Packages that may be vulnerable but need to be checked (undetermined issues)

This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.

PackageBugDescriptionReleases
chromium-browserCVE-2008-5749** DISPUTED ** ...jessie, sid, squeeze, wheezy
CVE-2009-3011Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and ...jessie, sid, squeeze, wheezy
CVE-2010-2120Google Chrome 1.0.154.48 allows remote attackers to cause a denial of ...jessie, sid, squeeze, wheezy
collabtiveCVE-2010-5285Cross-site request forgery (CSRF) vulnerability in admin.php in ...jessie, sid, wheezy
cyasslCVE-2014-6478Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...sid
gksuCVE-2014-2886GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) ...jessie, sid, squeeze, wheezy
glassfishCVE-2012-3155Unspecified vulnerability in the CORBA ORB component in Sun GlassFish ...jessie, sid, squeeze, wheezy
CVE-2013-3827Unspecified vulnerability in the Oracle GlassFish Server component in ...jessie, sid, squeeze, wheezy
CVE-2013-5816Unspecified vulnerability in the Oracle GlassFish Server component in ...jessie, sid, squeeze, wheezy
glusterfsCVE-2012-5635The GlusterFS functionality in Red Hat Storage Management Console 2.0, ...jessie, sid, squeeze, wheezy
gnome-online-accountsCVE-2013-1799Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before ...jessie, sid, wheezy
kfreebsd-10CVE-2014-7250The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ...jessie, sid, squeeze, wheezy, wheezy
libx11CVE-2006-0197The XClientMessageEvent struct used in certain components of X.Org ...jessie, sid, squeeze, wheezy
mojarraCVE-2011-4367Multiple directory traversal vulnerabilities in MyFaces JavaServer ...jessie, sid, squeeze, wheezy
monitoring-pluginsCVE-2013-4215The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins ...jessie, sid
CVE-2014-4701The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local ...jessie, sid
CVE-2014-4702The check_icmp plugin in Nagios Plugins before 2.0.2 allows local ...jessie, sid
CVE-2014-4703lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain ...jessie, sid
movabletype-opensourceCVE-2014-5313Cross-site scripting (XSS) vulnerability in the management page in Six ...wheezy
openjdk-6CVE-2008-3112Directory traversal vulnerability in Sun Java Web Start in JDK and JRE ...sid, squeeze, wheezy
CVE-2009-2675Integer overflow in the unpack200 utility in Sun Java Runtime ...sid, squeeze, wheezy
CVE-2009-2676Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE ...sid, squeeze, wheezy
percona-xtradb-cluster-5.5CVE-2014-4274Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier ...sid
CVE-2014-4287Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier ...sid
CVE-2014-6463Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier ...sid
CVE-2014-6464Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier ...sid
CVE-2014-6469Unspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler ...sid
CVE-2014-6478Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...sid
CVE-2014-6484Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...sid
CVE-2014-6491Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier ...sid
CVE-2014-6494Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, ...sid
CVE-2014-6495Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...sid
CVE-2014-6496Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, ...sid
CVE-2014-6500Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, ...sid
CVE-2014-6505Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...sid
CVE-2014-6507Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, ...sid
CVE-2014-6520Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier ...sid
CVE-2014-6530Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...sid
CVE-2014-6551Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier ...sid
CVE-2014-6555Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier ...sid
CVE-2014-6559Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, ...sid
CVE-2014-6568Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, ...sid
CVE-2015-0374Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier ...sid
CVE-2015-0381Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier ...sid
CVE-2015-0382Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier ...sid
CVE-2015-0385Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier ...sid
CVE-2015-0391Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...sid
CVE-2015-0409Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier ...sid
CVE-2015-0411Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, ...sid
CVE-2015-0432Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier ...sid
sqlite3TEMP-0000000-881E20Crashes due to fuzzed inputjessie, sid, squeeze, wheezy
squidCVE-2015-0881CRLF injection vulnerability in Squid before 3.1.10 allows remote ...sid, squeeze, wheezy
TEMP-0776464-3CD5D8Digest authentification never replay Ldap requestssid, squeeze, wheezy
squid3CVE-2015-0881CRLF injection vulnerability in Squid before 3.1.10 allows remote ...jessie, sid, squeeze, wheezy
xulrunnerCVE-2009-1597Mozilla Firefox executes DOM calls in response to a javascript: URI in ...wheezy
CVE-2009-2065Mozilla Firefox 3.0.10, and possibly other versions, detects http ...wheezy
CVE-2009-4129Race condition in Mozilla Firefox allows remote attackers to produce a ...wheezy
CVE-2009-4130Visual truncation vulnerability in the MakeScriptDialogTitle function ...wheezy
CVE-2009-5017Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong ...wheezy
xulrunnerCVE-2010-0648Mozilla Firefox, possibly before 3.6, allows remote attackers to ...wheezy

Search for package or bug name: Reporting problems