Bugs with TODO items

Hide "check" TODOs

CVE-2013-5958The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2. ...Check if php-symfony-polyfill/1.17.0-1 needs to be tracked
CVE-2017-1712"A vulnerability in the TLS protocol implementation of the Domino serv ...check
CVE-2018-18653The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Se ...check, this should be very Ubuntu specific, but it is introduced with the out-of-tree patch from the Lockdown patchset https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/cosmic/commit/?id=03c7de9e956395f3b36f86f89b62780ad9501eef and so possibly affect our kernel as well in some way.
CVE-2018-6446A vulnerability in Brocade Network Advisor Version Before 14.3.1 could ...check
CVE-2019-0145Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Contro ...check
CVE-2019-0146Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controll ...check
CVE-2019-0147Insufficient input validation in i40e driver for Intel(R) Ethernet 700 ...check
CVE-2019-0148Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controll ...check
CVE-2019-0149Insufficient input validation in i40e driver for Intel(R) Ethernet 700 ...check
CVE-2019-1010091tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization ...check
CVE-2019-11938Java Facebook Thrift servers would not error upon receiving messages d ...check
CVE-2019-12107The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd ...check, might affect minidlna
CVE-2019-12522An issue was discovered in Squid through 4.7. When Squid is run as roo ...check
CVE-2019-14493An issue was discovered in OpenCV before 4.1.1. There is a NULL pointe ...check if the old code though is really affected, might been introduced with the refactoring
CVE-2019-17178HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-0 ...check
CVE-2019-17558Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code ...check, whilst the advisory claims 5.0.0 upwards only the SolrParamResourceLoader might be of issue already earlier?
CVE-2019-19161CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files require ...check
CVE-2019-20787Teeworlds before 0.7.4 has an integer overflow when computing a tilema ...reject with MITRE
CVE-2019-3681A External Control of File Name or Path vulnerability in osc of SUSE L ...check
CVE-2019-9946Cloud Native Computing Foundation (CNCF) CNI (Container Networking Int ...singularity-container seems to embed as well a copy of cni
CVE-2020-10688check details, not much information provided by Red Hat.
CVE-2020-10719A flaw was found in Undertow in versions before 2.1.1.Final, regarding ...check, no details on Red Hat bugreport
CVE-2020-10755An insecure-credentials flaw was found in all openstack-cinder version ...check, affects as well python-os-brick or needs a respective update?
CVE-2020-10809An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...check details
CVE-2020-10810An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...check details
CVE-2020-10811An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...check details
CVE-2020-10812An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...check details
CVE-2020-11558An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by ...check
CVE-2020-11724An issue was discovered in OpenResty before ngx_http_lua_sub ...check details (patch applies to src:ngnix, but check if issue is specific to OpenResty before
CVE-2020-11759An issue was discovered in OpenEXR before 2.4.1. Because of integer ov ...check completeness for upstream commits to cover CVE-2020-11759
CVE-2020-12695The Open Connectivity Foundation UPnP specification before 2020-04-17 ...for gupnp, there are partial fixes, check
CVE-2020-13817ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote att ...check ntpsec
CVE-2020-13844Arm Armv8-A core implementations utilizing speculative execution past ...check further details
CVE-2020-13849The MQTT protocol 3.1.1 requires a server to set a timeout value of 1. ...check
CVE-2020-13973OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls ...check
CVE-2020-14152In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...report to libjpeg-turbo upstream
CVE-2020-14947OCS Inventory NG 2.7 allows Remote Command Execution via shell metacha ...check
CVE-2020-15007A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tec ...check, the included code in rbdoom3bfg seems actually to be ported
CVE-2020-1775BCC recipients in mails sent from OTRS are visible in article detail o ...check
CVE-2020-3282A vulnerability in the web-based management interface of Cisco Unified ...check
CVE-2020-4035In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0. ...check
CVE-2020-4037In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users ...check
CVE-2020-4038GraphQL Playground (graphql-playground-html NPM package) before versio ...check
CVE-2020-4044The xrdp-sesman service before version can be crashed by conn ...check
CVE-2020-4051In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 ...check
CVE-2020-4059In mversion before 2.0.0, there is a command injection vulnerability. ...check
CVE-2020-4061In October from version 1.0.319 and before version 1.0.467, pasting co ...check
CVE-2020-4062In Conjur OSS Helm Chart before 2.0.0, a recently identified critical ...check
CVE-2020-4066In Limdu before 0.95, the trainBatch function has a command injection ...check
CVE-2020-4070In CSS Validator less than or equal to commit 54d68a1, there is a cros ...check
CVE-2020-4071In django-basic-auth-ip-whitelist before 0.3.4, a potential timing att ...check
CVE-2020-4072In generator-jhipster-kotlin version 1.6.0 log entries are created for ...check
CVE-2020-4074In PrestaShop from version and before version, the aut ...check
CVE-2020-5238The table extension in GitHub Flavored Markdown before version 0.29.0. ...check
CVE-2020-5411When configured to enable default typing, Jackson contained a deserial ...check
CVE-2020-5529HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Html ...check details, might affect jenkins-htmlunit
CVE-2020-5899In NGINX Controller 3.0.0-3.4.0, recovery code required to change a us ...check
CVE-2020-5900In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient ...check
CVE-2020-5901In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow f ...check
CVE-2020-5909In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the co ...check
CVE-2020-5910In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic ...check
CVE-2020-5911In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller ...check
CVE-2020-6752In OMERO before 5.6.1, group owners can access members' data in other ...check
CVE-2020-7010Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate pas ...check
CVE-2020-7354Cross-site Scripting (XSS) vulnerability in the 'host' field of a disc ...check
CVE-2020-7355Cross-site Scripting (XSS) vulnerability in the 'notes' field of a dis ...check
CVE-2020-7513A CWE-312: Cleartext Storage of Sensitive Information vulnerability ex ...check
CVE-2020-7659reel through 0.6.1 allows Request Smuggling attacks due to incorrect C ...check
CVE-2020-7661all versions of url-regex are vulnerable to Regular Expression Denial ...check
CVE-2020-7664The ExtractTo function doesn't securely escape file paths in zip archi ...check
CVE-2020-7667The CPIO extraction functionality doesn't sanitize the paths of the ar ...check
CVE-2020-7668The ExtractTo function doesn't securely escape file paths in zip archi ...check
CVE-2020-7670agoo through 2.12.3 allows request smuggling attacks where agoo is use ...check
CVE-2020-7671goliath through 1.0.6 allows request smuggling attacks where goliath i ...check
CVE-2020-7672mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User inp ...check
CVE-2020-7673node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. U ...check
CVE-2020-7919Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte ...check older versions than golang-1.11
CVE-2020-8020A Improper Neutralization of Input During Web Page Generation vulnerab ...check
CVE-2020-8021a Improper Access Control vulnerability in of Open Build Service allow ...check
CVE-2020-9225FusionSphere OpenStack 6.5.1 have an improper permissions management v ...check
CVE-2020-9794An out-of-bounds read was addressed with improved bounds checking. Thi ...Try to get more information, as usual Apple advisories are too unspecific

Search for package or bug name: Reporting problems