| Bug | Description | Note |
|---|
| CVE-2018-11432 | The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows rem ... | check, likely fixed before initial Upload to Debian |
| CVE-2018-11433 | The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 a ... | check, likely fixed before initial Upload to Debian |
| CVE-2018-11434 | The buffer_fill64 function in compression.c in Libmobi 0.3 allows remo ... | check, likely fixed before initial Upload to Debian |
| CVE-2018-11435 | The mobi_decompress_huffman_internal function in compression.c in Libm ... | check, likely fixed before initial Upload to Debian |
| CVE-2018-11436 | The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote at ... | check, likely fixed before initial Upload to Debian |
| CVE-2018-11437 | The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 al ... | check, likely fixed before initial Upload to Debian |
| CVE-2018-11438 | The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allo ... | check, likely fixed before initial Upload to Debian |
| CVE-2020-0478 | In extend_frame_lowbd of restoration.c, there is a possible out of bou ... | check if ebba9c769be2c99d5396d0018901e9a4af5e2d2c is the needed commit |
| CVE-2020-12890 | Improper handling of pointers in the System Management Mode (SMM) hand ... | check |
| CVE-2020-12980 | An out of bounds write and read vulnerability in the AMD Graphics Driv ... | check |
| CVE-2020-12981 | An insufficient input validation in the AMD Graphics Driver for Window ... | check |
| CVE-2020-12982 | An invalid object pointer free vulnerability in the AMD Graphics Drive ... | check |
| CVE-2020-12983 | An out of bounds write vulnerability in the AMD Graphics Driver for Wi ... | check |
| CVE-2020-12985 | An insufficient pointer validation vulnerability in the AMD Graphics D ... | check |
| CVE-2020-12986 | An insufficient pointer validation vulnerability in the AMD Graphics D ... | check |
| CVE-2020-12987 | A heap information leak/kernel pool address disclosure vulnerability i ... | check |
| CVE-2020-14107 | A stack overflow in the HTTP server of Cast can be exploited to make t ... | check |
| CVE-2020-19611 | Cross Site Scripting (XSS) in redirect module of Racktables version 0. ... | check |
| CVE-2020-19716 | A buffer overflow vulnerability in the Databuf function in types.cpp o ... | check, unclear if fixed or not, upstream cannot reproduce as well in 0.27.1 as reported |
| CVE-2020-19858 | Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerabilit ... | check |
| CVE-2020-20597 | A cross-site scripting (XSS) vulnerability in the potrtalItemName para ... | check |
| CVE-2020-20598 | A cross-site scripting (XSS) vulnerability in the Editing component of ... | check |
| CVE-2020-23026 | A NULL pointer dereference in the main() function dhry_1.c of dhryston ... | check |
| CVE-2020-23914 | An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer ... | retroarch and salmon embed peglib, check if it's actually a security issue |
| CVE-2020-23915 | An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_es ... | retroarch and salmon embed peglib, check if it's actually a security issue |
| CVE-2020-23986 | Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 w ... | check |
| CVE-2020-25467 | A null pointer dereference was discovered lzo_decompress_buf in stream ... | check fixing commit |
| CVE-2020-25646 | A flaw was found in Ansible Collection community.crypto. openssl_priva ... | check |
| CVE-2021-1035 | In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, ... | check |
| CVE-2021-1036 | In LocationSettingsActivity of AndroidManifest.xml, there is a possibl ... | check |
| CVE-2021-1037 | The broadcast that DevicePickerFragment sends when a new device is pai ... | check |
| CVE-2021-3681 | RESERVED | check, needs verifying the affected ansible/ansible-base components |
| CVE-2021-3746 | A flaw was found in the libtpms code that may cause access beyond the ... | check, might only affect the upstream stable-0.6 branch and not an issue in src:libtpms in any released version in Debian |
| CVE-2021-3773 | RESERVED | fill in tracking details |
| CVE-2021-3815 | utils.js is vulnerable to Improperly Controlled Modification of Object ... | check |
| CVE-2021-3816 | Cacti 1.1.38 allows authenticated users with User Management permissio ... | check |
| CVE-2021-3836 | dbeaver is vulnerable to Improper Restriction of XML External Entity R ... | check |
| CVE-2021-3866 | Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip p ... | check |
| CVE-2021-4172 | Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ... | check |
| CVE-2021-20157 | It is possible for an unauthenticated, malicious user to force the dev ... | check |
| CVE-2021-20315 | locking protection bypass allow unauthorized user to kill existing applications or start new ones | check, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams |
| CVE-2021-20330 | An attacker with basic CRUD permissions on a replicated collection can ... | check |
| CVE-2021-21897 | A code execution vulnerability exists in the DL_Dxf::handleLWPolylineD ... | check, horizon-eda, cloudcompare, kicad embedds it, but needs to check if actually used and issue affects those |
| CVE-2021-22060 | In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older ... | check |
| CVE-2021-22565 | An attacker could prematurely expire a verification code, making it un ... | check |
| CVE-2021-22566 | An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead ... | check |
| CVE-2021-22567 | Bidirectional Unicode text can be interpreted and compiled differently ... | check |
| CVE-2021-22568 | When using the dart pub publish command to publish a package to a thir ... | check |
| CVE-2021-23225 | Cacti 1.1.38 allows authenticated users with User Management permissio ... | check |
| CVE-2021-23244 | ColorOS pregrant dangerous permissions to apps which are listed in a w ... | check |
| CVE-2021-23450 | All versions of package dojo are vulnerable to Prototype Pollution via ... | check |
| CVE-2021-23460 | The package min-dash before 3.8.1 are vulnerable to Prototype Pollutio ... | check |
| CVE-2021-23463 | The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vuln ... | check, might not affect versions in Debian |
| CVE-2021-23490 | The package parse-link-header before 2.0.0 are vulnerable to Regular E ... | check |
| CVE-2021-23514 | This affects the package Crow before 0.3+4. It is possible to traverse ... | check |
| CVE-2021-23518 | The package cached-path-relative before 1.1.0 are vulnerable to Protot ... | check |
| CVE-2021-23543 | All versions of package realms-shim are vulnerable to Sandbox Bypass v ... | check |
| CVE-2021-23561 | All versions of package comb are vulnerable to Prototype Pollution via ... | check |
| CVE-2021-23566 | The package nanoid before 3.1.31 are vulnerable to Information Exposur ... | check |
| CVE-2021-23567 | The package colors after 1.4.0 are vulnerable to Denial of Service (Do ... | check |
| CVE-2021-23568 | The package extend2 before 1.0.1 are vulnerable to Prototype Pollution ... | check |
| CVE-2021-23574 | All versions of package js-data are vulnerable to Prototype Pollution ... | check |
| CVE-2021-23594 | All versions of package realms-shim are vulnerable to Sandbox Bypass v ... | check |
| CVE-2021-23631 | This affects all versions of package convert-svg-core; all versions of ... | check |
| CVE-2021-23639 | The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execu ... | check |
| CVE-2021-23663 | All versions of package sey are vulnerable to Prototype Pollution via ... | check |
| CVE-2021-23664 | The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to ... | check |
| CVE-2021-23700 | All versions of package merge-deep2 are vulnerable to Prototype Pollut ... | check |
| CVE-2021-23772 | This affects all versions of package github.com/kataras/iris; all vers ... | check |
| CVE-2021-23797 | All versions of package http-server-node are vulnerable to Directory T ... | check |
| CVE-2021-23824 | This affects the package Crow before 0.3+4. When using attributes with ... | check |
| CVE-2021-23842 | Communication to the AMC2 uses a state-of-the-art cryptographic algori ... | check |
| CVE-2021-24041 | A missing bounds check in image blurring code prior to WhatsApp for An ... | check |
| CVE-2021-24042 | The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp ... | check |
| CVE-2021-24044 | By passing invalid javascript code where await and yield were called u ... | check |
| CVE-2021-24045 | A type confusion vulnerability could be triggered when resolving the " ... | check |
| CVE-2021-24046 | A logic flaw in Ray-Ban® Stories device software allowed some par ... | check |
| CVE-2021-25993 | In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected b ... | check |
| CVE-2021-26247 | As an unauthenticated remote user, visit "http://<CACTI_SERVER>/ ... | check |
| CVE-2021-26318 | A timing and power-based side channel attack leveraging the x86 PREFET ... | check details and if mitigation in microcode/kernel exists |
| CVE-2021-26340 | A malicious hypervisor in conjunction with an unprivileged attacker pr ... | check |
| CVE-2021-26706 | An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x an ... | check |
| CVE-2021-28021 | Buffer overflow vulnerability in function stbi__extend_receive in stb_ ... | check libstb itself, and various packages embedd a copy |
| CVE-2021-28680 | The devise_masquerade gem before 1.3 allows certain attacks when a pas ... | check |
| CVE-2021-29632 | In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before ... | check |
| CVE-2021-30313 | Use after free condition can occur in wired connectivity due to a race ... | check |
| CVE-2021-30330 | Possible null pointer dereference due to improper validation of APE cl ... | check |
| CVE-2021-30348 | Improper validation of LLM utility timers availability can lead to den ... | check |
| CVE-2021-30360 | Users have access to the directory where the installation repair occur ... | check |
| CVE-2021-30636 | In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corrup ... | check |
| CVE-2021-31821 | When the Windows Tentacle docker image starts up it logs all the comma ... | check |
| CVE-2021-32039 | Users with appropriate file access may be able to access unencrypted u ... | check |
| CVE-2021-32686 | PJSIP is a free and open source multimedia communication library writt ... | check, might affect in impact src:ring |
| CVE-2021-33178 | The Manage Backgrounds functionality within NagVis versions prior to 1 ... | check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/ |
| CVE-2021-33194 | golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows atta ... | check completeness |
| CVE-2021-33827 | The files_antivirus component before 1.0.0 for ownCloud allows OS Comm ... | check |
| CVE-2021-33828 | The files_antivirus component before 1.0.0 for ownCloud mishandles the ... | check |
| CVE-2021-34401 | NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVG ... | check |
| CVE-2021-34402 | NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, w ... | check |
| CVE-2021-34403 | NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, whi ... | check |
| CVE-2021-34404 | Android images for T210 provided by NVIDIA contain a vulnerability in ... | check |
| CVE-2021-34405 | NVIDIA Linux distributions contain a vulnerability in TrustZone’ ... | check |
| CVE-2021-34406 | NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a ... | check |
| CVE-2021-34426 | A vulnerability was discovered in the Keybase Client for Windows befor ... | check |
| CVE-2021-35093 | Possible memory corruption in BT controller when it receives an oversi ... | check |
| CVE-2021-36094 | It's possible to craft a request for appointment edit screen, which co ... | check, 6.1.2-1 claims to fix the issue through the znuny codebase |
| CVE-2021-36096 | Generated Support Bundles contains private S/MIME and PGP keys if cont ... | check, 6.1.2-1 claims to fix the issue through the znuny codebase |
| CVE-2021-36133 | The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ... | check |
| CVE-2021-36779 | A Improper Access Control vulnerability inf SUSE Longhorn allows any w ... | check |
| CVE-2021-36780 | A Improper Access Control vulnerability in longhorn of SUSE Longhorn a ... | check |
| CVE-2021-36781 | A Incorrect Default Permissions vulnerability in the parsec package of ... | check |
| CVE-2021-37298 | Laravel v5.1 was discovered to contain a deserialization vulnerability ... | check, unclear status of report to upstream |
| CVE-2021-37706 | PJSIP is a free and open source multimedia communication library writt ... | check, might affect in impact src:ring |
| CVE-2021-37862 | Mattermost 6.0 and earlier fails to sufficiently validate the email ad ... | check |
| CVE-2021-37863 | Mattermost 6.0 and earlier fails to sufficiently validate parameters d ... | check |
| CVE-2021-37864 | Mattermost 6.1 and earlier fails to sufficiently validate permissions ... | check |
| CVE-2021-37865 | Mattermost 6.2 and earlier fails to sufficiently process a specificall ... | check |
| CVE-2021-37866 | Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a ses ... | check |
| CVE-2021-37867 | Mattermost Boards plugin v0.10.0 and earlier fails to protect email ad ... | check |
| CVE-2021-37940 | An information disclosure via GET request server-side request forgery ... | check |
| CVE-2021-37941 | A local privilege escalation issue was found with the APM Java agent, ... | check |
| CVE-2021-38576 | A BIOS bug in firmware for a particular PC model leaves the Platform a ... | check |
| CVE-2021-38783 | There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK ... | check |
| CVE-2021-38784 | There is a NULL pointer dereference in the syscall open_exec function ... | check |
| CVE-2021-38785 | There is a NULL pointer deference in the Allwinner R818 SoC Android Q ... | check |
| CVE-2021-38786 | There is a NULL pointer dereference in media/libcedarc/vdecoder of All ... | check |
| CVE-2021-38787 | There is an integer overflow in the ION driver "/dev/ion" of Allwinner ... | check |
| CVE-2021-38788 | The Background service in Allwinner R818 SoC Android Q SDK V1.0 is use ... | check |
| CVE-2021-38789 | Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect acce ... | check |
| CVE-2021-39306 | A stack buffer overflow was discovered on Realtek RTL8195AM device bef ... | check |
| CVE-2021-39623 | In doRead of SimpleDecodingSource.cpp, there is a possible out of boun ... | check |
| CVE-2021-39659 | In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, ... | check |
| CVE-2021-39880 | A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ... | reach out for details |
| CVE-2021-39892 | In all versions of GitLab CE/EE since version 12.0, a lower privileged ... | check |
| CVE-2021-39939 | An uncontrolled resource consumption vulnerability in GitLab Runner af ... | check |
| CVE-2021-41055 | Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a ... | double-check correctness for tracking of source package, underlying issue is fixed in python-nbxmpp |
| CVE-2021-41265 | Flask-AppBuilder is a development framework built on top of Flask. Ver ... | check |
| CVE-2021-41495 | Null Pointer Dereference vulnerability exists in numpy.sort in NumPy & ... | check for classification/severity |
| CVE-2021-41789 | In wifi driver, there is a possible system crash due to a missing vali ... | check |
| CVE-2021-41867 | An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ... | check details, exact fixing commits unclear |
| CVE-2021-41868 | OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ... | check details, exact fixing commits unclear |
| CVE-2021-42810 | A flaw in the previous versions of the product may allow an authentica ... | check |
| CVE-2021-43399 | The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-s ... | check |
| CVE-2021-43415 | HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, w ... | check |
| CVE-2021-43802 | Etherpad is a real-time collaborative editor. In versions prior to 1.8 ... | check |
| CVE-2021-43804 | PJSIP is a free and open source multimedia communication library writt ... | check, might affect in impact src:ring |
| CVE-2021-43809 | `Bundler` is a package for managing application dependencies in Ruby. ... | check |
| CVE-2021-43837 | vault-cli is a configurable command-line interface tool (and python li ... | check |
| CVE-2021-43840 | message_bus is a messaging bus for Ruby processes and web clients. In ... | check |
| CVE-2021-43845 | PJSIP is a free and open source multimedia communication library. In v ... | check, might affect in impact src:ring |
| CVE-2021-44537 | ownCloud owncloud/client before 2.9.2 allows Resource Injection by a s ... | check |
| CVE-2021-44548 | An Improper Input Validation vulnerability in DataImportHandler of Apa ... | check |
| CVE-2021-44647 | Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcname ... | check older versions if issue is present, reproducer do not crash, but needs inspection of the code yet |
| CVE-2021-45260 | A null pointer dereference vulnerability exists in gpac 1.1.0 in the l ... | check, fixing commit, cf. https://github.com/gpac/gpac/issues/1979#issuecomment-992471979 |
| CVE-2021-45394 | An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can ... | check |
| CVE-2021-45761 | ROPium v3.1 was discovered to contain an invalid memory address derefe ... | check |
| CVE-2021-45829 | HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denia ... | check |
| CVE-2021-45830 | A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via ... | check |
| CVE-2021-45832 | A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at ... | check |
| CVE-2021-45833 | A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ... | check |
| CVE-2021-45926 | MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ... | check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52? |
| CVE-2021-45927 | MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ... | check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52? |
| CVE-2021-45930 | Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-o ... | check if impact present for qt4-x11, furthermore while fixed in 5.12.12 it is not in 5.15.y. |
| CVE-2021-45931 | HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t:: ... | check correctness of commit, might not affect any Debian released version |
| CVE-2021-45940 | libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in _ ... | check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started |
| CVE-2021-45941 | libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ... | check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started |
| CVE-2021-45958 | UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based buffer ove ... | claimed to be fixed in range https://github.com/ultrajson/ultrajson/compare/e3ccc5a1ff945275106d9323c00683fafeffc04a...682c6601569980e9a8a05378d3c1478db30384bc which seem to indicate the fuzzing did not really was helpful and CVE is bogus |
| CVE-2021-46020 | An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can ... | check details |
| CVE-2021-46242 | HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the ... | check |
| CVE-2021-46243 | An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1- ... | check |
| CVE-2021-46244 | A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the functi ... | check |
| CVE-2022-0219 | Improper Restriction of XML External Entity Reference in GitHub reposi ... | check |
| CVE-2022-21646 | SpiceDB is a database system for managing security-critical applicatio ... | check |
| CVE-2022-21653 | Jawn is an open source JSON parser. Extenders of the `org.typelevel.ja ... | check |
| CVE-2022-21668 | pipenv is a Python development workflow tool. Starting with version 20 ... | check |
| CVE-2022-21672 | make-ca is a utility to deliver and manage a complete PKI configuratio ... | check |
| CVE-2022-21675 | Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Ver ... | check |
| CVE-2022-21676 | Engine.IO is the implementation of transport-based cross-browser/cross ... | check |
| CVE-2022-21680 | Marked is a markdown parser and compiler. Prior to version 4.0.10, the ... | check |
| CVE-2022-21681 | Marked is a markdown parser and compiler. Prior to version 4.0.10, the ... | check |
| CVE-2022-21685 | Frontier is Substrate's Ethereum compatibility layer. Prior to commit ... | check |
| CVE-2022-21700 | Micronaut is a JVM-based, full stack Java framework designed for build ... | check |
| CVE-2022-21704 | log4js-node is a port of log4js to node.js. In affected versions defau ... | check |
| CVE-2022-21708 | graphql-go is a GraphQL server with a focus on ease of use. In version ... | check |
| CVE-2022-22820 | Due to the lack of media file checks before rendering, it was possible ... | check |
| CVE-2022-23131 | In the case of instances where the SAML SSO authentication is enabled ... | check, possibly only affecting 5.4.0 onwards |
| TEMP-0000000-DD73A0 | Unexpected database bindings via requests (follow-up) | check php-illuminate-database and CVE assignment |