Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2018-18653The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Se ...check, this should be very Ubuntu specific, but it is introduced with the out-of-tree patch from the Lockdown patchset https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/cosmic/commit/?id=03c7de9e956395f3b36f86f89b62780ad9501eef and so possibly affect our kernel as well in some way.
CVE-2019-0145Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Contro ...check
CVE-2019-0146Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controll ...check
CVE-2019-0147Insufficient input validation in i40e driver for Intel(R) Ethernet 700 ...check
CVE-2019-0148Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controll ...check
CVE-2019-0149Insufficient input validation in i40e driver for Intel(R) Ethernet 700 ...check
CVE-2019-1010091tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization ...check
CVE-2019-10753In all versions prior to version 3.9.6 for eclipse-wtp, all versions p ...check
CVE-2019-11938Java Facebook Thrift servers would not error upon receiving messages d ...check
CVE-2019-12107The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd ...check, might affect minidlna
CVE-2019-14493An issue was discovered in OpenCV before 4.1.1. There is a NULL pointe ...check if the old code though is really affected, might been introduced with the refactoring
CVE-2019-14620Insufficient control flow management for some Intel(R) Wireless Blueto ...check
CVE-2019-14630Reliance on untrusted inputs in a security decision in some Intel(R) T ...check
CVE-2019-16244OMERO.server before 5.6.1 allows attackers to bypass the security filt ...check
CVE-2019-16374Pega Platform 8.2.1 allows LDAP injection because a username can conta ...check
CVE-2019-17178HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-0 ...check
CVE-2019-17339The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabr ...check
CVE-2019-17558Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code ...check, whilst the advisory claims 5.0.0 upwards only the SolrParamResourceLoader might be of issue already earlier?
CVE-2019-18619Incorrect parameter validation in the synaTee component of Synaptics W ...check
CVE-2019-3681A External Control of File Name or Path vulnerability in osc of SUSE L ...check
CVE-2019-9946Cloud Native Computing Foundation (CNCF) CNI (Container Networking Int ...singularity-container seems to embed as well a copy of cni
CVE-2020-0261In C2 flame devices, there is a possible bypass of seccomp due to a mi ...check
CVE-2020-0510Out of bounds read in some Intel(R) Graphics Drivers before versions 1 ...check
CVE-2020-0512Uncaught exception in the system driver for some Intel(R) Graphics Dri ...check
CVE-2020-0513Out of bounds write for some Intel(R) Graphics Drivers before version ...check
CVE-2020-0553Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bl ...check
CVE-2020-0554Race condition in software installer for some Intel(R) Wireless Blueto ...check
CVE-2020-0555Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...check
CVE-2020-0559Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi p ...check
CVE-2020-10688check details, not much information provided by Red Hat.
CVE-2020-10719A flaw was found in Undertow in versions before 2.1.1.Final, regarding ...check, no details on Red Hat bugreport
CVE-2020-10755An insecure-credentials flaw was found in all openstack-cinder version ...check, affects as well python-os-brick or needs a respective update?
CVE-2020-10809An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...check details
CVE-2020-10810An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...check details
CVE-2020-10811An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...check details
CVE-2020-10812An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...check details
CVE-2020-11733An issue was discovered on Spirent TestCenter and Avalanche appliance ...check
CVE-2020-12106The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthe ...check
CVE-2020-12107The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command ...check
CVE-2020-12287Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Too ...check
CVE-2020-12299Improper input validation in BIOS firmware for Intel(R) Server Board F ...check
CVE-2020-12300Uninitialized pointer in BIOS firmware for Intel(R) Server Board Famil ...check
CVE-2020-12301Improper initialization in BIOS firmware for Intel(R) Server Board Fam ...check
CVE-2020-13151Aerospike Community Edition 4.9.0.5 allows for unauthenticated submiss ...check
CVE-2020-13817ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote att ...check ntpsec, cf. #964395
CVE-2020-13844Arm Armv8-A core implementations utilizing speculative execution past ...check further details
CVE-2020-14483A timeout during a TLS handshake can result in the connection failing ...check
CVE-2020-14979The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X ...check
CVE-2020-15106In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic ...check
CVE-2020-15109In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bilit ...check
CVE-2020-15112In etcd before versions 3.3.23 and 3.4.10, it is possible to have an e ...check
CVE-2020-15113In etcd before versions 3.3.23 and 3.4.10, certain directory paths are ...check
CVE-2020-15114In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simpl ...check
CVE-2020-15115etcd before versions 3.3.23 and 3.4.10 does not perform any password l ...check
CVE-2020-15127In Contour ( Ingress controller for Kubernetes) before version 1.7.0, ...check
CVE-2020-15132In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget pa ...check
CVE-2020-15135save-server (npm package) before version 1.05 is affected by a CSRF vu ...check
CVE-2020-15136In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication ...check
CVE-2020-15137All versions of HoRNDIS are affected by an integer overflow in the RND ...check
CVE-2020-15596The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on var ...check
CVE-2020-15868Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect ...check
CVE-2020-15888Lua through 5.4.0 mishandles the interaction between stack resizes and ...check details for older versions
CVE-2020-15889Lua through 5.4.0 has a getobjname heap-based buffer over-read because ...check details for older versions
CVE-2020-15904A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allo ...check
CVE-2020-15925A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...check
CVE-2020-15947A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do end ...check
CVE-2020-16087An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An a ...check
CVE-2020-16137** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation issue in Cisco ...check
CVE-2020-16138** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service issue in Cisco Uni ...check
CVE-2020-16139** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco Unified I ...check
CVE-2020-16170The Temi application 1.3.3 through 1.3.7931 for Android has hard-coded ...check
CVE-2020-16186A stored Cross-site scripting (XSS) vulnerability in Firco Continuity ...check
CVE-2020-16252The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. ...check
CVE-2020-16254The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets ...check
CVE-2020-17366An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. ...check
CVE-2020-17463FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/it ...check
CVE-2020-17479jpv (aka Json Pattern Validator) before 2.2.2 does not properly valida ...check
CVE-2020-17480TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parse ...check
CVE-2020-17507An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15. ...check
CVE-2020-2035When SSL/TLS Forward Proxy Decryption mode has been configured to decr ...check
CVE-2020-24330An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...check
CVE-2020-24331An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...check
CVE-2020-24332An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...check
CVE-2020-24342Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring be ...check
CVE-2020-24343Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of ...check
CVE-2020-24344JerryScript through 2.3.0 has a (function({a=arguments}){const argumen ...check
CVE-2020-24345** DISPUTED ** JerryScript through 2.3.0 allows stack consumption via ...check
CVE-2020-24346njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_par ...check
CVE-2020-24347njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvl ...check
CVE-2020-24348njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_jso ...check
CVE-2020-24349njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_va ...check
CVE-2020-2981Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...check
CVE-2020-3442The DuoConnect client enables users to establish SSH connections to ho ...check
CVE-2020-3681Authenticated and encrypted payload MMEs can be forged and remotely se ...check
CVE-2020-4051In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 ...check
CVE-2020-4059In mversion before 2.0.0, there is a command injection vulnerability. ...check
CVE-2020-4062In Conjur OSS Helm Chart before 2.0.0, a recently identified critical ...check
CVE-2020-4066In Limdu before 0.95, the trainBatch function has a command injection ...check
CVE-2020-4070In CSS Validator less than or equal to commit 54d68a1, there is a cros ...check
CVE-2020-4071In django-basic-auth-ip-whitelist before 0.3.4, a potential timing att ...check
CVE-2020-4072In generator-jhipster-kotlin version 1.6.0 log entries are created for ...check
CVE-2020-5415Concourse, versions prior to 6.3.1 and 6.4.1, in installations which u ...check
CVE-2020-5529HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Html ...check details, might affect jenkins-htmlunit
CVE-2020-5615Cross-site request forgery (CSRF) vulnerability in [Calendar01] free e ...check
CVE-2020-5616[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], ...check
CVE-2020-6098An exploitable denial of service vulnerability exists in the freeDiame ...check
CVE-2020-6653Eaton's Secure connect mobile app v1.7.3 & prior stores the user l ...check
CVE-2020-6932An information disclosure and remote code execution vulnerability in t ...check
CVE-2020-7029A Cross-Site Request Forgery (CSRF) vulnerability was discovered in th ...check
CVE-2020-7206HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has ...check
CVE-2020-7300Improper Authorization vulnerability in McAfee Data Loss Prevention (D ...check
CVE-2020-7301Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP ...check
CVE-2020-7302Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Pr ...check
CVE-2020-7303Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP ...check
CVE-2020-7304Cross site request forgery vulnerability in McAfee Data Loss Preventio ...check
CVE-2020-7305Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP ...check
CVE-2020-7306Unprotected Storage of Credentials vulnerability in McAfee Data Loss P ...check
CVE-2020-7307Unprotected Storage of Credentials vulnerability in McAfee Data Loss P ...check
CVE-2020-7352The GalaxyClientService component of GOG Galaxy runs with elevated SYS ...check
CVE-2020-7360An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartCo ...check
CVE-2020-7374Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scan ...check
CVE-2020-7459In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-ST ...check
CVE-2020-7460In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-ST ...check
CVE-2020-7659reel through 0.6.1 allows Request Smuggling attacks due to incorrect C ...check
CVE-2020-7661all versions of url-regex are vulnerable to Regular Expression Denial ...check
CVE-2020-7680docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). ...check
CVE-2020-7681This affects all versions of package marscode. There is no path saniti ...check
CVE-2020-7682This affects all versions of package marked-tree. There is no path san ...check
CVE-2020-7683This affects all versions of package rollup-plugin-server. There is no ...check
CVE-2020-7684This affects all versions of package rollup-plugin-serve. There is no ...check
CVE-2020-7685This affects all versions of package UmbracoForms. When using the defa ...check
CVE-2020-7686This affects all versions of package rollup-plugin-dev-server. There i ...check
CVE-2020-7687This affects all versions of package fast-http. There is no path sanit ...check
CVE-2020-7694This affects all versions of package uvicorn. The request logger provi ...check
CVE-2020-7695Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF s ...check
CVE-2020-7696This affects all versions of package react-native-fast-image. When an ...check
CVE-2020-7697This affects all versions of package mock2easy. a malicious user could ...check
CVE-2020-7698This affects the package Gerapy from 0 and before 0.9.3. The input bei ...check
CVE-2020-8020A Improper Neutralization of Input During Web Page Generation vulnerab ...check
CVE-2020-8021a Improper Access Control vulnerability in of Open Build Service allow ...check
CVE-2020-8026A Incorrect Default Permissions vulnerability in the packaging of inn ...check
CVE-2020-8224A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arb ...check
CVE-2020-8229A memory leak in the OCUtil.dll library used by Nextcloud Desktop Clie ...check
CVE-2020-8553The Kubernetes ingress-nginx component prior to version 0.28.0 allows ...check
CVE-2020-8679Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics D ...check
CVE-2020-8680Race condition in some Intel(R) Graphics Drivers before version 15.40. ...check
CVE-2020-8681Out of bounds write in system driver for some Intel(R) Graphics Driver ...check
CVE-2020-8682Out of bounds read in system driver for some Intel(R) Graphics Drivers ...check
CVE-2020-8683Improper buffer restrictions in system driver for some Intel(R) Graphi ...check
CVE-2020-8684Improper access control in firmware for Intel(R) PAC with Arria(R) 10 ...check
CVE-2020-8685Improper authentication in subsystem for Intel (R) LED Manager for NUC ...check
CVE-2020-8687Uncontrolled search path in the installer for Intel(R) RSTe Software R ...check
CVE-2020-8688Improper input validation in the Intel(R) RAID Web Console 3 for Windo ...check
CVE-2020-8689Improper buffer restrictions in the Intel(R) Wireless for Open Source ...check
CVE-2020-8706Buffer overflow in a daemon for some Intel(R) Server Boards, Server Sy ...check
CVE-2020-8707Buffer overflow in daemon for some Intel(R) Server Boards, Server Syst ...check
CVE-2020-8708Improper authentication for some Intel(R) Server Boards, Server System ...check
CVE-2020-8709Improper authentication in socket services for some Intel(R) Server Bo ...check
CVE-2020-8710Buffer overflow in the bootloader for some Intel(R) Server Boards, Ser ...check
CVE-2020-8711Improper access control in the bootloader for some Intel(R) Server Boa ...check
CVE-2020-8712Buffer overflow in a verification process for some Intel(R) Server Boa ...check
CVE-2020-8713Improper authentication for some Intel(R) Server Boards, Server System ...check
CVE-2020-8714Improper authentication for some Intel(R) Server Boards, Server System ...check
CVE-2020-8715Invalid pointer for some Intel(R) Server Boards, Server Systems and Co ...check
CVE-2020-8716Improper access control for some Intel(R) Server Boards, Server System ...check
CVE-2020-8717Improper input validation in a subsystem for some Intel Server Boards, ...check
CVE-2020-8718Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...check
CVE-2020-8719Buffer overflow in subsystem for some Intel(R) Server Boards, Server S ...check
CVE-2020-8720Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...check
CVE-2020-8721Improper input validation for some Intel(R) Server Boards, Server Syst ...check
CVE-2020-8722Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...check
CVE-2020-8723Cross-site scripting for some Intel(R) Server Boards, Server Systems a ...check
CVE-2020-8729Buffer copy without checking size of input for some Intel(R) Server Bo ...check
CVE-2020-8730Heap-based overflow for some Intel(R) Server Boards, Server Systems an ...check
CVE-2020-8731Incorrect execution-assigned permissions in the file system for some I ...check
CVE-2020-8732Heap-based buffer overflow in the firmware for some Intel(R) Server Bo ...check
CVE-2020-8733Improper buffer restrictions in the firmware for Intel(R) Server Board ...check
CVE-2020-8736Improper access control in subsystem for the Intel(R) Computing Improv ...check
CVE-2020-8742Improper input validation in the firmware for Intel(R) NUCs may allow ...check
CVE-2020-8743Improper permissions in the installer for the Intel(R) Mailbox Interfa ...check
CVE-2020-8759Improper access control in the installer for Intel(R) SSD DCT versions ...check
CVE-2020-8763Improper permissions in the installer for the Intel(R) RealSense(TM) D ...check
CVE-2020-8904An arbitrary memory overwrite vulnerability in the trusted memory of A ...check
CVE-2020-8905A buffer length validation vulnerability in Asylo versions prior to 0. ...check
CVE-2020-8911A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoL ...check
CVE-2020-8912A vulnerability in the in-band key negotiation exists in the AWS S3 Cr ...check
CVE-2020-8918An improperly initialized 'migrationAuth' value in Google's go-tpm TPM ...check
CVE-2020-9036Jeedom through 4.0.38 allows XSS. ...check
CVE-2020-9078FusionCompute 8.0.0 have local privilege escalation vulnerability. A l ...check
CVE-2020-9079FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulne ...check

Search for package or bug name: Reporting problems