Packages that may be vulnerable but need to be checked (undetermined issues)

This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.

PackageBugDescriptionReleases
ffmpegCVE-2017-7206The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows ...buster, sid, stretch
glassfishCVE-2012-3155Unspecified vulnerability in the CORBA ORB component in Sun GlassFish ...buster, jessie, sid, stretch, wheezy
kfreebsd-10CVE-2014-7250The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ...buster, jessie, sid, stretch
libarchiveCVE-2016-4736libarchive in Apple OS X before 10.12 allows remote attackers to cause ...buster, jessie, sid, stretch, wheezy
CVE-2017-2390An issue was discovered in certain Apple products. iOS before 10.3 is ...buster, jessie, sid, stretch, wheezy
CVE-2017-7068An issue was discovered in certain Apple products. iOS before 10.3.3 ...buster, jessie, sid, stretch, wheezy
libavCVE-2015-6761The update_dimensions function in libavcodec/vp8.c in FFmpeg through ...jessie
CVE-2015-6818The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before ...jessie, wheezy
CVE-2015-6820The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before ...jessie, wheezy
CVE-2015-6821The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg ...jessie, wheezy
CVE-2015-6822The destroy_buffers function in libavcodec/sanm.c in FFmpeg before ...jessie, wheezy
CVE-2015-6823The allocate_buffers function in libavcodec/alac.c in FFmpeg before ...jessie, wheezy
CVE-2015-6824The sws_init_context function in libswscale/utils.c in FFmpeg before ...jessie, wheezy
CVE-2015-6825The ff_frame_thread_init function in libavcodec/pthread_frame.c in ...jessie
CVE-2015-6826The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in ...jessie, wheezy
CVE-2015-8216The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg ...jessie, wheezy
CVE-2015-8217The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg ...jessie
CVE-2015-8218The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg ...jessie, wheezy
CVE-2015-8219The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before ...jessie
CVE-2015-8363The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in ...jessie
CVE-2015-8364Integer overflow in the ff_ivi_init_planes function in ...jessie, wheezy
CVE-2015-8365The smka_decode_frame function in libavcodec/smacker.c in FFmpeg ...jessie, wheezy
CVE-2015-8661The h264_slice_header_init function in libavcodec/h264_slice.c in ...jessie, wheezy
CVE-2015-8662The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg ...jessie
CVE-2015-8663The ff_get_buffer function in libavcodec/utils.c in FFmpeg before ...jessie, wheezy
CVE-2016-10190Heap-based buffer overflow in libavformat/http.c in FFmpeg before ...jessie, wheezy
CVE-2016-10191Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before ...jessie, wheezy
CVE-2016-10192Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, ...jessie, wheezy
CVE-2016-5199An off by one error resulting in an allocation of zero size in FFmpeg ...jessie, wheezy
CVE-2017-7862FFmpeg before 2017-02-07 has an out-of-bounds write caused by a ...jessie, wheezy
CVE-2017-7863FFmpeg before 2017-02-04 has an out-of-bounds write caused by a ...jessie, wheezy
CVE-2017-7865FFmpeg before 2017-01-24 has an out-of-bounds write caused by a ...jessie, wheezy
CVE-2017-7866FFmpeg before 2017-01-23 has an out-of-bounds write caused by a ...jessie, wheezy
CVE-2017-9991Heap-based buffer overflow in the xwd_decode_frame function in ...jessie, wheezy
CVE-2017-9992Heap-based buffer overflow in the decode_dds1 function in ...jessie, wheezy
CVE-2017-9993FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, ...jessie, wheezy
CVE-2017-9994libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x ...jessie, wheezy
CVE-2017-9996The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x ...jessie, wheezy
libxml2CVE-2015-7115libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before ...buster, jessie, sid, stretch, wheezy
CVE-2015-7116libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before ...buster, jessie, sid, stretch, wheezy
CVE-2016-4614libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch, wheezy
CVE-2016-4615libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch, wheezy
CVE-2016-4616libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch, wheezy
CVE-2017-7010An issue was discovered in certain Apple products. iOS before 10.3.3 ...buster, jessie, sid, stretch, wheezy
CVE-2017-7013An issue was discovered in certain Apple products. iOS before 10.3.3 ...buster, jessie, sid, stretch, wheezy
libxsltCVE-2016-4607libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch, wheezy
CVE-2016-4608libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch, wheezy
CVE-2016-4609libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch, wheezy
CVE-2016-4610libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch, wheezy
CVE-2017-2477An issue was discovered in certain Apple products. macOS before ...buster, jessie, sid, stretch, wheezy
linuxCVE-2016-3775The kernel filesystem implementation in Android before 2016-07-05 on ...buster, jessie, sid, stretch, wheezy
CVE-2016-3802The kernel filesystem implementation in Android before 2016-07-05 on ...buster, jessie, sid, stretch, wheezy
CVE-2016-3803The kernel filesystem implementation in Android before 2016-07-05 on ...buster, jessie, sid, stretch, wheezy
CVE-2016-6753An information disclosure vulnerability in kernel components, ...buster, jessie, sid, stretch, wheezy
CVE-2017-0627An information disclosure vulnerability in the kernel UVC driver could ...buster, jessie, sid, stretch, wheezy
CVE-2017-0630An information disclosure vulnerability in the kernel trace subsystem ...buster, jessie, sid, stretch, wheezy
mistralCVE-2017-2622openstack-mistral: /var/log/mistral/ is world readablebuster, sid, stretch
monitoring-pluginsCVE-2013-4215The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins ...buster, jessie, sid, stretch
CVE-2014-4701The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local ...buster, jessie, sid, stretch
CVE-2014-4702The check_icmp plugin in Nagios Plugins before 2.0.2 allows local ...buster, jessie, sid, stretch
CVE-2014-4703lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain ...buster, jessie, sid, stretch
movabletype-opensourceCVE-2014-5313Cross-site scripting (XSS) vulnerability in the management page in Six ...wheezy
netpbm-freeCVE-2017-2579buster, jessie, sid, stretch, wheezy
CVE-2017-2580buster, jessie, sid, stretch, wheezy
CVE-2017-2581buster, jessie, sid, stretch, wheezy
nvidia-graphics-drivers-legacy-304xxCVE-2017-6257NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...buster, jessie, sid, stretch
CVE-2017-6259NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...buster, jessie, sid, stretch
nvidia-graphics-drivers-legacy-340xxCVE-2017-6257NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...buster, sid, stretch
CVE-2017-6259NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...buster, sid, stretch
otrs2CVE-2017-9299Open Ticket Request System (OTRS) 3.3.9 has XSS in ...buster, jessie, sid, stretch, wheezy
sqlite3CVE-2017-2513An issue was discovered in certain Apple products. iOS before 10.3.2 ...buster, jessie, sid, stretch, wheezy
CVE-2017-2518An issue was discovered in certain Apple products. iOS before 10.3.2 ...buster, jessie, sid, stretch, wheezy
CVE-2017-2519An issue was discovered in certain Apple products. iOS before 10.3.2 ...buster, jessie, sid, stretch, wheezy
CVE-2017-2520An issue was discovered in certain Apple products. iOS before 10.3.2 ...buster, jessie, sid, stretch, wheezy
vlcCVE-2017-9301plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media ...buster, jessie, sid, stretch
xbmcCVE-2017-8314Directory Traversal in Zip Extraction built-in function in Kodi 17.1 ...jessie, wheezy
xulrunnerCVE-2009-1597Mozilla Firefox executes DOM calls in response to a javascript: URI in ...wheezy
CVE-2009-2065Mozilla Firefox 3.0.10, and possibly other versions, detects http ...wheezy
CVE-2009-4129Race condition in Mozilla Firefox allows remote attackers to produce a ...wheezy
CVE-2009-4130Visual truncation vulnerability in the MakeScriptDialogTitle function ...wheezy
CVE-2009-5017Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong ...wheezy
xulrunnerCVE-2010-0648Mozilla Firefox, possibly before 3.6, allows remote attackers to ...wheezy

Search for package or bug name: Reporting problems