Packages that may be vulnerable but need to be checked (undetermined issues)

This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.

PackageBugDescriptionReleases
389-ds-baseCVE-2022-0918A vulnerability was discovered in the 389 Directory Server that allows ...bookworm, bullseye, buster, sid, stretch
ansibleCVE-2021-3447A flaw was found in several ansible modules, where parameters containi ...bookworm, bullseye, buster, sid, stretch
aomCVE-2020-0478In extend_frame_lowbd of restoration.c, there is a possible out of bou ...bookworm, bullseye, buster, sid
apache-jenaCVE-2021-33192A vulnerability in the HTML pages of Apache Jena Fuseki allows an atta ...bookworm, sid
CVE-2021-39239A vulnerability in XML processing in Apache Jena, in versions up to 4. ...bookworm, sid
CVE-2022-28890A vulnerability in the RDF/XML parser of Apache Jena allows an attacke ...bookworm, sid
cycloneddsCVE-2021-38441Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-w ...bookworm, bullseye, sid
CVE-2021-38443Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid s ...bookworm, bullseye, sid
edk2CVE-2021-38576A BIOS bug in firmware for a particular PC model leaves the Platform a ...bookworm, bullseye, buster, sid, stretch
CVE-2021-38577Heap Overflow in BaseBmpSupportLib. ...bookworm, bullseye, buster, sid, stretch
CVE-2021-38578Existing CommBuffer checks in SmmEntryPoint will not catch underflow w ...bookworm, bullseye, buster, sid, stretch
exiv2CVE-2020-19716A buffer overflow vulnerability in the Databuf function in types.cpp o ...bookworm, bullseye, buster, sid, stretch
firmware-nonfreeCVE-2021-33139Improper conditions check in firmware for some Intel(R) Wireless Bluet ...bookworm, bullseye, buster, sid, stretch
CVE-2021-33155Improper input validation in firmware for some Intel(R) Wireless Bluet ...bookworm, bullseye, buster, sid, stretch
gnome-shellCVE-2021-20315A locking protection bypass flaw was found in some versions of gnome-s ...bookworm, bullseye, buster, sid, stretch
hdf5CVE-2018-11205A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the ...bookworm, bullseye, buster, sid, stretch
CVE-2019-8396A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 ...bookworm, bullseye, buster, sid, stretch
CVE-2019-8398An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...bookworm, bullseye, buster, sid, stretch
CVE-2021-45829HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denia ...bookworm, bullseye, buster, sid, stretch
CVE-2021-45830A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via ...bookworm, bullseye, buster, sid, stretch
CVE-2021-45832A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at ...bookworm, bullseye, buster, sid, stretch
CVE-2021-45833A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ...bookworm, bullseye, buster, sid, stretch
CVE-2021-46242HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the ...bookworm, bullseye, buster, sid, stretch
CVE-2021-46243An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1- ...bookworm, bullseye, buster, sid, stretch
CVE-2021-46244A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the functi ...bookworm, bullseye, buster, sid, stretch
intellij-community-ideaCVE-2019-10103JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/J ...sid
iotjsCVE-2021-46339There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_siz ...bullseye, buster, sid
jasperreportsCVE-2017-5528Multiple JasperReports Server components contain vulnerabilities which ...stretch
CVE-2017-5529JasperReports library components contain an information disclosure vul ...stretch
CVE-2017-5532A vulnerability in the report renderer component of TIBCO JasperReport ...stretch
CVE-2017-5533A vulnerability in the server content cache of TIBCO JasperReports Ser ...stretch
CVE-2017-14941Jaspersoft JasperReports 4.7 suffers from a saved credential disclosur ...stretch
CVE-2018-5429A vulnerability in the report scripting component of TIBCO Software In ...stretch
CVE-2018-5430The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Serv ...stretch
CVE-2018-5431The domain designer component of TIBCO Software Inc.'s TIBCO JasperRep ...stretch
kfreebsd-10CVE-2014-7250The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ...buster, sid, stretch
kgb-botCVE-2015-1554kgb-bot 1.33-2 allows remote attackers to cause a denial of service (c ...bookworm, bullseye, buster, sid, stretch
libpodCVE-2019-25067A vulnerability, which was classified as critical, was found in Podman ...bookworm, bullseye, sid
libsixelCVE-2020-36123saitoha libsixel v1.8.6 was discovered to contain a double free via th ...bookworm, bullseye, buster, sid, stretch
libstbCVE-2021-28021Buffer overflow vulnerability in function stbi__extend_receive in stb_ ...bookworm, bullseye, buster, sid
linuxCVE-2020-0347In iptables, there is a possible out of bounds write due to an incorre ...bookworm, bullseye, buster, sid, stretch
CVE-2020-26140An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for ...bookworm, bullseye, buster, sid, stretch
CVE-2020-26142An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WP ...bookworm, bullseye, buster, sid, stretch
CVE-2020-26143An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for ...bookworm, bullseye, buster, sid, stretch
CVE-2021-39802In change_pte_range of mprotect.c , there is a possible way to make a ...bookworm, bullseye, buster, sid, stretch
llvm-toolchain-11CVE-2020-0306In LLVM, there is a possible ineffective stack cookie placement due to ...bookworm, bullseye, buster, sid, bullseye
materializeCVE-2022-25349All versions of package materialize-css are vulnerable to Cross-site S ...sid
mdbtoolsCVE-2021-45926MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...bookworm, bullseye, buster, sid, stretch
CVE-2021-45927MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...bookworm, bullseye, buster, sid, stretch
mrubyCVE-2022-1071User after free in mrb_vm_exec in GitHub repository mruby/mruby prior ...bookworm, bullseye, buster, sid, stretch
CVE-2022-1934Use After Free in GitHub repository mruby/mruby prior to 3.2. ...bookworm, bullseye, buster, sid, stretch
mxmlCVE-2021-42859** DISPUTED ** A memory leak issue was discovered in Mini-XML v3.2 tha ...bookworm, bullseye, buster, sid, stretch
CVE-2021-42860** DISPUTED ** A stack buffer overflow exists in Mini-XML v3.2. When i ...bookworm, bullseye, buster, sid, stretch
onionshareCVE-2021-41867An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ...bullseye, buster, sid
CVE-2021-41868OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ...bullseye, buster, sid
opencvCVE-2019-9423In opencv calls that use libpng, there is a possible out of bounds wri ...bookworm, bullseye, buster, sid, stretch
otrs2CVE-2021-36092It's possible to create an email which contains specially crafted link ...bullseye, buster, stretch
CVE-2021-36093It's possible to create an email which can be stuck while being proces ...bullseye, buster, stretch
CVE-2021-36094It's possible to craft a request for appointment edit screen, which co ...bullseye, buster, stretch
CVE-2021-36095Malicious attacker is able to find out valid user logins by using the ...bullseye, buster, stretch
CVE-2021-36096Generated Support Bundles contains private S/MIME and PGP keys if cont ...bullseye, buster, stretch
php-laravel-frameworkCVE-2017-16894In Laravel framework through 5.5.21, remote attackers can obtain sensi ...bullseye, sid
CVE-2018-6330Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php ...bullseye, sid
CVE-2019-9081The Illuminate component of Laravel Framework 5.7.x has a deserializat ...bullseye, sid
CVE-2021-37298Laravel v5.1 was discovered to contain a deserialization vulnerability ...bullseye, sid
CVE-2021-43503A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 ...bullseye, sid
pluxmlCVE-2007-3432Unrestricted file upload vulnerability in admin/images.php in Pluxml 0 ...buster, stretch
CVE-2007-3542Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0 ...buster, stretch
CVE-2012-4674PluXml before 5.1.6 allows remote attackers to obtain the installation ...buster, stretch
CVE-2012-4675Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote ...buster, stretch
resteasyCVE-2020-1695A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final ...sid
CVE-2021-20293A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in a ...sid
resteasy3.0CVE-2020-10688A cross-site scripting (XSS) flaw was found in RESTEasy in versions be ...bookworm, bullseye, buster, sid
CVE-2021-20293A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in a ...bookworm, bullseye, buster, sid
tinyexrCVE-2018-12064tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChann ...bookworm, bullseye, sid
CVE-2018-12687tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h ...bookworm, bullseye, sid
CVE-2018-12688tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. ...bookworm, bullseye, sid
tinyobjloaderCVE-2020-28589An improper array index validation vulnerability exists in the LoadObj ...bookworm, bullseye, sid
undertowCVE-2021-3859bookworm, sid
wordpressCVE-2018-1000773WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...bookworm, bullseye, buster, sid, stretch
CVE-2019-8943WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An a ...bookworm, bullseye, buster, sid, stretch
zabbixCVE-2021-46088Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Exe ...bookworm, bullseye, buster, sid, stretch

Search for package or bug name: Reporting problems