Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2009-4267The console in Apache jUDDI 3.0.0 does not properly escape line feeds, ...check
CVE-2010-0109DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 ...check
CVE-2011-3477GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in ...check
CVE-2011-4068The check_password function in html/admin/login.php in PacketFence ...check
CVE-2011-4069html/admin/login.php in PacketFence before 3.0.2 allows remote ...check
CVE-2012-0771Adobe Shockwave Player before 11.6.4.634 allows attackers to execute ...check
CVE-2012-0941Multiple cross-site scripting (XSS) vulnerabilities in Fortinet ...check
CVE-2012-6346Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before ...check
CVE-2012-6347Multiple cross-site scripting (XSS) vulnerabilities in Java number ...check
CVE-2013-2830Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 ...check
CVE-2013-3552Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier ...check
CVE-2013-3553Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier ...check
CVE-2014-0013Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, ...check
CVE-2014-0014Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, ...check
CVE-2014-2017CRLF injection vulnerability in OXID eShop Professional Edition before ...check
CVE-2014-3244XML external entity (XXE) vulnerability in the RSSDashlet dashlet in ...check
CVE-2014-3630XML external entity (XXE) vulnerability in the Java XML processing ...check
CVE-2014-3972Directory traversal vulnerability in Apexis APM-J601-WS cameras with ...check
CVE-2014-4066Microsoft Internet Explorer 11 allows remote attackers to execute ...check
CVE-2014-4112Microsoft Internet Explorer 11 allows remote attackers to execute ...check
CVE-2014-4145Microsoft Internet Explorer 11 allows remote attackers to execute ...check
CVE-2014-4705Multiple heap-based buffer overflows in the eSap software platform in ...check
CVE-2014-4919OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, ...check
CVE-2014-5334FreeNAS before 9.3-M3 has a blank admin password, which allows remote ...check
CVE-2014-7952The backup mechanism in the adb tool in Android might allow attackers ...check
CVE-2014-8985Microsoft Internet Explorer 11 allows remote attackers to execute ...check
CVE-2014-9502Multiple cross-site request forgery (CSRF) vulnerabilities in ...check
CVE-2014-9503The Discussions sub module in the Open Atrium module 7.x-2.x before ...check
CVE-2014-9504The OG Subgroups module, when used with the Open Atrium module 7.x-2.x ...check
CVE-2015-1239Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG ...check, find exact commit
CVE-2015-1418patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before ...check
CVE-2015-2081Datto ALTO and SIRIS devices allow Remote Code Execution via ...check
CVE-2015-2186The Ansible edxapp role in the Configuration Repo in edX allows remote ...check
CVE-2015-2796Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ...check
CVE-2015-3618Cross-site scripting (XSS) vulnerability in Nagios Business Process ...check
CVE-2015-3619Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in ...check
CVE-2015-4400Ring (formerly DoorBot) video doorbells allow remote attackers to ...check
CVE-2015-4461Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and ...check
CVE-2015-5674The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 ...check
CVE-2015-6544Cross-site scripting (XSS) vulnerability in ...check
CVE-2015-6926The OpenID Single Sign-On authentication functionality in OXID eShop ...check
CVE-2016-10007SQL injection vulnerability in the "Marketing > Forms" screen in ...check
CVE-2016-10008SQL injection vulnerability in the "Content Types > Content Types" ...check
CVE-2016-3952web2py before 2.14.1, when using the standalone version, allows remote ...check
CVE-2016-3953The sample web application in web2py before 2.14.2 might allow remote ...check
CVE-2016-3954web2py before 2.14.2 allows remote attackers to obtain the ...check
CVE-2016-3957The secure_load function in gluon/utils.py in web2py before 2.14.2 ...check
CVE-2016-6217Cross-site scripting (XSS) vulnerability in Sophos PureMessage for ...check
CVE-2016-6272SQL injection vulnerability in EPIC MyChart allows remote attackers to ...check
CVE-2016-6598BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET ...check
CVE-2016-6599BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET ...check
CVE-2016-6813Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call ...check
CVE-2016-7394tiki wiki cms groupware <=15.2 has a xss vulnerability, allow ...check
CVE-2016-8511A Remote Code Execution vulnerability in HPE Network Automation using ...check
CVE-2016-8512A Remote Code Execution vulnerability in all versions of HPE ...check
CVE-2016-8516A remote denial of service vulnerability in HPE Systems Insight ...check
CVE-2016-8517A cross site scripting vulnerability in HPE Systems Insight Manager in ...check
CVE-2016-8518A remote denial of service vulnerability in HPE Systems Insight ...check
CVE-2016-8520HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM ...check
CVE-2016-8742The Windows installer that the Apache CouchDB team provides was ...check
CVE-2016-9568A security design issue can allow an unprivileged user to interact ...check
CVE-2016-9569The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users ...check
CVE-2016-9570cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial ...check
CVE-2017-0843An elevation of privilege vulnerability in the MediaTek ccci. Product: ...check
CVE-2017-0845A denial of service vulnerability in the Android framework ...check
CVE-2017-0911Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback ...check
CVE-2017-0914Critical SQL Injection in MilestoneFindercheck, possibly not affecting Debian version since onlys starting from 9.4.0 according advisory
CVE-2017-0924XSS in Label Dropdowncheck, possibly not affecting Debian version since onlys starting from 9.0.0 according advisory
CVE-2017-10068Vulnerability in the Oracle Business Intelligence Enterprise Edition ...check
CVE-2017-10262Vulnerability in the Oracle Access Manager component of Oracle Fusion ...check
CVE-2017-10273Vulnerability in the Oracle JDeveloper component of Oracle Fusion ...check
CVE-2017-10282Vulnerability in the Core RDBMS component of Oracle Database Server. ...check
CVE-2017-10301Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...check
CVE-2017-10689In previous versions of Puppet Agent it was possible to install a ...check, similar issue might be in ruby-puppet-forge
CVE-2017-10963In Knox SDS IAM (Identity Access Management) and EMM (Enterprise ...check
CVE-2017-11592There is a Mismatched Memory Management Routines vulnerability in the ...Report against experimental
CVE-2017-11750The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and ...check if patch simplifying patch applied in any suite
CVE-2017-12097An exploitable cross site scripting (XSS) vulnerability exists in the ...check
CVE-2017-12098An exploitable cross site scripting (XSS) vulnerability exists in the ...check
CVE-2017-12110An exploitable integer overflow vulnerability exists in the ...check, libxls is not packaged in Debian, but embedded in r-cran-readxl
CVE-2017-12111An exploitable out-of-bounds vulnerability exists in the xls_addCell ...check, libxls is not packaged in Debian, but embedded in r-cran-readxl
CVE-2017-12130An exploitable NULL pointer dereference vulnerability exists in the ...check
CVE-2017-12169It was found that FreeIPA 4.2.0 and later could disclose password ...check, disputed as well if valid CVE assignment
CVE-2017-12415OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x ...check
CVE-2017-13273In xt_qtaguid.c, there is a race condition due to insufficient ...check
CVE-2017-13812An issue was discovered in certain Apple products. macOS before ...check, potentially libarchive
CVE-2017-13813An issue was discovered in certain Apple products. macOS before ...check, potentially libarchive
CVE-2017-13815An issue was discovered in certain Apple products. macOS before ...check, potentially file
CVE-2017-13816An issue was discovered in certain Apple products. macOS before ...check, potentially libarchive
CVE-2017-13846An issue was discovered in certain Apple products. macOS before ...check, potentially PCRE
CVE-2017-14177Apport through 2.20.7 does not properly handle core dumps from setuid ...check
CVE-2017-14179Apport before 2.13 does not properly handle crashes originating from a ...check
CVE-2017-14180Apport 2.13 through 2.20.7 does not properly handle crashes ...check
CVE-2017-14457An exploitable information leak/denial of service vulnerability exists ...check
CVE-2017-14460An exploitable overly permissive cross-domain (CORS) whitelist ...check
CVE-2017-14858There is a heap-based buffer overflow in the Exiv2::l2Data function of ...report against experimental version
CVE-2017-15011The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and ...check, can't make much sense of it, probably limited to Win32
CVE-2017-15400Insufficient restriction of IPP filters in CUPS in Google Chrome OS ...check
CVE-2017-16356Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) ...check
CVE-2017-16541Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...check, this is possibly just specific to the Tor Browser Bundle assigned
CVE-2017-16906In Horde Groupware 5.2.19, there is XSS via the URL field in a ...check
CVE-2017-16907In Horde Groupware 5.2.19, there is XSS via the Color field in a Create ...check
CVE-2017-16908In Horde Groupware 5.2.19, there is XSS via the Name field during ...check
CVE-2017-17454Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before ...check
CVE-2017-17455Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before ...check
CVE-2017-17723In Exiv2 0.26, there is a heap-based buffer over-read in the ...check
CVE-2017-17724In Exiv2 0.26, there is a heap-based buffer over-read in the ...check
CVE-2017-17725In Exiv2 0.26, there is an integer overflow leading to a heap-based ...check
CVE-2017-2158Improper verification when expanding ZIP64 archives in Lhaplus ...check
CVE-2017-2166Open redirect vulnerability in GroupSession version 4.7.0 and earlier ...check
CVE-2017-2293Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped ...check
CVE-2017-2296In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted ...check
CVE-2017-2297Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not ...check
CVE-2017-2891An exploitable use-after-free vulnerability exists in the HTTP server ...check smplayer, embeds it
CVE-2017-2892An exploitable arbitrary memory read vulnerability exists in the MQTT ...check smplayer, embeds it
CVE-2017-2893An exploitable NULL pointer dereference vulnerability exists in the ...check smplayer, embeds it
CVE-2017-2894An exploitable stack buffer overflow vulnerability exists in the MQTT ...check smplayer, embeds it
CVE-2017-2895An exploitable arbitrary memory read vulnerability exists in the MQTT ...check smplayer, embeds it
CVE-2017-2896An exploitable out-of-bounds write vulnerability exists in the ...check, libxls is not packaged in Debian, but embedded in r-cran-readxl
CVE-2017-2897An exploitable out-of-bounds write vulnerability exists in the ...check, libxls is not packaged in Debian, but embedded in r-cran-readxl
CVE-2017-2909An infinite loop programming error exists in the DNS server ...check smplayer, embeds it
CVE-2017-2919An exploitable stack based buffer overflow vulnerability exists in the ...check, libxls is not packaged in Debian, but embedded in r-cran-readxl
CVE-2017-2921An exploitable memory corruption vulnerability exists in the Websocket ...check smplayer, embeds it
CVE-2017-2922An exploitable memory corruption vulnerability exists in the Websocket ...check smplayer, embeds it
CVE-2017-3158A race condition in Guacamole's terminal emulator in versions 0.9.5 ...check
CVE-2017-3160After the Android platform is added to Cordova the first time, or ...check
CVE-2017-3762Sensitive data stored by Lenovo Fingerprint Manager Pro, version ...check
CVE-2017-5170An Uncontrolled Search Path Element issue was discovered in Moxa ...check
CVE-2017-5696Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, ...check
CVE-2017-5699Input validation error in Intel MinnowBoard 3 Firmware versions prior ...check
CVE-2017-5727Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, ...check
CVE-2017-5807A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...check
CVE-2017-5808A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...check
CVE-2017-5809A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...check
CVE-2017-5810A remote sql injection vulnerability in HPE Network Automation version ...check
CVE-2017-5811A remote code execution vulnerability in HPE Network Automation ...check
CVE-2017-5812A remote sql information disclosure vulnerability in HPE Network ...check
CVE-2017-5813A remote unauthenticated access vulnerability in HPE Network ...check
CVE-2017-5814A remote sql injection authentication bypass in HPE Network Automation ...check
CVE-2017-5815A Remote Code Execution vulnerability in HPE Intelligent Management ...check
CVE-2017-6142X509 certificate verification was not correctly implemented in the ...check
CVE-2017-6169In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP ...check
CVE-2017-6192Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers ...check
CVE-2017-6193Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to ...check
CVE-2017-6198The Supervisor in Sandstorm doesn't set and enforce the resource ...check
CVE-2017-6199A remote attacker could bypass the Sandstorm organization restriction ...check
CVE-2017-6200Sandstorm before build 0.203 allows remote attackers to read any ...check
CVE-2017-6201A Server Side Request Forgery vulnerability exists in the install app ...check
CVE-2017-6225Cross-site scripting (XSS) vulnerability in the web-based management ...check
CVE-2017-6227A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN ...check
CVE-2017-6229Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and ...check
CVE-2017-6230Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus ...check
CVE-2017-6276NVIDIA mediaserver contains a vulnerability where it is possible a use ...check
CVE-2017-7121An issue was discovered in certain Apple products. macOS before 10.13 ...check, potentially file
CVE-2017-7122An issue was discovered in certain Apple products. macOS before 10.13 ...check, potentially file
CVE-2017-7123An issue was discovered in certain Apple products. macOS before 10.13 ...check, potentially file
CVE-2017-7124An issue was discovered in certain Apple products. macOS before 10.13 ...check, potentially file
CVE-2017-7125An issue was discovered in certain Apple products. macOS before 10.13 ...check, potentially file
CVE-2017-7126An issue was discovered in certain Apple products. macOS before 10.13 ...check, potentially file
CVE-2017-7127An issue was discovered in certain Apple products. iOS before 11 is ...check, potentially sqlite
CVE-2017-7128An issue was discovered in certain Apple products. iOS before 11 is ...check, potentially sqlite
CVE-2017-7129An issue was discovered in certain Apple products. iOS before 11 is ...check, potentially sqlite
CVE-2017-7130An issue was discovered in certain Apple products. iOS before 11 is ...check, potentially sqlite
CVE-2017-7351A SQL injection issue exists in a file upload handler in REDCap 7.x ...check
CVE-2017-7559In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and ...check, asked for clarification to Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=1481665#c7
CVE-2017-8979Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) ...check
CVE-2017-8980A Remote Disclosure of Information vulnerability in HPE Intelligent ...check
CVE-2017-8981A Remote Code Execution vulnerability in HPE Intelligent Management ...check
CVE-2017-8982A Remote Authentication Restriction Bypass vulnerability in HPE ...check
CVE-2017-8983A Remote Code Execution vulnerability in HPE Intelligent Management ...check
CVE-2017-8984A remote code execution vulnerability in HPE Intelligent Management ...check
CVE-2017-8985HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local ...check
CVE-2017-8993A Remote Cross-Site Scripting vulnerability in HPE Project and ...check
CVE-2017-9414Cross-site request forgery (CSRF) vulnerability in the Subscribe to ...check
CVE-2017-9513Several rest inline action resources of Atlassian Activity Streams ...check
CVE-2017-9709In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...check
CVE-2017-9963A cross-site request forgery vulnerability exists on the Secure ...check
CVE-2017-9967A security misconfiguration vulnerability exists in Schneider ...check
CVE-2017-9968A security misconfiguration vulnerability exists in Schneider ...check
CVE-2017-9969An information disclosure vulnerability exists in Schneider Electric's ...check
CVE-2017-9970A remote code execution vulnerability exists in Schneider Electric's ...check
CVE-2018-1047A flaw was found in Wildfly 9.x. A path traversal vulnerability ...check, issue in undertow or WildFly?
CVE-2018-1048It was found that the AJP connector in undertow, as shipped in Jboss ...check
CVE-2018-1051It was found that the fix for CVE-2016-9606 in versions 3.0.22 and ...check
CVE-2018-5296In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the ...check, possibly not reported upstream only in Red Hat Bugzilla
CVE-2018-5360LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ...claimed to be fixed in latest libtiff, but no idication yet which changes adresses the issue
CVE-2018-5477An Information Exposure issue was discovered in ABB netCADOPS Web ...check
CVE-2018-6487Remote Disclosure of Information in Micro Focus Universal CMDB ...check
CVE-2018-6591Converse.js and Inverse.js through 3.3 allow remote attackers to obtain ...check
CVE-2018-7173A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an ...check, poppler
CVE-2018-7174An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref ...check, poppler
CVE-2018-7175An issue was discovered in xpdf 4.00. A NULL pointer dereference in ...check, poppler
CVE-2018-7206An issue was discovered in Project Jupyter JupyterHub OAuthenticator ...check
CVE-2018-7263The mad_decoder_run() function in decoder.c in Underbit libmad through ...check
CVE-2018-7265Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that ...check
CVE-2018-7271An issue was discovered in MetInfo 6.0.0. In install/install.php in the ...check
CVE-2018-7272The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part ...check
CVE-2018-7274Yab Quarx through 2.4.3 is prone to multiple persistent cross-site ...check

Search for package or bug name: Reporting problems