Bugs with TODO items

Show "check" TODOs

BugDescriptionNote
CVE-2016-20013sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ...check, several sources (busybox, sssd, dietlibc, php*, ...) do embed an implentation of the code, but only track those with security impact
CVE-2020-0478In extend_frame_lowbd of restoration.c, there is a possible out of bou ...check if ebba9c769be2c99d5396d0018901e9a4af5e2d2c is the needed commit
CVE-2020-19716A buffer overflow vulnerability in the Databuf function in types.cpp o ...check, unclear if fixed or not, upstream cannot reproduce as well in 0.27.1 as reported
CVE-2020-23914An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer ...retroarch and salmon embed peglib, check if it's actually a security issue
CVE-2020-23915An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_es ...retroarch and salmon embed peglib, check if it's actually a security issue
CVE-2020-36123saitoha libsixel v1.8.6 was discovered to contain a double free via th ...check, unclear why reporter did close the issue again
CVE-2021-0066Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0072Improper input validation in firmware for some Intel(R) PROSet/Wireles ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0076Improper Validation of Specified Index, Position, or Offset in Input i ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0161Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0162Improper input validation in software for Intel(R) PROSet/Wireless Wi- ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0163Improper Validation of Consistency within input in software for Intel( ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0164Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0165Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0166Exposure of Sensitive Information to an Unauthorized Actor in firmware ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0167Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0168Improper input validation in firmware for some Intel(R) PROSet/Wireles ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0169Uncontrolled Search Path Element in software for Intel(R) PROSet/Wirel ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0170Exposure of Sensitive Information to an Unauthorized Actor in firmware ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0171Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0172Improper input validation in firmware for some Intel(R) PROSet/Wireles ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0173Improper Validation of Consistency within input in firmware for some I ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0174Improper Use of Validation Framework in firmware for some Intel(R) PRO ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0175Improper Validation of Specified Index, Position, or Offset in Input i ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0176Improper input validation in firmware for some Intel(R) PROSet/Wireles ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0177Improper Validation of Consistency within input in software for Intel( ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0178Improper input validation in software for Intel(R) PROSet/Wireless Wi- ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0179Improper Use of Validation Framework in software for Intel(R) PROSet/W ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0183Improper Validation of Specified Index, Position, or Offset in Input i ...check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-3681A flaw was found in Ansible Galaxy Collections. When collections are b ...check, needs verifying the affected ansible/ansible-base components
CVE-2021-3773A flaw in netfilter could allow a network-connected attacker to infer ...fill in tracking details
CVE-2021-3859check details
CVE-2021-20315A locking protection bypass flaw was found in some versions of gnome-s ...check, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams
CVE-2021-26318A timing and power-based side channel attack leveraging the x86 PREFET ...check details and if mitigation in microcode/kernel exists
CVE-2021-26341Some AMD CPUs may transiently execute beyond unconditional direct bran ...check if we need to track mitigations in src:linux
CVE-2021-28021Buffer overflow vulnerability in function stbi__extend_receive in stb_ ...check libstb itself, and various packages embedd a copy
CVE-2021-28276A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a ...check CVE reference, probably invalid report or old version.
CVE-2021-33139Improper conditions check in firmware for some Intel(R) Wireless Bluet ...check in which firmware versions fixed
CVE-2021-33155Improper input validation in firmware for some Intel(R) Wireless Bluet ...check in which firmware versions fixed
CVE-2021-33178The Manage Backgrounds functionality within NagVis versions prior to 1 ...check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/
CVE-2021-33194golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows atta ...check completeness
CVE-2021-36045XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...check for fixing commit
CVE-2021-36046XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...check for fixing commit
CVE-2021-36047XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...check for fixing commit
CVE-2021-36048XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...check for fixing commit
CVE-2021-36050XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...check for fixing commit
CVE-2021-36051XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...check for fixing commit
CVE-2021-36052XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...check for fixing commit
CVE-2021-36053XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...check for fixing commit
CVE-2021-36054XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...check for fixing commit
CVE-2021-36055XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-af ...check for fixing commit
CVE-2021-36056XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...check for fixing commit
CVE-2021-36057XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-wh ...check for fixing commit
CVE-2021-36058XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer ...check for fixing commit
CVE-2021-36064XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Under ...check for fixing commit
CVE-2021-36093It's possible to create an email which can be stuck while being proces ...try to pinpoint status for znuny, cf. https://github.com/znuny/Znuny/issues/128 for an attempt
CVE-2021-36094It's possible to craft a request for appointment edit screen, which co ...check, 6.1.2-1 claims to fix the issue through the znuny codebase, https://github.com/znuny/Znuny/issues/128
CVE-2021-36095Malicious attacker is able to find out valid user logins by using the ...try to pinpoint status for znuny, cf. https://github.com/znuny/Znuny/issues/128 for an attempt
CVE-2021-36096Generated Support Bundles contains private S/MIME and PGP keys if cont ...check, 6.1.2-1 claims to fix the issue through the znuny codebase, cf. https://github.com/znuny/Znuny/issues/128
CVE-2021-37298Laravel v5.1 was discovered to contain a deserialization vulnerability ...check, unclear status of report to upstream
CVE-2021-38441Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-w ...check for upstream commit
CVE-2021-38443Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid s ...check for upstream commit
CVE-2021-39847XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-ba ...check for fixing commit
CVE-2021-39880A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ...reach out for details for ruby-apollo-upload-server
CVE-2021-40716XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out- ...check for fixing commit
CVE-2021-40732XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...check for fixing commit
CVE-2021-41752Stack overflow vulnerability in Jerryscript before commit e1ce7dd72712 ...check - could be only a test artifact
CVE-2021-41867An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ...check details, exact fixing commits unclear
CVE-2021-41868OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ...check details, exact fixing commits unclear
CVE-2021-42529XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...check for fixing commit
CVE-2021-42530XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...check for fixing commit
CVE-2021-42531XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...check for fixing commit
CVE-2021-42532XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...check for fixing commit
CVE-2021-43503A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 ...check, unclear status of report to upstream
CVE-2021-44481An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...check - unclear if affects only YottaDB
CVE-2021-44482An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...check - unclear if affects only YottaDB
CVE-2021-44483An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...check - unclear if affects only YottaDB
CVE-2021-44484An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...check - unclear if affects only YottaDB
CVE-2021-44485An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...check - unclear if affects only YottaDB
CVE-2021-44486An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...check - unclear if affects only YottaDB
CVE-2021-44487An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...check - unclear if affects only YottaDB
CVE-2021-44488An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...check - unclear if affects only YottaDB
CVE-2021-44489An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...check - unclear if affects only YottaDB
CVE-2021-44490An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...check - unclear if affects only YottaDB
CVE-2021-44491An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...check - unclear if affects only YottaDB
CVE-2021-44492An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS ...check upstream to find out which changes affect which CVE
CVE-2021-44493An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS ...check upstream to find out which changes affect which CVE
CVE-2021-44494An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS ...check upstream to find out which changes affect which CVE
CVE-2021-44495An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS ...check upstream to find out which changes affect which CVE
CVE-2021-44496An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...check upstream to find out which changes affect which CVE
CVE-2021-44497An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...check upstream to find out which changes affect which CVE
CVE-2021-44498An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...check upstream to find out which changes affect which CVE
CVE-2021-44499An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...check upstream to find out which changes affect which CVE
CVE-2021-44500An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...check upstream to find out which changes affect which CVE
CVE-2021-44501An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...check upstream to find out which changes affect which CVE
CVE-2021-44502An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...check upstream to find out which changes affect which CVE
CVE-2021-44503An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...check upstream to find out which changes affect which CVE
CVE-2021-44504An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...check upstream to find out which changes affect which CVE
CVE-2021-44505An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...check upstream to find out which changes affect which CVE
CVE-2021-44506An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...check upstream to find out which changes affect which CVE
CVE-2021-44507An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...check upstream to find out which changes affect which CVE
CVE-2021-44508An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...check upstream to find out which changes affect which CVE
CVE-2021-44509An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...check upstream to find out which changes affect which CVE
CVE-2021-44510An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...check upstream to find out which changes affect which CVE
CVE-2021-44647Lua v5.4.3 and above are affected by SEGV by type confusion in funcnam ...check older versions if issue is present, reproducer do not crash, but needs inspection of the code yet
CVE-2021-44961A memory leakage flaw exists in the class PerimeterGenerator of Slic3r ...check upstream commit
CVE-2021-44962An out-of-bounds read vulnerability exists in the GCode::extrude() fun ...check upstream fix
CVE-2021-45926MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
CVE-2021-45927MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
CVE-2021-45940libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in _ ...check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started
CVE-2021-45941libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started
CVE-2022-0084check for details
CVE-2022-0481NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...check, possibly only introduced with dccd66f9efecd0a974b735c62836fe566015cf37 in 3.1.0-rc
CVE-2022-0529A flaw was found in Unzip. The vulnerability occurs during the convers ...check details
CVE-2022-0530A flaw was found in Unzip. The vulnerability occurs during the convers ...check details
CVE-2022-0918A vulnerability was discovered in the 389 Directory Server that allows ...check details
CVE-2022-1071User after free in mrb_vm_exec in GitHub repository mruby/mruby prior ...check where issue introduced and present before code refactoring
CVE-2022-1736check, if we want to threat this as unimportant severity issue
CVE-2022-23131In the case of instances where the SAML SSO authentication is enabled ...check, possibly only affecting 5.4.0 onwards; similar code but no upstream fix in 5.0 LTS
CVE-2022-23639crossbeam-utils provides atomics, synchronization primitives, scoped t ...check, crossbeam-utils are vendored in various other sources, in particular rustc to be checked
CVE-2022-25349All versions of package materialize-css are vulnerable to Cross-site S ...check if affected, CVE reported against the upstream fork
CVE-2022-28366Certain Neko-related HTML parsers allow a denial of service via crafte ...check upstream for commits
CVE-2022-28890A vulnerability in the RDF/XML parser of Apache Jena allows an attacke ...check, possibly not affected as according to upstrema 4.2.x and 4.3.x doe not allow external entities, double check
CVE-2022-29970Sinatra before 2.2.0 does not validate that the expanded path matches ...check where issue is introduced
CVE-2022-30779Laravel 9.1.8, when processing attacker-controlled data for deserializ ...check, issue seems to be in src:guzzle, check details
TEMP-0000000-DD73A0Unexpected database bindings via requests (follow-up)check php-illuminate-database and CVE assignment

Search for package or bug name: Reporting problems