Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2016-20013sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ...check, several sources (busybox, sssd, dietlibc, php*, ...) do embed an implentation of the code, but only track those with security impact
CVE-2020-35473An information leakage vulnerability in the Bluetooth Low Energy adver ...check
CVE-2020-35536In gcc, an internal compiler error in match_reload function at lra-con ...check
CVE-2020-35537In gcc, a crafted input source file could cause g++ to crash during co ...check
CVE-2020-35539A flaw was found in Wordpress 5.1. "X-Forwarded-For" is a HTTP header ...check
CVE-2021-3800A flaw was found in glib before version 2.63.6. Due to random charset ...check completeness
CVE-2021-27853Layer 2 network filtering capabilities such as IPv6 RA guard or ARP in ...check, potentially needs to be tracked for src:linux
CVE-2021-27854Layer 2 network filtering capabilities such as IPv6 RA guard can be by ...check, potentially needs to be tracked for src:linux
CVE-2021-27861Layer 2 network filtering capabilities such as IPv6 RA guard can be by ...check, potentially needs to be tracked for src:linux
CVE-2021-27862Layer 2 network filtering capabilities such as IPv6 RA guard can be by ...check, potentially needs to be tracked for src:linux
CVE-2021-32862The GitHub Security Lab discovered sixteen ways to exploit a cross-sit ...check details, schould affect src:nbconvert
CVE-2021-33235Buffer overflow vulnerability in write_node in htmldoc through 1.9.11 ...clarify duplicate assignment with assigning CNA
CVE-2021-33236Buffer Overflow vulnerability in write_header in htmldoc through 1.9.1 ...clarify duplicate assignment with assigning CNA
CVE-2021-35246The application fails to prevent users from connecting to it over unen ...check
CVE-2021-37819PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop ...check impact on other sources embedding lowagie/text/pdf/PdfReader.java
CVE-2021-40226xpdfreader 4.03 is vulnerable to Buffer Overflow. ...check
CVE-2021-45036Velneo vClient on its 28.1.3 version, could allow an attacker with kno ...check
CVE-2022-3854possible DoS issue in ceph URL processing on RGW backendscheck details, none provided in RHBZ#2139925
CVE-2022-3920HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filt ...check if affecting versions before 1.13.0
CVE-2022-4020Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Noteb ...check
CVE-2022-4104A loop with an unreachable exit condition can be triggered by passing ...check
CVE-2022-4144QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds readcheck details
CVE-2022-4169The Theme and plugin translation for Polylang is vulnerable to authori ...check
CVE-2022-21950A Improper Access Control vulnerability in the systemd service of cana ...check
CVE-2022-23459Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...check - numerous jsonxx repositories exist on github
CVE-2022-23460Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...check - numerous jsonxx repositories exist on github
CVE-2022-23639crossbeam-utils provides atomics, synchronization primitives, scoped t ...check, crossbeam-utils are vendored in various other sources, in particular rustc to be checked
CVE-2022-23740CRITICAL: An improper neutralization of argument delimiters in a comma ...check
CVE-2022-24999qs before 6.10.3, as used in Express before 4.17.3 and other products, ...check
CVE-2022-25942An out-of-bounds read vulnerability exists in the gif2h5 functionality ...check
CVE-2022-25972An out-of-bounds write vulnerability exists in the gif2h5 functionalit ...check
CVE-2022-26061A heap-based buffer overflow vulnerability exists in the gif2h5 functi ...check
CVE-2022-31253A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory ...check
CVE-2022-31877An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41 ...check
CVE-2022-37454The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ...check affected packages
CVE-2022-38900decode-uri-component 0.2.0 is vulnerable to Improper Input Validation ...check
CVE-2022-39331Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...check
CVE-2022-39332Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...check
CVE-2022-39333Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...check
CVE-2022-39334Nextcloud desktop is the desktop sync client for Nextcloud. Versions p ...check
CVE-2022-40735The Diffie-Hellman Key Agreement Protocol allows use of long exponents ...check
CVE-2022-41719Unmarshal can panic on some inputs, possibly allowing for denial of se ...check
CVE-2022-41854Those using Snakeyaml to parse untrusted YAML files may be vulnerable ...check details
CVE-2022-41882The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...check details, is owncloud-client similarly affected?
CVE-2022-41912The crewjam/saml go library prior to version 0.4.9 is vulnerable to an ...check
CVE-2022-41957Muhammara is a node module with c/cpp bindings to modify PDF with Java ...check
CVE-2022-42920Apache Commons BCEL has a number of APIs that would normally only allo ...check with the assigning CNAs which one to retain if confirmed to be handled as duplicate and move CVE-2022-34169 to Apache Xalan Java XSLT use of BCEL only.
CVE-2022-43588A null pointer dereference vulnerability exists in the handle_ioctl_83 ...check
CVE-2022-43589A null pointer dereference vulnerability exists in the handle_ioctl_83 ...check
CVE-2022-43590A null pointer dereference vulnerability exists in the handle_ioctl_0x ...check
CVE-2022-45136** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is ...check correctness/details if src:apache-jena affected
CVE-2022-45146An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA b ...check

Search for package or bug name: Reporting problems