Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2016-6154The authentication applet in Watchguard Fireware 11.11 Operating Syste ...check
CVE-2017-11750The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 an ...check if patch simplifying patch applied in any suite
CVE-2017-18240The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownersh ...check
CVE-2018-13367An information exposure vulnerability in FortiOS 6.2.0 and below may a ...check
CVE-2018-14062The COSPAS-SARSAT protocol allows remote attackers to forge messages, ...check
CVE-2018-16873In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is ...check other versions
CVE-2018-16874In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is ...check other versions
CVE-2018-16875The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 d ...check other versions
CVE-2018-16981stb stb_image.h 2.19, as used in catimg, Emscripten, and other product ...further check, stb_image.h in older version is embedded in src:catimg
CVE-2018-17791Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an " ...check
CVE-2018-18056An issue was discovered in the Texas Instruments (TI) TM4C microcontro ...check
CVE-2018-18572osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...check
CVE-2018-18573osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...check
CVE-2018-18653The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Se ...check, this should be very Ubuntu specific, but it is introduced with the out-of-tree patch from the Lockdown patchset https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/cosmic/commit/?id=03c7de9e956395f3b36f86f89b62780ad9501eef and so possibly affect our kernel as well in some way.
CVE-2018-20871In Univa Grid Engine before 8.6.3, when configured for Docker jobs and ...check, might affect src:gridengine as well
CVE-2019-0173Authentication bypass in the web console for Intel(R) Raid Web Console ...check
CVE-2019-1010091tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization ...check
CVE-2019-10687KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=r ...check
CVE-2019-10745assign-deep is vulnerable to Prototype Pollution in versions before 0. ...check
CVE-2019-10747set-value is vulnerable to Prototype Pollution in versions before 2.0. ...check
CVE-2019-10750deeply is vulnerable to Prototype Pollution in versions before 3.1.0. ...check
CVE-2019-10751All versions of the HTTPie package are vulnerable to Open Redirect tha ...check
CVE-2019-11013Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal ...check
CVE-2019-11209The realm configuration component of TIBCO Software Inc.'s TIBCO FTL C ...check
CVE-2019-11276Pivotal Apps Manager, included in Pivotal Application Service versions ...check
CVE-2019-11601A directory traversal vulnerability in remote access to backup & r ...check
CVE-2019-11602Leakage of stack traces in remote access to backup & restore in ea ...check
CVE-2019-11603A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 ...check
CVE-2019-1163A security feature bypass exists when Windows incorrectly validates CA ...check
CVE-2019-1171An information disclosure vulnerability exists in SymCrypt during the ...check
CVE-2019-1172An information disclosure vulnerability exists in Azure Active Directo ...check
CVE-2019-1187A denial of service vulnerability exists when the XmlLite runtime (Xml ...check
CVE-2019-11897A Server-Side Request Forgery (SSRF) vulnerability in the backup & ...check
CVE-2019-11924A peer could send empty handshake fragments containing only padding wh ...check
CVE-2019-12107The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd ...check, might affect minidlna
CVE-2019-1211An elevation of privilege vulnerability exists in Git for Visual Studi ...check
CVE-2019-12175In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, ...check
CVE-2019-1229An elevation of privilege vulnerability exists in Dynamics On-Premise ...check
CVE-2019-1258An elevation of privilege vulnerability exists in Azure Active Directo ...check
CVE-2019-13013Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalatio ...check
CVE-2019-13014Little Snitch versions 4.4.0 fixes a vulnerability in a privileged hel ...check
CVE-2019-13422Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 ...check
CVE-2019-13423Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 ...check
CVE-2019-13456double check assessment and classification
CVE-2019-13464An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2 ...check
CVE-2019-13520Multiple buffer overflow issues have been identified in Alpha5 Smart L ...check
CVE-2019-14257pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying e ...check
CVE-2019-14258The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to ...check
CVE-2019-14288An issue was discovered in Xpdf 4.01.01. There is an Integer overflow ...check
CVE-2019-14289An issue was discovered in Xpdf 4.01.01. There is an integer overflow ...check
CVE-2019-14368Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage:: ...check
CVE-2019-14369Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 all ...check
CVE-2019-14370In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage: ...check
CVE-2019-14430plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows S ...check
CVE-2019-14491An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. T ...check
CVE-2019-14492An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. T ...check
CVE-2019-14493An issue was discovered in OpenCV before 4.1.1. There is a NULL pointe ...check
CVE-2019-14511Sphinx Technologies Sphinx 3.1.1 by default has no authentication and ...check
CVE-2019-14513Improper bounds checking in Dnsmasq before 2.76 allows an attacker con ...Find the relevant isolated changes in the 2.76 release to address the issue.
CVE-2019-14982In Exiv2 before v0.27.2, there is an integer overflow vulnerability in ...check
CVE-2019-14993Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressi ...check
CVE-2019-15027The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on ...check
CVE-2019-15052The HTTP client in the Build tool in Gradle before 5.6 sends authentic ...check
CVE-2019-15084Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, insta ...check
CVE-2019-15092The webtoffee "WordPress Users & WooCommerce Customers Import Expo ...check
CVE-2019-15139The XWD image (X Window System window dumping file) parsing component ...check
CVE-2019-15140coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to ca ...check
CVE-2019-15476Former before 4.2.1 has XSS via a checkbox value. ...check
CVE-2019-15477Jooby before 1.6.4 has XSS via the default error handler. ...check
CVE-2019-15480Domoticz 4.10717 has XSS via item.Name. ...check
CVE-2019-15481Kimai v2 before 1.1 has XSS via a timesheet description. ...check
CVE-2019-15482selectize-plugin-a11y before 1.1.0 has XSS via the msg field. ...check
CVE-2019-15483Bolt before 3.6.10 has XSS via a title that is mishandled in the syste ...check
CVE-2019-15484Bolt before 3.6.10 has XSS via an image's alt or title field. ...check
CVE-2019-15485Bolt before 3.6.10 has XSS via createFolder or createFile in Controlle ...check
CVE-2019-15486django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_ ...check
CVE-2019-15488Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP se ...check
CVE-2019-15499CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element wi ...check
CVE-2019-15507In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request pr ...check
CVE-2019-15508In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy ...check
CVE-2019-15514The Privacy > Phone Number feature in the Telegram app 5.10 for And ...check
CVE-2019-15516Cuberite before 2019-06-11 allows webadmin directory traversal via ... ...check
CVE-2019-15517jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory trav ...check
CVE-2019-15518Swoole before 4.2.13 allows directory traversal in swPort_http_static_ ...check
CVE-2019-15519Power-Response before 2019-02-02 allows directory traversal (up to the ...check
CVE-2019-15520comelz Quark before 2019-03-26 allows directory traversal to locations ...check
CVE-2019-15525There is Missing SSL Certificate Validation in the pw3270 terminal emu ...check
CVE-2019-15537The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL I ...check
CVE-2019-1974A vulnerability in the web-based management interface of Cisco Integra ...check
CVE-2019-1984A vulnerability in Cisco Enterprise Network Functions Virtualization I ...check
CVE-2019-2120In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there i ...check
CVE-2019-2121In ActivityManagerService.attachApplication of ActivityManagerService, ...check
CVE-2019-2122In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.j ...check
CVE-2019-2125In ChangeDefaultDialerDialog.java, there is a possible escalation of p ...check
CVE-2019-2126In ParseContentEncodingEntry of mkvparser.cc, there is a possible doub ...check
CVE-2019-2127In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp, ...check
CVE-2019-2128In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write ...check
CVE-2019-2129In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a p ...check
CVE-2019-2130In CompilationJob::FinalizeJob of compiler.cc, there is a possible rem ...check
CVE-2019-2131An application with overlay permission can display overlays on top of ...check
CVE-2019-2132It is possible to overlay the VPN dialog by a malicious application. T ...check
CVE-2019-2133In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out ...check
CVE-2019-2134In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a po ...check
CVE-2019-2135In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out ...check
CVE-2019-2136In Status::readFromParcel of Status.cpp, there is a possible out of bo ...check
CVE-2019-2137In the endCall() function of TelecomManager.java, there is a possible ...check
CVE-2019-3634Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x ...check
CVE-2019-3685Fails to adequately verify TLS certificates allowing for a man in the middle attackcheck, might affect only 0.165.0 through 0.165.2, but not earlier versions
CVE-2019-5032An exploitable out-of-bounds read vulnerability exists in the LabelSst ...check
CVE-2019-5033An exploitable out-of-bounds read vulnerability exists in the Number r ...check
CVE-2019-5034An exploitable information disclosure vulnerability exists in the Weav ...check
CVE-2019-5035An exploitable information disclosure vulnerability exists in the Weav ...check
CVE-2019-5036An exploitable denial-of-service vulnerability exists in the Weave err ...check
CVE-2019-5037An exploitable denial-of-service vulnerability exists in the Weave cer ...check
CVE-2019-5038An exploitable command execution vulnerability exists in the print-tlv ...check
CVE-2019-5039An exploitable command execution vulnerability exists in the ASN1 cert ...check
CVE-2019-5040An exploitable information disclosure vulnerability exists in the Weav ...check
CVE-2019-5041An exploitable Stack Based Buffer Overflow vulnerability exists in the ...check
CVE-2019-5223PCManager 9.1.3.1 has an improper authentication vulnerability. The ce ...check
CVE-2019-5448Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Da ...check
CVE-2019-5456SMTP MITM refers to a malicious actor setting up an SMTP proxy server ...check
CVE-2019-5457Cross-site scripting (XSS) vulnerability in min-http-server (all versi ...check
CVE-2019-5458Cross-site scripting (XSS) vulnerability in http-file-server (all vers ...check
CVE-2019-5476An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running o ...check
CVE-2019-5592Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, ...check
CVE-2019-5594An Improper Neutralization of Input During Web Page Generation ("Cross ...check
CVE-2019-5632An insecure storage of sensitive information vulnerability is present ...check
CVE-2019-5633An insecure storage of sensitive information vulnerability is present ...check
CVE-2019-5634An inclusion of sensitive information in log files vulnerability is pr ...check
CVE-2019-5635A cleartext transmission of sensitive information vulnerability is pre ...check
CVE-2019-6695Lack of root file system integrity checking in Fortinet FortiManager V ...check
CVE-2019-6698Use of Hard-coded Credentials vulnerability in FortiRecorder all versi ...check
CVE-2019-7362DLL preloading vulnerability in Autodesk Design Review versions 2011, ...check
CVE-2019-7363Use-after-free vulnerability in Autodesk Design Review versions 2011, ...check
CVE-2019-7364DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of ...check
CVE-2019-7593Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 mak ...check
CVE-2019-7594Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 mak ...check
CVE-2019-7617When the Elastic APM agent for Python versions before 5.1.0 is run as ...check
CVE-2019-9153Improper Verification of a Cryptographic Signature in OpenPGP.js <= ...check
CVE-2019-9154Improper Verification of a Cryptographic Signature in OpenPGP.js <= ...check
CVE-2019-9155A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who ...check
CVE-2019-9946Cloud Native Computing Foundation (CNCF) CNI (Container Networking Int ...singularity-container seems to embed as well a copy of cni
CVE-2019-9959The JPXStream::init function in Poppler 0.78.0 and earlier doesn't che ...check
Search for package or bug name: Reporting problems