Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2016-6154The authentication applet in Watchguard Fireware 11.11 Operating Syste ...check
CVE-2017-11750The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 an ...check if patch simplifying patch applied in any suite
CVE-2017-14201Use After Free vulnerability in the Zephyr shell allows a serial or te ...check
CVE-2017-14202Improper Restriction of Operations within the Bounds of a Memory Buffe ...check
CVE-2017-18240The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownersh ...check
CVE-2018-11198An issue was discovered in Mautic 2.13.1. There is Stored XSS via the ...check
CVE-2018-11200An issue was discovered in Mautic 2.13.1. It has Stored XSS via the co ...check
CVE-2018-11569Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deseri ...check
CVE-2018-13367An information exposure vulnerability in FortiOS 6.2.0 and below may a ...check
CVE-2018-14062The COSPAS-SARSAT protocol allows remote attackers to forge messages, ...check
CVE-2018-15510Cross-site scripting (XSS) vulnerability in the 'Certificate' feature ...check
CVE-2018-15511Cross-site scripting (XSS) vulnerability in the 'Notification template ...check
CVE-2018-15512Cross-site scripting (XSS) vulnerability in the 'Authorisation Service ...check
CVE-2018-15513Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs o ...check
CVE-2018-16873In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is ...check other versions
CVE-2018-16874In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is ...check other versions
CVE-2018-16875The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 d ...check other versions
CVE-2018-16981stb stb_image.h 2.19, as used in catimg, Emscripten, and other product ...further check, stb_image.h in older version is embedded in src:catimg
CVE-2018-17789Prospecta Master Data Online (MDO) allows CSRF. ...check
CVE-2018-17791Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an " ...check
CVE-2018-18056An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E an ...check
CVE-2018-18370The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connecti ...check
CVE-2018-18371The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connecti ...check
CVE-2018-18572osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...check
CVE-2018-18573osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...check
CVE-2018-18630A vulnerability was found in McKesson Cardiology product 13.x and 14.x ...check
CVE-2018-18653The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Se ...check, this should be very Ubuntu specific, but it is introduced with the out-of-tree patch from the Lockdown patchset https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/cosmic/commit/?id=03c7de9e956395f3b36f86f89b62780ad9501eef and so possibly affect our kernel as well in some way.
CVE-2018-18668GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to injec ...check
CVE-2018-20336An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack ...check
CVE-2018-20871In Univa Grid Engine before 8.6.3, when configured for Docker jobs and ...check, might affect src:gridengine as well
CVE-2018-6240NVIDIA Tegra contains a vulnerability in BootRom where a user with ker ...check
CVE-2018-7081A remote code execution vulnerability is present in network-listening ...check
CVE-2018-7820A Credentials Management CWE-255 vulnerability exists in the APC UPS N ...check
CVE-2019-10059The legacy finger service (TCP port 79) is enabled by default on vario ...check
CVE-2019-1010091tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization ...check
CVE-2019-10214RESERVEDcheck, issue is in containers library, which is at least embedded in src:singularity-container
CVE-2019-1021920190910: Asked for more information in #1738673. (apo)
CVE-2019-10253A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ ...check
CVE-2019-10677Multiple Cross-Site Scripting (XSS) issues in the web interface on DAS ...check
CVE-2019-10687KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=r ...check
CVE-2019-10745assign-deep is vulnerable to Prototype Pollution in versions before 0. ...check
CVE-2019-10747set-value is vulnerable to Prototype Pollution in versions lower than ...check
CVE-2019-10753In all versions prior to version 3.9.6 for eclipse-wtp, all versions p ...check
CVE-2019-11013Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal ...check
CVE-2019-11166Improper file permissions in the installer for Intel(R) Easy Streaming ...check
CVE-2019-11209The realm configuration component of TIBCO Software Inc.'s TIBCO FTL C ...check
CVE-2019-11210The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime ...check
CVE-2019-11211The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime ...check
CVE-2019-11276Pivotal Apps Manager, included in Pivotal Application Service versions ...check
CVE-2019-11280Pivotal Apps Manager, included in Pivotal Application Service versions ...check
CVE-2019-11326An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver dev ...check
CVE-2019-11327An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver dev ...check
CVE-2019-11363A SQL injection vulnerability in Snare Central before 7.4.5 allows rem ...check
CVE-2019-11364An OS Command Injection vulnerability in Snare Central before 7.4.5 al ...check
CVE-2019-11457Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /chang ...check
CVE-2019-11464An issue was discovered in Couchbase Server 5.1.2 and 5.5.0. The http ...check
CVE-2019-11465An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6. ...check
CVE-2019-11466An issue was discovered in Couchbase Server 5.5.0 and 6.0.0. The Event ...check
CVE-2019-11467An issue was discovered in Couchbase Server 4.6.3 and 5.5.0. A JSON do ...check
CVE-2019-11476An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2 ...check
CVE-2019-11495Couchbase Server 5.1.1 generates insufficiently random numbers. The pr ...check
CVE-2019-11496An issue was discovered in Couchbase Server 5.0.0. Editing bucket sett ...check
CVE-2019-11497An issue was discovered in Couchbase Server 5.0.0. When creating a new ...check
CVE-2019-11559A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16 ...check
CVE-2019-11773Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which ma ...check
CVE-2019-11774Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop v ...check
CVE-2019-11777In the Eclipse Paho Java client library version 1.2.0, when connecting ...check
CVE-2019-11897A Server-Side Request Forgery (SSRF) vulnerability in the backup & ...check
CVE-2019-11924A peer could send empty handshake fragments containing only padding wh ...check
CVE-2019-12107The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd ...check, might affect minidlna
CVE-2019-12620A vulnerability in the statistics collection service of Cisco HyperFle ...check
CVE-2019-13140Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ...check
CVE-2019-13187The Rich Text Formatter (Redactor) extension through v1.1.1 for Sympho ...check
CVE-2019-13191A SQL injection vulnerability in IntraMaps MapControl 8 allows attacke ...check
CVE-2019-13456double check assessment and classification
CVE-2019-13464An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2 ...check
CVE-2019-13474TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110 ...check
CVE-2019-135383S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versi ...check
CVE-2019-135423S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all version ...check
CVE-2019-13550In WebAccess, versions 8.4.1 and prior, an improper authorization vuln ...check
CVE-2019-13552In WebAccess versions 8.4.1 and prior, multiple command injection vuln ...check
CVE-2019-13556In WebAccess versions 8.4.1 and prior, multiple stack-based buffer ove ...check
CVE-2019-13558In WebAccess versions 8.4.1 and prior, an exploit executed over the ne ...check
CVE-2019-14252An issue was discovered in the secure portal in Publisure 2.1.2. Once ...check
CVE-2019-14253An issue was discovered in servletcontroller in the secure portal in P ...check
CVE-2019-14254An issue was discovered in the secure portal in Publisure 2.1.2. Becau ...check
CVE-2019-14368Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage:: ...check
CVE-2019-14369Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 all ...check
CVE-2019-14370In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage: ...check
CVE-2019-14458VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of ...check
CVE-2019-14491An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. T ...check
CVE-2019-14492An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. T ...check
CVE-2019-14493An issue was discovered in OpenCV before 4.1.1. There is a NULL pointe ...check
CVE-2019-14513Improper bounds checking in Dnsmasq before 2.76 allows an attacker con ...Find the relevant isolated changes in the 2.76 release to address the issue.
CVE-2019-14911An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does n ...check
CVE-2019-14912An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does n ...check
CVE-2019-14913An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly ...check
CVE-2019-14914An issue was discovered in PRiSE adAS 1.7.0. The path is not properly ...check
CVE-2019-14915An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not ...check
CVE-2019-14916An issue was discovered in PRiSE adAS 1.7.0. A file's format is not pr ...check
CVE-2019-14982In Exiv2 before v0.27.2, there is an integer overflow vulnerability in ...check
CVE-2019-14994The Customer Context Filter in Atlassian Jira Service Desk Server and ...check
CVE-2019-15000The commit diff rest endpoint in Bitbucket Server and Data Center befo ...check
CVE-2019-15001The Jira Importers Plugin in Atlassian Jira Server and Data Cente from ...check
CVE-2019-15052The HTTP client in Gradle before 5.6 sends authentication credentials ...check
CVE-2019-15085An issue was discovered in PRiSE adAS 1.7.0. The current database pass ...check
CVE-2019-15086An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter ...check
CVE-2019-15087An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can ...check
CVE-2019-15088An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compa ...check
CVE-2019-15089An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protec ...check
CVE-2019-15138The html-pdf package 2.2.0 for Node.js has an arbitrary file read vuln ...check
CVE-2019-15139The XWD image (X Window System window dumping file) parsing component ...check
CVE-2019-15140coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to ca ...check
CVE-2019-15301A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.C ...check
CVE-2019-15486django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_ ...check, might actually only have been introduced in upstream v0.9.0 with commits around 9850b675e3d988341c05302df236a560f7985184
CVE-2019-15847The POWER9 backend in GNU Compiler Collection (GCC) before version 10 ...check
CVE-2019-15939An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero err ...check
CVE-2019-16224An issue was discovered in py-lmdb 0.97. For certain values of md_flag ...check
CVE-2019-16225An issue was discovered in py-lmdb 0.97. For certain values of mp_flag ...check
CVE-2019-16226An issue was discovered in py-lmdb 0.97. mdb_node_del does not validat ...check
CVE-2019-16227An issue was discovered in py_lmdb 0.97. For certain values of mn_flag ...check
CVE-2019-16228An issue was discovered in py-lmdb 0.97. There is a divide-by-zero err ...check
CVE-2019-16249OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core ...check
CVE-2019-16370The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algori ...check
CVE-2019-16655joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains av ...check
CVE-2019-16656joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP cod ...check
CVE-2019-16657TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrate ...check
CVE-2019-16658TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. ...check
CVE-2019-16659TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. ...check
CVE-2019-16660joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CS ...check
CVE-2019-16661Ogma CMS 0.5 has XSS via creation of a new blog. ...check
CVE-2019-16664An issue was discovered in ThinkSAAS 2.91. There is XSS via the index. ...check
CVE-2019-16665An issue was discovered in ThinkSAAS 2.91. There is XSS via the conten ...check
CVE-2019-16669The Reset Password feature in Pagekit 1.0.17 gives a different respons ...check
CVE-2019-1975A vulnerability in the web-based interface of Cisco HyperFlex Software ...check
CVE-2019-2103In Google Assistant in Android 9, there is a possible permissions bypa ...check
CVE-2019-2115In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2 ...check
CVE-2019-2389Incorrect scoping of kill operations in MongoDB Server's packaged SysV ...check
CVE-2019-3685Fails to adequately verify TLS certificates allowing for a man in the middle attackcheck, might affect only 0.165.0 through 0.165.2, but not earlier versions
CVE-2019-3738RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improp ...check
CVE-2019-3739RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Informati ...check
CVE-2019-3740RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Inform ...check
CVE-2019-3756RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information ...check
CVE-2019-3758RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper au ...check
CVE-2019-3759The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...check
CVE-2019-3760The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...check
CVE-2019-3761The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...check
CVE-2019-3763The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...check
CVE-2019-5042An exploitable Use-After-Free vulnerability exists in the way Function ...check
CVE-2019-5065An exploitable information disclosure vulnerability exists in the pack ...check
CVE-2019-5066An exploitable use-after-free vulnerability exists in the way LZW-comp ...check
CVE-2019-5067An uninitialized memory access vulnerability exists in the way Aspose. ...check
CVE-2019-5448Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Da ...check
CVE-2019-5456SMTP MITM refers to a malicious actor setting up an SMTP proxy server ...check
CVE-2019-5457Cross-site scripting (XSS) vulnerability in min-http-server (all versi ...check
CVE-2019-5458Cross-site scripting (XSS) vulnerability in http-file-server (all vers ...check
CVE-2019-5479An unintended require vulnerability in <v0.5.5 larvitbase-api may a ...check
CVE-2019-5480A path traversal vulnerability in <= v0.9.7 of statichttpserver npm ...check
CVE-2019-5483Seneca < 3.9.0 contains a vulnerability that could lead to exposing ...check
CVE-2019-5484Bower before 1.8.8 has a path traversal vulnerability permitting file ...check
CVE-2019-5485NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injec ...check
CVE-2019-5521VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...check
CVE-2019-5531VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to E ...check
CVE-2019-5532VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and ...check
CVE-2019-5534VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and ...check
CVE-2019-6007Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows ...check
CVE-2019-6010Integer overflow vulnerability in LINE(Android) from 4.4.0 to the vers ...check
CVE-2019-6145Forcepoint VPN Client for Windows versions lower than 6.6.1 have an un ...check
CVE-2019-6649F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 1 ...check
CVE-2019-6650F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1. ...check
CVE-2019-6809A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (fi ...check
CVE-2019-6810CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H E ...check
CVE-2019-6811An Improper Check for Unusual or Exceptional Conditions (CWE-754) vuln ...check
CVE-2019-6813A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...check
CVE-2019-6826A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVA ...check
CVE-2019-6828A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmw ...check
CVE-2019-6829A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (fi ...check
CVE-2019-6830A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all ...check
CVE-2019-6831A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...check
CVE-2019-6832A CWE-287: Authentication vulnerability exists in spaceLYnk (all versi ...check
CVE-2019-6833A CWE-754 – Improper Check for Unusual or Exceptional Conditions ...check
CVE-2019-6835A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion S ...check
CVE-2019-6836An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...check
CVE-2019-6837A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in ...check
CVE-2019-6838An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...check
CVE-2019-6839An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...check
CVE-2019-6840A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6 ...check
CVE-2019-8368OpenEMR v5.0.1-6 allows XSS. ...check
CVE-2019-8371OpenEMR v5.0.1-6 allows code execution. ...check
CVE-2019-9008An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A us ...check
CVE-2019-9009An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted ...check
CVE-2019-9248In the Android kernel in the FingerTipS touchscreen driver there is a ...check
CVE-2019-9254In readArgumentList of zygote.java in Android 10, there is a possible ...check
CVE-2019-9270In the Android kernel in unifi and r8180 WiFi drivers there is a possi ...check
CVE-2019-9271In the Android kernel in the mnh driver there is a race condition due ...check
CVE-2019-9273In the Android kernel in the synaptics_dsx_htc touchscreen driver ther ...check
CVE-2019-9274In the Android kernel in the mnh driver there is a possible out of bou ...check
CVE-2019-9275In the Android kernel in the mnh driver there is a use after free due ...check
CVE-2019-9276In the Android kernel in the synaptics_dsx_htc touchscreen driver ther ...check
CVE-2019-9345In the Android kernel in sdcardfs there is a possible violation of the ...check
CVE-2019-9441In the Android kernel in the mnh driver there is a possible out of bou ...check
CVE-2019-9442In the Android kernel in the mnh driver there is possible memory corru ...check
CVE-2019-9443In the Android kernel in the vl53L0 driver there is a possible out of ...check
CVE-2019-9444In the Android kernel in sync debug fs driver there is a kernel pointe ...check
CVE-2019-9449In the Android kernel in FingerTipS touchscreen driver there is a poss ...check
CVE-2019-9450In the Android kernel in the FingerTipS touchscreen driver there is a ...check
CVE-2019-9451In the Android kernel in the touchscreen driver there is a possible ou ...check
CVE-2019-9452In the Android kernel in SEC_TS touch driver there is a possible out o ...check
CVE-2019-9461In the Android kernel in VPN routing there is a possible information d ...check
CVE-2019-9677The specific fields of CGI interface of some Dahua products are not st ...check
CVE-2019-9678Some Dahua products have the problem of denial of service during the l ...check
CVE-2019-9679Some of Dahua's Debug functions do not have permission separation. Low ...check
CVE-2019-9680Some Dahua products have information leakage issues. Attackers can obt ...check
CVE-2019-9681Online upgrade information in some firmware packages of Dahua products ...check
CVE-2019-9717In Libav 12.3, a denial of service in the subtitle decoder allows atta ...check
CVE-2019-9719A stack-based buffer overflow in the subtitle decoder in Libav 12.3 al ...check
CVE-2019-9720A stack-based buffer overflow in the subtitle decoder in Libav 12.3 al ...check
CVE-2019-9946Cloud Native Computing Foundation (CNCF) CNI (Container Networking Int ...singularity-container seems to embed as well a copy of cni
CVE-2019-9959The JPXStream::init function in Poppler 0.78.0 and earlier doesn't che ...check
Search for package or bug name: Reporting problems