This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.
| Package | Bug | Description | Releases |
|---|---|---|---|
| docker.io | CVE-2017-14992 | Lack of content verification in Docker-CE (Also known as Moby) ... | sid |
| eclipse | CVE-2017-8315 | Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier ... | buster, jessie, sid, stretch, wheezy |
| exiv2 | CVE-2018-9144 | In Exiv2 0.26, there is an out-of-bounds read in ... | buster, jessie, sid, stretch |
| CVE-2018-9145 | In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an ... | buster, jessie, sid, stretch, wheezy | |
| ffmpeg | CVE-2017-14034 | The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used ... | buster, sid, stretch |
| glassfish | CVE-2012-3155 | Unspecified vulnerability in the CORBA ORB component in Sun GlassFish ... | jessie, sid, stretch |
| jasperreports | CVE-2017-14941 | Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure ... | buster, jessie, sid, stretch |
| CVE-2017-5528 | Multiple JasperReports Server components contain vulnerabilities ... | buster, jessie, sid, stretch | |
| CVE-2017-5529 | JasperReports library components contain an information disclosure ... | buster, jessie, sid, stretch | |
| CVE-2017-5532 | A vulnerability in the report renderer component of TIBCO ... | buster, jessie, sid, stretch | |
| CVE-2017-5533 | A vulnerability in the server content cache of TIBCO JasperReports ... | buster, jessie, sid, stretch | |
| kfreebsd-10 | CVE-2014-7250 | The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ... | jessie, sid, stretch |
| libav | CVE-2015-6761 | The update_dimensions function in libavcodec/vp8.c in FFmpeg through ... | jessie |
| CVE-2015-6818 | The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2015-6820 | The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2015-6821 | The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg ... | jessie, wheezy | |
| CVE-2015-6822 | The destroy_buffers function in libavcodec/sanm.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2015-6823 | The allocate_buffers function in libavcodec/alac.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2015-6824 | The sws_init_context function in libswscale/utils.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2015-6825 | The ff_frame_thread_init function in libavcodec/pthread_frame.c in ... | jessie | |
| CVE-2015-6826 | The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in ... | jessie, wheezy | |
| CVE-2015-8216 | The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg ... | jessie, wheezy | |
| CVE-2015-8217 | The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg ... | jessie | |
| CVE-2015-8219 | The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before ... | jessie | |
| CVE-2015-8363 | The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in ... | jessie | |
| CVE-2015-8364 | Integer overflow in the ff_ivi_init_planes function in ... | jessie, wheezy | |
| CVE-2015-8661 | The h264_slice_header_init function in libavcodec/h264_slice.c in ... | jessie, wheezy | |
| CVE-2015-8662 | The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg ... | jessie | |
| CVE-2015-8663 | The ff_get_buffer function in libavcodec/utils.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2016-10190 | Heap-based buffer overflow in libavformat/http.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2016-10191 | Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2016-10192 | Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, ... | jessie, wheezy | |
| CVE-2016-5199 | An off by one error resulting in an allocation of zero size in FFmpeg ... | jessie, wheezy | |
| CVE-2017-14054 | In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due ... | jessie, wheezy | |
| CVE-2017-14055 | In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due ... | jessie, wheezy | |
| CVE-2017-14056 | In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to ... | jessie, wheezy | |
| CVE-2017-14057 | In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End ... | jessie, wheezy | |
| CVE-2017-14058 | In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not ... | jessie, wheezy | |
| CVE-2017-14059 | In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF ... | jessie, wheezy | |
| CVE-2017-14169 | In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg ... | jessie, wheezy | |
| CVE-2017-14170 | In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in ... | jessie, wheezy | |
| CVE-2017-14171 | In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in ... | jessie, wheezy | |
| CVE-2017-14222 | In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack ... | jessie, wheezy | |
| CVE-2017-14223 | In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in ... | jessie, wheezy | |
| CVE-2017-14225 | The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg ... | jessie, wheezy | |
| CVE-2017-14767 | The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in ... | jessie, wheezy | |
| CVE-2017-15186 | Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote ... | jessie, wheezy | |
| CVE-2017-15672 | The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and ... | jessie, wheezy | |
| CVE-2017-7863 | FFmpeg before 2017-02-04 has an out-of-bounds write caused by a ... | jessie, wheezy | |
| CVE-2017-7865 | FFmpeg before 2017-01-24 has an out-of-bounds write caused by a ... | jessie, wheezy | |
| CVE-2017-7866 | FFmpeg before 2017-01-23 has an out-of-bounds write caused by a ... | jessie, wheezy | |
| CVE-2017-9993 | FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, ... | jessie, wheezy | |
| CVE-2017-9994 | libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x ... | jessie | |
| CVE-2018-10001 | The decode_init function in libavcodec/utvideodec.c in FFmpeg through ... | jessie, wheezy | |
| CVE-2018-6392 | The filter_slice function in libavfilter/vf_transpose.c in FFmpeg ... | jessie, wheezy | |
| CVE-2018-6621 | The decode_frame function in libavcodec/utvideodec.c in FFmpeg through ... | jessie, wheezy | |
| CVE-2018-6912 | The decode_plane function in libavcodec/utvideodec.c in FFmpeg through ... | jessie, wheezy | |
| CVE-2018-9841 | The export function in libavfilter/vf_signature.c in FFmpeg through ... | jessie, wheezy | |
| libxslt | CVE-2016-4607 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch, wheezy |
| CVE-2016-4608 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch, wheezy | |
| CVE-2016-4609 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch, wheezy | |
| CVE-2016-4610 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch, wheezy | |
| CVE-2017-2477 | An issue was discovered in certain Apple products. macOS before ... | buster, jessie, sid, stretch, wheezy | |
| mariadb-10.0 | CVE-2017-15365 | sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ... | jessie |
| mistral | CVE-2017-2622 | openstack-mistral: /var/log/mistral/ is world readable | buster, sid, stretch |
| monitoring-plugins | CVE-2013-4215 | The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins ... | buster, jessie, sid, stretch |
| CVE-2014-4701 | The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local ... | buster, jessie, sid, stretch | |
| CVE-2014-4702 | The check_icmp plugin in Nagios Plugins before 2.0.2 allows local ... | buster, jessie, sid, stretch | |
| CVE-2014-4703 | lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain ... | buster, jessie, sid, stretch | |
| mysql-5.5 | CVE-2017-15365 | sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ... | jessie, sid |
| netpbm-free | CVE-2017-2579 | buster, jessie, sid, stretch, wheezy | |
| CVE-2017-2580 | buster, jessie, sid, stretch, wheezy | ||
| CVE-2017-2581 | buster, jessie, sid, stretch, wheezy | ||
| percona-xtrabackup | CVE-2017-15365 | sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ... | jessie, sid |
| php-horde | CVE-2017-16906 | In Horde Groupware 5.2.19, there is XSS via the URL field in a ... | buster, jessie, sid, stretch |
| CVE-2017-16907 | In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ... | buster, jessie, sid, stretch | |
| CVE-2017-16908 | In Horde Groupware 5.2.19, there is XSS via the Name field during ... | buster, jessie, sid, stretch | |
| CVE-2017-17781 | In Horde Groupware through 5.2.22, SQL Injection exists via the group ... | buster, jessie, sid, stretch | |
| resteasy | CVE-2018-1051 | It was found that the fix for CVE-2016-9606 in versions 3.0.22 and ... | jessie, sid |
| resteasy3.0 | CVE-2016-6345 | RESTEasy allows remote authenticated users to obtain sensitive ... | sid |
| CVE-2016-6346 | RESTEasy enables GZIPInterceptor, which allows remote attackers to ... | sid | |
| CVE-2016-6347 | Cross-site scripting (XSS) vulnerability in the default exception ... | sid | |
| CVE-2016-6348 | JacksonJsonpInterceptor in RESTEasy might allow remote attackers to ... | sid | |
| CVE-2016-9606 | JBoss RESTEasy before version 3.1.2 could be forced into parsing a ... | sid | |
| CVE-2017-7561 | Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is ... | sid | |
| CVE-2018-1051 | It was found that the fix for CVE-2016-9606 in versions 3.0.22 and ... | sid | |
| spice | CVE-2017-12194 | A flaw was found in the way spice-client processed certain messages ... | buster, jessie, sid, stretch, wheezy, buster, jessie, sid, stretch, wheezy |
| tripleo-heat-templates | CVE-2017-12155 | A resource-permission flaw was found in the ... | buster, sid |