This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.
| Package | Bug | Description | Releases |
|---|---|---|---|
| cairo | CVE-2017-7475 | Cairo version 1.15.4 is vulnerable to a NULL pointer dereference ... | buster, jessie, sid, stretch, wheezy |
| ffmpeg | CVE-2017-7206 | The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows ... | buster, sid, stretch |
| CVE-2017-7208 | The decode_residual function in libavcodec in libav 9.21 allows remote ... | buster, sid, stretch | |
| glassfish | CVE-2012-3155 | Unspecified vulnerability in the CORBA ORB component in Sun GlassFish ... | buster, jessie, sid, stretch, wheezy |
| kfreebsd-10 | CVE-2014-7250 | The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ... | buster, jessie, sid, stretch |
| libarchive | CVE-2016-4736 | libarchive in Apple OS X before 10.12 allows remote attackers to cause ... | buster, jessie, sid, stretch, wheezy |
| CVE-2017-2390 | An issue was discovered in certain Apple products. iOS before 10.3 is ... | buster, jessie, sid, stretch, wheezy | |
| libav | CVE-2015-6761 | The update_dimensions function in libavcodec/vp8.c in FFmpeg through ... | jessie |
| CVE-2015-6818 | The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2015-6820 | The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2015-6821 | The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg ... | jessie, wheezy | |
| CVE-2015-6822 | The destroy_buffers function in libavcodec/sanm.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2015-6823 | The allocate_buffers function in libavcodec/alac.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2015-6824 | The sws_init_context function in libswscale/utils.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2015-6825 | The ff_frame_thread_init function in libavcodec/pthread_frame.c in ... | jessie | |
| CVE-2015-6826 | The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in ... | jessie, wheezy | |
| CVE-2015-8216 | The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg ... | jessie, wheezy | |
| CVE-2015-8217 | The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg ... | jessie | |
| CVE-2015-8218 | The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg ... | jessie, wheezy | |
| CVE-2015-8219 | The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before ... | jessie | |
| CVE-2015-8363 | The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in ... | jessie | |
| CVE-2015-8364 | Integer overflow in the ff_ivi_init_planes function in ... | jessie, wheezy | |
| CVE-2015-8365 | The smka_decode_frame function in libavcodec/smacker.c in FFmpeg ... | jessie, wheezy | |
| CVE-2015-8661 | The h264_slice_header_init function in libavcodec/h264_slice.c in ... | jessie, wheezy | |
| CVE-2015-8662 | The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg ... | jessie | |
| CVE-2015-8663 | The ff_get_buffer function in libavcodec/utils.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2016-10190 | Heap-based buffer overflow in libavformat/http.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2016-10191 | Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before ... | jessie, wheezy | |
| CVE-2016-10192 | Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, ... | jessie, wheezy | |
| CVE-2016-5199 | An off by one error resulting in an allocation of zero size in FFmpeg ... | jessie, wheezy | |
| CVE-2017-7862 | FFmpeg before 2017-02-07 has an out-of-bounds write caused by a ... | jessie, wheezy | |
| CVE-2017-7863 | FFmpeg before 2017-02-04 has an out-of-bounds write caused by a ... | jessie, wheezy | |
| CVE-2017-7865 | FFmpeg before 2017-01-24 has an out-of-bounds write caused by a ... | jessie, wheezy | |
| CVE-2017-7866 | FFmpeg before 2017-01-23 has an out-of-bounds write caused by a ... | jessie, wheezy | |
| libvpx | CVE-2017-0641 | A remote denial of service vulnerability in libvpx in Mediaserver ... | buster, jessie, sid, stretch, wheezy |
| libxml2 | CVE-2015-7115 | libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before ... | buster, jessie, sid, stretch, wheezy |
| CVE-2015-7116 | libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before ... | buster, jessie, sid, stretch, wheezy | |
| CVE-2016-4614 | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch, wheezy | |
| CVE-2016-4615 | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch, wheezy | |
| CVE-2016-4616 | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch, wheezy | |
| CVE-2017-0663 | A remote code execution vulnerability in libxml2 could enable an ... | buster, jessie, sid, stretch, wheezy | |
| libxslt | CVE-2016-4607 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch, wheezy |
| CVE-2016-4608 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch, wheezy | |
| CVE-2016-4609 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch, wheezy | |
| CVE-2016-4610 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch, wheezy | |
| CVE-2017-2477 | An issue was discovered in certain Apple products. macOS before ... | buster, jessie, sid, stretch, wheezy | |
| linux | CVE-2016-3775 | The kernel filesystem implementation in Android before 2016-07-05 on ... | buster, jessie, sid, stretch, wheezy |
| CVE-2016-3802 | The kernel filesystem implementation in Android before 2016-07-05 on ... | buster, jessie, sid, stretch, wheezy | |
| CVE-2016-3803 | The kernel filesystem implementation in Android before 2016-07-05 on ... | buster, jessie, sid, stretch, wheezy | |
| CVE-2016-6753 | An information disclosure vulnerability in kernel components, ... | buster, jessie, sid, stretch, wheezy | |
| CVE-2017-0627 | An information disclosure vulnerability in the kernel UVC driver could ... | buster, jessie, sid, stretch, wheezy | |
| CVE-2017-0630 | An information disclosure vulnerability in the kernel trace subsystem ... | buster, jessie, sid, stretch, wheezy | |
| lucene-solr | CVE-2017-3163 | buster, jessie, sid, stretch, wheezy | |
| mistral | CVE-2017-2622 | openstack-mistral: /var/log/mistral/ is world readable | buster, sid, stretch |
| monitoring-plugins | CVE-2013-4215 | The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins ... | buster, jessie, sid, stretch |
| CVE-2014-4701 | The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local ... | buster, jessie, sid, stretch | |
| CVE-2014-4702 | The check_icmp plugin in Nagios Plugins before 2.0.2 allows local ... | buster, jessie, sid, stretch | |
| CVE-2014-4703 | lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain ... | buster, jessie, sid, stretch | |
| movabletype-opensource | CVE-2014-5313 | Cross-site scripting (XSS) vulnerability in the management page in Six ... | wheezy |
| netpbm-free | CVE-2017-2579 | buster, jessie, sid, stretch, wheezy | |
| CVE-2017-2580 | buster, jessie, sid, stretch, wheezy | ||
| CVE-2017-2581 | buster, jessie, sid, stretch, wheezy | ||
| opencv | CVE-2016-1516 | OpenCV 3.0.0 has a double free issue that allows attackers to execute ... | buster, jessie, sid, stretch, wheezy |
| CVE-2016-1517 | OpenCV 3.0.0 allows remote attackers to cause a denial of service ... | buster, jessie, sid, stretch, wheezy | |
| openjdk-6 | CVE-2008-3112 | Directory traversal vulnerability in Sun Java Web Start in JDK and JRE ... | wheezy |
| CVE-2009-2675 | Integer overflow in the unpack200 utility in Sun Java Runtime ... | wheezy | |
| CVE-2009-2676 | Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE ... | wheezy | |
| otrs2 | CVE-2017-9299 | Open Ticket Request System (OTRS) 3.3.9 has XSS in ... | buster, jessie, sid, stretch, wheezy |
| php5 | CVE-2017-9119 | The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ... | jessie, wheezy, buster, sid, stretch |
| vlc | CVE-2017-9300 | plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 ... | buster, jessie, sid, stretch, wheezy |
| CVE-2017-9301 | plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media ... | buster, jessie, sid, stretch, wheezy | |
| xbmc | CVE-2017-8314 | Directory Traversal in Zip Extraction built-in function in Kodi 17.1 ... | jessie, wheezy |
| xulrunner | CVE-2009-1597 | Mozilla Firefox executes DOM calls in response to a javascript: URI in ... | wheezy |
| CVE-2009-2065 | Mozilla Firefox 3.0.10, and possibly other versions, detects http ... | wheezy | |
| CVE-2009-4129 | Race condition in Mozilla Firefox allows remote attackers to produce a ... | wheezy | |
| CVE-2009-4130 | Visual truncation vulnerability in the MakeScriptDialogTitle function ... | wheezy | |
| CVE-2009-5017 | Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong ... | wheezy | |
| xulrunner | CVE-2010-0648 | Mozilla Firefox, possibly before 3.6, allows remote attackers to ... | wheezy |