This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.
| Package | Bug | Description | Releases |
|---|---|---|---|
| android-platform-system-core | CVE-2014-7952 | The backup mechanism in the adb tool in Android might allow attackers ... | buster, jessie, sid, stretch |
| catimg | CVE-2018-16981 | stb stb_image.h 2.19, as used in catimg, Emscripten, and other ... | buster, sid |
| hdf5 | CVE-2018-13866 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch |
| CVE-2018-13867 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an out ... | buster, jessie, sid, stretch | |
| CVE-2018-13868 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-13869 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-13870 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-13871 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-13872 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-13873 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-13874 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-13875 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an ... | buster, jessie, sid, stretch | |
| CVE-2018-13876 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-14031 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-14033 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-14034 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an out ... | buster, jessie, sid, stretch | |
| CVE-2018-14035 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-14460 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-15671 | An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack ... | buster, jessie, sid, stretch | |
| CVE-2018-16438 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an out ... | buster, jessie, sid, stretch | |
| CVE-2018-17233 | A SIGFPE signal is raised in the function ... | buster, jessie, sid, stretch | |
| CVE-2018-17234 | Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in ... | buster, jessie, sid, stretch | |
| CVE-2018-17237 | A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of ... | buster, jessie, sid, stretch | |
| CVE-2018-17432 | A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in ... | buster, jessie, sid, stretch | |
| CVE-2018-17433 | A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ... | buster, jessie, sid, stretch | |
| CVE-2018-17434 | A SIGFPE signal is raised in the function apply_filters() of ... | buster, jessie, sid, stretch | |
| CVE-2018-17435 | A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ... | buster, jessie, sid, stretch | |
| CVE-2018-17436 | ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library ... | buster, jessie, sid, stretch | |
| CVE-2018-17437 | Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ... | buster, jessie, sid, stretch | |
| CVE-2018-17438 | A SIGFPE signal is raised in the function H5D__select_io() of ... | buster, jessie, sid, stretch | |
| CVE-2018-17439 | An issue was discovered in the HDF HDF5 1.10.3 library. There is a ... | buster, jessie, sid, stretch | |
| imagemagick | CVE-2018-16329 | In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the ... | buster, sid, stretch |
| jasperreports | CVE-2017-14941 | Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure ... | buster, jessie, sid, stretch |
| CVE-2017-5528 | Multiple JasperReports Server components contain vulnerabilities ... | buster, jessie, sid, stretch | |
| CVE-2017-5529 | JasperReports library components contain an information disclosure ... | buster, jessie, sid, stretch | |
| CVE-2017-5532 | A vulnerability in the report renderer component of TIBCO ... | buster, jessie, sid, stretch | |
| CVE-2017-5533 | A vulnerability in the server content cache of TIBCO JasperReports ... | buster, jessie, sid, stretch | |
| CVE-2018-5429 | A vulnerability in the report scripting component of TIBCO Software ... | buster, sid, stretch | |
| CVE-2018-5430 | The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports ... | buster, sid, stretch | |
| CVE-2018-5431 | The domain designer component of TIBCO Software Inc.'s TIBCO ... | buster, sid, stretch | |
| kfreebsd-10 | CVE-2014-7250 | The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ... | sid, stretch |
| libav | CVE-2017-14225 | The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg ... | jessie |
| CVE-2017-7863 | FFmpeg before 2017-02-04 has an out-of-bounds write caused by a ... | jessie | |
| CVE-2018-10001 | The decode_init function in libavcodec/utvideodec.c in FFmpeg through ... | jessie | |
| libesedb | CVE-2018-15158 | ** DISPUTED ** The libesedb_page_read_values function in ... | buster, sid, stretch |
| CVE-2018-15159 | ** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c ... | buster, sid, stretch | |
| CVE-2018-15160 | ** DISPUTED ** The libesedb_catalog_definition_read function in ... | buster, sid, stretch | |
| CVE-2018-15161 | ** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c ... | buster, sid, stretch | |
| libgig | CVE-2018-14449 | An issue was discovered in libgig 4.1.0. There is an out of bounds read ... | buster, jessie, sid, stretch |
| CVE-2018-14450 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds read ... | buster, jessie, sid, stretch | |
| CVE-2018-14451 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | buster, jessie, sid, stretch | |
| CVE-2018-14452 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds read ... | buster, jessie, sid, stretch | |
| CVE-2018-14453 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | buster, jessie, sid, stretch | |
| CVE-2018-14454 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds read ... | buster, jessie, sid, stretch | |
| CVE-2018-14455 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds ... | buster, jessie, sid, stretch | |
| CVE-2018-14456 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds ... | buster, jessie, sid, stretch | |
| CVE-2018-14457 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds ... | buster, jessie, sid, stretch | |
| CVE-2018-14458 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | buster, jessie, sid, stretch | |
| CVE-2018-14459 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds ... | buster, jessie, sid, stretch | |
| CVE-2018-18192 | An issue was discovered in libgig 4.1.0. There is a NULL pointer ... | buster, jessie, sid, stretch | |
| CVE-2018-18193 | An issue was discovered in libgig 4.1.0. There is operator new[] ... | buster, jessie, sid, stretch | |
| CVE-2018-18194 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | buster, jessie, sid, stretch | |
| CVE-2018-18195 | An issue discovered in libgig 4.1.0. There is an FPE (divide-by-zero ... | buster, jessie, sid, stretch | |
| CVE-2018-18196 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | buster, jessie, sid, stretch | |
| CVE-2018-18197 | An issue was discovered in libgig 4.1.0. There is an operator new[] ... | buster, jessie, sid, stretch | |
| libsass | CVE-2018-19218 | In LibSass 3.5-stable, there is an illegal address access at ... | buster, sid, stretch |
| CVE-2018-19219 | In LibSass 3.5-stable, there is an illegal address access at ... | buster, sid, stretch | |
| libsixel | CVE-2018-19757 | There is a NULL pointer dereference at function ... | buster, jessie, sid, stretch |
| CVE-2018-19761 | There is an illegal address access at fromsixel.c (function: ... | buster, jessie, sid, stretch | |
| CVE-2018-19762 | There is a heap-based buffer overflow at fromsixel.c (function: ... | buster, jessie, sid, stretch | |
| CVE-2018-19763 | There is a heap-based buffer over-read at writer.c (function: ... | buster, jessie, sid, stretch | |
| libxslt | CVE-2016-4607 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch |
| CVE-2016-4608 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch | |
| CVE-2016-4609 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch | |
| CVE-2016-4610 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch | |
| CVE-2017-2477 | An issue was discovered in certain Apple products. macOS before ... | buster, jessie, sid, stretch | |
| linux | CVE-2018-16885 | A flaw was found in the Linux kernel that allows the userspace to call ... | buster, jessie, sid, stretch |
| CVE-2018-17977 | The Linux kernel 4.14.67 mishandles certain interaction among XFRM ... | buster, jessie, sid, stretch | |
| CVE-2018-18653 | The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI ... | buster, jessie, sid, stretch | |
| mariadb-10.0 | CVE-2017-15365 | sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ... | jessie, sid |
| ncurses | CVE-2018-19217 | In ncurses 6.1, there is a NULL pointer dereference at the function ... | buster, jessie, sid, stretch |
| netpbm-free | CVE-2017-2579 | An out-of-bounds read vulnerability was found in netpbm before 10.61. ... | buster, jessie, sid, stretch |
| CVE-2017-2580 | An out-of-bounds write vulnerability was found in netpbm before 10.61. ... | buster, jessie, sid, stretch | |
| CVE-2017-2581 | An out-of-bounds write vulnerability was found in netpbm before 10.61. ... | buster, jessie, sid, stretch | |
| percona-xtrabackup | CVE-2017-15365 | sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ... | sid |
| phpmyadmin | CVE-2018-19969 | phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a ... | jessie, sid, stretch |
| resteasy3.0 | CVE-2016-6345 | RESTEasy allows remote authenticated users to obtain sensitive ... | buster, sid |
| CVE-2016-6346 | RESTEasy enables GZIPInterceptor, which allows remote attackers to ... | buster, sid | |
| CVE-2016-6347 | Cross-site scripting (XSS) vulnerability in the default exception ... | buster, sid | |
| CVE-2016-6348 | JacksonJsonpInterceptor in RESTEasy might allow remote attackers to ... | buster, sid | |
| tiff | CVE-2018-5360 | LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ... | buster, jessie, sid, stretch |
| wordpress | CVE-2017-1000600 | WordPress version <4.9 contains a CWE-20 Input Validation ... | buster, jessie, sid, stretch |
| wordpress | CVE-2018-1000773 | WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ... | buster, jessie, sid, stretch |