| Bug | Description | Note |
|---|
| CVE-2011-4119 | caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe t ... | check |
| CVE-2011-4124 | Input validation issues were found in Calibre at devices/linux_mount_h ... | check |
| CVE-2011-4125 | A untrusted search path issue was found in Calibre at devices/linux_mo ... | check |
| CVE-2011-4126 | Race condition issues were found in Calibre at devices/linux_mount_hel ... | check |
| CVE-2011-4574 | PolarSSL versions prior to v1.1 use the HAVEGE random number generatio ... | check |
| CVE-2019-3556 | HHVM supports the use of an "admin" server which accepts administrativ ... | check |
| CVE-2020-0478 | In extend_frame_lowbd of restoration.c, there is a possible out of bou ... | check if ebba9c769be2c99d5396d0018901e9a4af5e2d2c is the needed commit |
| CVE-2020-5669 | Cross-site scripting vulnerability in Movable Type Movable Type Premiu ... | check |
| CVE-2020-19716 | A buffer overflow vulnerability in the Databuf function in types.cpp o ... | check, unclear if fixed or not, upstream cannot reproduce as well in 0.27.1 as reported |
| CVE-2020-23052 | Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple ... | check |
| CVE-2020-23914 | An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer ... | retroarch and salmon embed peglib, check if it's actually a security issue |
| CVE-2020-23915 | An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_es ... | retroarch and salmon embed peglib, check if it's actually a security issue |
| CVE-2020-25467 | A null pointer dereference was discovered lzo_decompress_buf in stream ... | check fixing commit |
| CVE-2020-25646 | A flaw was found in Ansible Collection community.crypto. openssl_priva ... | check |
| CVE-2020-27304 | The CivetWeb web library does not validate uploaded filepaths when run ... | check |
| CVE-2021-3681 | RESERVED | check, needs verifying the affected ansible/ansible-base components |
| CVE-2021-3746 | A flaw was found in the libtpms code that may cause access beyond the ... | check, might only affect the upstream stable-0.6 branch and not an issue in src:libtpms in any released version in Debian |
| CVE-2021-3773 | RESERVED | fill in tracking details |
| CVE-2021-20315 | locking protection bypass allow unauthorized user to kill existing applications or start new ones | check, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams |
| CVE-2021-20837 | Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Typ ... | check |
| CVE-2021-21319 | Galette is a membership management web application geared towards non ... | check |
| CVE-2021-21897 | A code execution vulnerability exists in the DL_Dxf::handleLWPolylineD ... | check, horizon-eda, cloudcompare, kicad embedds it, but needs to check if actually used and issue affects those |
| CVE-2021-22101 | Cloud Controller versions prior to 1.118.0 are vulnerable to unauthent ... | check |
| CVE-2021-22557 | SLO generator allows for loading of YAML files that if crafted in a sp ... | check |
| CVE-2021-22961 | A code injection vulnerability exists within the firewall software of ... | check |
| CVE-2021-22963 | A redirect vulnerability in the fastify-static module version < 4.2 ... | check |
| CVE-2021-22964 | A redirect vulnerability in the `fastify-static` module version >= ... | check |
| CVE-2021-23447 | This affects the package teddy before 0.5.9. A type confusion vulnerab ... | check |
| CVE-2021-23448 | All versions of package config-handler are vulnerable to Prototype Pol ... | check |
| CVE-2021-23449 | This affects the package vm2 before 3.9.4 via a Prototype Pollution at ... | check |
| CVE-2021-23452 | This affects all versions of package x-assign. The global proto object ... | check |
| CVE-2021-26314 | Potential floating point value injection in all supported CPU products ... | check |
| CVE-2021-26318 | A timing and power-based side channel attack leveraging the x86 PREFET ... | check details and if mitigation in microcode/kernel exists |
| CVE-2021-28021 | Buffer overflow vulnerability in function stbi__extend_receive in stb_ ... | check libstb itself, and various packages embedd a copy |
| CVE-2021-32686 | PJSIP is a free and open source multimedia communication library writt ... | check, might affect in impact src:ring |
| CVE-2021-33178 | The Manage Backgrounds functionality within Nagvis versions prior to 2 ... | check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/ |
| CVE-2021-33194 | golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows atta ... | check completeness |
| CVE-2021-35233 | The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server ... | check |
| CVE-2021-35235 | The ASP.NET debug feature is enabled by default in Kiwi Syslog Server ... | check |
| CVE-2021-35499 | The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus cont ... | check |
| CVE-2021-35560 | Vulnerability in the Java SE product of Oracle Java SE (component: Dep ... | doublecheck for more details, Deployment components not part of OpenJDK, only present in Oracle Java |
| CVE-2021-36094 | It's possible to craft a request for appointment edit screen, which co ... | check, 6.1.2-1 claims to fix the issue through the znuny codebase |
| CVE-2021-36096 | Generated Support Bundles contains private S/MIME and PGP keys if cont ... | check, 6.1.2-1 claims to fix the issue through the znuny codebase |
| CVE-2021-36513 | An issue was discovered in function sofia_handle_sip_i_notify in sofia ... | check |
| CVE-2021-36756 | CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate ... | check |
| CVE-2021-38297 | Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via la ... | check older branches |
| CVE-2021-38379 | The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permi ... | check |
| CVE-2021-38502 | | double check, it was only referenced in mfsa2021-47 but not mfsa2021-46, but issue is about attack on SMTP STARTTLS connections |
| CVE-2021-39220 | Nextcloud is an open-source, self-hosted productivity platform The Nex ... | check |
| CVE-2021-39221 | Nextcloud is an open-source, self-hosted productivity platform. The Ne ... | check |
| CVE-2021-39223 | Nextcloud is an open-source, self-hosted productivity platform. The Ne ... | check |
| CVE-2021-39224 | Nextcloud is an open-source, self-hosted productivity platform. The Ne ... | check |
| CVE-2021-39225 | Nextcloud is an open-source, self-hosted productivity platform. A miss ... | check |
| CVE-2021-39880 | A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ... | reach out for details |
| CVE-2021-41035 | In Eclipse Openj9 before version 0.29.0, the JVM does not throw Illega ... | check |
| CVE-2021-41055 | Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a ... | double-check correctness for tracking of source package, underlying issue is fixed in python-nbxmpp |
| CVE-2021-41089 | Moby is an open-source project created by Docker to enable software co ... | check details |
| CVE-2021-41092 | Docker CLI is the command line interface for the docker container runt ... | check |
| CVE-2021-41149 | Tough provides a set of Rust libraries and tools for using and generat ... | check |
| CVE-2021-41150 | Tough provides a set of Rust libraries and tools for using and generat ... | check |
| CVE-2021-41153 | The evm crate is a pure Rust implementation of Ethereum Virtual Machin ... | check |
| CVE-2021-41167 | modern-async is an open source JavaScript tooling library for asynchro ... | check |
| CVE-2021-41168 | Snudown is a reddit-specific fork of the Sundown Markdown parser used ... | check |
| CVE-2021-41173 | Go Ethereum is the official Golang implementation of the Ethereum prot ... | check |
| CVE-2021-41177 | Nextcloud is an open-source, self-hosted productivity platform. Prior ... | check |
| CVE-2021-41178 | Nextcloud is an open-source, self-hosted productivity platform. Prior ... | check |
| CVE-2021-41179 | Nextcloud is an open-source, self-hosted productivity platform. Prior ... | check |
| CVE-2021-41589 | In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node be ... | check |
| CVE-2021-41590 | In Gradle Enterprise through 2021.3, probing of the server-side networ ... | check |
| CVE-2021-41619 | An issue was discovered in Gradle Enterprise before 2021.1.2. There is ... | check |
| CVE-2021-41865 | HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ... | check |
| CVE-2021-41867 | An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ... | check details, exact fixing commits unclear |
| CVE-2021-41868 | OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ... | check details, exact fixing commits unclear |
| CVE-2021-42343 | An issue was discovered in Dask (aka python-dask) through 2021.09.1. S ... | check |
| CVE-2021-42715 | An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR ... | check libstb itself, and various packages embedd a copy |
| CVE-2021-42716 | An issue was discovered in stb stb_image.h 2.27. The PNM loader incorr ... | check libstb itself, and various packages embedd a copy |
| CVE-2021-42740 | The shell-quote package before 1.7.3 for Node.js allows command inject ... | check |
| TEMP-0000000-DD73A0 | Unexpected database bindings via requests (follow-up) | check php-illuminate-database and CVE assignment |