Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2016-1584In all versions of Unity8 a running but not active application on a la ...check proper tracking update
CVE-2016-20054Nodcms contains a cross-site request forgery vulnerability that allows ...check
CVE-2017-20239MDwiki contains a cross-site scripting vulnerability that allows remot ...check
CVE-2018-25246Wikipedia 12.0 contains a denial of service vulnerability that allows ...check
CVE-2018-25256IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SN ...check
CVE-2018-25257Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerabil ...check
CVE-2018-25258RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI p ...check
CVE-2019-25338DokuWiki 2018-04-22b contains a username enumeration vulnerability in ...check upstream status
CVE-2019-25355gSOAP 2.8 contains a directory traversal vulnerability that allows una ...check upstream status
CVE-2019-25485R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the ...check
CVE-2019-25656R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI ...check
CVE-2019-25657AnyBurn 4.3 x86 contains a denial of service vulnerability that allows ...check
CVE-2019-25658a-Mac Address Change 5.4 contains a local buffer overflow vulnerabilit ...check
CVE-2019-25659ASPRunner Professional 6.0.766 contains a local buffer overflow vulner ...check
CVE-2019-25660LanHelper 1.74 contains a local buffer overflow vulnerability that all ...check
CVE-2019-25661Remote Process Explorer 1.0.0.16 contains a local buffer overflow vuln ...check
CVE-2019-25662ResourceSpace 8.6 contains an SQL injection vulnerability that allows ...check
CVE-2019-25663SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows aut ...check
CVE-2019-25664SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in t ...check
CVE-2019-25665River Past Ringtone Converter 2.7.6.1601 contains a local buffer overf ...check
CVE-2019-25666SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in th ...check
CVE-2019-25667TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that ...check
CVE-2019-25668News Website Script 2.0.5 contains an SQL injection vulnerability that ...check
CVE-2019-25669qdPM 9.1 contains an SQL injection vulnerability that allows attackers ...check
CVE-2019-25670River Past Video Cleaner 7.6.3 contains a structured exception handler ...check
CVE-2019-25671VA MAX 8.3.4 contains a remote code execution vulnerability that allow ...check
CVE-2019-25672PilusCart 1.4.1 contains a SQL injection vulnerability that allows una ...check
CVE-2019-25677WinRAR 5.61 contains a denial of service vulnerability that allows loc ...check
CVE-2019-25683FileZilla 3.40.0 contains a denial of service vulnerability in the loc ...check
CVE-2019-25689HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerabilit ...check
CVE-2019-25691Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerab ...check
CVE-2019-25693ResourceSpace 8.6 contains an SQL injection vulnerability that allows ...check
CVE-2019-25695R 3.4.4 contains a local buffer overflow vulnerability that allows att ...check
CVE-2019-25697CMSsite 1.0 contains an SQL injection vulnerability that allows unauth ...check
CVE-2019-25699Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabil ...check
CVE-2019-25701Easy Video to iPod Converter 1.6.20 contains a local buffer overflow v ...check
CVE-2019-25703ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerabil ...check
CVE-2019-25705Echo Mirage 3.1 contains a stack buffer overflow vulnerability that al ...check
CVE-2019-25706Across DR-810 contains an unauthenticated file disclosure vulnerabilit ...check
CVE-2020-36968M/Monit 3.7.4 contains an authentication vulnerability that allows aut ...check, unclear upstream status
CVE-2020-36969M/Monit 3.7.4 contains a privilege escalation vulnerability that allow ...check, unclear upstream status
CVE-2020-37011Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability tha ...check, unclear upstream status. Doesn't reproduce with the version in trixie
CVE-2020-37038Code Blocks 20.03 contains a denial of service vulnerability that allo ...check, possibly just DoS of application and unimportant
CVE-2020-37040Code Blocks 17.12 contains a local buffer overflow vulnerability that ...check, might be Windows specific issue
CVE-2020-37167ClamAV versions prior to 0.103.0-rc contain a vulnerability in functio ...check upstream status
CVE-2020-37182Redir 3.3 contains a stack overflow vulnerability in the doproxyconnec ...check details
CVE-2021-4473Tianxin Internet Behavior Management System contains a command injecti ...check
CVE-2021-26381Improper system call parameter validation in the Trusted OS may allow ...check
CVE-2021-26410Improper syscall input validation in ASP (AMD Secure Processor) may fo ...check
CVE-2021-47793Telegram Desktop 2.9.2 contains a denial of service vulnerability that ...check
CVE-2022-23538github.com/sylabs/scs-library-client is the Go client for the Singular ...check details, might as well affect golang-github-apptainer-container-library-client
CVE-2022-50942Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerab ...check status upstream
CVE-2023-20514Improper handling of parameters in the AMD Secure Processor (ASP) coul ...check
CVE-2023-20548A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ...check
CVE-2023-20601Improper input validation within RAS TA Driver can allow a local attac ...check
CVE-2023-26044react/http is an event-driven, streaming HTTP client and server implem ...check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected
CVE-2023-31313An unintended proxy or intermediary in the AMD power management firmwa ...check
CVE-2023-31324A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ...check
CVE-2023-31364Improper handling of direct memory writes in the input-output memory m ...check
CVE-2023-49316In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ...check if affecting ldap-account-manager or unused path
CVE-2023-50251php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50252php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50262Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...check sources embedding php-dompdf if affected
CVE-2024-1490An authenticated remote attacker with high privileges can exploit the ...check
CVE-2024-21953Improper input validation in IOMMU could allow a malicious hypervisor ...check
CVE-2024-22420JupyterLab is an extensible environment for interactive and reproducib ...check completeness, src:jupyter-notebook?
CVE-2024-22421JupyterLab is an extensible environment for interactive and reproducib ...check completeness, src:jupyter-notebook?
CVE-2024-36057Koha Library before 23.05.10 fails to sanitize user-controllable filen ...check
CVE-2024-36058The Send Basket functionality in Koha Library before 23.05.10 is susce ...check
CVE-2024-36310Improper input validation in the SMM communications buffer could allow ...check
CVE-2024-36311A Time-of-check time-of-use (TOCTOU) race condition in the SMM communi ...check
CVE-2024-36316The integer overflow vulnerability within AMD Graphics driver could al ...check
CVE-2024-36324Improper input validation in AMD Graphics Driver could allow an attack ...check
CVE-2024-54192An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial ...check
CVE-2025-0012Improper handling of overlap between the segmented reverse map table ( ...check
CVE-2025-0029Improper handling of error condition during host-induced faults can al ...check
CVE-2025-0031A use after free in the SEV firmware could allow a malicous hypervisor ...check
CVE-2025-4382A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ...double check if vulnerability only considered present after grub_is_cli_disabled is introduced
CVE-2025-6499A vulnerability classified as problematic was found in vstakhov libucl ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2025-8671A mismatch caused by client-triggered server-sent stream resets betwee ...check, some projects will assign own CVEs and should then be covered under that specific CVE instead
CVE-2025-8941A flaw was found in linux-pam. The pam_namespace module may improperly ...check likely RedHat specific incomplete fix for CVE-2025-6020, but asked to pinpoint incomplete fixes
CVE-2025-11010A vulnerability has been found in vstakhov libucl up to 0.9.2. Affecte ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2025-11147Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ...clarifying with reporter and Eduard Bloch on the issue.
CVE-2025-13926An attacker could use data obtained by sniffing the network traffic to ...check
CVE-2025-14551In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credent ...check
CVE-2025-15480In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensiti ...check
CVE-2025-15569A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The im ...check
CVE-2025-29939Improper access control in secure encrypted virtualization (SEV) could ...check
CVE-2025-29946Insufficient or Incomplete Data Removal in Hardware Component in SEV f ...check
CVE-2025-29948Improper access control in AMD Secure Encrypted Virtualization (SEV) f ...check
CVE-2025-29952Improper Initialization within the AMD Secure Encrypted Virtualization ...check
CVE-2025-39666Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 befor ...check
CVE-2025-45806A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2 ...check
CVE-2025-52908An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...check
CVE-2025-52909An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...check
CVE-2025-58064CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...check
CVE-2025-60796phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting ( ...check, possibly not reported upstream
CVE-2025-60797phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ...check, possibly not reported upstream
CVE-2025-60798phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ...check, possibly not reported upstream
CVE-2025-60799phpPgAdmin 7.13.0 and earlier contains an incorrect access control vul ...check, possibly not reported upstream
CVE-2025-61261A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1 ...check
CVE-2025-61982An arbitrary code execution vulnerability exists in the Code Stream di ...check upstream status
CVE-2025-62818An issue was discovered in Samsung Mobile Processor, Wearable Processo ...check
CVE-2025-65102PJSIP is a free and open source multimedia communication library. Prio ...check, might affect asterisk and ring
CVE-2025-65865An integer overflow in eProsima Fast-DDS v3.3 allows attackers to caus ...check https://gist.github.com/lkloliver/7aa48cb9fc7a1dd74cb595212bb69d33, unclear if reported upstream
CVE-2025-66442In Mbed TLS through 4.0.0, there is a compiler-induced timing side cha ...No fix is available for this issue, check if it will be considered upstream
CVE-2025-66578xmlseclibs is a library written in PHP for working with XML Encryption ...check
CVE-2025-67108eProsima Fast-DDS v3.3 was discovered to contain improper validation f ...check https://gist.github.com/lkloliver/81b5d5a8328d712dbfd497bf11dbe913, unclear if reported upstream
CVE-2025-69534Python-Markdown version 3.8 contain a vulnerability where malformed HT ...Asking whether it really needs a backport: https://bugs.debian.org/1131896
CVE-2025-69720The infocmp command-line tool in ncurses before 6.5-20251213 has a sta ...check upstream status
CVE-2025-69969A lack of authentication and authorization mechanisms in the Bluetooth ...check
CVE-2025-70810Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allow ...check
CVE-2025-70811Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allow ...check
CVE-2025-70887An issue in ralphje Signify before v.0.9.2 allows a remote attacker to ...check
CVE-2026-0708A flaw was found in libucl. A remote attacker could exploit this by pr ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2026-1703When pip is installing and extracting a maliciously crafted wheel arch ...check as well pipenv
CVE-2026-2950Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototy ...check fixing commit details
CVE-2026-3650A memory leak exists in the Grassroots DICOM library (GDCM). The bug o ...check, vague report from Red Hat, no upstream details
CVE-2026-4833A weakness has been identified in Orc discount up to 3.0.1.2. This iss ...check libtext-markdown-discount-perl, ruby-rdiscount, cantor, embedding discount; check if security impact present
CVE-2026-22675OCS Inventory NG Server version 2.12.3 and prior contain a stored cros ...check
CVE-2026-22739Vulnerability in Spring Cloud when substituting the profile parameter ...check
CVE-2026-23940Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm a ...check
CVE-2026-25701An Insecure Temporary File vulnerability in openSUSE sdbootutil allows ...check
CVE-2026-25702A Improper Access Control vulnerability in the kernel of SUSE SUSE Lin ...check
CVE-2026-25704A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCT ...check
CVE-2026-26200HDF5 is software for managing data. Prior to version 1.14.4-2, an atta ...check details, said to be fixed in 1.14.4-2 upstream
CVE-2026-26477An issue in Dokuwiki v.2025-05-14b "Librarian" [56.2] allows a remote ...check upstream details and replace note with upstream reference
CVE-2026-26740Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attack ...check report upstream
CVE-2026-27586Caddy is an extensible server platform that uses TLS by default. Prior ...check, introducing version
CVE-2026-27704The Dart and Flutter SDKs provide software development kits for the Da ...check
CVE-2026-27738The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-27739The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-27970Angular is a development platform for building mobile and desktop web ...check status for older versions
CVE-2026-28343CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...check
CVE-2026-28687ImageMagick is free and open-source software used for editing and mani ...For imagemagick6 superseded by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete
CVE-2026-28687ImageMagick is free and open-source software used for editing and mani ...Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41)
CVE-2026-28688ImageMagick is free and open-source software used for editing and mani ...For imagemagick6 by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete
CVE-2026-28688ImageMagick is free and open-source software used for editing and mani ...Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41)
CVE-2026-29022dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) ...qtads, dosbox-x, roc-toolkit, octave-ltfat, faudio bundle a copy, check security impact
CVE-2026-29043HDF5 is software for managing data. In 1.14.1-2 and earlier, an attack ...check
CVE-2026-30478A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer ...check
CVE-2026-30479A Dynamic-link Library Injection vulnerability in OSGeo Project MapSer ...check
CVE-2026-31053A double free vulnerability exists in librz/bin/format/le/le.c in the ...check
CVE-2026-32313xmlseclibs is a library written in PHP for working with XML Encryption ...check
CVE-2026-32600xml-security is a library that implements XML signatures and encryptio ...check
CVE-2026-32635Angular is a development platform for building mobile and desktop web ...check status for older versions
CVE-2026-32836dr_libsdr_flac.h version 0.13.3 and earlier contain an uncontrolled me ...check
CVE-2026-33397The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-33872elixir-nodejs provides an Elixir API for calling Node.js functions. A ...check
CVE-2026-34054vcpkg is a free and open-source C/C++ package manager. Prior to versio ...check
CVE-2026-34240JOSE is a Javascript Object Signing and Encryption (JOSE) library. Pri ...check
CVE-2026-35554A race condition in the Apache Kafka Java producer client\u2019s buffe ...check
CVE-2026-39860Nix is a package manager for Linux and other Unix systems. A bug in th ...check, potentially affecting guix if same issue in backporting fix for CVE-2024-2729
CVE-2026-40394Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 a ...check
Search for package or bug name: Reporting problems