Packages that may be vulnerable but need to be checked (undetermined issues)

This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.

PackageBugDescriptionReleases
bittorrentCVE-2015-5474BitTorrent and uTorrent allow remote attackers to inject command line ...jessie, sid, stretch, wheezy
chromium-browserCVE-2008-5749** DISPUTED ** ...jessie, sid, stretch, wheezy
CVE-2009-3011Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and ...jessie, sid, stretch, wheezy
CVE-2010-2120Google Chrome 1.0.154.48 allows remote attackers to cause a denial of ...jessie, sid, stretch, wheezy
gdbTEMP-0000000-A2945BStack buffer overflow when printing bad bytes in Intel Hex objectsjessie, sid, stretch, wheezy
gitlabCVE-2016-4340sid, stretch
glassfishCVE-2012-3155Unspecified vulnerability in the CORBA ORB component in Sun GlassFish ...jessie, sid, stretch, wheezy
glusterfsCVE-2012-5635The GlusterFS functionality in Red Hat Storage Management Console 2.0, ...jessie, sid, stretch, wheezy
grub2CVE-2015-5281The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) ...jessie, sid, stretch, wheezy
kfreebsd-10CVE-2014-7250The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ...jessie, sid, wheezy, wheezy
kgb-botCVE-2015-1554can be crashed by some network trafficjessie, sid, stretch, wheezy
kodiTEMP-0000000-9FAB83Kodi Cross-Site Request Forgerysid, stretch
libavCVE-2015-6761The update_dimensions function in libavcodec/vp8.c in FFmpeg through ...jessie, wheezy
CVE-2015-6818The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before ...jessie, wheezy
CVE-2015-6819Multiple integer underflows in the ff_mjpeg_decode_frame function in ...jessie, wheezy
CVE-2015-6820The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before ...jessie, wheezy
CVE-2015-6821The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg ...jessie, wheezy
CVE-2015-6822The destroy_buffers function in libavcodec/sanm.c in FFmpeg before ...jessie, wheezy
CVE-2015-6823The allocate_buffers function in libavcodec/alac.c in FFmpeg before ...jessie, wheezy
CVE-2015-6824The sws_init_context function in libswscale/utils.c in FFmpeg before ...jessie, wheezy
CVE-2015-6825The ff_frame_thread_init function in libavcodec/pthread_frame.c in ...jessie, wheezy
CVE-2015-6826The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in ...jessie, wheezy
CVE-2015-8216The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg ...jessie, wheezy
CVE-2015-8217The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg ...jessie, wheezy
CVE-2015-8218The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg ...jessie, wheezy
CVE-2015-8219The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before ...jessie, wheezy
CVE-2015-8363The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in ...jessie, wheezy
CVE-2015-8364Integer overflow in the ff_ivi_init_planes function in ...jessie, wheezy
CVE-2015-8365The smka_decode_frame function in libavcodec/smacker.c in FFmpeg ...jessie, wheezy
CVE-2015-8661The h264_slice_header_init function in libavcodec/h264_slice.c in ...jessie, wheezy
CVE-2015-8662The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg ...jessie, wheezy
CVE-2015-8663The ff_get_buffer function in libavcodec/utils.c in FFmpeg before ...jessie, wheezy
CVE-2016-2329libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate ...jessie, wheezy
CVE-2016-2330libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a ...jessie, wheezy
libgwenhywfarCVE-2015-7542jessie, sid, stretch, wheezy
libstruts1.2-javaCVE-2016-0785Apache Struts 2.x before 2.3.28 allows remote attackers to execute ...wheezy
CVE-2016-2162Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale ...wheezy
CVE-2016-3081Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and ...wheezy
CVE-2016-3082XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before ...wheezy
CVE-2016-4003Cross-site scripting (XSS) vulnerability in the URLDecoder function in ...wheezy
libvpxCVE-2016-1621libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 ...jessie, sid, stretch, wheezy
libx11CVE-2006-0197The XClientMessageEvent struct used in certain components of X.Org ...jessie, sid, stretch, wheezy
linuxCVE-2008-2544jessie, sid, stretch, wheezy
CVE-2010-5321v4l: videobuf: hotfix a bug on multiple calls to mmap()jessie, sid, stretch, wheezy
lucene-solrCVE-2015-8795Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in ...jessie, sid, stretch, wheezy
CVE-2015-8796Cross-site scripting (XSS) vulnerability in ...jessie, sid, stretch, wheezy
CVE-2015-8797Cross-site scripting (XSS) vulnerability in ...jessie, sid, stretch, wheezy
monitoring-pluginsCVE-2013-4215The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins ...jessie, sid, stretch
CVE-2014-4701The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local ...jessie, sid, stretch
CVE-2014-4702The check_icmp plugin in Nagios Plugins before 2.0.2 allows local ...jessie, sid, stretch
CVE-2014-4703lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain ...jessie, sid, stretch
movabletype-opensourceCVE-2014-5313Cross-site scripting (XSS) vulnerability in the management page in Six ...wheezy
nagios3CVE-2016-0726jessie, sid, stretch, wheezy
novaCVE-2011-4076jessie, sid, stretch, wheezy
openjdk-6CVE-2008-3112Directory traversal vulnerability in Sun Java Web Start in JDK and JRE ...wheezy
CVE-2009-2675Integer overflow in the unpack200 utility in Sun Java Runtime ...wheezy
CVE-2009-2676Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE ...wheezy
openjpegCVE-2016-1626The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in ...jessie, sid, stretch, wheezy
CVE-2016-1628pi.c in OpenJPEG, as used in PDFium in Google Chrome before ...jessie, sid, stretch, wheezy
php5CVE-2016-4343Uninitialized pointer in phar_make_dirstream()jessie, sid, stretch, wheezy
CVE-2016-4344Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes -- ext/xml/xml.cjessie, sid, stretch, wheezy
CVE-2016-4345Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes -- ext/filter/sanitizing_filters.cjessie, sid, stretch, wheezy
CVE-2016-4346Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes -- ext/standard/string.cjessie, sid, stretch, wheezy
php7.0CVE-2016-4343Uninitialized pointer in phar_make_dirstream()sid, stretch
CVE-2016-4344Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes -- ext/xml/xml.csid, stretch
CVE-2016-4345Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes -- ext/filter/sanitizing_filters.csid, stretch
CVE-2016-4346Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes -- ext/standard/string.csid, stretch
proftpd-dfsgTEMP-0000000-82EF2EAn invalid off by one read can happen in the function pr_fs_dircat()jessie, sid, stretch, wheezy
TEMP-0000000-CFB563An invalid off by one read can happen in the string handling function pr_ascii_ftp_to_crlf()jessie, sid, stretch, wheezy
sdccTEMP-0000000-A2945BStack buffer overflow when printing bad bytes in Intel Hex objectsjessie, sid, stretch, wheezy
squidCVE-2016-3948Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds ...wheezy
tcpdfTEMP-0814030-D4FF95LFI posting internal files externally abusing default parameterjessie, sid, stretch
tripleo-heat-templatesCVE-2015-5303The TripleO Heat templates (tripleo-heat-templates), when deployed via ...sid, stretch
CVE-2015-5329The TripleO Heat templates (tripleo-heat-templates), as used in Red ...sid, stretch
xulrunnerCVE-2009-1597Mozilla Firefox executes DOM calls in response to a javascript: URI in ...wheezy
CVE-2009-2065Mozilla Firefox 3.0.10, and possibly other versions, detects http ...wheezy
CVE-2009-4129Race condition in Mozilla Firefox allows remote attackers to produce a ...wheezy
CVE-2009-4130Visual truncation vulnerability in the MakeScriptDialogTitle function ...wheezy
CVE-2009-5017Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong ...wheezy
xulrunnerCVE-2010-0648Mozilla Firefox, possibly before 3.6, allows remote attackers to ...wheezy

Search for package or bug name: Reporting problems