Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2016-1584In all versions of Unity8 a running but not active application on a la ...check proper tracking update
CVE-2016-20023In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users c ...check
CVE-2018-25157Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability ...check
CVE-2019-25306BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vuln ...check
CVE-2019-25307WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in ...check
CVE-2019-25308Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in ...check
CVE-2019-25309Zilab Remote Console Server 3.2.9 contains an unquoted service path vu ...check
CVE-2019-25310ActiveFax Server 6.92 Build 0316 contains an unquoted service path vul ...check
CVE-2019-25311thesystem version 1.0 contains a persistent cross-site scripting vulne ...check
CVE-2019-25312InoERP 0.7.2 contains a persistent cross-site scripting vulnerability ...check
CVE-2019-25313FlexNet Publisher 11.12.1 contains a cross-site request forgery vulner ...check
CVE-2019-25314Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site ...check
CVE-2019-25315WordPress Server Log Viewer 1.0 contains a persistent cross-site scrip ...check
CVE-2019-25316GOautodial 4.0 contains a persistent cross-site scripting vulnerabilit ...check
CVE-2019-25317Kimai 2 contains a persistent cross-site scripting vulnerability that ...check
CVE-2020-36968M/Monit 3.7.4 contains an authentication vulnerability that allows aut ...check, unclear upstream status
CVE-2020-36969M/Monit 3.7.4 contains a privilege escalation vulnerability that allow ...check, unclear upstream status
CVE-2020-37011Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability tha ...check, unclear upstream status. Doesn't reproduce with the version in trixie
CVE-2020-37038Code Blocks 20.03 contains a denial of service vulnerability that allo ...check, possibly just DoS of application and unimportant
CVE-2020-37040Code Blocks 17.12 contains a local buffer overflow vulnerability that ...check, might be Windows specific issue
CVE-2020-37104ASTPP 4.0.1 contains an information disclosure vulnerability that allo ...check
CVE-2020-37153ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scr ...check
CVE-2020-37156BloodX 1.0 contains an authentication bypass vulnerability in login.ph ...check
CVE-2020-37158AVideo Platform 8.1 contains a cross-site request forgery vulnerabilit ...check
CVE-2020-37172AVideo Platform 8.1 contains a cross-site request forgery vulnerabilit ...check
CVE-2020-37173AVideo Platform 8.1 contains an information disclosure vulnerability t ...check
CVE-2020-37175P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability ...check
CVE-2020-37176Torrent 3GP Converter 1.51 contains a stack overflow vulnerability tha ...check
CVE-2020-37177BOOTP Turbo 2.0 contains a denial of service vulnerability that allows ...check
CVE-2020-37178KeePass Password Safe versions before 2.44 contain a denial of service ...check
CVE-2020-37179APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerabi ...check
CVE-2020-37180GTalk Password Finder 2.2.1 contains a denial of service vulnerability ...check
CVE-2020-37181Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnera ...check
CVE-2020-37182Redir 3.3 contains a stack overflow vulnerability in the doproxyconnec ...check
CVE-2020-37183Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack over ...check
CVE-2020-37184Allok Video Converter 4.6.1217 contains a stack overflow vulnerability ...check
CVE-2020-37185Backup Key Recovery 2.2.5 contains a denial of service vulnerability t ...check
CVE-2020-37186Chevereto 3.13.4 Core contains a remote code execution vulnerability t ...check
CVE-2020-37187SpotDialup 1.6.7 contains a denial of service vulnerability in the reg ...check
CVE-2020-37188SpotOutlook 1.2.6 contains a denial of service vulnerability in the re ...check
CVE-2020-37189TaskCanvas 1.4.0 contains a denial of service vulnerability in the reg ...check
CVE-2020-37190Top Password Firefox Password Recovery 2.8 contains a denial of servic ...check
CVE-2020-37191Top Password Software Dialup Password Recovery 1.30 contains a denial ...check
CVE-2020-37192MSN Password Recovery 1.30 contains an XML external entity injection v ...check
CVE-2020-37193ZIP Password Recovery 2.30 contains a denial of service vulnerability ...check
CVE-2020-37194Backup Key Recovery 2.2.5 contains a denial of service vulnerability t ...check
CVE-2020-37195BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the ...check
CVE-2020-37196Dnss Domain Name Search Software contains a denial of service vulnerab ...check
CVE-2020-37197Dnss Domain Name Search Software contains a denial of service vulnerab ...check
CVE-2020-37198Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability ...check
CVE-2020-37199NBMonitor 1.6.6.0 contains a denial of service vulnerability in its re ...check
CVE-2020-37200NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in th ...check
CVE-2020-37201NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in th ...check
CVE-2020-37202NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that ...check
CVE-2020-37203Office Product Key Finder 1.5.4 contains a denial of service vulnerabi ...check
CVE-2020-37204RemShutdown 2.9.0.0 contains a denial of service vulnerability in its ...check
CVE-2020-37205RemShutdown 2.9.0.0 contains a denial of service vulnerability that al ...check
CVE-2020-37206ShareAlarmPro contains a denial of service vulnerability that allows a ...check
CVE-2020-37207SpotDialup 1.6.7 contains a denial of service vulnerability in the reg ...check
CVE-2020-37208SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the regist ...check
CVE-2020-37209SpotFTP 3.0.0.0 contains a denial of service vulnerability in the regi ...check
CVE-2020-37210SpotIE 2.9.5 contains a denial of service vulnerability in the registr ...check
CVE-2020-37211SpotIM 2.2 contains a denial of service vulnerability that allows atta ...check
CVE-2020-37212SpotMSN 2.4.6 contains a denial of service vulnerability in the regist ...check
CVE-2020-37213TextCrawler Pro 3.1.1 contains a denial of service vulnerability that ...check
CVE-2020-37214Voyager 1.3.0 contains a directory traversal vulnerability that allows ...check
CVE-2020-37215MSN Password Recovery version 1.30 contains a denial of service vulner ...check
CVE-2021-26381Improper system call parameter validation in the Trusted OS may allow ...check
CVE-2021-26410Improper syscall input validation in ASP (AMD Secure Processor) may fo ...check
CVE-2021-47793Telegram Desktop 2.9.2 contains a denial of service vulnerability that ...check
CVE-2022-23538github.com/sylabs/scs-library-client is the Go client for the Singular ...check details, might as well affect golang-github-apptainer-container-library-client
CVE-2022-50942Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerab ...check status upstream
CVE-2023-20514Improper handling of parameters in the AMD Secure Processor (ASP) coul ...check
CVE-2023-20548A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ...check
CVE-2023-26044react/http is an event-driven, streaming HTTP client and server implem ...check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected
CVE-2023-31324A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ...check
CVE-2023-49316In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ...check if affecting ldap-account-manager or unused path
CVE-2023-50251php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50252php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50262Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...check sources embedding php-dompdf if affected
CVE-2024-4027A flaw was found in Undertow. Servlets using a method that calls HttpS ...check details
CVE-2024-21953Improper input validation in IOMMU could allow a malicious hypervisor ...check
CVE-2024-22420JupyterLab is an extensible environment for interactive and reproducib ...check completeness, src:jupyter-notebook?
CVE-2024-22421JupyterLab is an extensible environment for interactive and reproducib ...check completeness, src:jupyter-notebook?
CVE-2024-26477An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitiv ...check
CVE-2024-26478An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitiv ...check
CVE-2024-26479An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitiv ...check
CVE-2024-26480An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitiv ...check
CVE-2024-36310Improper input validation in the SMM communications buffer could allow ...check
CVE-2024-36311A Time-of-check time-of-use (TOCTOU) race condition in the SMM communi ...check
CVE-2024-36316The integer overflow vulnerability within AMD Graphics driver could al ...check
CVE-2024-36320Integer Overflow within atihdwt6.sys can allow a local attacker to cau ...check
CVE-2024-36324Improper input validation in AMD Graphics Driver could allow an attack ...check
CVE-2024-50617Vulnerabilities in the File Download and Get File handler components i ...check
CVE-2024-50618A Use of Single-factor Authentication vulnerability in the Authenticat ...check
CVE-2024-50619Vulnerabilities in the My Account and User Management components in CI ...check
CVE-2024-50620Unrestricted Upload of File with Dangerous Type vulnerabilities exist ...check
CVE-2024-54192An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial ...check
CVE-2025-0012Improper handling of overlap between the segmented reverse map table ( ...check
CVE-2025-0029Improper handling of error condition during host-induced faults can al ...check
CVE-2025-0031A use after free in the SEV firmware could allow a malicous hypervisor ...check
CVE-2025-4382A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ...double check if vulnerability only considered present after grub_is_cli_disabled is introduced
CVE-2025-6499A vulnerability classified as problematic was found in vstakhov libucl ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2025-8671A mismatch caused by client-triggered server-sent stream resets betwee ...check, some projects will assign own CVEs and should then be covered under that specific CVE instead
CVE-2025-8941A flaw was found in linux-pam. The pam_namespace module may improperly ...check likely RedHat specific incomplete fix for CVE-2025-6020, but asked to pinpoint incomplete fixes
CVE-2025-10174Cleartext Transmission of Sensitive Information vulnerability in Pan S ...check
CVE-2025-10913Improper Neutralization of Input During Web Page Generation (XSS or 'C ...check
CVE-2025-11010A vulnerability has been found in vstakhov libucl up to 0.9.2. Affecte ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2025-11147Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ...clarifying with reporter and Eduard Bloch on the issue.
CVE-2025-12059Insertion of Sensitive Information into Externally-Accessible File or ...check
CVE-2025-13648An attacker with access to the web application ZeusWeb of the provider ...check
CVE-2025-13649An attacker with access to the web applicationZeusWeb of the provider ...check
CVE-2025-13650An attacker with access to the web application ZeusWeb of the provider ...check
CVE-2025-13651Exposure of Sensitive System Information to an Unauthorized Actor vuln ...check
CVE-2025-15569A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The im ...check
CVE-2025-15577An unauthenticated attacker can exploit this vulnerability by manipula ...check
CVE-2025-22453Improper input validation for some Server Firmware Update Utility(SysF ...check
CVE-2025-22849Incorrect default permissions for the Intel(R) Optane(TM) PMem managem ...check
CVE-2025-22885Improper buffer restrictions in the firmware for the TDX Module may al ...check
CVE-2025-24851Uncaught exception in the firmware for some 100GbE Intel(R) Ethernet C ...check
CVE-2025-25058Improper initialization for some ESXi kernel mode driver for the Intel ...check
CVE-2025-25210Improper input validation for some Server Firmware Update Utility(SysF ...check
CVE-2025-27243Out-of-bounds write in the firmware for some Intel(R) Ethernet Control ...check
CVE-2025-27535Exposed ioctl with insufficient access control in the firmware for som ...check
CVE-2025-27560Loop with unreachable exit condition ('infinite loop') for some Intel( ...check
CVE-2025-27572Exposure of sensitive information during transient execution for some ...check
CVE-2025-27708Out-of-bounds read in the firmware for some Intel(R) Converged Securit ...check
CVE-2025-27940Out-of-bounds read for some TDX Module before version tdx1.5 within Ri ...check
CVE-2025-29939Improper access control in secure encrypted virtualization (SEV) could ...check
CVE-2025-29946Insufficient or Incomplete Data Removal in Hardware Component in SEV f ...check
CVE-2025-29948Improper access control in AMD Secure Encrypted Virtualization (SEV) f ...check
CVE-2025-29949Insufficient input parameter sanitization in AMD Secure Processor (ASP ...check
CVE-2025-29950Improper input validation in system management mode (SMM) could allow ...check
CVE-2025-29951A buffer overflow in the AMD Secure Processor (ASP) bootloader could a ...check
CVE-2025-29952Improper Initialization within the AMD Secure Encrypted Virtualization ...check
CVE-2025-30508Improper authorization in the Intel(R) Quick Assist Technology for som ...check
CVE-2025-30513Race condition for some TDX Module within Ring 0: Hypervisor may allow ...check
CVE-2025-31655Incorrect default permissions for some Intel(R) Battery Life Diagnosti ...check
CVE-2025-31944Race condition for some TDX Module before version tdx1.5 within Ring 0 ...check
CVE-2025-32003Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet N ...check
CVE-2025-32007Out-of-bounds read for some TDX before version tdx module 1.5.24 withi ...check
CVE-2025-32008Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) ...check
CVE-2025-32092Insecure inherited permissions for some Intel(R) Graphics Software bef ...check
CVE-2025-32453Incorrect default permissions for some Intel(R) Graphics Driver softwa ...check
CVE-2025-32467Use of uninitialized variable for some TDX Module before version tdx1. ...check
CVE-2025-32739Improper conditions check in some firmware for some Intel(R) Graphics ...check
CVE-2025-48503A DLL hijacking vulnerability in the AMD Software Installer could allo ...check
CVE-2025-48508Improper Hardware reset flow logic in the GPU GFX Hardware IP block co ...check
CVE-2025-48518Improper input validation in AMD Graphics Driver could allow a local a ...check
CVE-2025-52541A DLL hijacking vulnerability in Vivado could allow a local attacker t ...check
CVE-2025-58064CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...check
CVE-2025-60796phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting ( ...check, possibly not reported upstream
CVE-2025-60797phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ...check, possibly not reported upstream
CVE-2025-60798phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ...check, possibly not reported upstream
CVE-2025-60799phpPgAdmin 7.13.0 and earlier contains an incorrect access control vul ...check, possibly not reported upstream
CVE-2025-61261A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1 ...check
CVE-2025-61969Incorrect permission assignment in AMD \xb5Prof may allow a local user ...check
CVE-2025-64075A path traversal vulnerability in the check_token function of Shenzhen ...check
CVE-2025-65102PJSIP is a free and open source multimedia communication library. Prio ...check, might affect asterisk and ring
CVE-2025-65127A lack of session validation in the web API component of Shenzhen Zhib ...check
CVE-2025-65128A missing authentication mechanism in the web management API component ...check
CVE-2025-65480An issue was discovered in Pacom Unison Client 5.13.1. Authenticated u ...check
CVE-2025-65865An integer overflow in eProsima Fast-DDS v3.3 allows attackers to caus ...check https://gist.github.com/lkloliver/7aa48cb9fc7a1dd74cb595212bb69d33, unclear if reported upstream
CVE-2025-66412Angular is a development platform for building mobile and desktop web ...check, might not impact the 1.x versions of Angular
CVE-2025-66567The ruby-saml library is for implementing the client side of a SAML au ...check
CVE-2025-66568The ruby-saml library implements the client side of an SAML authorizat ...check
CVE-2025-66578xmlseclibs is a library written in PHP for working with XML Encryption ...check
CVE-2025-67108eProsima Fast-DDS v3.3 was discovered to contain improper validation f ...check https://gist.github.com/lkloliver/81b5d5a8328d712dbfd497bf11dbe913, unclear if reported upstream
CVE-2025-69871A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and e ...check
CVE-2025-69872DiskCache (python-diskcache) through 5.6.3 uses Python pickle for seri ...check, check upstream (report) status
CVE-2025-69873ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerab ...check, verify upstream (report) status
CVE-2026-0671Improper Neutralization of Input During Web Page Generation (XSS or 'C ...check
CVE-2026-0708check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2026-1703When pip is installing and extracting a maliciously crafted wheel arch ...check as well pipenv
CVE-2026-2327Versions of the package markdown-it from 13.0.0 and before 14.1.1 are ...check
CVE-2026-2391### Summary The `arrayLimit` option in qs does not enforce limits for ...check
CVE-2026-25924Kanboard is project management software focused on Kanban methodology. ...check
CVE-2026-25990Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n ou ...check where introduced, GHSA-cfh3-3jmp-rvhc claims only >= 10.3.0 are affected
CVE-2026-25994PJSIP is a free and open source multimedia communication library writt ...check
CVE-2026-26014Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...check
CVE-2026-26021set-in provides the set value of nested associative structure given ar ...check
Search for package or bug name: Reporting problems