This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.
| Package | Bug | Description | Releases |
|---|---|---|---|
| 389-ds-base | CVE-2022-0918 | A vulnerability was discovered in the 389 Directory Server that allows ... | bookworm, bullseye, buster, sid, stretch |
| ansible | CVE-2021-3447 | A flaw was found in several ansible modules, where parameters containi ... | bookworm, bullseye, buster, sid, stretch |
| aom | CVE-2020-0478 | In extend_frame_lowbd of restoration.c, there is a possible out of bou ... | bookworm, bullseye, buster, sid |
| apache-jena | CVE-2021-33192 | A vulnerability in the HTML pages of Apache Jena Fuseki allows an atta ... | bookworm, sid |
| CVE-2021-39239 | A vulnerability in XML processing in Apache Jena, in versions up to 4. ... | bookworm, sid | |
| CVE-2022-28890 | A vulnerability in the RDF/XML parser of Apache Jena allows an attacke ... | bookworm, sid | |
| cyclonedds | CVE-2021-38441 | Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-w ... | bookworm, bullseye, sid |
| CVE-2021-38443 | Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid s ... | bookworm, bullseye, sid | |
| edk2 | CVE-2021-38576 | A BIOS bug in firmware for a particular PC model leaves the Platform a ... | bookworm, bullseye, buster, sid, stretch |
| CVE-2021-38577 | Heap Overflow in BaseBmpSupportLib. ... | bookworm, bullseye, buster, sid, stretch | |
| CVE-2021-38578 | Existing CommBuffer checks in SmmEntryPoint will not catch underflow w ... | bookworm, bullseye, buster, sid, stretch | |
| exiv2 | CVE-2020-19716 | A buffer overflow vulnerability in the Databuf function in types.cpp o ... | bookworm, bullseye, buster, sid, stretch |
| firmware-nonfree | CVE-2021-33139 | Improper conditions check in firmware for some Intel(R) Wireless Bluet ... | bookworm, bullseye, buster, sid, stretch |
| CVE-2021-33155 | Improper input validation in firmware for some Intel(R) Wireless Bluet ... | bookworm, bullseye, buster, sid, stretch | |
| gnome-shell | CVE-2021-20315 | A locking protection bypass flaw was found in some versions of gnome-s ... | bookworm, bullseye, buster, sid, stretch |
| hdf5 | CVE-2018-11205 | A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the ... | bookworm, bullseye, buster, sid, stretch |
| CVE-2019-8396 | A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 ... | bookworm, bullseye, buster, sid, stretch | |
| CVE-2019-8398 | An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ... | bookworm, bullseye, buster, sid, stretch | |
| CVE-2021-45829 | HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denia ... | bookworm, bullseye, buster, sid, stretch | |
| CVE-2021-45830 | A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via ... | bookworm, bullseye, buster, sid, stretch | |
| CVE-2021-45832 | A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at ... | bookworm, bullseye, buster, sid, stretch | |
| CVE-2021-45833 | A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ... | bookworm, bullseye, buster, sid, stretch | |
| CVE-2021-46242 | HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the ... | bookworm, bullseye, buster, sid, stretch | |
| CVE-2021-46243 | An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1- ... | bookworm, bullseye, buster, sid, stretch | |
| CVE-2021-46244 | A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the functi ... | bookworm, bullseye, buster, sid, stretch | |
| intellij-community-idea | CVE-2019-10103 | JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/J ... | sid |
| iotjs | CVE-2021-46339 | There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_siz ... | bullseye, buster, sid |
| jasperreports | CVE-2017-5528 | Multiple JasperReports Server components contain vulnerabilities which ... | stretch |
| CVE-2017-5529 | JasperReports library components contain an information disclosure vul ... | stretch | |
| CVE-2017-5532 | A vulnerability in the report renderer component of TIBCO JasperReport ... | stretch | |
| CVE-2017-5533 | A vulnerability in the server content cache of TIBCO JasperReports Ser ... | stretch | |
| CVE-2017-14941 | Jaspersoft JasperReports 4.7 suffers from a saved credential disclosur ... | stretch | |
| CVE-2018-5429 | A vulnerability in the report scripting component of TIBCO Software In ... | stretch | |
| CVE-2018-5430 | The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Serv ... | stretch | |
| CVE-2018-5431 | The domain designer component of TIBCO Software Inc.'s TIBCO JasperRep ... | stretch | |
| kfreebsd-10 | CVE-2014-7250 | The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ... | buster, sid, stretch |
| kgb-bot | CVE-2015-1554 | kgb-bot 1.33-2 allows remote attackers to cause a denial of service (c ... | bookworm, bullseye, buster, sid, stretch |
| libpod | CVE-2019-25067 | A vulnerability, which was classified as critical, was found in Podman ... | bookworm, bullseye, sid |
| libsixel | CVE-2020-36123 | saitoha libsixel v1.8.6 was discovered to contain a double free via th ... | bookworm, bullseye, buster, sid, stretch |
| libstb | CVE-2021-28021 | Buffer overflow vulnerability in function stbi__extend_receive in stb_ ... | bookworm, bullseye, buster, sid |
| linux | CVE-2020-0347 | In iptables, there is a possible out of bounds write due to an incorre ... | bookworm, bullseye, buster, sid, stretch |
| CVE-2020-26140 | An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for ... | bookworm, bullseye, buster, sid, stretch | |
| CVE-2020-26142 | An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WP ... | bookworm, bullseye, buster, sid, stretch | |
| CVE-2020-26143 | An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for ... | bookworm, bullseye, buster, sid, stretch | |
| CVE-2021-39802 | In change_pte_range of mprotect.c , there is a possible way to make a ... | bookworm, bullseye, buster, sid, stretch | |
| llvm-toolchain-11 | CVE-2020-0306 | In LLVM, there is a possible ineffective stack cookie placement due to ... | bookworm, bullseye, buster, sid, bullseye |
| materialize | CVE-2022-25349 | All versions of package materialize-css are vulnerable to Cross-site S ... | sid |
| mdbtools | CVE-2021-45926 | MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ... | bookworm, bullseye, buster, sid, stretch |
| CVE-2021-45927 | MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ... | bookworm, bullseye, buster, sid, stretch | |
| mruby | CVE-2022-1071 | User after free in mrb_vm_exec in GitHub repository mruby/mruby prior ... | bookworm, bullseye, buster, sid, stretch |
| CVE-2022-1934 | Use After Free in GitHub repository mruby/mruby prior to 3.2. ... | bookworm, bullseye, buster, sid, stretch | |
| mxml | CVE-2021-42859 | ** DISPUTED ** A memory leak issue was discovered in Mini-XML v3.2 tha ... | bookworm, bullseye, buster, sid, stretch |
| CVE-2021-42860 | ** DISPUTED ** A stack buffer overflow exists in Mini-XML v3.2. When i ... | bookworm, bullseye, buster, sid, stretch | |
| onionshare | CVE-2021-41867 | An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ... | bullseye, buster, sid |
| CVE-2021-41868 | OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ... | bullseye, buster, sid | |
| opencv | CVE-2019-9423 | In opencv calls that use libpng, there is a possible out of bounds wri ... | bookworm, bullseye, buster, sid, stretch |
| otrs2 | CVE-2021-36092 | It's possible to create an email which contains specially crafted link ... | bullseye, buster, stretch |
| CVE-2021-36093 | It's possible to create an email which can be stuck while being proces ... | bullseye, buster, stretch | |
| CVE-2021-36094 | It's possible to craft a request for appointment edit screen, which co ... | bullseye, buster, stretch | |
| CVE-2021-36095 | Malicious attacker is able to find out valid user logins by using the ... | bullseye, buster, stretch | |
| CVE-2021-36096 | Generated Support Bundles contains private S/MIME and PGP keys if cont ... | bullseye, buster, stretch | |
| php-laravel-framework | CVE-2017-16894 | In Laravel framework through 5.5.21, remote attackers can obtain sensi ... | bullseye, sid |
| CVE-2018-6330 | Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php ... | bullseye, sid | |
| CVE-2019-9081 | The Illuminate component of Laravel Framework 5.7.x has a deserializat ... | bullseye, sid | |
| CVE-2021-37298 | Laravel v5.1 was discovered to contain a deserialization vulnerability ... | bullseye, sid | |
| CVE-2021-43503 | A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 ... | bullseye, sid | |
| pluxml | CVE-2007-3432 | Unrestricted file upload vulnerability in admin/images.php in Pluxml 0 ... | buster, stretch |
| CVE-2007-3542 | Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0 ... | buster, stretch | |
| CVE-2012-4674 | PluXml before 5.1.6 allows remote attackers to obtain the installation ... | buster, stretch | |
| CVE-2012-4675 | Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote ... | buster, stretch | |
| resteasy | CVE-2020-1695 | A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final ... | sid |
| CVE-2021-20293 | A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in a ... | sid | |
| resteasy3.0 | CVE-2020-10688 | A cross-site scripting (XSS) flaw was found in RESTEasy in versions be ... | bookworm, bullseye, buster, sid |
| CVE-2021-20293 | A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in a ... | bookworm, bullseye, buster, sid | |
| tinyexr | CVE-2018-12064 | tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChann ... | bookworm, bullseye, sid |
| CVE-2018-12687 | tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h ... | bookworm, bullseye, sid | |
| CVE-2018-12688 | tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. ... | bookworm, bullseye, sid | |
| tinyobjloader | CVE-2020-28589 | An improper array index validation vulnerability exists in the LoadObj ... | bookworm, bullseye, sid |
| undertow | CVE-2021-3859 | bookworm, sid | |
| wordpress | CVE-2018-1000773 | WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ... | bookworm, bullseye, buster, sid, stretch |
| CVE-2019-8943 | WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An a ... | bookworm, bullseye, buster, sid, stretch | |
| zabbix | CVE-2021-46088 | Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Exe ... | bookworm, bullseye, buster, sid, stretch |