Packages that may be vulnerable but need to be checked (undetermined issues)

This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.

PackageBugDescriptionReleases
bluezCVE-2017-13220An elevation of privilege vulnerability in the Upstream kernel bluez. ...buster, jessie, sid, stretch, wheezy
docker.ioCVE-2017-14992Lack of content verification in Docker-CE (Also known as Moby) ...sid
exiv2CVE-2017-17722In Exiv2 0.26, there is a reachable assertion in the readHeader ...buster, jessie, sid, stretch
CVE-2017-17723In Exiv2 0.26, there is a heap-based buffer over-read in the ...buster, jessie, sid, stretch, wheezy
CVE-2017-17724In Exiv2 0.26, there is a heap-based buffer over-read in the ...buster, jessie, sid, stretch, wheezy
CVE-2017-17725In Exiv2 0.26, there is an integer overflow leading to a heap-based ...buster, jessie, sid, stretch, wheezy
ffmpegCVE-2017-14034The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used ...buster, sid, stretch
freeipaCVE-2017-12169It was found that FreeIPA 4.2.0 and later could disclose password ...sid
gitlabCVE-2017-0914Critical SQL Injection in MilestoneFindersid, stretch
CVE-2017-0922Milestone Authorization Issue on Boardssid, stretch
CVE-2017-0924XSS in Label Dropdownsid, stretch
glassfishCVE-2012-3155Unspecified vulnerability in the CORBA ORB component in Sun GlassFish ...buster, jessie, sid, stretch
jasperreportsCVE-2017-14941Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure ...buster, jessie, sid, stretch
CVE-2017-5528Multiple JasperReports Server components contain vulnerabilities ...buster, jessie, sid, stretch
CVE-2017-5529JasperReports library components contain an information disclosure ...buster, jessie, sid, stretch
CVE-2017-5532A vulnerability in the report renderer component of TIBCO ...buster, jessie, sid, stretch
CVE-2017-5533A vulnerability in the server content cache of TIBCO JasperReports ...buster, jessie, sid, stretch
kfreebsd-10CVE-2014-7250The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ...jessie, sid, stretch
libavCVE-2015-6761The update_dimensions function in libavcodec/vp8.c in FFmpeg through ...jessie
CVE-2015-6818The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before ...jessie, wheezy
CVE-2015-6820The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before ...jessie, wheezy
CVE-2015-6821The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg ...jessie, wheezy
CVE-2015-6822The destroy_buffers function in libavcodec/sanm.c in FFmpeg before ...jessie, wheezy
CVE-2015-6823The allocate_buffers function in libavcodec/alac.c in FFmpeg before ...jessie, wheezy
CVE-2015-6824The sws_init_context function in libswscale/utils.c in FFmpeg before ...jessie, wheezy
CVE-2015-6825The ff_frame_thread_init function in libavcodec/pthread_frame.c in ...jessie
CVE-2015-6826The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in ...jessie, wheezy
CVE-2015-8216The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg ...jessie, wheezy
CVE-2015-8217The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg ...jessie
CVE-2015-8219The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before ...jessie
CVE-2015-8363The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in ...jessie
CVE-2015-8364Integer overflow in the ff_ivi_init_planes function in ...jessie, wheezy
CVE-2015-8661The h264_slice_header_init function in libavcodec/h264_slice.c in ...jessie, wheezy
CVE-2015-8662The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg ...jessie
CVE-2015-8663The ff_get_buffer function in libavcodec/utils.c in FFmpeg before ...jessie, wheezy
CVE-2016-10190Heap-based buffer overflow in libavformat/http.c in FFmpeg before ...jessie, wheezy
CVE-2016-10191Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before ...jessie, wheezy
CVE-2016-10192Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, ...jessie, wheezy
CVE-2016-5199An off by one error resulting in an allocation of zero size in FFmpeg ...jessie, wheezy
CVE-2017-14054In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due ...jessie, wheezy
CVE-2017-14055In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due ...jessie, wheezy
CVE-2017-14056In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to ...jessie, wheezy
CVE-2017-14057In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End ...jessie, wheezy
CVE-2017-14058In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not ...jessie, wheezy
CVE-2017-14059In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF ...jessie, wheezy
CVE-2017-14169In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg ...jessie, wheezy
CVE-2017-14170In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in ...jessie, wheezy
CVE-2017-14171In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in ...jessie, wheezy
CVE-2017-14222In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack ...jessie, wheezy
CVE-2017-14223In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in ...jessie, wheezy
CVE-2017-14225The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg ...jessie, wheezy
CVE-2017-14767The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in ...jessie, wheezy
CVE-2017-15186Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote ...jessie, wheezy
CVE-2017-15672The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and ...jessie, wheezy
CVE-2017-7863FFmpeg before 2017-02-04 has an out-of-bounds write caused by a ...jessie, wheezy
CVE-2017-7865FFmpeg before 2017-01-24 has an out-of-bounds write caused by a ...jessie, wheezy
CVE-2017-7866FFmpeg before 2017-01-23 has an out-of-bounds write caused by a ...jessie, wheezy
CVE-2017-9993FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, ...jessie, wheezy
CVE-2017-9994libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x ...jessie
CVE-2018-6392The filter_slice function in libavfilter/vf_transpose.c in FFmpeg ...jessie, wheezy
CVE-2018-6621The decode_frame function in libavcodec/utvideodec.c in FFmpeg through ...jessie, wheezy
CVE-2018-6912The decode_plane function in libavcodec/utvideodec.c in FFmpeg through ...jessie, wheezy
libvpxCVE-2017-13194A vulnerability in the Android media framework (libvpx) related to odd ...buster, jessie, sid, stretch, wheezy
libxsltCVE-2016-4607libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch, wheezy
CVE-2016-4608libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch, wheezy
CVE-2016-4609libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch, wheezy
CVE-2016-4610libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch, wheezy
CVE-2017-2477An issue was discovered in certain Apple products. macOS before ...buster, jessie, sid, stretch, wheezy
linuxCVE-2017-13220An elevation of privilege vulnerability in the Upstream kernel bluez. ...buster, jessie, sid, stretch, wheezy
CVE-2017-13221An elevation of privilege vulnerability in the Upstream kernel wifi ...buster, jessie, sid, stretch, wheezy
CVE-2017-13222An information disclosure vulnerability in the Upstream kernel kernel. ...buster, jessie, sid, stretch, wheezy
mariadb-10.0CVE-2017-15365sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...jessie
mistralCVE-2017-2622openstack-mistral: /var/log/mistral/ is world readablebuster, sid, stretch
monitoring-pluginsCVE-2013-4215The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins ...buster, jessie, sid, stretch
CVE-2014-4701The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local ...buster, jessie, sid, stretch
CVE-2014-4702The check_icmp plugin in Nagios Plugins before 2.0.2 allows local ...buster, jessie, sid, stretch
CVE-2014-4703lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain ...buster, jessie, sid, stretch
movabletype-opensourceCVE-2014-5313Cross-site scripting (XSS) vulnerability in the management page in Six ...wheezy
mysql-5.5CVE-2017-15365sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...jessie, wheezy, sid
netpbm-freeCVE-2017-2579buster, jessie, sid, stretch, wheezy
CVE-2017-2580buster, jessie, sid, stretch, wheezy
CVE-2017-2581buster, jessie, sid, stretch, wheezy
percona-xtrabackupCVE-2017-15365sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...jessie, sid
php-hordeCVE-2017-16906In Horde Groupware 5.2.19, there is XSS via the URL field in a ...buster, jessie, sid, stretch
CVE-2017-16907In Horde Groupware 5.2.19, there is XSS via the Color field in a Create ...buster, jessie, sid, stretch
CVE-2017-16908In Horde Groupware 5.2.19, there is XSS via the Name field during ...buster, jessie, sid, stretch
CVE-2017-17781In Horde Groupware through 5.2.22, SQL Injection exists via the group ...buster, jessie, sid, stretch
resteasyCVE-2018-1051It was found that the fix for CVE-2016-9606 in versions 3.0.22 and ...buster, jessie, sid
resteasy3.0CVE-2016-6345RESTEasy allows remote authenticated users to obtain sensitive ...sid
CVE-2016-6346RESTEasy enables GZIPInterceptor, which allows remote attackers to ...sid
CVE-2016-6347Cross-site scripting (XSS) vulnerability in the default exception ...sid
CVE-2016-6348JacksonJsonpInterceptor in RESTEasy might allow remote attackers to ...sid
CVE-2016-9606sid
CVE-2017-7561Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is ...sid
CVE-2018-1051It was found that the fix for CVE-2016-9606 in versions 3.0.22 and ...sid
tripleo-heat-templatesCVE-2017-12155A resource-permission flaw was found in the ...buster, sid
undertowCVE-2018-1047A flaw was found in Wildfly 9.x. A path traversal vulnerability ...buster, sid, stretch
CVE-2018-1048It was found that the AJP connector in undertow, as shipped in Jboss ...buster, sid, stretch
xpdfCVE-2018-7173A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an ...buster, jessie, sid, stretch, wheezy
CVE-2018-7174An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref ...buster, jessie, sid, stretch, wheezy
CVE-2018-7175An issue was discovered in xpdf 4.00. A NULL pointer dereference in ...buster, jessie, sid, stretch, wheezy
xulrunnerCVE-2009-1597Mozilla Firefox executes DOM calls in response to a javascript: URI in ...wheezy
CVE-2009-2065Mozilla Firefox 3.0.10, and possibly other versions, detects http ...wheezy
CVE-2009-4129Race condition in Mozilla Firefox allows remote attackers to produce a ...wheezy
CVE-2009-4130Visual truncation vulnerability in the MakeScriptDialogTitle function ...wheezy
CVE-2009-5017Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong ...wheezy
xulrunnerCVE-2010-0648Mozilla Firefox, possibly before 3.6, allows remote attackers to ...wheezy

Search for package or bug name: Reporting problems