Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2013-1891In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filem ...check
CVE-2013-4144There is an object injection vulnerability in swfupload plugin for wor ...check
CVE-2013-4170In general, Ember.js escapes or strips any user-supplied content befor ...check
CVE-2016-20013sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ...check, several sources (busybox, sssd, dietlibc, php*, ...) do embed an implentation of the code, but only track those with security impact
CVE-2017-20123A vulnerability was found in Viscosity 1.6.7. It has been classified a ...check
CVE-2020-0478In extend_frame_lowbd of restoration.c, there is a possible out of bou ...check if ebba9c769be2c99d5396d0018901e9a4af5e2d2c is the needed commit
CVE-2020-9754NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to ...check
CVE-2020-19716A buffer overflow vulnerability in the Databuf function in types.cpp o ...check, unclear if fixed or not, upstream cannot reproduce as well in 0.27.1 as reported
CVE-2020-19896File inclusion vulnerability in Minicms v1.9 allows remote attackers t ...check
CVE-2020-19897A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remot ...check
CVE-2020-21046A local privilege escalation vulnerability was identified within the " ...check
CVE-2020-21161Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirect ...check
CVE-2020-23914An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer ...retroarch and salmon embed peglib, check if it's actually a security issue
CVE-2020-23915An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_es ...retroarch and salmon embed peglib, check if it's actually a security issue
CVE-2020-25459An issue was discovered in function sync_tree in hetero_decision_tree_ ...check
CVE-2020-26877ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in a ...check
CVE-2020-27509Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11 ...check
CVE-2020-28865An issue was discovered in PowerJob through 3.2.2, allows attackers to ...check
CVE-2020-36123saitoha libsixel v1.8.6 was discovered to contain a double free via th ...check, unclear why reporter did close the issue again
CVE-2021-3430Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr vers ...check
CVE-2021-3431Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions > ...check
CVE-2021-3432Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr vers ...check
CVE-2021-3433Invalid channel map in CONNECT_IND results to Deadlock. Zephyr version ...check
CVE-2021-3434Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions &g ...check
CVE-2021-3435Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4 ...check
CVE-2021-3681A flaw was found in Ansible Galaxy Collections. When collections are b ...check, needs verifying the affected ansible/ansible-base components
CVE-2021-3773A flaw in netfilter could allow a network-connected attacker to infer ...fill in tracking details
CVE-2021-3859check details
CVE-2021-20315A locking protection bypass flaw was found in some versions of gnome-s ...check, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams
CVE-2021-26317Failure to verify the protocol in SMM may allow an attacker to control ...check
CVE-2021-26318A timing and power-based side channel attack leveraging the x86 PREFET ...check details and if mitigation in microcode/kernel exists
CVE-2021-26324A bug with the SEV-ES TMR may lead to a potential loss of memory integ ...check
CVE-2021-26332Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could res ...check
CVE-2021-26339A bug in AMD CPU’s core logic may allow for an attacker, using s ...check
CVE-2021-26341Some AMD CPUs may transiently execute beyond unconditional direct bran ...check if we need to track mitigations in src:linux
CVE-2021-26342In SEV guest VMs, the CPU may fail to flush the Translation Lookaside ...check
CVE-2021-26347TOCTOU (time-of-check to time-of-use) issue in the System Management U ...check
CVE-2021-26348Failure to flush the Translation Lookaside Buffer (TLB) of the I/O mem ...check
CVE-2021-26349Failure to assign a new report ID to an imported guest may potentially ...check
CVE-2021-26350A TOCTOU race condition in SMU may allow for the caller to obtain and ...check
CVE-2021-26351Insufficient DRAM address validation in System Management Unit (SMU) m ...check
CVE-2021-26352Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plu ...check
CVE-2021-26353Due to a mishandled error, it is possible to leave the DRTM UApp in a ...check
CVE-2021-26361A malicious or compromised User Application (UApp) or AGESA Boot Loade ...check
CVE-2021-26362A malicious or compromised UApp or ABL may be used by an attacker to i ...check
CVE-2021-26363A malicious or compromised UApp or ABL could potentially change the va ...check
CVE-2021-26364Insufficient bounds checking in an SMU mailbox register could allow an ...check
CVE-2021-26366An attacker, who gained elevated privileges via some other vulnerabili ...check
CVE-2021-26368Insufficient check of the process type in Trusted OS (TOS) may allow a ...check
CVE-2021-26369A malicious or compromised UApp or ABL may be used by an attacker to s ...check
CVE-2021-26370Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INS ...check
CVE-2021-26372Insufficient bound checks related to PCIE in the System Management Uni ...check
CVE-2021-26373Insufficient bound checks in the System Management Unit (SMU) may resu ...check
CVE-2021-26375Insufficient General Purpose IO (GPIO) bounds check in System Manageme ...check
CVE-2021-26376Insufficient checks in System Management Unit (SMU) FeatureConfig may ...check
CVE-2021-26378Insufficient bound checks in the System Management Unit (SMU) may resu ...check
CVE-2021-26386A malicious or compromised UApp or ABL may be used by an attacker to i ...check
CVE-2021-26388Improper validation of the BIOS directory may allow for searches to re ...check
CVE-2021-26390A malicious or compromised UApp or ABL may coerce the bootloader into ...check
CVE-2021-26400AMD processors may speculatively re-order load instructions which can ...check
CVE-2021-26408Insufficient validation of elliptic curve points in SEV-legacy firmwar ...check
CVE-2021-26633SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoa ...check
CVE-2021-26634SQL injection and file upload attacks are possible due to insufficient ...check
CVE-2021-26635In the code that verifies the file size in the ark library, it is poss ...check
CVE-2021-26636Stored XSS and SQL injection vulnerability in MaxBoard could lead to o ...check
CVE-2021-26637There is no account authentication and permission check logic in the f ...check
CVE-2021-26638Improper Authentication vulnerability in S&D smarthome(smartcare) ...check
CVE-2021-28021Buffer overflow vulnerability in function stbi__extend_receive in stb_ ...check libstb itself, and various packages embedd a copy
CVE-2021-28276A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a ...check CVE reference, probably invalid report or old version.
CVE-2021-33139Improper conditions check in firmware for some Intel(R) Wireless Bluet ...check in which firmware versions fixed
CVE-2021-33155Improper input validation in firmware for some Intel(R) Wireless Bluet ...check in which firmware versions fixed
CVE-2021-33178The Manage Backgrounds functionality within NagVis versions prior to 1 ...check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/
CVE-2021-33194golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows atta ...check completeness
CVE-2021-33473An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allow ...check
CVE-2021-33647When performing the inference shape operation of the Tile operator, if ...check
CVE-2021-33648When performing the inference shape operation of Affine, Concat, MatMu ...check
CVE-2021-33649When performing the inference shape operation of the Transpose operato ...check
CVE-2021-33650When performing the inference shape operation of the SparseToDense ope ...check
CVE-2021-33651When performing the analytical operation of the DepthwiseConv2D operat ...check
CVE-2021-33652When the Reduce operator run operation is executed, if there is a valu ...check
CVE-2021-33653When performing the derivation shape operation of the SpaceToBatch ope ...check
CVE-2021-33654When performing the initialization operation of the Split operator, if ...check
CVE-2021-34078lifion-verify-dependencies through 1.1.0 is vulnerable to OS command i ...check
CVE-2021-34080OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.j ...check
CVE-2021-36093It's possible to create an email which can be stuck while being proces ...try to pinpoint status for znuny, cf. https://github.com/znuny/Znuny/issues/128 for an attempt
CVE-2021-36094It's possible to craft a request for appointment edit screen, which co ...check, 6.1.2-1 claims to fix the issue through the znuny codebase, https://github.com/znuny/Znuny/issues/128
CVE-2021-36095Malicious attacker is able to find out valid user logins by using the ...try to pinpoint status for znuny, cf. https://github.com/znuny/Znuny/issues/128 for an attempt
CVE-2021-36096Generated Support Bundles contains private S/MIME and PGP keys if cont ...check, 6.1.2-1 claims to fix the issue through the znuny codebase, cf. https://github.com/znuny/Znuny/issues/128
CVE-2021-36100Specially crafted string in OTRS system configuration can allow the ex ...check
CVE-2021-37298Laravel v5.1 was discovered to contain a deserialization vulnerability ...check, unclear status of report to upstream
CVE-2021-37770Nucleus CMS v3.71 is affected by a file upload vulnerability. In this ...check
CVE-2021-37778There is a buffer overflow in gps-sdr-sim v1.0 when parsing long comma ...check
CVE-2021-37791MyAdmin v1.0 is affected by an incorrect access control vulnerability ...check
CVE-2021-38441Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-w ...check for upstream commit
CVE-2021-38443Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid s ...check for upstream commit
CVE-2021-38561check details
CVE-2021-39880A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ...reach out for details for ruby-apollo-upload-server
CVE-2021-39947In specific circumstances, trace file buffers in GitLab Runner version ...check
CVE-2021-40597The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Adminis ...check
CVE-2021-40642Textpattern CMS v4.8.7 and older vulnerability exists through Sensitiv ...check
CVE-2021-40643EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerabil ...check
CVE-2021-40663deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Cont ...check
CVE-2021-40892A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...check
CVE-2021-40893A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...check
CVE-2021-40895A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...check
CVE-2021-40896A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...check
CVE-2021-40897A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...check
CVE-2021-40898A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...check
CVE-2021-40899A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...check
CVE-2021-40900A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...check
CVE-2021-40901A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...check
CVE-2021-41506Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2 ...check
CVE-2021-41559Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Co ...check
CVE-2021-41682There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_c ...check
CVE-2021-41683There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_ty ...check
CVE-2021-41752Stack overflow vulnerability in Jerryscript before commit e1ce7dd72712 ...check - could be only a test artifact
CVE-2021-41867An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ...check details, exact fixing commits unclear
CVE-2021-41868OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ...check details, exact fixing commits unclear
CVE-2021-42859** DISPUTED ** A memory leak issue was discovered in Mini-XML v3.2 tha ...check, unclear details from reporter and upstream cannot reproduce on current master
CVE-2021-42860** DISPUTED ** A stack buffer overflow exists in Mini-XML v3.2. When i ...check, unclear details from reporter and upstream cannot reproduce on current master
CVE-2021-43503A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 ...check, unclear status of report to upstream
CVE-2021-44647Lua v5.4.3 and above are affected by SEGV by type confusion in funcnam ...check older versions if issue is present, reproducer do not crash, but needs inspection of the code yet
CVE-2021-44961A memory leakage flaw exists in the class PerimeterGenerator of Slic3r ...check upstream commit
CVE-2021-44962An out-of-bounds read vulnerability exists in the GCode::extrude() fun ...check upstream fix
CVE-2021-45926MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
CVE-2021-45927MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
CVE-2021-45940libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in _ ...check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started
CVE-2021-45941libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started
CVE-2022-0085Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf ...check
CVE-2022-0427Missing sanitization of HTML attributes in Jupyter notebooks in all ve ...check
CVE-2022-0481NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...check, possibly only introduced with dccd66f9efecd0a974b735c62836fe566015cf37 in 3.1.0-rc
CVE-2022-0529A flaw was found in Unzip. The vulnerability occurs during the convers ...check details
CVE-2022-0530A flaw was found in Unzip. The vulnerability occurs during the convers ...check details
CVE-2022-0918A vulnerability was discovered in the 389 Directory Server that allows ...check details
CVE-2022-1071User after free in mrb_vm_exec in GitHub repository mruby/mruby prior ...check where issue introduced and present before code refactoring
CVE-2022-1934Use After Free in GitHub repository mruby/mruby prior to 3.2. ...check details
CVE-2022-1955Session 1.13.0 allows an attacker with physical access to the victim's ...check
CVE-2022-2073Code Injection in GitHub repository getgrav/grav prior to 1.7.34. ...check
CVE-2022-22979In Spring Cloud Function versions prior to 3.2.6, it is possible for a ...check
CVE-2022-23131In the case of instances where the SAML SSO authentication is enabled ...check, possibly only affecting 5.4.0 onwards; similar code but no upstream fix in 5.0 LTS
CVE-2022-23639crossbeam-utils provides atomics, synchronization primitives, scoped t ...check, crossbeam-utils are vendored in various other sources, in particular rustc to be checked
CVE-2022-23763Origin validation error vulnerability in NeoRS’s ActiveX moudle ...check
CVE-2022-25349All versions of package materialize-css are vulnerable to Cross-site S ...check if affected, CVE reported against the upstream fork
CVE-2022-26135A vulnerability in Mobile Plugin for Jira Data Center and Server allow ...check
CVE-2022-28890A vulnerability in the RDF/XML parser of Apache Jena allows an attacke ...check, possibly not affected as according to upstrema 4.2.x and 4.3.x doe not allow external entities, double check
CVE-2022-29970Sinatra before 2.2.0 does not validate that the expanded path matches ...check where issue is introduced
CVE-2022-30045An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...check
CVE-2022-30192Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...check
CVE-2022-30467Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of serv ...check
CVE-2022-30778Laravel 9.1.8, when processing attacker-controlled data for deserializ ...check
CVE-2022-30779Laravel 9.1.8, when processing attacker-controlled data for deserializ ...check, issue seems to be in src:guzzle, check details
CVE-2022-31015Waitress is a Web Server Gateway Interface server for Python 2 and 3. ...double check, the problem seems to be introduced in version 2.1.0 only
CVE-2022-31031PJSIP is a free and open source multimedia communication library writt ...check impact for src:asterisk and src:ring and update entry
CVE-2022-31032Tuleap is a Free & Open Source Suite to improve management of soft ...check
CVE-2022-31058Tuleap is a Free & Open Source Suite to improve management of soft ...check
CVE-2022-31063Tuleap is a Free & Open Source Suite to improve management of soft ...check
CVE-2022-31089Parse Server is an open source backend that can be deployed to any inf ...check
CVE-2022-31099rulex is a new, portable, regular expression language. When parsing un ...check
CVE-2022-31100rulex is a new, portable, regular expression language. When parsing un ...check
CVE-2022-31103lettersanitizer is a DOM-based HTML email sanitizer for in-browser ema ...check
CVE-2022-31110RSSHub is an open source, extensible RSS feed generator. In commits pr ...check
CVE-2022-31112Parse Server is an open source backend that can be deployed to any inf ...check
CVE-2022-32969MetaMask before 10.11.3 might allow an attacker to access a user's sec ...check
CVE-2022-33021CVA6 commit 909d85a accesses invalid memory when reading the value of ...check
CVE-2022-33023CVA6 commit 909d85a gives incorrect permission to use special multipli ...check
CVE-2022-33035XLPD v7.0.0094 and below contains an unquoted service path vulnerabili ...check
CVE-2022-33036A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execut ...check
CVE-2022-33037A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute ar ...check
CVE-2022-33043A cross-site scripting (XSS) vulnerability in the batch add function o ...check
CVE-2022-34043Incorrect permissions for the folder C:\ProgramData\NoMachine\var\unin ...check
TEMP-0000000-DD73A0Unexpected database bindings via requests (follow-up)check php-illuminate-database and CVE assignment

Search for package or bug name: Reporting problems