Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2010-5298Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL ...double check
CVE-2011-2844Google Chrome before 14.0.835.163 does not properly process MP3 files, ...check ffmpeg, http://src.chromium.org/viewvc/chrome?view=rev&revision=88382
CVE-2011-2896The LZW decompressor in the LWZReadByte function in giftoppm.c in the ...There's more: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2896
CVE-2011-3923struts ParameterInterceptor remote code executioncheck
CVE-2011-5034Apache Geronimo 2.2.1 and earlier computes hash values for form ...check
CVE-2011-5277Multiple SQL injection vulnerabilities in signature.php in the ...check
CVE-2011-5278SQL injection vulnerability in signature.php in Advanced Forum ...check
CVE-2012-1834Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head ...check
CVE-2012-4920Directory traversal vulnerability in the zing_forum_output function in ...check
CVE-2012-4921Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS ...check
CVE-2012-6642Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows ...check
CVE-2012-6643Multiple SQL injection vulnerabilities in the update_counter function ...check
CVE-2012-6644Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 ...check
CVE-2012-6645Cross-site scripting (XSS) vulnerability in the autocomplete ...check
CVE-2013-0740Open redirect vulnerability in Dell OpenManage Server Administrator ...check
CVE-2013-1442Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not ...check, see NOTE
CVE-2013-2287Multiple cross-site scripting (XSS) vulnerabilities in ...check
CVE-2013-2693Cross-site request forgery (CSRF) vulnerability in the Options in the ...check
CVE-2013-2699Cross-site request forgery (CSRF) vulnerability in the ...check
CVE-2013-2706Cross-site request forgery (CSRF) vulnerability in the Stream Video ...check
CVE-2013-2708Cross-site request forgery (CSRF) vulnerability in the Content Slide ...check
CVE-2013-2809The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for ...check
CVE-2013-2828The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for ...check
CVE-2013-3251Cross-site request forgery (CSRF) vulnerability in the qTranslate ...check
CVE-2013-3252Cross-site request forgery (CSRF) vulnerability in the options admin ...check
CVE-2013-3587RESERVEDcheck
CVE-2013-3630Moodle through 2.5.2 allows remote authenticated administrators to ...check, bug is currently private
CVE-2013-3930Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows ...check
CVE-2013-4701Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows ...check, potentially also simplesamlphp, typo3-src and wordpress-openid (including a Auth/Yadis/XML.php in source)
CVE-2013-4768The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote ...check
CVE-2013-4795Cross-site scripting (XSS) vulnerability in the Submitters list in ...check
CVE-2013-5185The ldapsearch command-line program in OpenLDAP in Apple Mac OS X ...ask on oss-sec, Apple people are on the list
CVE-2013-5704The mod_headers module in the Apache HTTP Server 2.2.22 allows remote ...check
CVE-2013-6933The parseRTSPRequestString function in Live Networks Live555 Streaming ...request binnmus
CVE-2013-7353check
CVE-2013-7354check
CVE-2013-7355SQL injection vulnerability in SAP BI Universal Data Integration ...check
CVE-2013-7356Unspecified vulnerability in the SAP CCMS / Database Monitors for ...check
CVE-2013-7357Unspecified vulnerability in the configuration service in SAP J2EE ...check
CVE-2013-7358Unspecified vulnerability in SAP Guided Procedures Archive Monitor ...check
CVE-2013-7359Unspecified vulnerability in SAP Mobile Infrastructure allows remote ...check
CVE-2013-7360Unspecified vulnerability in SAP adminadapter allows remote attackers ...check
CVE-2013-7361Directory traversal vulnerability in SAP CMS and CM Services allows ...check
CVE-2013-7362An unspecified RFC function in SAP CCMS Agent allows remote attackers ...check
CVE-2013-7363Unspecified vulnerability in the Diagnostics (SMD) agent in SAP ...check
CVE-2013-7364An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver ...check
CVE-2013-7365Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal ...check
CVE-2013-7366The SAP Software Deployment Manager (SDM), in certain unspecified ...check
CVE-2013-7367SAP Enterprise Portal does not properly restrict access to the ...check
CVE-2014-0011ZRLE decoding bounds checking issuecheck
CVE-2014-0055The get_rx_bufs function in drivers/vhost/net.c in the vhost-net ...check
CVE-2014-0085check
CVE-2014-0142check
CVE-2014-0143check
CVE-2014-0144check
CVE-2014-0145check
CVE-2014-0146check
CVE-2014-0147check
CVE-2014-0148check
CVE-2014-0235Microsoft Internet Explorer 9 allows remote attackers to execute ...check
CVE-2014-0315Untrusted search path vulnerability in Microsoft Windows XP SP2 and ...check
CVE-2014-0341Multiple cross-site scripting (XSS) vulnerabilities in PivotX before ...check
CVE-2014-0342Multiple unrestricted file upload vulnerabilities in fileupload.php in ...check
CVE-2014-0347The Settings module in Websense Triton Unified Security Center 7.7.3 ...check
CVE-2014-0348The Artiva Agency Single Sign-On (SSO) implementation in Artiva ...check
CVE-2014-0349Multiple unspecified vulnerabilities in J2k-Codec allow remote ...check
CVE-2014-0353The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware ...check
CVE-2014-0354The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware ...check
CVE-2014-0355Multiple stack-based buffer overflows on the ZyXEL Wireless N300 ...check
CVE-2014-0356The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware ...check
CVE-2014-0357Amtelco miSecureMessages allows remote attackers to read the messages ...check
CVE-2014-0358Multiple directory traversal vulnerabilities in Xangati XSR before 11 ...check
CVE-2014-0359Xangati XSR before 11 and XNR before 7 allows remote attackers to ...check
CVE-2014-0413Unspecified vulnerability in the Oracle Containers for J2EE component ...check
CVE-2014-0414Unspecified vulnerability in the Oracle Containers for J2EE component ...check
CVE-2014-0426Unspecified vulnerability in the Oracle Containers for J2EE component ...check
CVE-2014-0432Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...Not fixed in IcedTea, likely specific to Oracle Java
CVE-2014-0450Unspecified vulnerability in the Oracle WebCenter Portal component in ...check
CVE-2014-0459Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...check
CVE-2014-0465Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...check
CVE-2014-0514The Adobe Reader Mobile application before 11.2 for Android does not ...check
CVE-2014-0612Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before ...check
CVE-2014-0614Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is ...check
CVE-2014-0636EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x ...check
CVE-2014-0642EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, ...check
CVE-2014-0763Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech ...check
CVE-2014-0764Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...check
CVE-2014-0765Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...check
CVE-2014-0766Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...check
CVE-2014-0767Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...check
CVE-2014-0768Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...check
CVE-2014-0770Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...check
CVE-2014-0771The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX ...check
CVE-2014-0772The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ...check
CVE-2014-0773The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX ...check
CVE-2014-0777The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and ...check
CVE-2014-0787Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 ...check
CVE-2014-0908The User Attribute implementation in IBM Business Process Manager ...check
CVE-2014-0920IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs ...check
CVE-2014-0921The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 ...check
CVE-2014-0922IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote ...check
CVE-2014-0923IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote ...check
CVE-2014-0924IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify ...check
CVE-2014-1455SQL injection vulnerability in the password reset functionality in ...check
CVE-2014-1751Microsoft Internet Explorer 9 allows remote attackers to execute ...check
CVE-2014-1752Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...check
CVE-2014-1753Microsoft Internet Explorer 6 through 9 allows remote attackers to ...check
CVE-2014-1755Microsoft Internet Explorer 9 allows remote attackers to execute ...check
CVE-2014-1757Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility ...check
CVE-2014-1758Stack-based buffer overflow in Microsoft Word 2003 SP3 allows remote ...check
CVE-2014-1759pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote ...check
CVE-2014-1760Microsoft Internet Explorer 11 allows remote attackers to execute ...check
CVE-2014-1969Directory traversal vulnerability in the apps4u@android SD Card ...check
CVE-2014-1986The Content Provider in the KOKUYO CamiApp application 1.21.1 and ...check
CVE-2014-2126Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), ...check
CVE-2014-2127Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), ...check
CVE-2014-2128The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) ...check
CVE-2014-2129The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) ...check
CVE-2014-2139Cisco ONS 15454 controller cards with software 9.6 and earlier allow ...check
CVE-2014-2140Cisco ONS 15454 controller cards with software 9.6 and earlier allow ...check
CVE-2014-2141The session-termination functionality on Cisco ONS 15454 controller ...check
CVE-2014-2142Cisco ONS 15454 controller cards with software 10.0 and earlier allow ...check
CVE-2014-2333Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin ...check
CVE-2014-2384vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player ...check
CVE-2014-2399Unspecified vulnerability in the Oracle Endeca Server component in ...check
CVE-2014-2400Unspecified vulnerability in the Oracle Endeca Server component in ...check
CVE-2014-2401Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...Not fixed in IcedTea, likely specific to Oracle Java
CVE-2014-2404Unspecified vulnerability in the Oracle Access Manager component in ...check
CVE-2014-2406Unspecified vulnerability in the Core RDBMS component in Oracle ...check
CVE-2014-2407Unspecified vulnerability in the Oracle Data Integrator component in ...check
CVE-2014-2408Unspecified vulnerability in the Core RDBMS component in Oracle ...check
CVE-2014-2411Unspecified vulnerability in the Oracle Identity Analytics component ...check
CVE-2014-2415Unspecified vulnerability in the Oracle Data Integrator component in ...check
CVE-2014-2416Unspecified vulnerability in the Oracle Data Integrator component in ...check
CVE-2014-2417Unspecified vulnerability in the Oracle Data Integrator component in ...check
CVE-2014-2418Unspecified vulnerability in the Oracle Data Integrator component in ...check
CVE-2014-2424Unspecified vulnerability in the Oracle Event Processing component in ...check
CVE-2014-2425Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...check
CVE-2014-2426Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...check
CVE-2014-2429Unspecified vulnerability in the PeopleSoft Enterprise CS Campus Self ...check
CVE-2014-2433Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...check
CVE-2014-2437Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...check
CVE-2014-2443Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...check
CVE-2014-2445Unspecified vulnerability in the Oracle Agile PLM Framework component ...check
CVE-2014-2446Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...check
CVE-2014-2447Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...check
CVE-2014-2448Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...check
CVE-2014-2449Unspecified vulnerability in the PeopleSoft Enterprise HRMS Talent ...check
CVE-2014-2452Unspecified vulnerability in the Oracle Access Manager component in ...check
CVE-2014-2453Unspecified vulnerability in the Hyperion Common Admin component in ...check
CVE-2014-2454Unspecified vulnerability in the Hyperion Common Admin component in ...check
CVE-2014-2455Unspecified vulnerability in the Hyperion Common Admin component in ...check
CVE-2014-2457Unspecified vulnerability in the Oracle Agile Product Lifecycle ...check
CVE-2014-2458Unspecified vulnerability in the Oracle Agile Product Lifecycle ...check
CVE-2014-2459Unspecified vulnerability in the Oracle Transportation Management ...check
CVE-2014-2460Unspecified vulnerability in the Oracle Transportation Management ...check
CVE-2014-2461Unspecified vulnerability in the Oracle Transportation Management ...check
CVE-2014-2464Unspecified vulnerability in the Oracle Agile PLM Framework component ...check
CVE-2014-2465Unspecified vulnerability in the Oracle Agile PLM Framework component ...check
CVE-2014-2466Unspecified vulnerability in the Oracle Agile PLM Framework component ...check
CVE-2014-2467Unspecified vulnerability in the Oracle Agile PLM Framework component ...check
CVE-2014-2468Unspecified vulnerability in the Siebel UI Framework component in ...check
CVE-2014-2470Unspecified vulnerability in the Oracle WebLogic Server component in ...check
CVE-2014-2471Unspecified vulnerability in the Oracle iLearning component in Oracle ...check
CVE-2014-2540SQL injection vulnerability in OrbitScripts Orbit Open Ad Server ...check
CVE-2014-2541The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), ...check
CVE-2014-2542Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon ...check
CVE-2014-2543Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing ...check
CVE-2014-2544Unspecified vulnerability in Spotfire Web Player Engine, Spotfire ...check
CVE-2014-2690Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows ...check
CVE-2014-2711Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos ...check
CVE-2014-2712Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos ...check
CVE-2014-2713Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, ...check
CVE-2014-2714The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 ...check
CVE-2014-2748The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for ...check
CVE-2014-2749The HANA ICM process in SAP HANA allows remote attackers to obtain the ...check
CVE-2014-2750check
CVE-2014-2751SAP Print and Output Management has hardcoded credentials, which makes ...check
CVE-2014-2752SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded ...check
CVE-2014-2829Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly ...check
CVE-2014-2842Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a ...check
CVE-2014-2847SQL injection vulnerability in default.asp in CIS Manager CMS allows ...check
CVE-2014-2848A race condition in the wmi_malware_scan.nbin plugin before ...check
CVE-2014-2849The Change Password dialog box (change_password) in Sophos Web ...check
CVE-2014-2850The network interface configuration page (netinterface) in Sophos Web ...check
CVE-2014-2852OpenAFS before 1.6.7 delays the listen thread when an ...check
TEMP-0000000-932395heap-based buffer overflowcheck
TEMP-0744817-030041scan-build: insecure use of /tmpcheck clang 3.3 and 3.4
Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)