Bugs with TODO items

Show "check" TODOs

BugDescriptionNote
CVE-2016-20013sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ...check, several sources (busybox, sssd, dietlibc, php*, ...) do embed an implentation of the code, but only track those with security impact
CVE-2021-3800A flaw was found in glib before version 2.63.6. Due to random charset ...check completeness
CVE-2021-27853Layer 2 network filtering capabilities such as IPv6 RA guard or ARP in ...check, potentially needs to be tracked for src:linux
CVE-2021-27854Layer 2 network filtering capabilities such as IPv6 RA guard can be by ...check, potentially needs to be tracked for src:linux
CVE-2021-27861Layer 2 network filtering capabilities such as IPv6 RA guard can be by ...check, potentially needs to be tracked for src:linux
CVE-2021-27862Layer 2 network filtering capabilities such as IPv6 RA guard can be by ...check, potentially needs to be tracked for src:linux
CVE-2021-32862The GitHub Security Lab discovered sixteen ways to exploit a cross-sit ...check details, schould affect src:nbconvert
CVE-2021-33235Buffer overflow vulnerability in write_node in htmldoc through 1.9.11 ...clarify duplicate assignment with assigning CNA
CVE-2021-33236Buffer Overflow vulnerability in write_header in htmldoc through 1.9.1 ...clarify duplicate assignment with assigning CNA
CVE-2021-37819PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop ...check impact on other sources embedding lowagie/text/pdf/PdfReader.java
CVE-2022-3854possible DoS issue in ceph URL processing on RGW backendscheck details, none provided in RHBZ#2139925
CVE-2022-3920HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filt ...check if affecting versions before 1.13.0
CVE-2022-4144QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds readcheck details
CVE-2022-23459Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...check - numerous jsonxx repositories exist on github
CVE-2022-23460Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...check - numerous jsonxx repositories exist on github
CVE-2022-23639crossbeam-utils provides atomics, synchronization primitives, scoped t ...check, crossbeam-utils are vendored in various other sources, in particular rustc to be checked
CVE-2022-37454The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ...check affected packages
CVE-2022-41854Those using Snakeyaml to parse untrusted YAML files may be vulnerable ...check details
CVE-2022-41882The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...check details, is owncloud-client similarly affected?
CVE-2022-42920Apache Commons BCEL has a number of APIs that would normally only allo ...check with the assigning CNAs which one to retain if confirmed to be handled as duplicate and move CVE-2022-34169 to Apache Xalan Java XSLT use of BCEL only.
CVE-2022-45136** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is ...check correctness/details if src:apache-jena affected

Search for package or bug name: Reporting problems