Bugs with TODO items

Hide "check" TODOs

Bug	Description	Note
CVE-2016-10502	While generating trusted application id, An integer overflow can occur ...	check
CVE-2017-11750	The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and ...	check if patch simplifying patch applied in any suite
CVE-2017-14888	In all android releases(Android for MSM, Firefox OS for MSM, QRD ...	check
CVE-2017-15835	In all android releases(Android for MSM, Firefox OS for MSM, QRD ...	check
CVE-2017-18220	The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in ...	check, needs clarification, the issue is CloseBlob use-after-free
CVE-2017-18240	The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ...	check
CVE-2018-1002101	In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, ...	check
CVE-2018-11457	A vulnerability has been identified in SINUMERIK 828D V4.7 (All ...	check
CVE-2018-11458	A vulnerability has been identified in SINUMERIK 828D V4.7 (All ...	check
CVE-2018-11459	A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...	check
CVE-2018-11460	A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...	check
CVE-2018-11461	A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...	check
CVE-2018-11462	A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...	check
CVE-2018-11463	A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...	check
CVE-2018-11464	A vulnerability has been identified in SINUMERIK 828D V4.7 (All ...	check
CVE-2018-11465	A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...	check
CVE-2018-11466	A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...	check
CVE-2018-11905	In all android releases(Android for MSM, Firefox OS for MSM, QRD ...	check
CVE-2018-12076	A vulnerability in the UPC bar code of the Avanti Markets MarketCard ...	check
CVE-2018-12466	openSUSE openbuildservice before 9.2.4 allowed authenticated users to ...	check if introducing commit is right and fix status
CVE-2018-12467	Authorized users of the openbuildservice before 2.9.4 could delete ...	check if introducing commit is right and fix status
CVE-2018-1279	Pivotal RabbitMQ for PCF, all versions, uses a deterministically ...	check
CVE-2018-13804	A vulnerability has been identified in SIMATIC IT LMS (All versions), ...	check
CVE-2018-13811	A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) ...	check
CVE-2018-13812	A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...	check
CVE-2018-13813	A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...	check
CVE-2018-13814	A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...	check
CVE-2018-13815	A vulnerability has been identified in SIMATIC S7-1200 (All versions), ...	check
CVE-2018-13816	A vulnerability has been identified in TIM 1531 IRC (All version < ...	check
CVE-2018-15328	On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, ...	check
CVE-2018-15518	Qt Base: "double free or corruption" in QXmlStreamReader	check for completeness
CVE-2018-15717	Open Dental before version 18.4 stores user passwords as base64 ...	check
CVE-2018-15718	Open Dental before version 18.4 transmits the entire user database ...	check
CVE-2018-15719	Open Dental before version 18.4 installs a mysql database and uses the ...	check
CVE-2018-15800	Cloud Foundry Bits Service, versions prior to 2.18.0, includes an ...	check
CVE-2018-16329	In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the ...	check if though missing null checks are present as well in 6.x series
CVE-2018-16478	A Path Traversal in simplehttpserver versions <=0.2.1 allows to list ...	check
CVE-2018-16555	A vulnerability has been identified in SCALANCE S602 (All versions < ...	check
CVE-2018-16556	A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and ...	check
CVE-2018-16557	A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and ...	check
CVE-2018-16856	Private keys written to world-readable log files	check if Debian affected by the problem or Red Hat specific setup
CVE-2018-16981	stb stb_image.h 2.19, as used in catimg, Emscripten, and other ...	further check, stb_image.h in older version is embedded in src:catimg
CVE-2018-17157	In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer ...	check
CVE-2018-17158	In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer ...	check
CVE-2018-17159	In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS ...	check
CVE-2018-17160	In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, ...	check
CVE-2018-17949	Cross site scripting vulnerability in iManager prior to 3.1 SP2. ...	check
CVE-2018-17950	Incorrect enforcement of authorization checks in eDirectory prior to ...	check
CVE-2018-17952	Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 ...	check
CVE-2018-18653	The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI ...	check, this should be very Ubuntu specific, but it is introduced with the out-of-tree patch from the Lockdown patchset https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/cosmic/commit/?id=03c7de9e956395f3b36f86f89b62780ad9501eef and so possibly affect our kernel as well in some way.
CVE-2018-18810	The Administrator Service component of TIBCO Software Inc.'s TIBCO ...	check
CVE-2018-18922	add_user in AbiSoft Ticketly 1.0 allows remote attackers to create ...	check
CVE-2018-18923	AbiSoft Ticketly 1.0 is affected by multiple SQL Injection ...	check
CVE-2018-19118	Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote ...	check
CVE-2018-19439	XSS exists in the Administration Console in Oracle Secure Global ...	check
CVE-2018-19756	There is a heap-based buffer over-read at stb_image.h (function: ...	check
CVE-2018-19757	There is a NULL pointer dereference at function ...	check
CVE-2018-19758	There is a heap-based buffer over-read at wav.c in wav_write_header in ...	check
CVE-2018-19759	There is a heap-based buffer over-read at stb_image_write.h (function: ...	check
CVE-2018-19761	There is an illegal address access at fromsixel.c (function: ...	check
CVE-2018-19762	There is a heap-based buffer overflow at fromsixel.c (function: ...	check
CVE-2018-19763	There is a heap-based buffer over-read at writer.c (function: ...	check
CVE-2018-19865	A keystroke logging issue was discovered in Virtual Keyboard in Qt ...	check for completeness
CVE-2018-19969	phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a ...	check, upstream explicitly fixed only the 4.7/4.8 branch but not entirely clear if only introduced in 4.7.0, and older versions are EOLed, and only on best-effort mentioned in affected versions informations.
CVE-2018-19991	VeryNginx 0.3.3 allows remote attackers to bypass the Web Application ...	check
CVE-2018-20000	Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as ...	check
CVE-2018-20094	An issue was discovered in XXL-CONF 1.6.0. There is a path traversal ...	check
CVE-2018-20096	There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf ...	check
CVE-2018-20097	There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups ...	check
CVE-2018-20098	There is a heap-based buffer over-read in ...	check
CVE-2018-20099	There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of ...	check
CVE-2018-20138	PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via ...	check
CVE-2018-3847	Multiple exploitable buffer overflow vulnerabilities exist in image ...	double-check
CVE-2018-3988	Signal Messenger for Android 4.24.8 may expose private information ...	check
CVE-2018-5496	Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are ...	check
CVE-2018-8517	A denial of service vulnerability exists when .NET Framework ...	check
CVE-2018-8540	A remote code execution vulnerability exists when the Microsoft .NET ...	check
CVE-2018-8650	A cross-site-scripting (XSS) vulnerability exists when Microsoft ...	check
CVE-2018-9246	The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in ...	check if set of commits complete
CVE-2018-9538	In V4L2SliceVideoDecodeAccelerator::Dequeue of ...	check
CVE-2018-9547	In unflatten of GraphicBuffer.cpp, there is a possible bad fd close ...	check
CVE-2018-9548	In multiple functions of ContentProvider.java, there is a possible ...	check
CVE-2018-9549	In lppTransposer of lpp_tran.cpp there is a possible out of bounds ...	check
CVE-2018-9550	In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of ...	check
CVE-2018-9551	In CAacDecoder_Init of aacdecoder.cpp, there is a possible ...	check
CVE-2018-9552	In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of ...	check
CVE-2018-9553	In MasteringMetadata::Parse of mkvparser.cc there is a possible double ...	check
CVE-2018-9554	In dumpExtractors of IMediaExtractor.cp, there is a possible ...	check
CVE-2018-9555	In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds ...	check
CVE-2018-9556	In ParsePayloadHeader of payload_metadata.cc, there is a possible out ...	check
CVE-2018-9557	In really_install_package of install.cpp, there is a possible free of ...	check
CVE-2018-9558	In rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a possible ...	check
CVE-2018-9559	In persist_set_key and other functions of cryptfs.cpp, there is a ...	check
CVE-2018-9560	In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds ...	check
CVE-2018-9562	In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound ...	check
CVE-2018-9565	In readBytes of xltdecwbxml.c, there is a possible out of bounds read ...	check
CVE-2018-9566	In process_service_search_rsp of sdp_discovery.c, there is a possible ...	check
CVE-2018-9567	On Pixel devices there is a bug causing verified boot to show the same ...	check