This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.
| Package | Bug | Description | Releases |
|---|---|---|---|
| eclipse-wtp | CVE-2019-10753 | In all versions prior to version 3.9.6 for eclipse-wtp, all versions p ... | bullseye, sid, stretch |
| freediameter | CVE-2020-6098 | An exploitable denial of service vulnerability exists in the freeDiame ... | bullseye, buster, sid |
| golang-github-containernetworking-plugins | CVE-2019-9946 | Cloud Native Computing Foundation (CNCF) CNI (Container Networking Int ... | bullseye, sid |
| gridengine | CVE-2018-20871 | In Univa Grid Engine before 8.6.3, when configured for Docker jobs and ... | buster, sid, stretch |
| hdf5 | CVE-2018-11205 | A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the ... | bullseye, buster, sid, stretch |
| CVE-2018-13866 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ... | bullseye, buster, sid, stretch | |
| CVE-2018-13867 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ... | bullseye, buster, sid, stretch | |
| CVE-2018-13868 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | bullseye, buster, sid, stretch | |
| CVE-2018-13869 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a mem ... | bullseye, buster, sid, stretch | |
| CVE-2018-13870 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | bullseye, buster, sid, stretch | |
| CVE-2018-13871 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | bullseye, buster, sid, stretch | |
| CVE-2018-13872 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | bullseye, buster, sid, stretch | |
| CVE-2018-13873 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a buf ... | bullseye, buster, sid, stretch | |
| CVE-2018-13874 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ... | bullseye, buster, sid, stretch | |
| CVE-2018-13875 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ... | bullseye, buster, sid, stretch | |
| CVE-2018-13876 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ... | bullseye, buster, sid, stretch | |
| CVE-2018-14031 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | bullseye, buster, sid, stretch | |
| CVE-2018-14033 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | bullseye, buster, sid, stretch | |
| CVE-2018-14034 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ... | bullseye, buster, sid, stretch | |
| CVE-2018-14035 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | bullseye, buster, sid, stretch | |
| CVE-2018-14460 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | bullseye, buster, sid, stretch | |
| CVE-2018-15671 | An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stac ... | bullseye, buster, sid, stretch | |
| CVE-2018-16438 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ... | bullseye, buster, sid, stretch | |
| CVE-2018-17433 | A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ... | bullseye, buster, sid, stretch | |
| CVE-2018-17435 | A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ... | bullseye, buster, sid, stretch | |
| CVE-2018-17436 | ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allo ... | bullseye, buster, sid, stretch | |
| CVE-2018-17439 | An issue was discovered in the HDF HDF5 1.10.3 library. There is a sta ... | bullseye, buster, sid, stretch | |
| CVE-2019-8396 | A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 ... | bullseye, buster, sid, stretch | |
| CVE-2019-8398 | An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ... | bullseye, buster, sid, stretch | |
| CVE-2020-10809 | An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ... | bullseye, buster, sid, stretch | |
| CVE-2020-10810 | An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ... | bullseye, buster, sid, stretch | |
| CVE-2020-10811 | An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ... | bullseye, buster, sid, stretch | |
| CVE-2020-10812 | An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ... | bullseye, buster, sid, stretch | |
| intellij-community-idea | CVE-2019-10103 | JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/J ... | sid |
| CVE-2019-10104 | In several JetBrains IntelliJ IDEA Ultimate versions, an Application S ... | sid | |
| CVE-2019-14954 | JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plant ... | sid | |
| CVE-2019-18361 | JetBrains IntelliJ IDEA before 2019.2 allows local user privilege esca ... | sid | |
| CVE-2019-9186 | In several JetBrains IntelliJ IDEA versions, a Spring Boot run configu ... | sid | |
| CVE-2019-9823 | In several JetBrains IntelliJ IDEA versions, creating remote run confi ... | sid | |
| CVE-2019-9872 | In several versions of JetBrains IntelliJ IDEA Ultimate, creating run ... | sid | |
| CVE-2019-9873 | In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task ... | sid | |
| CVE-2020-11690 | In JetBrains IntelliJ IDEA before 2020.1, the license server could be ... | sid | |
| CVE-2020-7904 | In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were ... | sid | |
| CVE-2020-7905 | Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ... | sid | |
| CVE-2020-7914 | In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ... | sid | |
| jasperreports | CVE-2017-14941 | Jaspersoft JasperReports 4.7 suffers from a saved credential disclosur ... | stretch |
| CVE-2017-5528 | Multiple JasperReports Server components contain vulnerabilities which ... | stretch | |
| CVE-2017-5529 | JasperReports library components contain an information disclosure vul ... | stretch | |
| CVE-2017-5532 | A vulnerability in the report renderer component of TIBCO JasperReport ... | stretch | |
| CVE-2017-5533 | A vulnerability in the server content cache of TIBCO JasperReports Ser ... | stretch | |
| CVE-2018-5429 | A vulnerability in the report scripting component of TIBCO Software In ... | stretch | |
| CVE-2018-5430 | The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Serv ... | stretch | |
| CVE-2018-5431 | The domain designer component of TIBCO Software Inc.'s TIBCO JasperRep ... | stretch | |
| kfreebsd-10 | CVE-2014-7250 | The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ... | bullseye, buster, sid, stretch |
| kgb-bot | CVE-2015-1554 | kgb-bot 1.33-2 allows remote attackers to cause a denial of service (c ... | bullseye, buster, sid, stretch |
| libesedb | CVE-2018-15158 | ** DISPUTED ** The libesedb_page_read_values function in libesedb_page ... | bullseye, buster, sid, stretch |
| CVE-2018-15159 | ** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c ... | bullseye, buster, sid, stretch | |
| CVE-2018-15160 | ** DISPUTED ** The libesedb_catalog_definition_read function in libese ... | bullseye, buster, sid, stretch | |
| CVE-2018-15161 | ** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c ... | bullseye, buster, sid, stretch | |
| libsass | CVE-2017-10687 | In LibSass 3.4.5, there is a heap-based buffer over-read in the functi ... | bullseye, buster, sid, stretch |
| CVE-2017-11341 | There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. ... | bullseye, buster, sid, stretch | |
| CVE-2017-11342 | There is an illegal address access in ast.cpp of LibSass 3.4.5. A craf ... | bullseye, buster, sid, stretch | |
| CVE-2017-11605 | There is a heap based buffer over-read in LibSass 3.4.5, related to ad ... | bullseye, buster, sid, stretch | |
| CVE-2017-12962 | There are memory leaks in LibSass 3.4.5 triggered by deeply nested cod ... | bullseye, buster, sid, stretch | |
| CVE-2017-12963 | There is an illegal address access in Sass::Eval::operator() in eval.c ... | bullseye, buster, sid, stretch | |
| CVE-2017-12964 | There is a stack consumption issue in LibSass 3.4.5 that is triggered ... | bullseye, buster, sid, stretch | |
| CVE-2018-19218 | In LibSass 3.5-stable, there is an illegal address access at Sass::Par ... | bullseye, buster, sid, stretch | |
| CVE-2018-19219 | In LibSass 3.5-stable, there is an illegal address access at Sass::Eva ... | bullseye, buster, sid, stretch | |
| libxml2 | CVE-2020-3909 | A buffer overflow was addressed with improved bounds checking. This is ... | bullseye, buster, sid, stretch |
| CVE-2020-3910 | A buffer overflow was addressed with improved size validation. This is ... | bullseye, buster, sid, stretch | |
| linux | CVE-2018-18653 | The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Se ... | bullseye, buster, sid, stretch |
| CVE-2019-12881 | i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c ... | bullseye, buster, sid, stretch | |
| lua5.1 | CVE-2020-15888 | Lua through 5.4.0 mishandles the interaction between stack resizes and ... | bullseye, buster, sid, stretch |
| CVE-2020-15889 | Lua through 5.4.0 has a getobjname heap-based buffer over-read because ... | bullseye, buster, sid, stretch | |
| CVE-2020-15945 | Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c ... | bullseye, buster, sid, stretch | |
| lua5.2 | CVE-2020-15888 | Lua through 5.4.0 mishandles the interaction between stack resizes and ... | bullseye, buster, sid, stretch |
| CVE-2020-15889 | Lua through 5.4.0 has a getobjname heap-based buffer over-read because ... | bullseye, buster, sid, stretch | |
| CVE-2020-15945 | Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c ... | bullseye, buster, sid, stretch | |
| lua5.3 | CVE-2020-15888 | Lua through 5.4.0 mishandles the interaction between stack resizes and ... | bullseye, buster, sid, stretch |
| CVE-2020-15889 | Lua through 5.4.0 has a getobjname heap-based buffer over-read because ... | bullseye, buster, sid, stretch | |
| CVE-2020-15945 | Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c ... | bullseye, buster, sid, stretch | |
| lua50 | CVE-2020-15888 | Lua through 5.4.0 mishandles the interaction between stack resizes and ... | bullseye, buster, sid, stretch |
| CVE-2020-15889 | Lua through 5.4.0 has a getobjname heap-based buffer over-read because ... | bullseye, buster, sid, stretch | |
| CVE-2020-15945 | Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c ... | bullseye, buster, sid, stretch | |
| mistral | CVE-2018-16848 | A Denial of Service (DoS) condition is possible in OpenStack Mistral i ... | bullseye, buster, sid, stretch |
| mysql-5.7 | CVE-2017-15365 | sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ... | sid |
| netpbm-free | CVE-2017-2579 | An out-of-bounds read vulnerability was found in netpbm before 10.61. ... | bullseye, buster, sid, stretch |
| CVE-2017-2580 | An out-of-bounds write vulnerability was found in netpbm before 10.61. ... | bullseye, buster, sid, stretch | |
| CVE-2017-2581 | An out-of-bounds write vulnerability was found in netpbm before 10.61. ... | bullseye, buster, sid, stretch | |
| opencv | CVE-2019-9423 | In opencv calls that use libpng, there is a possible out of bounds wri ... | bullseye, buster, sid, stretch |
| openjdk-11 | CVE-2018-12438 | The Elliptic Curve Cryptography library (aka sunec or libsunec) allows ... | bullseye, buster, sid, sid, stretch |
| phpmyadmin | CVE-2020-11441 | ** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated ... | bullseye, sid, stretch |
| resteasy | CVE-2020-10688 | sid | |
| CVE-2020-14326 | sid | ||
| CVE-2020-1695 | A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final ... | sid | |
| resteasy3.0 | CVE-2016-6345 | RESTEasy allows remote authenticated users to obtain sensitive informa ... | bullseye, buster, sid |
| CVE-2016-6346 | RESTEasy enables GZIPInterceptor, which allows remote attackers to cau ... | bullseye, buster, sid | |
| CVE-2016-6347 | Cross-site scripting (XSS) vulnerability in the default exception hand ... | bullseye, buster, sid | |
| CVE-2016-6348 | JacksonJsonpInterceptor in RESTEasy might allow remote attackers to co ... | bullseye, buster, sid | |
| CVE-2020-10688 | bullseye, buster, sid | ||
| CVE-2020-14326 | bullseye, buster, sid | ||
| CVE-2020-1695 | A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final ... | bullseye, buster, sid | |
| snappy | CVE-2018-7577 | Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Go ... | bullseye, buster, sid, stretch |
| sqlite3 | CVE-2020-9794 | An out-of-bounds read was addressed with improved bounds checking. Thi ... | bullseye, buster, sid, stretch |
| tinymce | CVE-2019-1010091 | tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization ... | bullseye, buster, sid, stretch |
| undertow | CVE-2019-14888 | A vulnerability was found in the Undertow HTTP server in versions befo ... | bullseye, sid |
| CVE-2020-10687 | bullseye, sid | ||
| CVE-2020-10705 | A flaw was discovered in Undertow in versions before Undertow 2.1.1.Fi ... | bullseye, sid | |
| CVE-2020-10719 | A flaw was found in Undertow in versions before 2.1.1.Final, regarding ... | bullseye, sid | |
| wordpress | CVE-2018-1000773 | WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ... | bullseye, buster, sid, stretch |
| wordpress | CVE-2019-8943 | WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An a ... | bullseye, buster, sid, stretch |