This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.
| Package | Bug | Description | Releases |
|---|---|---|---|
| bittorrent | CVE-2015-5474 | BitTorrent and uTorrent allow remote attackers to inject command line ... | jessie, sid, stretch, wheezy |
| bsdiff | CVE-2014-9862 | Integer signedness error in bspatch.c in bspatch in bsdiff, as used in ... | jessie, sid, stretch, wheezy |
| chromium-browser | CVE-2008-5749 | ** DISPUTED ** ... | jessie, sid, stretch, wheezy |
| CVE-2009-3011 | Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and ... | jessie, sid, stretch, wheezy | |
| CVE-2010-2120 | Google Chrome 1.0.154.48 allows remote attackers to cause a denial of ... | jessie, sid, stretch, wheezy | |
| gdb | TEMP-0000000-A2945B | Stack buffer overflow when printing bad bytes in Intel Hex objects | jessie, sid, stretch, wheezy |
| glassfish | CVE-2012-3155 | Unspecified vulnerability in the CORBA ORB component in Sun GlassFish ... | jessie, sid, stretch, wheezy |
| glusterfs | CVE-2012-5635 | The GlusterFS functionality in Red Hat Storage Management Console 2.0, ... | jessie, sid, stretch, wheezy |
| kfreebsd-10 | CVE-2014-7250 | The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ... | jessie, sid, wheezy, wheezy |
| kgb-bot | CVE-2015-1554 | can be crashed by some network traffic | jessie, sid, stretch, wheezy |
| kodi | TEMP-0000000-9FAB83 | Kodi Cross-Site Request Forgery | sid, stretch |
| libav | CVE-2015-6761 | The update_dimensions function in libavcodec/vp8.c in FFmpeg through ... | jessie, wheezy |
| CVE-2015-6818 | The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2015-6819 | Multiple integer underflows in the ff_mjpeg_decode_frame function in ... | jessie, wheezy | |
| CVE-2015-6820 | The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2015-6821 | The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg ... | jessie, wheezy | |
| CVE-2015-6822 | The destroy_buffers function in libavcodec/sanm.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2015-6823 | The allocate_buffers function in libavcodec/alac.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2015-6824 | The sws_init_context function in libswscale/utils.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2015-6825 | The ff_frame_thread_init function in libavcodec/pthread_frame.c in ... | jessie, wheezy | |
| CVE-2015-6826 | The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in ... | jessie, wheezy | |
| CVE-2015-8216 | The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg ... | jessie, wheezy | |
| CVE-2015-8217 | The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg ... | jessie | |
| CVE-2015-8218 | The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg ... | jessie, wheezy | |
| CVE-2015-8219 | The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2015-8363 | The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in ... | jessie | |
| CVE-2015-8364 | Integer overflow in the ff_ivi_init_planes function in ... | jessie, wheezy | |
| CVE-2015-8365 | The smka_decode_frame function in libavcodec/smacker.c in FFmpeg ... | jessie, wheezy | |
| CVE-2015-8661 | The h264_slice_header_init function in libavcodec/h264_slice.c in ... | jessie, wheezy | |
| CVE-2015-8662 | The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg ... | jessie, wheezy | |
| CVE-2015-8663 | The ff_get_buffer function in libavcodec/utils.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2016-2329 | libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate ... | jessie, wheezy | |
| CVE-2016-2330 | libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a ... | jessie, wheezy | |
| CVE-2016-6920 | exr file Heap Overflow | jessie, wheezy | |
| libstruts1.2-java | CVE-2016-2162 | Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale ... | wheezy |
| libx11 | CVE-2006-0197 | The XClientMessageEvent struct used in certain components of X.Org ... | jessie, sid, stretch, wheezy |
| libxml2 | CVE-2016-1761 | libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS ... | jessie, sid, stretch, wheezy |
| CVE-2016-5131 | Use-after-free vulnerability in libxml2 through 2.9.4, as used in ... | jessie, sid, stretch, wheezy | |
| libxslt | CVE-2016-1841 | libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ... | jessie, sid, stretch, wheezy |
| mariadb-10.0 | CVE-2016-6663 | jessie, sid, stretch | |
| mcollective | CVE-2016-2788 | jessie, sid, stretch, wheezy | |
| mock | CVE-2016-6299 | privilige escalation via mock-scm | jessie, sid, stretch |
| monitoring-plugins | CVE-2013-4215 | The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins ... | jessie, sid, stretch |
| CVE-2014-4701 | The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local ... | jessie, sid, stretch | |
| CVE-2014-4702 | The check_icmp plugin in Nagios Plugins before 2.0.2 allows local ... | jessie, sid, stretch | |
| CVE-2014-4703 | lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain ... | jessie, sid, stretch | |
| movabletype-opensource | CVE-2014-5313 | Cross-site scripting (XSS) vulnerability in the management page in Six ... | wheezy |
| mplayer | CVE-2016-5115 | sid, stretch, wheezy | |
| mysql-5.5 | CVE-2016-6663 | jessie, wheezy, sid, stretch | |
| nova | CVE-2011-4076 | jessie, sid, stretch, wheezy | |
| openjdk-6 | CVE-2008-3112 | Directory traversal vulnerability in Sun Java Web Start in JDK and JRE ... | wheezy |
| CVE-2009-2675 | Integer overflow in the unpack200 utility in Sun Java Runtime ... | wheezy | |
| CVE-2009-2676 | Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE ... | wheezy | |
| phpmyadmin | CVE-2016-6621 | jessie, sid, stretch, wheezy | |
| proftpd-dfsg | TEMP-0000000-82EF2E | An invalid off by one read can happen in the function pr_fs_dircat() | jessie, sid, wheezy |
| TEMP-0000000-CFB563 | An invalid off by one read can happen in the string handling function pr_ascii_ftp_to_crlf() | jessie, sid, wheezy | |
| puppet | CVE-2015-7330 | Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to ... | jessie, sid, stretch, wheezy |
| sdcc | TEMP-0000000-A2945B | Stack buffer overflow when printing bad bytes in Intel Hex objects | jessie, sid, stretch, wheezy |
| tcpdf | TEMP-0814030-D4FF95 | LFI posting internal files externally abusing default parameter | jessie, sid, stretch |
| tidy-html5 | TEMP-0000000-4AF693 | read out-of-bounds in TextEndsWithNewline | sid, stretch |
| TEMP-0000000-61DC05 | use-after-free | sid, stretch | |
| TEMP-0000000-6E102E | infinite loop parsing an html file | sid, stretch | |
| tripleo-heat-templates | CVE-2015-5303 | The TripleO Heat templates (tripleo-heat-templates), when deployed via ... | sid, stretch |
| CVE-2015-5329 | The TripleO Heat templates (tripleo-heat-templates), as used in Red ... | sid, stretch | |
| xulrunner | CVE-2009-1597 | Mozilla Firefox executes DOM calls in response to a javascript: URI in ... | wheezy |
| CVE-2009-2065 | Mozilla Firefox 3.0.10, and possibly other versions, detects http ... | wheezy | |
| CVE-2009-4129 | Race condition in Mozilla Firefox allows remote attackers to produce a ... | wheezy | |
| CVE-2009-4130 | Visual truncation vulnerability in the MakeScriptDialogTitle function ... | wheezy | |
| CVE-2009-5017 | Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong ... | wheezy | |
| xulrunner | CVE-2010-0648 | Mozilla Firefox, possibly before 3.6, allows remote attackers to ... | wheezy |