This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.
| Package | Bug | Description | Releases |
|---|---|---|---|
| catimg | CVE-2018-16981 | stb stb_image.h 2.19, as used in catimg, Emscripten, and other product ... | buster, sid |
| exiv2 | CVE-2018-11037 | In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimag ... | buster, sid, stretch |
| hdf5 | CVE-2018-11205 | A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the ... | buster, jessie, sid, stretch |
| CVE-2018-13866 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ... | buster, jessie, sid, stretch | |
| CVE-2018-13867 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ... | buster, jessie, sid, stretch | |
| CVE-2018-13868 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | buster, jessie, sid, stretch | |
| CVE-2018-13869 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a mem ... | buster, jessie, sid, stretch | |
| CVE-2018-13870 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | buster, jessie, sid, stretch | |
| CVE-2018-13871 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | buster, jessie, sid, stretch | |
| CVE-2018-13872 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | buster, jessie, sid, stretch | |
| CVE-2018-13873 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a buf ... | buster, jessie, sid, stretch | |
| CVE-2018-13874 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ... | buster, jessie, sid, stretch | |
| CVE-2018-13875 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ... | buster, jessie, sid, stretch | |
| CVE-2018-13876 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ... | buster, jessie, sid, stretch | |
| CVE-2018-14031 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | buster, jessie, sid, stretch | |
| CVE-2018-14033 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | buster, jessie, sid, stretch | |
| CVE-2018-14034 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ... | buster, jessie, sid, stretch | |
| CVE-2018-14035 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | buster, jessie, sid, stretch | |
| CVE-2018-14460 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | buster, jessie, sid, stretch | |
| CVE-2018-15671 | An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stac ... | buster, jessie, sid, stretch | |
| CVE-2018-16438 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ... | buster, jessie, sid, stretch | |
| CVE-2018-17432 | A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in ... | buster, jessie, sid, stretch | |
| CVE-2018-17433 | A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ... | buster, jessie, sid, stretch | |
| CVE-2018-17435 | A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ... | buster, jessie, sid, stretch | |
| CVE-2018-17436 | ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allo ... | buster, jessie, sid, stretch | |
| CVE-2018-17439 | An issue was discovered in the HDF HDF5 1.10.3 library. There is a sta ... | buster, jessie, sid, stretch | |
| CVE-2019-8396 | A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 ... | buster, jessie, sid, stretch | |
| CVE-2019-8398 | An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ... | buster, jessie, sid, stretch | |
| jasperreports | CVE-2017-14941 | Jaspersoft JasperReports 4.7 suffers from a saved credential disclosur ... | jessie, sid, stretch |
| CVE-2017-5528 | Multiple JasperReports Server components contain vulnerabilities which ... | jessie, sid, stretch | |
| CVE-2017-5529 | JasperReports library components contain an information disclosure vul ... | jessie, sid, stretch | |
| CVE-2017-5532 | A vulnerability in the report renderer component of TIBCO JasperReport ... | jessie, sid, stretch | |
| CVE-2017-5533 | A vulnerability in the server content cache of TIBCO JasperReports Ser ... | jessie, sid, stretch | |
| CVE-2018-5429 | A vulnerability in the report scripting component of TIBCO Software In ... | sid, stretch | |
| CVE-2018-5430 | The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Serv ... | sid, stretch | |
| CVE-2018-5431 | The domain designer component of TIBCO Software Inc.'s TIBCO JasperRep ... | sid, stretch | |
| kfreebsd-10 | CVE-2014-7250 | The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ... | buster, sid, stretch |
| kgb-bot | CVE-2015-1554 | kgb-bot 1.33-2 allows remote attackers to cause a denial of service (c ... | buster, jessie, sid, stretch |
| kubernetes | CVE-2019-9946 | Cloud Native Computing Foundation (CNCF) CNI (Container Networking Int ... | sid |
| libesedb | CVE-2018-15158 | ** DISPUTED ** The libesedb_page_read_values function in libesedb_page ... | buster, sid, stretch |
| CVE-2018-15159 | ** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c ... | buster, sid, stretch | |
| CVE-2018-15160 | ** DISPUTED ** The libesedb_catalog_definition_read function in libese ... | buster, sid, stretch | |
| CVE-2018-15161 | ** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c ... | buster, sid, stretch | |
| libgig | CVE-2018-14449 | An issue was discovered in libgig 4.1.0. There is an out of bounds rea ... | buster, jessie, sid, stretch |
| CVE-2018-14450 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ... | buster, jessie, sid, stretch | |
| CVE-2018-14451 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | buster, jessie, sid, stretch | |
| CVE-2018-14452 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ... | buster, jessie, sid, stretch | |
| CVE-2018-14453 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | buster, jessie, sid, stretch | |
| CVE-2018-14454 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ... | buster, jessie, sid, stretch | |
| CVE-2018-14455 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ... | buster, jessie, sid, stretch | |
| CVE-2018-14456 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ... | buster, jessie, sid, stretch | |
| CVE-2018-14457 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ... | buster, jessie, sid, stretch | |
| CVE-2018-14458 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | buster, jessie, sid, stretch | |
| CVE-2018-14459 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ... | buster, jessie, sid, stretch | |
| CVE-2018-18192 | An issue was discovered in libgig 4.1.0. There is a NULL pointer deref ... | buster, jessie, sid, stretch | |
| CVE-2018-18193 | An issue was discovered in libgig 4.1.0. There is operator new[] failu ... | buster, jessie, sid, stretch | |
| CVE-2018-18194 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | buster, jessie, sid, stretch | |
| CVE-2018-18195 | An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-ze ... | buster, jessie, sid, stretch | |
| CVE-2018-18196 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | buster, jessie, sid, stretch | |
| CVE-2018-18197 | An issue was discovered in libgig 4.1.0. There is an operator new[] fa ... | buster, jessie, sid, stretch | |
| libsass | CVE-2018-19218 | In LibSass 3.5-stable, there is an illegal address access at Sass::Par ... | buster, sid, stretch |
| CVE-2018-19219 | In LibSass 3.5-stable, there is an illegal address access at Sass::Eva ... | buster, sid, stretch | |
| libsixel | CVE-2018-19757 | There is a NULL pointer dereference at function sixel_helper_set_addit ... | buster, jessie, sid, stretch |
| CVE-2018-19759 | There is a heap-based buffer over-read at stb_image_write.h (function: ... | buster, jessie, sid, stretch | |
| CVE-2018-19761 | There is an illegal address access at fromsixel.c (function: sixel_dec ... | buster, jessie, sid, stretch | |
| CVE-2018-19762 | There is a heap-based buffer overflow at fromsixel.c (function: image_ ... | buster, jessie, sid, stretch | |
| CVE-2018-19763 | There is a heap-based buffer over-read at writer.c (function: write_pn ... | buster, jessie, sid, stretch | |
| libxslt | CVE-2016-4607 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch |
| CVE-2016-4608 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch | |
| CVE-2016-4609 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch | |
| CVE-2016-4610 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch | |
| CVE-2017-2477 | An issue was discovered in certain Apple products. macOS before 10.12. ... | buster, jessie, sid, stretch | |
| linux | CVE-2018-18653 | The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Se ... | buster, jessie, sid, stretch |
| CVE-2019-2054 | In the seccomp implementation prior to kernel version 4.8, there is a ... | buster, jessie, sid, stretch | |
| lucene-solr | CVE-2018-11802 | Rule-base Authorization plugin skips authorization if querying node does not have collection replica | buster, jessie, sid, stretch |
| mariadb-10.0 | CVE-2017-15365 | sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ... | jessie, sid |
| netpbm-free | CVE-2017-2579 | An out-of-bounds read vulnerability was found in netpbm before 10.61. ... | buster, jessie, sid, stretch |
| CVE-2017-2580 | An out-of-bounds write vulnerability was found in netpbm before 10.61. ... | buster, jessie, sid, stretch | |
| CVE-2017-2581 | An out-of-bounds write vulnerability was found in netpbm before 10.61. ... | buster, jessie, sid, stretch | |
| nuget | CVE-2019-0976 | A tampering vulnerability exists in the NuGet Package Manager for Linu ... | buster, jessie, sid, stretch |
| openjdk-11 | CVE-2018-12438 | The Elliptic Curve Cryptography library (aka sunec or libsunec) allows ... | buster, sid, stretch |
| percona-xtrabackup | CVE-2017-15365 | sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ... | sid |
| resteasy3.0 | CVE-2016-6345 | RESTEasy allows remote authenticated users to obtain sensitive informa ... | buster, sid |
| CVE-2016-6346 | RESTEasy enables GZIPInterceptor, which allows remote attackers to cau ... | buster, sid | |
| CVE-2016-6347 | Cross-site scripting (XSS) vulnerability in the default exception hand ... | buster, sid | |
| CVE-2016-6348 | JacksonJsonpInterceptor in RESTEasy might allow remote attackers to co ... | buster, sid | |
| wordpress | CVE-2017-1000600 | WordPress version <4.9 contains a CWE-20 Input Validation vulnerabi ... | buster, jessie, sid, stretch |
| wordpress | CVE-2018-1000773 | WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ... | buster, jessie, sid, stretch |