| Bug | Description | Note |
|---|
| CVE-2020-0478 | In extend_frame_lowbd of restoration.c, there is a possible out of bou ... | check if ebba9c769be2c99d5396d0018901e9a4af5e2d2c is the needed commit |
| CVE-2020-19716 | A buffer overflow vulnerability in the Databuf function in types.cpp o ... | check, unclear if fixed or not, upstream cannot reproduce as well in 0.27.1 as reported |
| CVE-2020-23914 | An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer ... | retroarch and salmon embed peglib, check if it's actually a security issue |
| CVE-2020-23915 | An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_es ... | retroarch and salmon embed peglib, check if it's actually a security issue |
| CVE-2020-25467 | A null pointer dereference was discovered lzo_decompress_buf in stream ... | check fixing commit |
| CVE-2021-3681 | RESERVED | check, needs verifying the affected ansible/ansible-base components |
| CVE-2021-3746 | A flaw was found in the libtpms code that may cause access beyond the ... | check, might only affect the upstream stable-0.6 branch and not an issue in src:libtpms in any released version in Debian |
| CVE-2021-3773 | RESERVED | fill in tracking details |
| CVE-2021-3907 | OctoRPKI does not escape a URI with a filename containing "..", this a ... | check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki |
| CVE-2021-3908 | OctoRPKI does not limit the depth of a certificate chain, allowing for ... | check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki |
| CVE-2021-3909 | OctoRPKI does not limit the length of a connection, allowing for a slo ... | check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki |
| CVE-2021-3910 | OctoRPKI crashes when encountering a repository that returns an invali ... | check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki |
| CVE-2021-3911 | If the ROA that a repository returns contains too many bits for the IP ... | check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki |
| CVE-2021-3912 | OctoRPKI tries to load the entire contents of a repository in memory, ... | check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki |
| CVE-2021-3982 | Distributions using CAP_SYS_NICE in gnome-shell may be exposed to privilege escalation | recheck classification when RH provides more information |
| CVE-2021-4020 | janus-gateway is vulnerable to Improper Neutralization of Input During ... | check, possibly to be marked unimportant |
| CVE-2021-20315 | locking protection bypass allow unauthorized user to kill existing applications or start new ones | check, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams |
| CVE-2021-21897 | A code execution vulnerability exists in the DL_Dxf::handleLWPolylineD ... | check, horizon-eda, cloudcompare, kicad embedds it, but needs to check if actually used and issue affects those |
| CVE-2021-26318 | A timing and power-based side channel attack leveraging the x86 PREFET ... | check details and if mitigation in microcode/kernel exists |
| CVE-2021-28021 | Buffer overflow vulnerability in function stbi__extend_receive in stb_ ... | check libstb itself, and various packages embedd a copy |
| CVE-2021-32686 | PJSIP is a free and open source multimedia communication library writt ... | check, might affect in impact src:ring |
| CVE-2021-33098 | Improper input validation in the Intel(R) Ethernet ixgbe driver for Li ... | check, might affect src:linux |
| CVE-2021-33178 | The Manage Backgrounds functionality within Nagvis versions prior to 2 ... | check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/ |
| CVE-2021-33194 | golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows atta ... | check completeness |
| CVE-2021-35604 | Vulnerability in the MySQL Server product of Oracle MySQL (component: ... | clarify MariaDB 10.6 status |
| CVE-2021-36094 | It's possible to craft a request for appointment edit screen, which co ... | check, 6.1.2-1 claims to fix the issue through the znuny codebase |
| CVE-2021-36096 | Generated Support Bundles contains private S/MIME and PGP keys if cont ... | check, 6.1.2-1 claims to fix the issue through the znuny codebase |
| CVE-2021-39880 | A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ... | reach out for details |
| CVE-2021-41055 | Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a ... | double-check correctness for tracking of source package, underlying issue is fixed in python-nbxmpp |
| CVE-2021-41867 | An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ... | check details, exact fixing commits unclear |
| CVE-2021-41868 | OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ... | check details, exact fixing commits unclear |
| TEMP-0000000-DD73A0 | Unexpected database bindings via requests (follow-up) | check php-illuminate-database and CVE assignment |