Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2016-20013sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ...check, several sources (busybox, sssd, dietlibc, php*, ...) do embed an implentation of the code, but only track those with security impact
CVE-2020-35536In gcc, an internal compiler error in match_reload function at lra-con ...check
CVE-2020-35537In gcc, a crafted input source file could cause g++ to crash during co ...check
CVE-2021-3782An internal reference count is held on the buffer pool, incremented ev ...check
CVE-2021-3800A flaw was found in glib before version 2.63.6. Due to random charset ...check completeness
CVE-2021-3826Heap/stack buffer overflow in the dlang_lname function in d-demangle.c ...check
CVE-2021-27774User input included in error response, which could be used in a phishi ...check
CVE-2021-27853Layer 2 network filtering capabilities such as IPv6 RA guard or ARP in ...check
CVE-2021-27854Layer 2 network filtering capabilities such as IPv6 RA guard can be by ...check
CVE-2021-27861Layer 2 network filtering capabilities such as IPv6 RA guard can be by ...check
CVE-2021-27862Layer 2 network filtering capabilities such as IPv6 RA guard can be by ...check
CVE-2021-32862The GitHub Security Lab discovered sixteen ways to exploit a cross-sit ...check details, schould affect src:nbconvert
CVE-2021-33076Improper authentication in firmware for some Intel(R) SSD DC Products ...check
CVE-2021-33079Protection mechanism failure in firmware for some Intel(R) SSD DC Prod ...check
CVE-2021-33081Protection mechanism failure in firmware for some Intel(R) SSD DC Prod ...check
CVE-2021-33235Buffer overflow vulnerability in write_node in htmldoc through 1.9.11 ...clarify duplicate assignment with assigning CNA
CVE-2021-33236Buffer Overflow vulnerability in write_header in htmldoc through 1.9.1 ...clarify duplicate assignment with assigning CNA
CVE-2021-37819PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop ...check impact on other sources embedding lowagie/text/pdf/PdfReader.java
CVE-2021-41803HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properl ...check
CVE-2021-43361Due to improper sanitization MedData HBYS software suffers from a remo ...check
CVE-2021-43362Due to improper sanitization MedData HBYS software suffers from a remo ...check
CVE-2022-0143When the LDAP connector is started with StartTLS configured, unauthent ...check
CVE-2022-1270In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. ...check
CVE-2022-1959AppLock version 7.9.29 allows an attacker with physical access to the ...check
CVE-2022-2154An attacker with physical access can exploit this vulnerability to exe ...check
CVE-2022-2265The Identity and Directory Management System developed by Çekino ...check
CVE-2022-2529sflow decode package does not employ sufficient packet sanitisation wh ...check
CVE-2022-2922Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform ...check
CVE-2022-21169The package express-xss-sanitizer before 1.1.3 are vulnerable to Proto ...check
CVE-2022-21222The package css-what before 2.1.3 are vulnerable to Regular Expression ...check
CVE-2022-21950A Improper Access Control vulnerability in the systemd service of cana ...check
CVE-2022-22520A remote, unauthenticated attacker can enumerate valid users by sendin ...check
CVE-2022-23458Toast UI Grid is a component to display and edit data. Versions prior ...check
CVE-2022-23459Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...check - numerous jsonxx repositories exist on github
CVE-2022-23460Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...check - numerous jsonxx repositories exist on github
CVE-2022-23461Jodit Editor is a WYSIWYG editor written in pure TypeScript without th ...check
CVE-2022-23463Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerab ...check
CVE-2022-23464Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnera ...check
CVE-2022-23639crossbeam-utils provides atomics, synchronization primitives, scoped t ...check, crossbeam-utils are vendored in various other sources, in particular rustc to be checked
CVE-2022-23716A flaw was discovered in ECE before 3.1.1 that could lead to the discl ...check
CVE-2022-23766An improper input validation vulnerability leading to arbitrary file e ...check
CVE-2022-23768This Vulnerability in NIS-HAP11AC is caused by an exposed external por ...check
CVE-2022-24106In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing ...check
CVE-2022-24107Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. ...check
CVE-2022-24373The package react-native-reanimated before 3.0.0-rc.1 are vulnerable t ...check
CVE-2022-25765The package pdfkit from 0.0.0 are vulnerable to Command Injection wher ...check
CVE-2022-25873The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable ...check
CVE-2022-25914The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerab ...check
CVE-2022-25942An out-of-bounds read vulnerability exists in the gif2h5 functionality ...check
CVE-2022-25972An out-of-bounds write vulnerability exists in the gif2h5 functionalit ...check
CVE-2022-26061A heap-based buffer overflow vulnerability exists in the gif2h5 functi ...check
CVE-2022-26873A potential attacker can execute an arbitrary code at the time of the ...check
CVE-2022-28321The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows ...check
CVE-2022-28802Code by Zapier before 2022-08-17 allowed intra-account privilege escal ...check
CVE-2022-29240Scylla is a real-time big data database that is API-compatible with Ap ...check
CVE-2022-30577The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a ...check
CVE-2022-30578The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons co ...check
CVE-2022-30579The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analy ...check
CVE-2022-31679Applications that allow HTTP PATCH access to resources exposed by Spri ...check
CVE-2022-32166In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer o ...check
CVE-2022-32167Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cros ...check
CVE-2022-32168Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking wh ...check
CVE-2022-32169The “Bytebase” application does not restrict low privilege ...check
CVE-2022-32170The “Bytebase” application does not restrict low privilege ...check
CVE-2022-34002The ‘document’ parameter of PDS Vista 7’s /applicati ...check
CVE-2022-34026ICEcoder v8.1 allows attackers to execute a directory traversal. ...check
CVE-2022-34326On Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892 ...check
CVE-2022-35415An improper input validation in NI System Configuration Manager before ...check
CVE-2022-35956This Rails gem adds two methods to the ActiveRecord::Base class that a ...check
CVE-2022-36020The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, ...check
CVE-2022-36069Poetry is a dependency manager for Python. When handling dependencies ...check details, CVE associated with poetry (and fixed in 1.1.9), though changes in poetry-core
CVE-2022-36070Poetry is a dependency manager for Python. To handle dependencies that ...check details
CVE-2022-36103Talos Linux is a Linux distribution built for Kubernetes deployments. ...check
CVE-2022-36561XPDF v4.0.4 was discovered to contain a segmentation violation via the ...check
CVE-2022-36778insert HTML / js code inside input how to get to the vulnerable input ...check
CVE-2022-37026In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before ...check
CVE-2022-37257Prototype pollution vulnerability in function convertLater in npm-conv ...check
CVE-2022-37258Prototype pollution vulnerability in function convertLater in npm-conv ...check
CVE-2022-37259A Regular Expression Denial of Service (ReDoS) flaw was found in steal ...check
CVE-2022-37260A Regular Expression Denial of Service (ReDoS) flaw was found in steal ...check
CVE-2022-37262A Regular Expression Denial of Service (ReDoS) flaw was found in steal ...check
CVE-2022-37264Prototype pollution vulnerability in stealjs steal 2.2.4 via the optio ...check
CVE-2022-37265Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias ...check
CVE-2022-37266Prototype pollution vulnerability in function extend in babel.js in st ...check
CVE-2022-38545Valine v1.4.18 was discovered to contain a remote code execution (RCE) ...check
CVE-2022-38621Doufox v0.0.4 was discovered to contain a remote code execution (RCE) ...check
CVE-2022-38856Certain The MPlayer Project products are vulnerable to Buffer Overflow ...Fixed by other fixes, but not pin pointed upstream, try to isolate revision to fix issue
CVE-2022-38932readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsi ...check
CVE-2022-38934readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabiliti ...check
CVE-2022-38936An issue has been found in PBC through 2022-8-27. A SEGV issue detecte ...check
CVE-2022-39219Bifrost is a middleware package which can synchronize MySQL/MariaDB bi ...check
CVE-2022-39230fhir-works-on-aws-authz-smart is an implementation of the authorizatio ...check
CVE-2022-39238Arvados is an open source platform for managing and analyzing biomedic ...check
CVE-2022-39239netlify-ipx is an on-Demand image optimization for Netlify using ipx. ...check
CVE-2022-39242Frontier is an Ethereum compatibility layer for Substrate. Prior to co ...check
CVE-2022-39243NuProcess is an external process execution implementation for Java. In ...check
CVE-2022-39245Mist is the command-line interface for the makedeb Package Repository. ...check
CVE-2022-39252matrix-rust-sdk is an implementation of a Matrix client-server library ...check
CVE-2022-39263`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for Ne ...check
CVE-2022-39268### Impact In a CSRF attack, an innocent end user is tricked by an att ...check
CVE-2022-40149Those using Jettison to parse untrusted XML or JSON data may be vulner ...check
CVE-2022-40150Those using Jettison to parse untrusted XML or JSON data may be vulner ...check
CVE-2022-40151Those using Xstream to seralize XML data may be vulnerable to Denial o ...check
CVE-2022-40152Those using Xstream to seralize XML data may be vulnerable to Denial o ...check
CVE-2022-40153Those using Xstream to seralize XML data may be vulnerable to Denial o ...check
CVE-2022-40154Those using Xstream to serialise XML data may be vulnerable to Denial ...check
CVE-2022-40155Those using Xstream to serialise XML data may be vulnerable to Denial ...check
CVE-2022-40156Those using Xstream to seralize XML data may be vulnerable to Denial o ...check
CVE-2022-40274Gridea version 0.9.3 allows an external attacker to execute arbitrary ...check
CVE-2022-40277Joplin version 2.8.8 allows an external attacker to execute arbitrary ...check
CVE-2022-40341mojoPortal v2.7 was discovered to contain an arbitrary file upload vul ...check
CVE-2022-40359Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via craf ...check
CVE-2022-40626An unauthenticated user can create a link with reflected Javascript co ...check, verify it really did not affect versions before 6.0.0
CVE-2022-40886DedeCMS 5.7.98 has a file upload vulnerability in the background. ...check
CVE-2022-41040Microsoft Exchange Server Elevation of Privilege Vulnerability. ...check
CVE-2022-41082Microsoft Exchange Server Remote Code Execution Vulnerability. ...check
CVE-2022-41340The secp256k1-js package before 1.1.0 for Node.js implements ECDSA wit ...check
CVE-2022-41343registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote f ...check

Search for package or bug name: Reporting problems