Confusion Vulnerability in PHP_to_XMLRPC_worker()
TEMP-0000000-F26C42Type confusion vulnerability in WDDX packet deserialization
TEMP-0000000-F41FA7DoS
TEMP-0000000-F7A20FKernel: Unprivileged user can freeze journald
TEMP-0000000-F9A459XSS via job arguments display class in Sidekiq::Web
TEMP-0000000-FD1F92root path disclosure
TEMP-0000000-FE3BD0Session WDDX Packet Deserialization Type Confusion Vulnerability
TEMP-0274229-6E02C2base-passwd: sets valid shells for system services
TEMP-0290435-0B57B5tar's rmt command may have undesired side effects
TEMP-0395572-55D193gnome-keyring lives on after ssh session stops
TEMP-0498901-F99C05unsafe use of tempfile in ssmclient
TEMP-0500295-A176F7possible script injection via /etc/wordpress/wp-config.php
TEMP-0517018-A83CE6sysvinit: no-root option in expert installer exposes locally exploitable security flaw
TEMP-0517020-915121thunar: potential exploits via application launchers
TEMP-0528250-2E3658hex-a-hop: buffer overflow in loading save games
TEMP-0532514-9137E0predictable random number generator used in web browsers
TEMP-0537604-F35BD7insecure tmp file vulnerability in slim
TEMP-0560108-565B70browser-based css info disclosure
TEMP-0568486-B6FCB6browser javascript document.write denial-of-service
TEMP-0601325-4C9A5Binsecure handling of /tmp files in debian/preinst
TEMP-0601525-BEBB65libgd2: gdImageColorTransparent can write outside buffer
TEMP-0608980-E8B8DFCrash with long HOME environment variable
TEMP-0628843-DBAD28more related to CVE-2005-4890
TEMP-0672435-7C494COption -localhost seems to fail to restrict ipv6 access
TEMP-0678512-2E167Cremotely triggerable crash
TEMP-0729276-2DADFAstaden-io-lib buffer overflow
TEMP-0736821-BCABA8no input validation for search function
TEMP-0740268-4CE61Cbuffer overflow
TEMP-0745112-59B02Cdata leak during restore
TEMP-0745580-D90EF4Insecure default permissions for ~/.virtualenvs and scripts
TEMP-0752092-218B4Dsofthsm-keyconv creates security-sensibe file world-readable
TEMP-0766502-BFFD92TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS
TEMP-0769606-4AA6CFa2p: buffer overflow
TEMP-0769937-FD49EEformail: memory corruption
TEMP-0772585-D41D8C
TEMP-0773084-4AB1FBfreetype: out of bounds write
TEMP-0773308-EE1012crashes on crafted ELF
TEMP-0773751-AD275Erace condition between fur and fex_cleanup may create internal instead of external user
TEMP-0774172-B2A845symlink directory traversal
TEMP-0774439-ECBE09buffer over-read
TEMP-0774453-CA58EEZoo directory traversal
TEMP-0774527-3B586Fdirectory traversal
TEMP-0774555-E962ADinsecure LUA default load path
TEMP-0774769-57BAAAsaves unknown host's fingerprint in known_hosts without any prompt
TEMP-0774838-C2ABDAinsecure keyring handling
TEMP-0774897-BC9A31denial of service with specific packets
TEMP-0774898-681A65fails to detect silent driver failure to change MAC
TEMP-0775193-7F000Edjvudigital: insecure use of /tmp
TEMP-0775199-D05A9Esmime_keys: insecure use of /tmp
TEMP-0775662-9BBEA1Insufficient validation of USB device descriptors
TEMP-0776271-06C3A9Infinite loop in patch
TEMP-0777522-650525denial of service under memory stress
TEMP-0777706-EB0F2Einsecure storage of password in the NUT-monitor app
TEMP-0779573-6C7D15heap buffer overflow
TEMP-0780178-BE09ABseveral security vulnerabilities and network packets can terminate the connection
TEMP-0780817-7C5137Insufficient escaping in user manager allows XSS attack
TEMP-0781595-E39EEExdeb: disables apt's signature checks
TEMP-0783007-4C0B51http uri parsing issue
TEMP-0784712-056A32incorrect parsing of from header when assigning pgp keys
TEMP-0784712-E83200incorrect substring matching when assigning pgp keys
TEMP-0786423-948688rsync collision attack
TEMP-0786804-C23D2Bhwclock(8) SUID privilege escalation
TEMP-0797470-1AE9BAval_dane_check: usage DANE-TA(2) may bypass cert validation entirely
TEMP-0799756-21B18CPrivilege escalation via core-gui
TEMP-0800564-79703Btrivial hash complexity DoS attack
TEMP-0801872-E034E1dc3dd: buffer overflow
TEMP-0803097-A74121busybox: pointer misuse unziping files
TEMP-0807341-84E914uses non-random tempdir /tmp/tmprepo.0/.git/
TEMP-0816034-9C45DCunsafe use of /tmp
TEMP-0820594-BC6826out of bound read and write issues
TEMP-0825151-E80EFACSRF protection for POST requests
TEMP-0826101-4D75ECdoesn't remove metadata in embedded images in PDFs
TEMP-0827346-22ED59install-sh: insecure use of /tmp
TEMP-0827564-93E4E3Stack corruption from crafted pattern
TEMP-0830660-09AE85Insecure use of /tmp
TEMP-0832169-0F9220insecure default PATH
TEMP-0832283-698CF7cakephp: XML class SSRF vulnerability
TEMP-0833087-C5410Dbruteforcable challenge responses in unprotected logfile
TEMP-0840685-CEF76BTOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory
TEMP-0841257-B7CD60sendmail: Privilege escalation from group smmsp to root
TEMP-0841856-B18BAFPrivilege escalation possible to other user than root
TEMP-0846838-9738BDtiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing
TEMP-0850432-8BD66Fmultiple new security issues
TEMP-0854605-651F03podofo: NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp)
TEMP-0856196-13C562scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)
TEMP-0856229-F1D37CXSA-207: memory leak when destroying guest without PT devices
TEMP-0856648-2BC2C9dns: out of bound memory read
TEMP-0857546-8B0EB6Server certificates are not verified
TEMP-0858739-A76227apt-cacher http response splitting

The rest

BugDescription
TEMP-0000000-00657Fpure-ftpd-mysql: any problems with a home dir will allow rw to the entire filesystem
TEMP-0000000-018938SQL Injection in host_templates.php
TEMP-0000000-01E656Possible SQL injection in freeradius
TEMP-0000000-02F7ABfile descriptor leak when a Compose file uses the "include" directive
TEMP-0000000-0404C1phpMyAdmin PMASA-2017-1 - PMASA-2017-7
TEMP-0000000-050E10mailutils: sql injection vulnerability in sql authentication module
TEMP-0000000-09234Cinsecure usage of temporary files in flash-kernel
TEMP-0000000-0999A8syslog-ng dos
TEMP-0000000-099EACwerkzeug hashes its secret instead of using hmac
TEMP-0000000-0CA7E3XSS in press-this of wordpress
TEMP-0000000-0D6EB6crash when parsing overly long links
TEMP-0000000-106DD8linux-ftpd: null ptr dereference
TEMP-0000000-1541B5incorrect memory management in Gtk2::Gdk::Display::list_devices
TEMP-0000000-196897htmlpurifier various
TEMP-0000000-19B927Partial SMAP bypass on 64-bit Linux kernels
TEMP-0000000-1A4150archivemail insecure temporary file issues
TEMP-0000000-1BAE4DGNUTLS-SA-2016-2: certificate verification issue
TEMP-0000000-1CC548Cross-site scripting (XSS) vulnerability in cgit's "txt2html" filter
TEMP-0000000-1E2093Linux ASLR mmap weakness: Reducing entropy by half
TEMP-0000000-1F321DBUG/MAJOR: http: don't read past buffer's end in http_replace_value
TEMP-0000000-2025B8Missing normalization
TEMP-0000000-212AE3Unspeficied security issue in ipsec-tool's single DES support
TEMP-0000000-23C1BDSidekiq::Web lacks CSRF protection
TEMP-0000000-24F61AEnforce use of HTTPS for MathJax in IPython
TEMP-0000000-269968X launcher doesn't drop group privileges
TEMP-0000000-271E1Avpnc: config file path security hole
TEMP-0000000-283B1AQuassel: /var/lib/quassel/quasselCert.pem world-readable
TEMP-0000000-29F04AZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1
TEMP-0000000-2A36A7remote DoS when case of the characters of a nickname is modified
TEMP-0000000-2D36D7cyassl: RSA Padding check vulnerability
TEMP-0000000-2D8F93isc-dhcp: omapi dos
TEMP-0000000-3336BAhtdig: several unspecified security problems
TEMP-0000000-35D7C1Output of stream_get_meta_data can be falsified by its input
TEMP-0000000-37DBC3use after free / double free
TEMP-0000000-3815A2Avoid unbounded SFTP extended attribute key/values
TEMP-0000000-3934DCxmail insecure temp files handling
TEMP-0000000-3B586Fdirectory traversal
TEMP-0000000-3C6C99Insufficient filename sanitising in darcsweb
TEMP-0000000-3D1157information leak in event device handling
TEMP-0000000-3D82DCaxel URL parser buffer overflow
TEMP-0000000-3E0C4ESQL injection due to unescaped object keys
TEMP-0000000-3EB501Possible problem with insecure usage of sscanf in obexftp client
TEMP-0000000-3F0E00tor insufficient authentication on control port
TEMP-0000000-404599Multiple security problems in lbreakout2
TEMP-0000000-42228Bspip DoS
TEMP-0000000-425714argyll unsafe udev rules
TEMP-0000000-42BDFBmimep insecure tempfile usage and insecure calls to LaTeX and dvips
TEMP-0000000-43D999Insecure temp files in firehol
TEMP-0000000-47717Agunicorn fails to drop supplemental groups
TEMP-0000000-47E1CEcrashes found with afl
TEMP-0000000-481246libxslt segfault / DoS
TEMP-0000000-4C54C0atftp DoS
TEMP-0000000-4D04B7maradns: More frequent rekeying to mitigate possible AES attacks
TEMP-0000000-4DA0A8dbus format string vulnerability
TEMP-0000000-4E21BAxscreensaver: symlink attack enables local information disclosure
TEMP-0000000-516A9ENTFS driver for FUSE unspecified issue
TEMP-0000000-523402auth bypass
TEMP-0000000-52FF39dokuwiki ACL bypass
TEMP-0000000-5337A6lhasa: several directory traversal vulnerabilities
TEMP-0000000-54045Emore to CVE-2015-2059
TEMP-0000000-56C871Fixes permission check in QueriesController
TEMP-0000000-583651nspr, nss: unprotected environment variables
TEMP-0000000-5865E4imms: Arbitrary command execution through inproper filename escaping
TEMP-0000000-589A35"slowloris" denial-of-service vulnerabilty in webservers
TEMP-0000000-58BE54lintian disclosure of file presense
TEMP-0000000-5909B0Use-after-free in WDDX Packet Deserialization
TEMP-0000000-598804amanda code injection
TEMP-0000000-5AF47FRemote DoS vulnerabilities in postgrey
TEMP-0000000-5CAA34Unspecified issue in moodle's admin/delete.php
TEMP-0000000-604AC4crashes on crafted upack packed file
TEMP-0000000-62CF51Buffer overflow in libotr
TEMP-0000000-62D57Eapt-cacher arbitrary command execution
TEMP-0000000-673AE0ikiwiki allows web user to edit images and other non-page format files in the wiki
TEMP-0000000-6773DEinterchange potential HTTP response splitting vulnerability
TEMP-0000000-687E4Dnull pointer dereference
TEMP-0000000-6B3154Various /tmp related security issues in cernlib
TEMP-0000000-6BC416flaw in NetX that allows arbitrary unsigned apps to set any java property
TEMP-0000000-6C56E3mantis multiple issues fixed in 1.0.7
TEMP-0000000-6D001Csmb4k security issue
TEMP-0000000-6F6CD4Insecure mailbox generation in passwd's useradd
TEMP-0000000-70147BMemory corruption
TEMP-0000000-71A9D4Unspecified buffer overflow in Convert::UUlib perl module
TEMP-0000000-75B37Ainsufficient form variable escaping
TEMP-0000000-760107rtkit: failure to drop supplemental groups
TEMP-0000000-79CB2Campache DoS and CSRF
TEMP-0000000-7C9547docker VMM breakout
TEMP-0000000-7D3048Logging bypassing through SIGHUP in syslog-ng
TEMP-0000000-80376Finteger overflow
TEMP-0000000-80BA67Rorster vulnerability similar to CVE-2015-8688
TEMP-0000000-812BACphpbb 3.0.7 permissions bypass
TEMP-0000000-838979Escape href attribute in auto links
TEMP-0000000-84AA65DoS against clamav through infinite loop in cli_rmdirs
TEMP-0000000-8648E9moinmoin XSS
TEMP-0000000-8B2928ruby-mail: SMTP injection via recipient email addresses
TEMP-0000000-8B87A6mediawiki issues from 1.26.3, 1.25.6 and 1.23.14
TEMP-0000000-8F74CDunsafe temporary file in lintian's objdump-info
TEMP-0000000-9164B4unspecified steam cache vulnerability
TEMP-0000000-94515Fxile buffer overrun in terminal code
TEMP-0000000-964ED9AST-2016-005
TEMP-0000000-970209Invalid read in ensure_filepath
TEMP-0000000-9A49E3XSS vulnerability discovered -plugin-globalsearch
TEMP-0000000-9AC543mono xsp file disclosure
TEMP-0000000-9B3182schroot may use outdated configuration information
TEMP-0000000-9DA06Eopenslp: insecure cert validation through openssl api misuse
TEMP-0000000-9ED582Two DoS condition in ekg
TEMP-0000000-A2D002prelude-manager: password world-readable
TEMP-0000000-A2EB44Insecure tempfile in x-face-el
TEMP-0000000-A4F3DEInvalid read in create_output_name
TEMP-0000000-A5538Flibpam-ssh: Inproper caching of pwd data with potential security implications
TEMP-0000000-A8955CKDE Kopete ICQ remote DoS
TEMP-0000000-A9D025Crash on bad SOAP request
TEMP-0000000-AA638ESQL Injection in graph_templates.php
TEMP-0000000-AB5257dojo can be used as a redirector
TEMP-0000000-ACBC4Cbuffer overflows in init_cups
TEMP-0000000-AF79F8roundup: unspecified issue
TEMP-0000000-B138FBgstreamer ffmpeg missing checks of packet sizes, chunk sizes, and fragment positions
TEMP-0000000-B14A9Dmantis multiple issues
TEMP-0000000-B2D490moin: hierarchical ACLs security issue
TEMP-0000000-B391CAexec functions ignore length but look for NULL termination
TEMP-0000000-B446CFiodine: DoS against iodined triggerable by authenticated users
TEMP-0000000-B4B71FFix file indirectory injection
TEMP-0000000-B5C878backuppc: web frontend installed insecurely by default
TEMP-0000000-B9CD89BUG/MAJOR: http: prevent risk of reading past end with balance url_param
TEMP-0000000-BB4B08zend framework multiple issues
TEMP-0000000-BBB7D8remote memory disclosure
TEMP-0000000-BBBF43Crypto weakness in Tor's handshaking process
TEMP-0000000-BC4C2Fnautilus: file preview html script execution
TEMP-0000000-BD209FXSS via queue name in Sidekiq::Web
TEMP-0000000-BD20F7ZF2010-07
TEMP-0000000-BD69C5ZF2015-09: Potential Information Disclosure and Insufficient Entropy vulnerability in Zend/Captcha/Word
TEMP-0000000-C04FE8dcerpc: exit()'s on malloc failure
TEMP-0000000-C070DDntop: access.log permissions
TEMP-0000000-C0C622gstreamer-ffmpeg unspecified issue related to sps and pps ids
TEMP-0000000-C3CEDBfscanf format string security bug in flashrom layout code
TEMP-0000000-C3D012multiple missing input sanity checks in KDE
TEMP-0000000-C46FADpam usb wrongly allows authentication without password in ssh sessions
TEMP-0000000-CD327Cremctl ACL bypass vulnerability
TEMP-0000000-CDF09ETOCTOU race when expanding JAR files
TEMP-0000000-CE3B44XSA-166: ioreq handling possibly susceptible to multiple read issue
TEMP-0000000-CE781Fflaw that allows unsigned code to access any file on the machine (accessible to the user) and write to it.
TEMP-0000000-CFFE57cakephp: local file inclusion
TEMP-0000000-D0A7F0ircd-ratbox password disclosure during TLS handshake
TEMP-0000000-D41D8C
TEMP-0000000-D591DCInteger overflow in iptcembed()
TEMP-0000000-D61692unace unspecified security issue related to uninitialized variable
TEMP-0000000-D75F8BRCE in gitlab-shell 2.6.6-2.6.7
TEMP-0000000-D91305tcpdf code execution via tcpdf tag
TEMP-0000000-DAA254fai tempfile vulnerability
TEMP-0000000-DAE756clamav: DoS through multiple empty Content-Disposition header lines
TEMP-0000000-DD8D83crash during algorithmic detection on crafted PE file
TEMP-0000000-DEED53unrar: opens /tmp/debug_unrar.txt
TEMP-0000000-E06059backup-manager: make sure password is not written to world-readable files
TEMP-0000000-E10713Multiple buffer overflows in gtetrinet
TEMP-0000000-E2B9A5use-after-free in unserialisation
TEMP-0000000-E3DB33Several DoS possibilities of clients against the server in Freeciv
TEMP-0000000-E43D47SQL Injection in cdef.php
TEMP-0000000-E52D56Integer overflow in binutils' ELF parsing
TEMP-0000000-E57E4ERemotely triggerable buffer overflow in OpenSMTPD
TEMP-0000000-E6792Firssi missing null terminator
TEMP-0000000-E9A545libetpan NULL deref
TEMP-0000000-EA2D06Endlees loop issue
TEMP-0000000-EA5272NULL Pointer Dereference in phar_tar_setupmetadata()
TEMP-0000000-EA71EFmoodle unspecified security bug in the forum module (discuss.php)
TEMP-0000000-EFA573SQL Injection Vulnerability in data sources
TEMP-0000000-F00632node-marked: multiple content injection vulnerabilities
TEMP-0000000-F090BBdirectory traversal in servefile
TEMP-0000000-F1CA5FType Confusion Vulnerability in PHP_to_XMLRPC_worker()
TEMP-0000000-F26C42Type confusion vulnerability in WDDX packet deserialization
TEMP-0000000-F32736SQL Injection Vulnerability in graph items and graph template items
TEMP-0000000-F41FA7DoS
TEMP-0000000-F4C8D1ejabberd HTML code injection
TEMP-0000000-F53EE40.1.1+dfsg-1 multiple issues
TEMP-0000000-F56399webkit info leak
TEMP-0000000-F6033CSQL Injection in data_templates.php
TEMP-0000000-F647EFMissing safemode checks in PHP's _php_image_output functions
TEMP-0000000-F707E4MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server value
TEMP-0000000-F9A459XSS via job arguments display class in Sidekiq::Web
TEMP-0000000-FC713Apythonpaste web root esacpe
TEMP-0000000-FE3BD0Session WDDX Packet Deserialization Type Confusion Vulnerability
TEMP-0046709-935F97Insecure access control on GNU Mach's IO ports
TEMP-0105562-0FE13Bcrypt++ passes passwords through the command line
TEMP-0107374-DF37E7gnupg: inproper flagging of signatures as being local
TEMP-0149799-ABFD7Csanitizer bypassal through quoted file names
TEMP-0169793-0E1404libnss-ldap: DoS through truncated DNS queries
TEMP-0173238-677015Insecure temp files in lilo
TEMP-0183047-CE70BAfuzz: Insecure temp file usage
TEMP-0216566-EA84C5Insecure bounds checking in mpack's content parser
TEMP-0250106-DF1988Unspecified buffer overflow in libmng
TEMP-0253838-2AD268Minor local DoS as libldap
TEMP-0254101-876546Multiple buffer overflows in isoqlog
TEMP-0259987-89C19Cbash-completion: does not properly quote characters
TEMP-0264684-94ACC3Pavuk Digest Authentication Buffer Overflow
TEMP-0267098-76A1A1Two vulnerabilities in sredird
TEMP-0269186-FFE79Fasciijump: /var/games/asciijump world writable
TEMP-0274229-6E02C2base-passwd: sets valid shells for system services
TEMP-0282583-19BE25microcode.ctl downloads microcode w/o user confirmation
TEMP-0290047-4CE288Insecure temp files in linux-wlan-ng
TEMP-0291452-29156Bgs-esp: Insecure usage of /tmp in source code
TEMP-0291613-A6DD69xshisen follows symlinks for shared gid games files
TEMP-0296112-517ED6libnet-ssleay-perl: /tmp/entropy insecure
TEMP-0298114-36C546nvi: init.d recover file security bugs
TEMP-0298929-838146Multiple security issues when using distcc without ssh auth
TEMP-0300560-C9B661downloads.ini writable by group users, world-readable
TEMP-0302454-1EA4A5trackballs: Follows symlinks as gid games
TEMP-0302790-27DC0Ahdup inproperly preserves permissions on directories
TEMP-0306076-4B7D89coreutils ignores umask when using -m in mkdir, mkfifo and mknod
TEMP-0308737-BABD6AHeap overflow in libosip URI parsing
TEMP-0313081-3428D4DoS triggering endless loops in findutils -follow option
TEMP-0319686-D21D67xgalaga score file segfault
TEMP-0320150-40E143Integer overflow in ffmpeg's MPEG encoding
TEMP-0321447-C22A86Insecure usage of temporary files in x11perfcomp and other security issues
TEMP-0321470-3DB8C5wine: Unsafe use of temporary files in winelauncher
TEMP-0321566-40512Dfftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script
TEMP-0324913-425151cplay - still unsafe temporary file handling vulnerable to symlink attacks
TEMP-0325080-6D2C4Fuser password file created by gajim is world-redable
TEMP-0327261-B6AE8Fwine-safe does not prompt the user/is registered in mailcap
TEMP-0328134-B819BCsnort: DoS in verbose mode
TEMP-0330627-887F38rkhunter: Insecure temporary file
TEMP-0331720-9168FEadduser's deluser creates backup files with world readable permissions
TEMP-0334193-23D83Axscreensaver does not maintain screen locks during upgrade
TEMP-0335996-97467Dntop format string vulnerability
TEMP-0337492-CFA0CDInsecure temp files in note
TEMP-0340079-E5FD8CInsecure tempfile in libjpeg6b's exifautotran
TEMP-0340105-EE3BB8unsafe file permissions in vpnc
TEMP-0349528-9E59D3Buffer overflow in elog's header buffer
TEMP-0352723-F61961dpkg-sig: insecure temp file bug
TEMP-0358139-D2A6EEgauche-config rpath set to user home
TEMP-0358142-0BC2FFunixodbc rpath set to /home
TEMP-0358157-34A070fftw rpath set to user home
TEMP-0358166-12F63Fhamlib3-perl rpath set to user home
TEMP-0359745-ECBE05webalizer: symlink vulnerability
TEMP-0361653-A94AFDlibrsvg2 crash on certain svg files
TEMP-0361913-F8E45Alinphone insecure password leakage
TEMP-0364350-5A8D23typo3 mailforms can be abused to send spam
TEMP-0368804-259562ldap account manager sets trivial password instead of disabling it
TEMP-0369014-6AE03E'Cache' shell injection vulnerability
TEMP-0369542-32FFCAssmtp password leak
TEMP-0370144-2CA0D8specialy crafted WAV turns mkvmerge into a malloc bomb
TEMP-0375453-4F9189ldap account manager wrongly unlocks some passwords
TEMP-0376577-38D215uqwk buffer overflow
TEMP-0378411-57ACA8Buffer overflow in XML::Parser::Expat triggered by utf8
TEMP-0378412-67AD3DBuffer overflow in XML::Parser::Expat triggered by deep nesting
TEMP-0378571-06BD02courier-authdaemon: wrong socket permissions may lead to password disclosure
TEMP-0379922-FA0DE2double-free vulnerability in the Real Media demuxer
TEMP-0382132-C0E39Cdiffmon information leakage
TEMP-0388608-F17697logrotate race condition could lead to file disclosure
TEMP-0391388-8371ADzabbix buffer overflows
TEMP-0391388-A7E978zabbix format string vulnerabilities
TEMP-0393846-B78E90motion insecure tempfile creation
TEMP-0397297-E6F2D0obexpushd arbitrary command execution
TEMP-0399226-A0B8DFyacas insecure rpath
TEMP-0400624-86BB88dsniff urlsnarf missing output sanitization
TEMP-0403141-57B365znc file access security hole
TEMP-0404927-037F7Budev wrong permissions on raid devices
TEMP-0406285-531EEAbcfg2 password disclosure
TEMP-0407003-DA457Cvarious crashes and infinite loops in ffmpeg
TEMP-0407116-23D9EFwordpress unregister_globals workaround from 2.0.7
TEMP-0407605-7D944Enetpbm heap corruption
TEMP-0407607-240F77python-django flup/FastCGI/debugging issue
TEMP-0409062-BD7B6Dkaya buffer overflow, cross-site scripting and data leak
TEMP-0410557-009D67dokuwiki conf directory accessible by web users
TEMP-0410588-2CACBBamavids-new uses contrib/non-free packers without security support in default config
TEMP-0412618-38583Eapg generates insecure passwords on 64-bit architectures
TEMP-0414480-089D8Alow-entropy default passphrase in Debian's dtc-xen
TEMP-0414482-5BA32Cfile permission race conidition in Debian's dtc-xen
TEMP-0417995-6A1CD7initramfs-tools creates /dev/root world-readable
TEMP-0418662-DC1CF3buffer overflow in mixmaster importing type 2 messages
TEMP-0425010-42F27Cmantis: information leak
TEMP-0425254-0F9CE1insecure tempfile in wdiff
TEMP-0427715-C31B61webpy HTTP response splitting vulnerability
TEMP-0434134-B27890dokuwiki XSS in spellchecker
TEMP-0435707-98CBD1teamspeak-server arbitrary file disclosure
TEMP-0454297-EACDD7exempi buffer overflow in GIF ReadHeader() function
TEMP-0464084-305C70greylistd bypass
TEMP-0464778-7EAAA3tdiary XSS
TEMP-0465561-A017B1minor cyrus sasl DoS
TEMP-0482385-09F6D5resizing the monitor with xrandr can crash xscreensaver
TEMP-0484639-8D3138missing sanity checks allow DoS via mis-formated timestamp
TEMP-0495542-A51430phpCAS XSS in final_uri; PHPCAS-52
TEMP-0496462-B3176Finsecure temp file in nvi
TEMP-0497005-8CD734Overwrite certain images without notice
TEMP-0497005-A51CB0Overwrite symlink without check
TEMP-0497452-F45308nfdump vulnerable to symlink attacks
TEMP-0500180-9ABD38unsafe usage of temp file
TEMP-0500611-22A0F0jumpnbump: insecure temp file
TEMP-0503750-D75E0Abalazar3: insecure temp file handling
TEMP-0504726-7A5872universalindentgui insecure usage of temp files
TEMP-0505326-BEA2C3typo3: passwords are not changeable bug in the backend
TEMP-0506961-3C07AFauctex insecure temp file
TEMP-0507482-9415A7Insecure tmpdir creation
TEMP-0508111-173336Insecure tempfile creation
TEMP-0513611-D1D676glpi sql injection
TEMP-0514151-B17364samba: Account locking out doesnt work with an LDAP backend
TEMP-0515104-609AB4nautilus: potential exploits via application launchers
TEMP-0521107-09A165unsafe xfs
TEMP-0523476-4CE9EFpptp-linux: unrestrictive pptpsetup permissions
TEMP-0525820-07BBE3More file buffer overflows
TEMP-0526594-48E4C2moin: XSS in AttachFile.py via attachements
TEMP-0527476-471755prewkikka: pasword world-readable
TEMP-0528434-FDFF92cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
TEMP-0530245-C3F9D6udev: creates aacraid devices that are rw by group floppy
TEMP-0531735-61C2C9OCS Inventory NG SQL Injection Vulnerability
TEMP-0532514-9137E0predictable random number generator used in web browsers
TEMP-0532740-DB1B64libdkim: signature parsing is not thread-safe
TEMP-0533670-BB9FF7pcsc-lite: creates world-writable directory
TEMP-0533673-74CBB6moin: heirarchical ACL vulnerability
TEMP-0535159-76AB98ser2net DoS
TEMP-0535881-957F77clamav scanner bypass with archives
TEMP-0535886-8B62DCapache2: htaccess override
TEMP-0535946-7636B8libio-socket-ssl-perl: partial hostname matching vulnerability
TEMP-0539699-BC7A2Bxscreensaver: local screen lock bypassable via low resolution video devices
TEMP-0540606-8877D9php5: 'open_basedir' bypass
TEMP-0548909-2413C6xen-tools: world readable disk image files
TEMP-0551907-963784mandos 0600 file being included in initrd
TEMP-0552518-ADA4BAeglibc: ldd arbitrary code execution
TEMP-0555308-79E91Cxserver-xorg: inherits user's mask
TEMP-0560087-F084E6xpat2: save game permissions issue
TEMP-0560895-39B4B0gnome-screensaver inhibitor not removed when connection is closed
TEMP-0566326-9A899Fsqlite: info leak
TEMP-0567175-3A30A9gmetad incorrect file permissions
TEMP-0568925-CB8E83esmtp: world-readable config file
TEMP-0569506-737DDEirssi emote leak
TEMP-0570011-670DB5phpbb3 weak captcha
TEMP-0570713-FED4BBffmpeg potentially remaining vulnerabilities after DSA 2000
TEMP-0571151-9735FDmultiple typo issues
TEMP-0578928-72FBC5gnome-orca: shell access without logon
TEMP-0579087-7F12A8prosody password world-readable
TEMP-0580120-33FF40mediatomb directory traversal
TEMP-0581058-CF1E8Dnumpy memory corruption
TEMP-0582798-329FE7wicd changes permissions of resolv.conf
TEMP-0592115-F98F5Csignature verification issue
TEMP-0593829-E6A4BCconfig file world readable
TEMP-0597382-058DA8mingetty directory traversal
TEMP-0601325-4C9A5Binsecure handling of /tmp files in debian/preinst
TEMP-0601525-BEBB65libgd2: gdImageColorTransparent can write outside buffer
TEMP-0601585-D41D8C
TEMP-0603436-5CA466pam_pgsql overflow
TEMP-0605160-28DAD2insecure python path handling
TEMP-0607494-376E2EXSS in ftpls
TEMP-0608822-E0260Ccalibre XSS
TEMP-0608822-EF2F16calibre file disclosure
TEMP-0608979-E8B8DFCrash with long HOME environment variable
TEMP-0609212-CA8607multiple spip issues
TEMP-0612034-33CBADaptitude tempfile
TEMP-0612668-CE1EF5evince segfault
TEMP-0613312-84D729kfreebsd dos
TEMP-0625868-9433A0fglrx-driver xauth cookie leak
TEMP-0627936-75D3F5unspecified security vulnerabilities
TEMP-0631437-206E95unspecified security vulnerabilities from 4.3.7
TEMP-0632260-7A1354stardict: minor information disclosure
TEMP-0635836-4F6C5Cminissdpd multiple issues
TEMP-0646758-12F1BDspip path disclosure
TEMP-0649113-5F7BC7spip privilege escalation
TEMP-0649113-869F0Dspip XSS
TEMP-0672961-92221Ctwo XSS
TEMP-0678189-8A5546packagekit insecure temp file
TEMP-0678512-2E167Cremotely triggerable crash
TEMP-0682869-4EFB12insecure default configuration / authentication bypass
TEMP-0683667-E2E855base name disclosure
TEMP-0684143-02E960redeclipse code execution through map files
TEMP-0698189-BE9FC4buffer overflow in commandline parsing
TEMP-0706095-6DFA71autopostgresqlbackup code injection
TEMP-0706099-FAF305automysqlbackup code injection
TEMP-0729276-2DADFAstaden-io-lib buffer overflow
TEMP-0736821-BCABA8no input validation for search function
TEMP-0745112-59B02Cdata leak during restore
TEMP-0745580-D90EF4Insecure default permissions for ~/.virtualenvs and scripts
TEMP-0752092-218B4Dsofthsm-keyconv creates security-sensibe file world-readable
TEMP-0764645-2E1644iptables-persistent minor local info leak
TEMP-0764814-3B6657freecad downloads and executes code
TEMP-0769606-4AA6CFa2p: buffer overflow
TEMP-0769937-FD49EEformail: memory corruption
TEMP-0770647-53FAC2libclamunrar: double-free error libclamunrar_iface/unrar_iface.c
TEMP-0772585-D41D8C
TEMP-0773084-4AB1FBfreetype: out of bounds write
TEMP-0773308-EE1012crashes on crafted ELF
TEMP-0773751-AD275Erace condition between fur and fex_cleanup may create internal instead of external user
TEMP-0774171-B2A845symlink directory traversal
TEMP-0774555-E962ADinsecure LUA default load path
TEMP-0774769-57BAAAsaves unknown host's fingerprint in known_hosts without any prompt
TEMP-0774838-C2ABDAinsecure keyring handling
TEMP-0774898-681A65fails to detect silent driver failure to change MAC
TEMP-0775193-7F000Edjvudigital: insecure use of /tmp
TEMP-0775199-D05A9Esmime_keys: insecure use of /tmp
TEMP-0775479-AC2272insecure configuration permissions
TEMP-0775662-9BBEA1Insufficient validation of USB device descriptors
TEMP-0775959-D042DClame missing check for samplerate
TEMP-0776271-06C3A9Infinite loop in patch
TEMP-0777706-EB0F2Einsecure storage of password in the NUT-monitor app
TEMP-0778511-AAAFE7more to CVE-2014-6585
TEMP-0779573-6C7D15heap buffer overflow
TEMP-0780100-E2856Ftcllib XSS
TEMP-0780178-BE09ABseveral security vulnerabilities and network packets can terminate the connection
TEMP-0780503-1359A5Incomplete fix for CVE-2014-7940
TEMP-0780712-D0DD02permissive file access allowed from nasal
TEMP-0780716-B04986nasal scripts can ready any file
TEMP-0780817-7C5137Insufficient escaping in user manager allows XSS attack
TEMP-0781608-198474caja automounts USB flash drives and CD/DVD drives while session is locked
TEMP-0781640-F16931Signature Bypass in several JSON Web Token Libraries
TEMP-0783007-4C0B51http uri parsing issue
TEMP-0783347-555527files with invalid or unsafe names could be uploaded
TEMP-0783347-AEABE2Some plugins were vulnerable to an SQL injection vulnerability
TEMP-0784712-056A32incorrect parsing of from header when assigning pgp keys
TEMP-0784712-E83200incorrect substring matching when assigning pgp keys
TEMP-0784888-F51195didjvu: insecure use of /tmp when executing c44
TEMP-0784889-495CCApdf2djvu: insecure use of /tmp when executing c44
TEMP-0785364-25992BXSS in group administration
TEMP-0786423-948688rsync collision attack
TEMP-0786804-C23D2Bhwclock(8) SUID privilege escalation
TEMP-0795062-DA89ABpublicfile-installer: insecure use of /tmp
TEMP-0801872-E034E1dc3dd: buffer overflow
TEMP-0805638-5AC56FInsecure permissions for backup directory
TEMP-0805657-81BB13Missing bounds checking and verification of data type causes segfault
TEMP-0807341-84E914uses non-random tempdir /tmp/tmprepo.0/.git/
TEMP-0811308-B63DA1Multiple minor security issues
TEMP-0820594-BC6826out of bound read and write issues
TEMP-0825151-E80EFACSRF protection for POST requests
TEMP-0826101-4D75ECdoesn't remove metadata in embedded images in PDFs
TEMP-0827346-22ED59install-sh: insecure use of /tmp
TEMP-0827564-93E4E3Stack corruption from crafted pattern
TEMP-0830660-09AE85Insecure use of /tmp
TEMP-0832169-0F9220insecure default PATH
TEMP-0832283-698CF7cakephp: XML class SSRF vulnerability
TEMP-0833087-C5410Dbruteforcable challenge responses in unprotected logfile
TEMP-0840685-CEF76BTOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory
TEMP-0841257-B7CD60sendmail: Privilege escalation from group smmsp to root
TEMP-0846838-9738BDtiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing
TEMP-0850432-8BD66Fmultiple new security issues
TEMP-0853951-A77B7Biio-sensor-proxy: insecure dbus policy
TEMP-0855108-573218irssi memory leak
TEMP-0856648-2BC2C9dns: out of bound memory read
TEMP-0858058-10F346"Clean metadata" contextual menu silently fails
TEMP-0858739-A76227apt-cacher http response splitting

Search for package or bug name: Reporting problems