| Bug | Description | Note |
|---|
| CVE-2013-1891 | In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filem ... | check |
| CVE-2013-4144 | There is an object injection vulnerability in swfupload plugin for wor ... | check |
| CVE-2013-4170 | In general, Ember.js escapes or strips any user-supplied content befor ... | check |
| CVE-2016-20013 | sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ... | check, several sources (busybox, sssd, dietlibc, php*, ...) do embed an implentation of the code, but only track those with security impact |
| CVE-2017-20123 | A vulnerability was found in Viscosity 1.6.7. It has been classified a ... | check |
| CVE-2020-0478 | In extend_frame_lowbd of restoration.c, there is a possible out of bou ... | check if ebba9c769be2c99d5396d0018901e9a4af5e2d2c is the needed commit |
| CVE-2020-9754 | NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to ... | check |
| CVE-2020-19716 | A buffer overflow vulnerability in the Databuf function in types.cpp o ... | check, unclear if fixed or not, upstream cannot reproduce as well in 0.27.1 as reported |
| CVE-2020-19896 | File inclusion vulnerability in Minicms v1.9 allows remote attackers t ... | check |
| CVE-2020-19897 | A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remot ... | check |
| CVE-2020-21046 | A local privilege escalation vulnerability was identified within the " ... | check |
| CVE-2020-21161 | Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirect ... | check |
| CVE-2020-23914 | An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer ... | retroarch and salmon embed peglib, check if it's actually a security issue |
| CVE-2020-23915 | An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_es ... | retroarch and salmon embed peglib, check if it's actually a security issue |
| CVE-2020-25459 | An issue was discovered in function sync_tree in hetero_decision_tree_ ... | check |
| CVE-2020-26877 | ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in a ... | check |
| CVE-2020-27509 | Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11 ... | check |
| CVE-2020-28865 | An issue was discovered in PowerJob through 3.2.2, allows attackers to ... | check |
| CVE-2020-36123 | saitoha libsixel v1.8.6 was discovered to contain a double free via th ... | check, unclear why reporter did close the issue again |
| CVE-2021-3430 | Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr vers ... | check |
| CVE-2021-3431 | Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions > ... | check |
| CVE-2021-3432 | Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr vers ... | check |
| CVE-2021-3433 | Invalid channel map in CONNECT_IND results to Deadlock. Zephyr version ... | check |
| CVE-2021-3434 | Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions &g ... | check |
| CVE-2021-3435 | Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4 ... | check |
| CVE-2021-3681 | A flaw was found in Ansible Galaxy Collections. When collections are b ... | check, needs verifying the affected ansible/ansible-base components |
| CVE-2021-3773 | A flaw in netfilter could allow a network-connected attacker to infer ... | fill in tracking details |
| CVE-2021-3859 | | check details |
| CVE-2021-20315 | A locking protection bypass flaw was found in some versions of gnome-s ... | check, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams |
| CVE-2021-26317 | Failure to verify the protocol in SMM may allow an attacker to control ... | check |
| CVE-2021-26318 | A timing and power-based side channel attack leveraging the x86 PREFET ... | check details and if mitigation in microcode/kernel exists |
| CVE-2021-26324 | A bug with the SEV-ES TMR may lead to a potential loss of memory integ ... | check |
| CVE-2021-26332 | Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could res ... | check |
| CVE-2021-26339 | A bug in AMD CPU’s core logic may allow for an attacker, using s ... | check |
| CVE-2021-26341 | Some AMD CPUs may transiently execute beyond unconditional direct bran ... | check if we need to track mitigations in src:linux |
| CVE-2021-26342 | In SEV guest VMs, the CPU may fail to flush the Translation Lookaside ... | check |
| CVE-2021-26347 | TOCTOU (time-of-check to time-of-use) issue in the System Management U ... | check |
| CVE-2021-26348 | Failure to flush the Translation Lookaside Buffer (TLB) of the I/O mem ... | check |
| CVE-2021-26349 | Failure to assign a new report ID to an imported guest may potentially ... | check |
| CVE-2021-26350 | A TOCTOU race condition in SMU may allow for the caller to obtain and ... | check |
| CVE-2021-26351 | Insufficient DRAM address validation in System Management Unit (SMU) m ... | check |
| CVE-2021-26352 | Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plu ... | check |
| CVE-2021-26353 | Due to a mishandled error, it is possible to leave the DRTM UApp in a ... | check |
| CVE-2021-26361 | A malicious or compromised User Application (UApp) or AGESA Boot Loade ... | check |
| CVE-2021-26362 | A malicious or compromised UApp or ABL may be used by an attacker to i ... | check |
| CVE-2021-26363 | A malicious or compromised UApp or ABL could potentially change the va ... | check |
| CVE-2021-26364 | Insufficient bounds checking in an SMU mailbox register could allow an ... | check |
| CVE-2021-26366 | An attacker, who gained elevated privileges via some other vulnerabili ... | check |
| CVE-2021-26368 | Insufficient check of the process type in Trusted OS (TOS) may allow a ... | check |
| CVE-2021-26369 | A malicious or compromised UApp or ABL may be used by an attacker to s ... | check |
| CVE-2021-26370 | Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INS ... | check |
| CVE-2021-26372 | Insufficient bound checks related to PCIE in the System Management Uni ... | check |
| CVE-2021-26373 | Insufficient bound checks in the System Management Unit (SMU) may resu ... | check |
| CVE-2021-26375 | Insufficient General Purpose IO (GPIO) bounds check in System Manageme ... | check |
| CVE-2021-26376 | Insufficient checks in System Management Unit (SMU) FeatureConfig may ... | check |
| CVE-2021-26378 | Insufficient bound checks in the System Management Unit (SMU) may resu ... | check |
| CVE-2021-26386 | A malicious or compromised UApp or ABL may be used by an attacker to i ... | check |
| CVE-2021-26388 | Improper validation of the BIOS directory may allow for searches to re ... | check |
| CVE-2021-26390 | A malicious or compromised UApp or ABL may coerce the bootloader into ... | check |
| CVE-2021-26400 | AMD processors may speculatively re-order load instructions which can ... | check |
| CVE-2021-26408 | Insufficient validation of elliptic curve points in SEV-legacy firmwar ... | check |
| CVE-2021-26633 | SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoa ... | check |
| CVE-2021-26634 | SQL injection and file upload attacks are possible due to insufficient ... | check |
| CVE-2021-26635 | In the code that verifies the file size in the ark library, it is poss ... | check |
| CVE-2021-26636 | Stored XSS and SQL injection vulnerability in MaxBoard could lead to o ... | check |
| CVE-2021-26637 | There is no account authentication and permission check logic in the f ... | check |
| CVE-2021-26638 | Improper Authentication vulnerability in S&D smarthome(smartcare) ... | check |
| CVE-2021-28021 | Buffer overflow vulnerability in function stbi__extend_receive in stb_ ... | check libstb itself, and various packages embedd a copy |
| CVE-2021-28276 | A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a ... | check CVE reference, probably invalid report or old version. |
| CVE-2021-33139 | Improper conditions check in firmware for some Intel(R) Wireless Bluet ... | check in which firmware versions fixed |
| CVE-2021-33155 | Improper input validation in firmware for some Intel(R) Wireless Bluet ... | check in which firmware versions fixed |
| CVE-2021-33178 | The Manage Backgrounds functionality within NagVis versions prior to 1 ... | check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/ |
| CVE-2021-33194 | golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows atta ... | check completeness |
| CVE-2021-33473 | An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allow ... | check |
| CVE-2021-33647 | When performing the inference shape operation of the Tile operator, if ... | check |
| CVE-2021-33648 | When performing the inference shape operation of Affine, Concat, MatMu ... | check |
| CVE-2021-33649 | When performing the inference shape operation of the Transpose operato ... | check |
| CVE-2021-33650 | When performing the inference shape operation of the SparseToDense ope ... | check |
| CVE-2021-33651 | When performing the analytical operation of the DepthwiseConv2D operat ... | check |
| CVE-2021-33652 | When the Reduce operator run operation is executed, if there is a valu ... | check |
| CVE-2021-33653 | When performing the derivation shape operation of the SpaceToBatch ope ... | check |
| CVE-2021-33654 | When performing the initialization operation of the Split operator, if ... | check |
| CVE-2021-34078 | lifion-verify-dependencies through 1.1.0 is vulnerable to OS command i ... | check |
| CVE-2021-34080 | OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.j ... | check |
| CVE-2021-36093 | It's possible to create an email which can be stuck while being proces ... | try to pinpoint status for znuny, cf. https://github.com/znuny/Znuny/issues/128 for an attempt |
| CVE-2021-36094 | It's possible to craft a request for appointment edit screen, which co ... | check, 6.1.2-1 claims to fix the issue through the znuny codebase, https://github.com/znuny/Znuny/issues/128 |
| CVE-2021-36095 | Malicious attacker is able to find out valid user logins by using the ... | try to pinpoint status for znuny, cf. https://github.com/znuny/Znuny/issues/128 for an attempt |
| CVE-2021-36096 | Generated Support Bundles contains private S/MIME and PGP keys if cont ... | check, 6.1.2-1 claims to fix the issue through the znuny codebase, cf. https://github.com/znuny/Znuny/issues/128 |
| CVE-2021-36100 | Specially crafted string in OTRS system configuration can allow the ex ... | check |
| CVE-2021-37298 | Laravel v5.1 was discovered to contain a deserialization vulnerability ... | check, unclear status of report to upstream |
| CVE-2021-37770 | Nucleus CMS v3.71 is affected by a file upload vulnerability. In this ... | check |
| CVE-2021-37778 | There is a buffer overflow in gps-sdr-sim v1.0 when parsing long comma ... | check |
| CVE-2021-37791 | MyAdmin v1.0 is affected by an incorrect access control vulnerability ... | check |
| CVE-2021-38441 | Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-w ... | check for upstream commit |
| CVE-2021-38443 | Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid s ... | check for upstream commit |
| CVE-2021-38561 | | check details |
| CVE-2021-39880 | A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ... | reach out for details for ruby-apollo-upload-server |
| CVE-2021-39947 | In specific circumstances, trace file buffers in GitLab Runner version ... | check |
| CVE-2021-40597 | The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Adminis ... | check |
| CVE-2021-40642 | Textpattern CMS v4.8.7 and older vulnerability exists through Sensitiv ... | check |
| CVE-2021-40643 | EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerabil ... | check |
| CVE-2021-40663 | deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Cont ... | check |
| CVE-2021-40892 | A Regular Expression Denial of Service (ReDOS) vulnerability was disco ... | check |
| CVE-2021-40893 | A Regular Expression Denial of Service (ReDOS) vulnerability was disco ... | check |
| CVE-2021-40895 | A Regular Expression Denial of Service (ReDOS) vulnerability was disco ... | check |
| CVE-2021-40896 | A Regular Expression Denial of Service (ReDOS) vulnerability was disco ... | check |
| CVE-2021-40897 | A Regular Expression Denial of Service (ReDOS) vulnerability was disco ... | check |
| CVE-2021-40898 | A Regular Expression Denial of Service (ReDOS) vulnerability was disco ... | check |
| CVE-2021-40899 | A Regular Expression Denial of Service (ReDOS) vulnerability was disco ... | check |
| CVE-2021-40900 | A Regular Expression Denial of Service (ReDOS) vulnerability was disco ... | check |
| CVE-2021-40901 | A Regular Expression Denial of Service (ReDOS) vulnerability was disco ... | check |
| CVE-2021-41506 | Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2 ... | check |
| CVE-2021-41559 | Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Co ... | check |
| CVE-2021-41682 | There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_c ... | check |
| CVE-2021-41683 | There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_ty ... | check |
| CVE-2021-41752 | Stack overflow vulnerability in Jerryscript before commit e1ce7dd72712 ... | check - could be only a test artifact |
| CVE-2021-41867 | An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ... | check details, exact fixing commits unclear |
| CVE-2021-41868 | OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ... | check details, exact fixing commits unclear |
| CVE-2021-42859 | ** DISPUTED ** A memory leak issue was discovered in Mini-XML v3.2 tha ... | check, unclear details from reporter and upstream cannot reproduce on current master |
| CVE-2021-42860 | ** DISPUTED ** A stack buffer overflow exists in Mini-XML v3.2. When i ... | check, unclear details from reporter and upstream cannot reproduce on current master |
| CVE-2021-43503 | A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 ... | check, unclear status of report to upstream |
| CVE-2021-44647 | Lua v5.4.3 and above are affected by SEGV by type confusion in funcnam ... | check older versions if issue is present, reproducer do not crash, but needs inspection of the code yet |
| CVE-2021-44961 | A memory leakage flaw exists in the class PerimeterGenerator of Slic3r ... | check upstream commit |
| CVE-2021-44962 | An out-of-bounds read vulnerability exists in the GCode::extrude() fun ... | check upstream fix |
| CVE-2021-45926 | MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ... | check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52? |
| CVE-2021-45927 | MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ... | check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52? |
| CVE-2021-45940 | libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in _ ... | check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started |
| CVE-2021-45941 | libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ... | check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started |
| CVE-2022-0085 | Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf ... | check |
| CVE-2022-0427 | Missing sanitization of HTML attributes in Jupyter notebooks in all ve ... | check |
| CVE-2022-0481 | NULL Pointer Dereference in Homebrew mruby prior to 3.2. ... | check, possibly only introduced with dccd66f9efecd0a974b735c62836fe566015cf37 in 3.1.0-rc |
| CVE-2022-0529 | A flaw was found in Unzip. The vulnerability occurs during the convers ... | check details |
| CVE-2022-0530 | A flaw was found in Unzip. The vulnerability occurs during the convers ... | check details |
| CVE-2022-0918 | A vulnerability was discovered in the 389 Directory Server that allows ... | check details |
| CVE-2022-1071 | User after free in mrb_vm_exec in GitHub repository mruby/mruby prior ... | check where issue introduced and present before code refactoring |
| CVE-2022-1934 | Use After Free in GitHub repository mruby/mruby prior to 3.2. ... | check details |
| CVE-2022-1955 | Session 1.13.0 allows an attacker with physical access to the victim's ... | check |
| CVE-2022-2073 | Code Injection in GitHub repository getgrav/grav prior to 1.7.34. ... | check |
| CVE-2022-22979 | In Spring Cloud Function versions prior to 3.2.6, it is possible for a ... | check |
| CVE-2022-23131 | In the case of instances where the SAML SSO authentication is enabled ... | check, possibly only affecting 5.4.0 onwards; similar code but no upstream fix in 5.0 LTS |
| CVE-2022-23639 | crossbeam-utils provides atomics, synchronization primitives, scoped t ... | check, crossbeam-utils are vendored in various other sources, in particular rustc to be checked |
| CVE-2022-23763 | Origin validation error vulnerability in NeoRS’s ActiveX moudle ... | check |
| CVE-2022-25349 | All versions of package materialize-css are vulnerable to Cross-site S ... | check if affected, CVE reported against the upstream fork |
| CVE-2022-26135 | A vulnerability in Mobile Plugin for Jira Data Center and Server allow ... | check |
| CVE-2022-28890 | A vulnerability in the RDF/XML parser of Apache Jena allows an attacke ... | check, possibly not affected as according to upstrema 4.2.x and 4.3.x doe not allow external entities, double check |
| CVE-2022-29970 | Sinatra before 2.2.0 does not validate that the expanded path matches ... | check where issue is introduced |
| CVE-2022-30045 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ... | check |
| CVE-2022-30192 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ... | check |
| CVE-2022-30467 | Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of serv ... | check |
| CVE-2022-30778 | Laravel 9.1.8, when processing attacker-controlled data for deserializ ... | check |
| CVE-2022-30779 | Laravel 9.1.8, when processing attacker-controlled data for deserializ ... | check, issue seems to be in src:guzzle, check details |
| CVE-2022-31015 | Waitress is a Web Server Gateway Interface server for Python 2 and 3. ... | double check, the problem seems to be introduced in version 2.1.0 only |
| CVE-2022-31031 | PJSIP is a free and open source multimedia communication library writt ... | check impact for src:asterisk and src:ring and update entry |
| CVE-2022-31032 | Tuleap is a Free & Open Source Suite to improve management of soft ... | check |
| CVE-2022-31058 | Tuleap is a Free & Open Source Suite to improve management of soft ... | check |
| CVE-2022-31063 | Tuleap is a Free & Open Source Suite to improve management of soft ... | check |
| CVE-2022-31089 | Parse Server is an open source backend that can be deployed to any inf ... | check |
| CVE-2022-31099 | rulex is a new, portable, regular expression language. When parsing un ... | check |
| CVE-2022-31100 | rulex is a new, portable, regular expression language. When parsing un ... | check |
| CVE-2022-31103 | lettersanitizer is a DOM-based HTML email sanitizer for in-browser ema ... | check |
| CVE-2022-31110 | RSSHub is an open source, extensible RSS feed generator. In commits pr ... | check |
| CVE-2022-31112 | Parse Server is an open source backend that can be deployed to any inf ... | check |
| CVE-2022-32969 | MetaMask before 10.11.3 might allow an attacker to access a user's sec ... | check |
| CVE-2022-33021 | CVA6 commit 909d85a accesses invalid memory when reading the value of ... | check |
| CVE-2022-33023 | CVA6 commit 909d85a gives incorrect permission to use special multipli ... | check |
| CVE-2022-33035 | XLPD v7.0.0094 and below contains an unquoted service path vulnerabili ... | check |
| CVE-2022-33036 | A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execut ... | check |
| CVE-2022-33037 | A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute ar ... | check |
| CVE-2022-33043 | A cross-site scripting (XSS) vulnerability in the batch add function o ... | check |
| CVE-2022-34043 | Incorrect permissions for the folder C:\ProgramData\NoMachine\var\unin ... | check |
| TEMP-0000000-DD73A0 | Unexpected database bindings via requests (follow-up) | check php-illuminate-database and CVE assignment |