Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2018-11432The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows rem ...check, likely fixed before initial Upload to Debian
CVE-2018-11433The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 a ...check, likely fixed before initial Upload to Debian
CVE-2018-11434The buffer_fill64 function in compression.c in Libmobi 0.3 allows remo ...check, likely fixed before initial Upload to Debian
CVE-2018-11435The mobi_decompress_huffman_internal function in compression.c in Libm ...check, likely fixed before initial Upload to Debian
CVE-2018-11436The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote at ...check, likely fixed before initial Upload to Debian
CVE-2018-11437The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 al ...check, likely fixed before initial Upload to Debian
CVE-2018-11438The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allo ...check, likely fixed before initial Upload to Debian
CVE-2020-0478In extend_frame_lowbd of restoration.c, there is a possible out of bou ...check if ebba9c769be2c99d5396d0018901e9a4af5e2d2c is the needed commit
CVE-2020-12890Improper handling of pointers in the System Management Mode (SMM) hand ...check
CVE-2020-12980An out of bounds write and read vulnerability in the AMD Graphics Driv ...check
CVE-2020-12981An insufficient input validation in the AMD Graphics Driver for Window ...check
CVE-2020-12982An invalid object pointer free vulnerability in the AMD Graphics Drive ...check
CVE-2020-12983An out of bounds write vulnerability in the AMD Graphics Driver for Wi ...check
CVE-2020-12985An insufficient pointer validation vulnerability in the AMD Graphics D ...check
CVE-2020-12986An insufficient pointer validation vulnerability in the AMD Graphics D ...check
CVE-2020-12987A heap information leak/kernel pool address disclosure vulnerability i ...check
CVE-2020-14107A stack overflow in the HTTP server of Cast can be exploited to make t ...check
CVE-2020-19611Cross Site Scripting (XSS) in redirect module of Racktables version 0. ...check
CVE-2020-19716A buffer overflow vulnerability in the Databuf function in types.cpp o ...check, unclear if fixed or not, upstream cannot reproduce as well in 0.27.1 as reported
CVE-2020-19858Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerabilit ...check
CVE-2020-20597A cross-site scripting (XSS) vulnerability in the potrtalItemName para ...check
CVE-2020-20598A cross-site scripting (XSS) vulnerability in the Editing component of ...check
CVE-2020-23026A NULL pointer dereference in the main() function dhry_1.c of dhryston ...check
CVE-2020-23914An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer ...retroarch and salmon embed peglib, check if it's actually a security issue
CVE-2020-23915An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_es ...retroarch and salmon embed peglib, check if it's actually a security issue
CVE-2020-23986Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 w ...check
CVE-2020-25467A null pointer dereference was discovered lzo_decompress_buf in stream ...check fixing commit
CVE-2020-25646A flaw was found in Ansible Collection community.crypto. openssl_priva ...check
CVE-2021-1035In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, ...check
CVE-2021-1036In LocationSettingsActivity of AndroidManifest.xml, there is a possibl ...check
CVE-2021-1037The broadcast that DevicePickerFragment sends when a new device is pai ...check
CVE-2021-3681RESERVEDcheck, needs verifying the affected ansible/ansible-base components
CVE-2021-3746A flaw was found in the libtpms code that may cause access beyond the ...check, might only affect the upstream stable-0.6 branch and not an issue in src:libtpms in any released version in Debian
CVE-2021-3773RESERVEDfill in tracking details
CVE-2021-3815utils.js is vulnerable to Improperly Controlled Modification of Object ...check
CVE-2021-3816Cacti 1.1.38 allows authenticated users with User Management permissio ...check
CVE-2021-3836dbeaver is vulnerable to Improper Restriction of XML External Entity R ...check
CVE-2021-3866Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip p ...check
CVE-2021-4172Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ...check
CVE-2021-20157It is possible for an unauthenticated, malicious user to force the dev ...check
CVE-2021-20315locking protection bypass allow unauthorized user to kill existing applications or start new onescheck, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams
CVE-2021-20330An attacker with basic CRUD permissions on a replicated collection can ...check
CVE-2021-21897A code execution vulnerability exists in the DL_Dxf::handleLWPolylineD ...check, horizon-eda, cloudcompare, kicad embedds it, but needs to check if actually used and issue affects those
CVE-2021-22060In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older ...check
CVE-2021-22565An attacker could prematurely expire a verification code, making it un ...check
CVE-2021-22566An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead ...check
CVE-2021-22567Bidirectional Unicode text can be interpreted and compiled differently ...check
CVE-2021-22568When using the dart pub publish command to publish a package to a thir ...check
CVE-2021-23225Cacti 1.1.38 allows authenticated users with User Management permissio ...check
CVE-2021-23244ColorOS pregrant dangerous permissions to apps which are listed in a w ...check
CVE-2021-23450All versions of package dojo are vulnerable to Prototype Pollution via ...check
CVE-2021-23460The package min-dash before 3.8.1 are vulnerable to Prototype Pollutio ...check
CVE-2021-23463The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vuln ...check, might not affect versions in Debian
CVE-2021-23490The package parse-link-header before 2.0.0 are vulnerable to Regular E ...check
CVE-2021-23514This affects the package Crow before 0.3+4. It is possible to traverse ...check
CVE-2021-23518The package cached-path-relative before 1.1.0 are vulnerable to Protot ...check
CVE-2021-23543All versions of package realms-shim are vulnerable to Sandbox Bypass v ...check
CVE-2021-23561All versions of package comb are vulnerable to Prototype Pollution via ...check
CVE-2021-23566The package nanoid before 3.1.31 are vulnerable to Information Exposur ...check
CVE-2021-23567The package colors after 1.4.0 are vulnerable to Denial of Service (Do ...check
CVE-2021-23568The package extend2 before 1.0.1 are vulnerable to Prototype Pollution ...check
CVE-2021-23574All versions of package js-data are vulnerable to Prototype Pollution ...check
CVE-2021-23594All versions of package realms-shim are vulnerable to Sandbox Bypass v ...check
CVE-2021-23631This affects all versions of package convert-svg-core; all versions of ...check
CVE-2021-23639The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execu ...check
CVE-2021-23663All versions of package sey are vulnerable to Prototype Pollution via ...check
CVE-2021-23664The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to ...check
CVE-2021-23700All versions of package merge-deep2 are vulnerable to Prototype Pollut ...check
CVE-2021-23772This affects all versions of package github.com/kataras/iris; all vers ...check
CVE-2021-23797All versions of package http-server-node are vulnerable to Directory T ...check
CVE-2021-23824This affects the package Crow before 0.3+4. When using attributes with ...check
CVE-2021-23842Communication to the AMC2 uses a state-of-the-art cryptographic algori ...check
CVE-2021-24041A missing bounds check in image blurring code prior to WhatsApp for An ...check
CVE-2021-24042The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp ...check
CVE-2021-24044By passing invalid javascript code where await and yield were called u ...check
CVE-2021-24045A type confusion vulnerability could be triggered when resolving the " ...check
CVE-2021-24046A logic flaw in Ray-Ban® Stories device software allowed some par ...check
CVE-2021-25993In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected b ...check
CVE-2021-26247As an unauthenticated remote user, visit "http://<CACTI_SERVER>/ ...check
CVE-2021-26318A timing and power-based side channel attack leveraging the x86 PREFET ...check details and if mitigation in microcode/kernel exists
CVE-2021-26340A malicious hypervisor in conjunction with an unprivileged attacker pr ...check
CVE-2021-26706An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x an ...check
CVE-2021-28021Buffer overflow vulnerability in function stbi__extend_receive in stb_ ...check libstb itself, and various packages embedd a copy
CVE-2021-28680The devise_masquerade gem before 1.3 allows certain attacks when a pas ...check
CVE-2021-29632In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before ...check
CVE-2021-30313Use after free condition can occur in wired connectivity due to a race ...check
CVE-2021-30330Possible null pointer dereference due to improper validation of APE cl ...check
CVE-2021-30348Improper validation of LLM utility timers availability can lead to den ...check
CVE-2021-30360Users have access to the directory where the installation repair occur ...check
CVE-2021-30636In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corrup ...check
CVE-2021-31821When the Windows Tentacle docker image starts up it logs all the comma ...check
CVE-2021-32039Users with appropriate file access may be able to access unencrypted u ...check
CVE-2021-32686PJSIP is a free and open source multimedia communication library writt ...check, might affect in impact src:ring
CVE-2021-33178The Manage Backgrounds functionality within NagVis versions prior to 1 ...check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/
CVE-2021-33194golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows atta ...check completeness
CVE-2021-33827The files_antivirus component before 1.0.0 for ownCloud allows OS Comm ...check
CVE-2021-33828The files_antivirus component before 1.0.0 for ownCloud mishandles the ...check
CVE-2021-34401NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVG ...check
CVE-2021-34402NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, w ...check
CVE-2021-34403NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, whi ...check
CVE-2021-34404Android images for T210 provided by NVIDIA contain a vulnerability in ...check
CVE-2021-34405NVIDIA Linux distributions contain a vulnerability in TrustZone’ ...check
CVE-2021-34406NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a ...check
CVE-2021-34426A vulnerability was discovered in the Keybase Client for Windows befor ...check
CVE-2021-35093Possible memory corruption in BT controller when it receives an oversi ...check
CVE-2021-36094It's possible to craft a request for appointment edit screen, which co ...check, 6.1.2-1 claims to fix the issue through the znuny codebase
CVE-2021-36096Generated Support Bundles contains private S/MIME and PGP keys if cont ...check, 6.1.2-1 claims to fix the issue through the znuny codebase
CVE-2021-36133The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ...check
CVE-2021-36779A Improper Access Control vulnerability inf SUSE Longhorn allows any w ...check
CVE-2021-36780A Improper Access Control vulnerability in longhorn of SUSE Longhorn a ...check
CVE-2021-36781A Incorrect Default Permissions vulnerability in the parsec package of ...check
CVE-2021-37298Laravel v5.1 was discovered to contain a deserialization vulnerability ...check, unclear status of report to upstream
CVE-2021-37706PJSIP is a free and open source multimedia communication library writt ...check, might affect in impact src:ring
CVE-2021-37862Mattermost 6.0 and earlier fails to sufficiently validate the email ad ...check
CVE-2021-37863Mattermost 6.0 and earlier fails to sufficiently validate parameters d ...check
CVE-2021-37864Mattermost 6.1 and earlier fails to sufficiently validate permissions ...check
CVE-2021-37865Mattermost 6.2 and earlier fails to sufficiently process a specificall ...check
CVE-2021-37866Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a ses ...check
CVE-2021-37867Mattermost Boards plugin v0.10.0 and earlier fails to protect email ad ...check
CVE-2021-37940An information disclosure via GET request server-side request forgery ...check
CVE-2021-37941A local privilege escalation issue was found with the APM Java agent, ...check
CVE-2021-38576A BIOS bug in firmware for a particular PC model leaves the Platform a ...check
CVE-2021-38783There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK ...check
CVE-2021-38784There is a NULL pointer dereference in the syscall open_exec function ...check
CVE-2021-38785There is a NULL pointer deference in the Allwinner R818 SoC Android Q ...check
CVE-2021-38786There is a NULL pointer dereference in media/libcedarc/vdecoder of All ...check
CVE-2021-38787There is an integer overflow in the ION driver "/dev/ion" of Allwinner ...check
CVE-2021-38788The Background service in Allwinner R818 SoC Android Q SDK V1.0 is use ...check
CVE-2021-38789Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect acce ...check
CVE-2021-39306A stack buffer overflow was discovered on Realtek RTL8195AM device bef ...check
CVE-2021-39623In doRead of SimpleDecodingSource.cpp, there is a possible out of boun ...check
CVE-2021-39659In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, ...check
CVE-2021-39880A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ...reach out for details
CVE-2021-39892In all versions of GitLab CE/EE since version 12.0, a lower privileged ...check
CVE-2021-39939An uncontrolled resource consumption vulnerability in GitLab Runner af ...check
CVE-2021-41055Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a ...double-check correctness for tracking of source package, underlying issue is fixed in python-nbxmpp
CVE-2021-41265Flask-AppBuilder is a development framework built on top of Flask. Ver ...check
CVE-2021-41495Null Pointer Dereference vulnerability exists in numpy.sort in NumPy & ...check for classification/severity
CVE-2021-41789In wifi driver, there is a possible system crash due to a missing vali ...check
CVE-2021-41867An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ...check details, exact fixing commits unclear
CVE-2021-41868OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ...check details, exact fixing commits unclear
CVE-2021-42810A flaw in the previous versions of the product may allow an authentica ...check
CVE-2021-43399The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-s ...check
CVE-2021-43415HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, w ...check
CVE-2021-43802Etherpad is a real-time collaborative editor. In versions prior to 1.8 ...check
CVE-2021-43804PJSIP is a free and open source multimedia communication library writt ...check, might affect in impact src:ring
CVE-2021-43809`Bundler` is a package for managing application dependencies in Ruby. ...check
CVE-2021-43837vault-cli is a configurable command-line interface tool (and python li ...check
CVE-2021-43840message_bus is a messaging bus for Ruby processes and web clients. In ...check
CVE-2021-43845PJSIP is a free and open source multimedia communication library. In v ...check, might affect in impact src:ring
CVE-2021-44537ownCloud owncloud/client before 2.9.2 allows Resource Injection by a s ...check
CVE-2021-44548An Improper Input Validation vulnerability in DataImportHandler of Apa ...check
CVE-2021-44647Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcname ...check older versions if issue is present, reproducer do not crash, but needs inspection of the code yet
CVE-2021-45260A null pointer dereference vulnerability exists in gpac 1.1.0 in the l ...check, fixing commit, cf. https://github.com/gpac/gpac/issues/1979#issuecomment-992471979
CVE-2021-45394An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can ...check
CVE-2021-45761ROPium v3.1 was discovered to contain an invalid memory address derefe ...check
CVE-2021-45829HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denia ...check
CVE-2021-45830A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via ...check
CVE-2021-45832A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at ...check
CVE-2021-45833A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ...check
CVE-2021-45926MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
CVE-2021-45927MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
CVE-2021-45930Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-o ...check if impact present for qt4-x11, furthermore while fixed in 5.12.12 it is not in 5.15.y.
CVE-2021-45931HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t:: ...check correctness of commit, might not affect any Debian released version
CVE-2021-45940libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in _ ...check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started
CVE-2021-45941libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started
CVE-2021-45958UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based buffer ove ...claimed to be fixed in range https://github.com/ultrajson/ultrajson/compare/e3ccc5a1ff945275106d9323c00683fafeffc04a...682c6601569980e9a8a05378d3c1478db30384bc which seem to indicate the fuzzing did not really was helpful and CVE is bogus
CVE-2021-46020An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can ...check details
CVE-2021-46242HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the ...check
CVE-2021-46243An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1- ...check
CVE-2021-46244A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the functi ...check
CVE-2022-0219Improper Restriction of XML External Entity Reference in GitHub reposi ...check
CVE-2022-21646SpiceDB is a database system for managing security-critical applicatio ...check
CVE-2022-21653Jawn is an open source JSON parser. Extenders of the `org.typelevel.ja ...check
CVE-2022-21668pipenv is a Python development workflow tool. Starting with version 20 ...check
CVE-2022-21672make-ca is a utility to deliver and manage a complete PKI configuratio ...check
CVE-2022-21675Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Ver ...check
CVE-2022-21676Engine.IO is the implementation of transport-based cross-browser/cross ...check
CVE-2022-21680Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...check
CVE-2022-21681Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...check
CVE-2022-21685Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...check
CVE-2022-21700Micronaut is a JVM-based, full stack Java framework designed for build ...check
CVE-2022-21704log4js-node is a port of log4js to node.js. In affected versions defau ...check
CVE-2022-21708graphql-go is a GraphQL server with a focus on ease of use. In version ...check
CVE-2022-22820Due to the lack of media file checks before rendering, it was possible ...check
CVE-2022-23131In the case of instances where the SAML SSO authentication is enabled ...check, possibly only affecting 5.4.0 onwards
TEMP-0000000-DD73A0Unexpected database bindings via requests (follow-up)check php-illuminate-database and CVE assignment

Search for package or bug name: Reporting problems