Packages that have open unimportant issues

This page lists packages that are affected by issues that are considered unimportant from a security perspective. These issues are thought to be unexploitable or uneffective in most situations (for example, browser denial-of-services).

PackageBugDescriptionReleases
389-adminCVE-2015-0233Multiple insecure Temporary File vulnerabilities in 389 Administration ...jessie
9baseCVE-2014-1935insecure use of /tmpbuster, jessie, sid, stretch
abcm2psCVE-2018-10753Stack-based buffer overflow in the delayed_output function in music.c ...buster, jessie, sid, stretch
CVE-2018-10771Stack-based buffer overflow in the get_key function in parse.c in ...buster, jessie, sid, stretch
acpica-unixCVE-2017-13693The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c ...jessie, stretch
CVE-2017-13694The acpi_ps_complete_final_op() function in ...jessie, stretch
CVE-2017-13695The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the ...jessie, stretch
activemqCVE-2016-0782The administration web console in Apache ActiveMQ 5.x before 5.11.4, ...jessie
CVE-2016-6810In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site ...jessie
CVE-2018-8006An instance of a cross-site scripting vulnerability was identified to ...buster, jessie, sid, stretch
afflibCVE-2018-8050The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka ...jessie, stretch
amandaCVE-2016-10729An issue was discovered in Amanda 3.3.1. A user with backup privileges ...buster, jessie, sid, stretch
CVE-2016-10730An issue was discovered in Amanda 3.3.1. A user with backup privileges ...buster, jessie, sid, stretch
android-framework-23CVE-2017-0752A elevation of privilege vulnerability in the Android framework ...sid, stretch
CVE-2017-0822An elevation of privilege vulnerability in the Android system ...sid, stretch
android-platform-frameworks-nativeCVE-2015-3875libutils in Android before 5.1.1 LMY48T allows remote attackers to ...buster, jessie, sid, stretch
CVE-2015-6602libutils in Android through 5.1.1 LMY48M allows remote attackers to ...buster, jessie, sid, stretch
CVE-2015-6609libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 ...buster, jessie, sid, stretch
android-platform-system-coreCVE-2012-5564android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users ...buster, jessie, sid, stretch
CVE-2016-0807The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x ...jessie
CVE-2016-3861LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...jessie
CVE-2017-0647An information disclosure vulnerability in libziparchive could enable ...stretch
CVE-2017-0841A remote code execution vulnerability in the Android system ...buster, jessie, sid, stretch
android-toolsCVE-2012-5564android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users ...buster, jessie, sid
ansibleCVE-2017-7550A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x ...jessie, stretch
aolserver4CVE-2009-4494AOLserver 4.5.1 writes data to a log file without sanitizing ...buster, jessie, sid, stretch
apache2CVE-2001-1534mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...buster, jessie, sid, stretch
CVE-2003-1307** DISPUTED ** ...buster, jessie, sid, stretch
CVE-2003-1580The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...buster, jessie, sid, stretch
CVE-2003-1581The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...buster, jessie, sid, stretch
CVE-2007-0086** DISPUTED ** ...buster, jessie, sid, stretch
CVE-2007-1743suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...buster, jessie, sid, stretch
CVE-2007-3303Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...buster, jessie, sid, stretch
CVE-2008-0455Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...buster, jessie, sid, stretch
CVE-2008-0456CRLF injection vulnerability in the mod_negotiation module in the ...buster, jessie, sid, stretch
aptCVE-2011-3374apt-key insecure validationbuster, jessie, sid, stretch
apt-setupCVE-2005-2214apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...buster, jessie, sid, stretch
aroraCVE-2011-3367Arora, possibly 0.11 and other versions, does not use a certain font ...jessie, sid
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...jessie, sid
asn1cCVE-2017-12966The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in ...buster, jessie, sid, stretch
audacityCVE-2016-2540Audacity before 2.1.2 allows remote attackers to cause a denial of ...jessie
auditCVE-2015-5186Audit before 2.4.4 in Linux does not sanitize escape characters in ...jessie
automake1.11TEMP-0827346-22ED59install-sh: insecure use of /tmpjessie
avahiCVE-2017-6519avahi-daemon in Avahi through 0.6.32 inadvertently responds to IPv6 ...buster, jessie, sid, stretch
awffullCVE-2007-0510Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) ...buster, jessie, sid, stretch
awstatsCVE-2018-10245A Full Path Disclosure vulnerability in AWStats through 7.6 allows ...buster, jessie, sid, stretch
axisCVE-2007-2353Apache Axis 1.0 allows remote attackers to obtain sensitive ...buster, jessie, sid, stretch
bansheeCVE-2009-1175Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in ...jessie, stretch
bashTEMP-0841856-B18BAFPrivilege escalation possible to other user than rootbuster, jessie, sid, stretch
bash-completionCVE-2018-7738In util-linux before 2.32-rc1, bash-completion/umount allows local ...buster, jessie, sid, stretch
bibutilsCVE-2018-10773NULL pointer deference in the addsn function in serialno.c in ...buster, jessie, sid, stretch
CVE-2018-10774Read access violation in the isiin_keyword function in isiin.c in ...buster, jessie, sid, stretch
CVE-2018-10775NULL pointer dereference in the _fields_add function in fields.c in ...buster, jessie, sid, stretch
bind9CVE-2016-6170ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x ...jessie, stretch
CVE-2018-5741Update policies krb5-subdomain and ms-subdomainjessie, stretch
blenderCVE-2005-3151Buffer overflow in blenderplay in Blender Player 2.37a allows ...buster, jessie, sid, stretch
CVE-2009-3850Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to ...buster, jessie, sid, stretch
CVE-2010-5105The undo save quit routine in the kernel in Blender 2.5, 2.63a, and ...buster, jessie, sid, stretch
bochsCVE-2007-2894The emulated floppy disk controller in Bochs 2.3 allows local users of ...buster, jessie, sid, stretch
busyboxCVE-2016-6301The recv_and_process_client_pkt function in networking/ntpd.c in ...jessie, stretch
CVE-2018-1000500Busybox contains a Missing SSL certificate validation vulnerability in ...buster, jessie, sid, stretch
cableswigCVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...jessie
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...jessie
cactiCVE-2009-4112Cacti 0.8.7e and earlier allows remote authenticated administrators to ...buster, jessie, sid, stretch
cadaverCVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...buster, jessie, sid, stretch
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...buster, jessie, sid, stretch
cantataCVE-2018-12559An issue was discovered in the cantata-mounter D-Bus service in Cantata ...jessie, stretch
CVE-2018-12560An issue was discovered in the cantata-mounter D-Bus service in Cantata ...jessie, stretch
CVE-2018-12561An issue was discovered in the cantata-mounter D-Bus service in Cantata ...jessie, stretch
CVE-2018-12562An issue was discovered in the cantata-mounter D-Bus service in Cantata ...jessie, stretch
capnprotoCVE-2017-7892Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a ...stretch
chromium-browserCVE-2008-7246Google Chrome 0.2.149.29 and earlier allows remote attackers to cause ...jessie, stretch
CVE-2009-0374** DISPUTED ** ...jessie, stretch
CVE-2009-1598Google Chrome executes DOM calls in response to a javascript: URI in ...jessie, stretch
CVE-2010-1384Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...jessie, stretch
CVE-2010-1992Google Chrome 1.0.154.48 executes a mail application in situations ...jessie, stretch
CVE-2010-4037Unspecified vulnerability in Google Chrome before 7.0.517.41 allows ...jessie, stretch
CVE-2010-4482Unspecified vulnerability in Google Chrome before 8.0.552.215 allows ...jessie, stretch
CVE-2011-2599Google Chrome 11 does not block use of a cross-domain image as a WebGL ...jessie, stretch
CVE-2011-3640** DISPUTED ** Untrusted search path vulnerability in Mozilla Network ...jessie, stretch
CVE-2012-5851html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google ...jessie, stretch
CVE-2017-5130An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in ...jessie
CVE-2018-6406The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in ...jessie, stretch
CVE-2018-6548A use-after-free issue was discovered in libwebm through 2018-02-02. If ...jessie, stretch
cifs-utilsCVE-2014-2830Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils ...buster, jessie, sid, stretch
clementineCVE-2018-14332An issue was discovered in Clementine Music Player 1.3.1. ...buster, jessie, sid, stretch
coin3CVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...buster, jessie, sid, stretch
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...buster, jessie, sid, stretch
conkerorCVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...jessie, sid, stretch
contextCVE-2017-17513TeX Live through 20170524 does not validate strings before launching ...buster, jessie, sid, stretch
coreutilsCVE-2017-18018In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not ...buster, jessie, sid, stretch
courierCVE-2004-2313Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error ...jessie, sid, stretch
CVE-2005-1308SqWebMail allows remote attackers to inject arbitrary web script or ...jessie, sid, stretch
crossroadsCVE-2018-18654Crossroads 2.81 does not properly handle the /tmp directory during a ...jessie, stretch
cryptsetupCVE-2016-4484The Debian initrd script for the cryptsetup package 2:1.7.3-2 and ...jessie
ctnCVE-2008-5146add-accession-numbers in ctn 3.0.6 allows local users to overwrite ...buster, jessie, sid, stretch
cupsCVE-2014-8166The browsing feature in the server in CUPS does not filter ANSI escape ...buster, jessie, sid, stretch
cups-filtersTEMP-0000000-ACBC4Cbuffer overflows in init_cupsjessie
curlCVE-2016-3739The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) ...jessie
CVE-2017-7407The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow ...jessie
db4oCVE-2012-6550Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 ...buster, sid, stretch
CVE-2013-1808Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ...buster, sid, stretch
CVE-2014-1869Multiple cross-site scripting (XSS) vulnerabilities in ...buster, sid, stretch
dcmtkCVE-2013-6825(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) ...buster, jessie, sid, stretch
dcrawCVE-2013-1438Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in ...jessie, stretch
CVE-2018-19565A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be ...buster, jessie, sid, stretch
CVE-2018-19566A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could ...buster, jessie, sid, stretch
CVE-2018-19567A floating point exception in parse_tiff_ifd in dcraw through 9.28 ...buster, jessie, sid, stretch
CVE-2018-19568A floating point exception in kodak_radc_load_raw in dcraw through 9.28 ...buster, jessie, sid, stretch
CVE-2018-19655A stack-based buffer overflow in the find_green() function of dcraw ...jessie, stretch
dhcpcd5CVE-2014-7913The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...jessie, stretch
dilloTEMP-0560108-565B70browser-based css info disclosurebuster, jessie, sid, stretch
dirmngrCVE-2011-2207jessie
djvulibreTEMP-0775193-7F000Edjvudigital: insecure use of /tmpjessie
dnspythonCVE-2008-1447The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...buster, jessie, sid, stretch
dnstracerCVE-2017-9430Stack-based buffer overflow in dnstracer through 1.9 allows attackers ...buster, jessie, sid, stretch
dogtag-pkiCVE-2015-0234Multiple temporary file creation vulnerabilities in pki-core 10.2.0. ...sid
dojoCVE-2018-1000665Dojo Dojo Objective Harness (DOH) version prior to version 1.14 ...jessie
dokuwikiCVE-2016-7965DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the ...buster, jessie, sid
dovecotCVE-2008-4870dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly ...buster, jessie, sid, stretch
dpkgCVE-2017-8283dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU ...jessie
dpkg-crossCVE-2008-4950** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to ...buster, sid, stretch
dropbearCVE-2016-7409The dbclient and server in Dropbear SSH before 2016.74, when compiled ...jessie
drupal7CVE-2007-6752** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in ...jessie, stretch
dwbCVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...jessie
edk2CVE-2014-4859buster, jessie, sid, stretch
CVE-2014-4860buster, jessie, sid, stretch
electrumCVE-2018-6353The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 ...sid
emacs24CVE-2014-9483Emacs 24.4 allows remote attackers to bypass security restrictions. ...jessie
epiphany-browserCVE-2007-1084Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...buster, jessie, sid, stretch
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...buster, jessie, sid, stretch
CVE-2017-1000025GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 ...jessie
CVE-2018-11396ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through ...jessie, stretch
CVE-2018-12016libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows ...jessie, stretch
TEMP-0560108-565B70browser-based css info disclosurebuster, jessie, sid, stretch
erlangCVE-2009-0130** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not ...buster, jessie, sid, stretch
CVE-2016-1000107buster, jessie, sid, stretch
evolutionCVE-2007-1266Evolution 2.8.1 and earlier does not properly use the --status-fd ...buster, jessie, sid, stretch
CVE-2011-3201GNOME Evolution before 3.2.3 allows user-assisted remote attackers to ...buster, jessie, sid, stretch
CVE-2013-4166problem in GPG key selection when encrypting mailbuster, jessie, sid, stretch
CVE-2017-17689The S/MIME specification allows a Cipher Block Chaining (CBC) ...buster, jessie, sid, stretch
evolution-data-serverCVE-2018-12422** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in ...jessie, stretch
exiv2CVE-2018-14338samples/geotag.cpp in the example code of Exiv2 0.26 misuses the ...buster, jessie, sid, stretch
expatCVE-2013-0340expat 2.1.0 and earlier does not properly handle entities expansion ...buster, jessie, sid, stretch
eyed3CVE-2014-1934tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for ...jessie
fig2devCVE-2018-16140A buffer underwrite vulnerability in get_line() (read.c) in fig2dev ...stretch
firefoxCVE-2004-1639Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...sid
CVE-2005-2395Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...sid
CVE-2005-4685Firefox and Mozilla can associate a cookie with multiple domains when ...sid
firefox-esrCVE-2017-16541Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...jessie
CVE-2018-12379When the Mozilla Updater opens a MAR format file which contains a very ...jessie
fireholCVE-2008-4953** DISPUTED ** ...buster, jessie, sid, stretch
flashromTEMP-0000000-C3CEDBfscanf format string security bug in flashrom layout codejessie
fmtlibCVE-2018-1000052fmtlib version prior to version 4.1.0 (before commit ...buster, sid
fontforgeCVE-2017-17521uiutil.c in FontForge through 20170731 does not validate strings before ...buster, jessie, sid, stretch
foomatic-filtersCVE-2011-2923buster, jessie, sid, stretch
TEMP-0000000-ACBC4Cbuffer overflows in init_cupsbuster, jessie, sid, stretch
freeradiusCVE-2007-0080** DISPUTED ** ...buster, jessie, sid, stretch
freerdpCVE-2014-0791Integer overflow in the license_read_scope_list function in ...jessie, stretch
freetypeTEMP-0773084-4AB1FBfreetype: out of bounds writejessie
freevoCVE-2008-4955freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary ...jessie
ganglia-webCVE-2013-6395Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web ...buster, jessie, sid, stretch
CVE-2015-6816ganglia-web before 3.7.1 allows remote attackers to bypass ...buster, jessie, sid, stretch
gcc-mingw-w64CVE-2016-4973Binaries compiled against targets that use the libssp library in GCC ...buster, jessie, sid, stretch
gdbCVE-2006-4146Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 ...buster, jessie, sid, stretch
CVE-2011-4355GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is ...buster, jessie, sid, stretch
CVE-2014-8501The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU ...buster, jessie, sid, stretch
CVE-2014-9939ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow ...jessie
CVE-2017-9778GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length ...buster, jessie, sid, stretch
gdk-pixbufCVE-2017-2870An exploitable integer overflow vulnerability exists in the ...jessie, stretch
CVE-2017-6311gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent ...stretch
geditCVE-2017-14108libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to ...buster, jessie, sid, stretch
geomviewCVE-2017-17530common/help.c in Geomview 1.9.5 does not validate strings before ...buster, jessie, sid, stretch
gettextCVE-2018-18751An issue was discovered in GNU gettext 0.19.8. There is a double free ...jessie, stretch
ghostscriptCVE-2017-7948Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 ...stretch
CVE-2017-8908The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 ...stretch
CVE-2017-9610The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript ...stretch
CVE-2017-9618The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript ...stretch
CVE-2017-9619The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex ...stretch
CVE-2017-9620The xps_select_font_encoding function in xps/xpsfont.c in Artifex ...stretch
CVE-2017-9740The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex ...stretch
giacCVE-2017-17526Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings ...buster, sid
giflibCVE-2016-3177Multiple use-after-free and double-free vulnerabilities in gifcolor.c ...buster, jessie, sid, stretch
gifsicleCVE-2017-18120A double-free bug in the read_gif function in gifread.c in gifsicle ...jessie, stretch
gimpCVE-2007-3126Gimp before 2.8.22 allows context-dependent attackers to cause a ...jessie, stretch
CVE-2012-4245The scriptfu network server in GIMP 2.6 does not require ...buster, jessie, sid, stretch
CVE-2018-12713GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary ...buster, jessie, sid, stretch
gitCVE-2017-15298Git through 2.14.2 mishandles layers of tree objects, which allows ...buster, jessie, sid, stretch
CVE-2018-1000021GIT version 2.15.1 and earlier contains a Input Validation Error ...buster, jessie, sid, stretch
git-repairTEMP-0807341-84E914uses non-random tempdir /tmp/tmprepo.0/.git/jessie
gjots2CVE-2017-17535lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before ...jessie, sid, stretch
glanceCVE-2013-4354The API before 2.1 in OpenStack Image Registry and Delivery Service ...buster, jessie, sid, stretch
CVE-2015-8234The image signature algorithm in OpenStack Glance 11.0.0 allows remote ...buster, jessie, sid, stretch
CVE-2016-4383The glance-manage db in all versions of HPE Helion Openstack Glance ...buster, jessie, sid, stretch
CVE-2016-8611A vulnerability was found in Openstack Glance. No limits are enforced ...buster, jessie, sid, stretch
glib2.0CVE-2012-0039** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function ...buster, jessie, sid, stretch
glibcCVE-2010-4051The regcomp implementation in the GNU C Library (aka glibc or libc6) ...buster, jessie, sid, stretch
CVE-2010-4052Stack consumption vulnerability in the regcomp implementation in the ...buster, jessie, sid, stretch
CVE-2010-4756The glob implementation in the GNU C Library (aka glibc or libc6) ...buster, jessie, sid, stretch
CVE-2015-8985The pop_fail_stack function in the GNU C Library (aka glibc or libc6) ...buster, jessie, sid, stretch
globalCVE-2017-17531gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before ...jessie
glpiCVE-2010-1618Cross-site scripting (XSS) vulnerability in the phpCAS client library ...jessie
CVE-2010-2795phpCAS before 1.1.2 allows remote authenticated users to hijack ...jessie
CVE-2010-2796Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when ...jessie
CVE-2010-3690Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before ...jessie
CVE-2010-3691PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is ...jessie
CVE-2010-3692Directory traversal vulnerability in the callback function in ...jessie
CVE-2014-5032GLPI before 0.84.7 does not properly restrict access to cost ...jessie
CVE-2014-8360Directory traversal vulnerability in inc/autoload.function.php in GLPI ...jessie
CVE-2014-9258SQL injection vulnerability in ajax/getDropdownValue.php in GLPI ...jessie
CVE-2015-7684Unrestricted file upload in GLPI before 0.85.3 allows remote ...jessie
CVE-2015-7685GLPI before 0.85.3 allows remote authenticated users to create ...jessie
CVE-2016-7507Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows ...jessie
CVE-2016-7508Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an ...jessie
CVE-2016-7509Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote ...jessie
CVE-2017-11183front/backup.php in GLPI before 9.1.5 allows remote authenticated ...jessie
CVE-2017-11184SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 ...jessie
CVE-2017-11329GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php ...jessie
CVE-2017-11474GLPI before 9.1.5.1 has SQL Injection in the $crit variable in ...jessie
CVE-2017-11475GLPI before 9.1.5.1 has SQL Injection in the condition rule field, ...jessie
CVE-2018-13049The constructSQL function in inc/search.class.php in GLPI 9.2.x through ...jessie
CVE-2018-7562A remote code execution issue was discovered in GLPI through 9.2.1. ...jessie
CVE-2018-7563An issue was discovered in GLPI through 9.2.1. The application is ...jessie
gnome-keyringCVE-2018-19358GNOME Keyring through 3.28.2 allows local users to retrieve login ...buster, jessie, sid, stretch
gnome-orcaCVE-2013-4245Arbitrary code execution due to insecure CWD Python module loadjessie, stretch
gnome-shellCVE-2012-4427The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...buster, jessie, sid, stretch
gnuchessCVE-2015-8972Stack-based buffer overflow in the ValidateMove function in ...jessie
gnumailCVE-2007-1269GNUMail 1.1.2 and earlier does not properly use the --status-fd ...buster, sid, stretch
gnupgCVE-2018-6829cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt ...jessie, buster, sid, stretch
gnuplotCVE-2018-19490An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue ...buster, sid, stretch
CVE-2018-19491An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows ...buster, sid, stretch
CVE-2018-19492An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue ...buster, sid, stretch
gnutls28CVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft ...buster, jessie, sid, stretch
TEMP-0000000-1BAE4DGNUTLS-SA-2016-2: certificate verification issuejessie
golangCVE-2016-5386The net/http package in Go through 1.6 does not attempt to address RFC ...jessie
google-perftoolsCVE-2018-13420** DISPUTED ** Google gperftools 2.7 has a memory leak in ...buster, jessie, sid, stretch
gpwCVE-2011-4931buster, jessie, sid, stretch
graphicsmagickCVE-2017-13066GraphicsMagick 1.3.26 has a memory leak vulnerability in the function ...jessie
CVE-2017-13147In GraphicsMagick 1.3.26, an allocation failure vulnerability was found ...jessie
CVE-2017-13648In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the ...jessie
CVE-2017-13736There are lots of memory leaks in the GMCommand function in ...buster, jessie, sid, stretch
CVE-2017-14042A memory allocation failure was discovered in the ReadPNMImage function ...jessie
CVE-2017-14165The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...jessie
CVE-2017-14649ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does ...jessie
CVE-2018-18544There is a memory leak in the function WriteMSLImage of coders/msl.c ...jessie, stretch
grubCVE-2008-3896Grub Legacy 0.97 and earlier stores pre-boot authentication passwords ...buster, jessie, sid, stretch
gthumbCVE-2018-18718An issue was discovered in gThumb through 3.6.2. There is a double-free ...stretch
haskell-tlsCVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft ...buster, jessie, sid, stretch
hex-a-hopTEMP-0528250-2E3658hex-a-hop: buffer overflow in loading save gamesbuster, jessie, sid, stretch
htslibCVE-2018-14329In HTSlib 1.8, a race condition in cram/cram_io.c might allow local ...buster, jessie, sid, stretch
icecast2CVE-2005-0837IceCast 2.20 allows remote attackers to bypass the XSL parser and ...buster, jessie, sid, stretch
CVE-2005-0838Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...buster, jessie, sid, stretch
icedoveCVE-2006-5633Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...jessie
CVE-2008-5430Mozilla Thunderbird 2.0.14 does not properly handle (1) ...jessie
imagemagickCVE-2005-0406A design flaw in image processing software that modifies JPEG images ...buster, jessie, sid, stretch
CVE-2008-3134Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 ...buster, jessie, sid, stretch
CVE-2016-8678The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ...buster, jessie, sid, stretch
CVE-2017-11166The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a ...jessie
CVE-2017-11531When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...jessie, stretch
CVE-2017-11532When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...jessie, stretch
CVE-2017-11534When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...jessie, stretch
CVE-2017-11536When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...jessie, stretch
CVE-2017-11539When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...jessie, stretch
CVE-2017-11644When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...jessie, stretch
CVE-2017-11724The ReadMATImage function in coders/mat.c in ImageMagick through ...jessie, stretch
CVE-2017-11751The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 ...jessie, stretch
CVE-2017-11752The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 ...jessie, stretch
CVE-2017-11754The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 ...buster, jessie, sid, stretch
CVE-2017-11755The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 ...buster, jessie, sid, stretch
CVE-2017-12418ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM ...jessie, stretch
CVE-2017-12427The ProcessMSLScript function in coders/msl.c in ImageMagick before ...jessie, stretch
CVE-2017-12428In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the ...jessie
CVE-2017-12433In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the ...jessie, stretch
CVE-2017-12564In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the ...jessie, stretch
CVE-2017-12565In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the ...jessie, stretch
CVE-2017-12566In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the ...jessie, stretch
CVE-2017-12641ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage ...jessie, stretch
CVE-2017-12642ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in ...jessie, stretch
CVE-2017-12644ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in ...jessie, stretch
CVE-2017-12654The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 ...jessie, stretch
CVE-2017-12662ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in ...jessie, stretch
CVE-2017-12663ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in ...jessie, stretch
CVE-2017-12664ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage ...jessie, stretch
CVE-2017-12665ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage ...jessie, stretch
CVE-2017-12666ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage ...stretch
CVE-2017-12667ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in ...jessie, stretch
CVE-2017-12668ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in ...jessie, stretch
CVE-2017-12669ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage ...jessie, stretch
CVE-2017-12671In ImageMagick 7.0.6-3, a missing NULL assignment was found in ...jessie
CVE-2017-12672In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the ...jessie, stretch
CVE-2017-12673In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the ...jessie, stretch
CVE-2017-12675In ImageMagick 7.0.6-3, a missing check for multidimensional data was ...jessie, stretch
CVE-2017-12676In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the ...jessie, stretch
CVE-2017-13058In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the ...jessie, stretch
CVE-2017-13059In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the ...jessie, stretch
CVE-2017-13060In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the ...jessie, stretch
CVE-2017-13062In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the ...jessie, stretch
CVE-2017-13131In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the ...jessie, stretch
CVE-2017-13141In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file ...jessie
CVE-2017-13146In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory ...jessie, stretch
CVE-2017-14137ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue ...jessie, stretch
CVE-2017-14138ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in ...jessie, stretch
CVE-2017-14139ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in ...jessie, stretch
CVE-2017-14324In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...jessie, stretch
CVE-2017-14325In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...jessie, stretch
CVE-2017-14326In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...jessie, stretch
CVE-2017-14342ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ...jessie, stretch
CVE-2017-14343ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in ...jessie, stretch
CVE-2017-14531ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in ...jessie, stretch
CVE-2017-14533ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. ...jessie, stretch
CVE-2017-14684In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in ...jessie, stretch
CVE-2017-15016ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ...jessie, stretch
CVE-2017-15032ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in ...jessie, stretch
CVE-2017-15033ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in ...jessie, stretch
CVE-2017-15217ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. ...jessie, stretch
CVE-2017-15218ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in ...jessie, stretch
CVE-2017-17680In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...jessie, stretch
CVE-2017-17880In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based ...jessie, stretch
CVE-2017-17881In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...jessie, stretch
CVE-2017-17882In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...jessie, stretch
CVE-2017-17883In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...jessie, stretch
CVE-2017-17884In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...jessie, stretch
CVE-2017-17885In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...jessie, stretch
CVE-2017-17886In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...jessie, stretch
CVE-2017-17887In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...jessie, stretch
CVE-2017-17934ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, ...jessie, stretch
CVE-2017-18008In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in ...jessie, stretch
CVE-2017-18022In ImageMagick 7.0.7-12 Q16, there are memory leaks in ...jessie, stretch
CVE-2017-18027In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...jessie, stretch
CVE-2017-18028In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found ...jessie, stretch
CVE-2017-18029In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in ...jessie, stretch
CVE-2017-18251An issue was discovered in ImageMagick 7.0.7. A memory leak ...jessie, stretch
CVE-2017-18254An issue was discovered in ImageMagick 7.0.7. A memory leak ...jessie, stretch
CVE-2017-6502An issue was discovered in ImageMagick 6.9.7. A specially crafted webp ...jessie, stretch
CVE-2017-7275The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows ...buster, jessie, sid, stretch
CVE-2018-10804ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage ...jessie, stretch
CVE-2018-10805ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage ...jessie, stretch
CVE-2018-11655In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was ...jessie, stretch
CVE-2018-11656In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was ...jessie, stretch
CVE-2018-13153In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand ...jessie, stretch
CVE-2018-14434ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage ...jessie, stretch
CVE-2018-14435ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. ...jessie, stretch
CVE-2018-14436ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in ...jessie, stretch
CVE-2018-14437ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. ...jessie, stretch
CVE-2018-15607In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 ...buster, jessie, sid, stretch
CVE-2018-16640ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ...jessie, stretch
CVE-2018-16750In ImageMagick 7.0.7-29 and earlier, a memory leak in the ...jessie, stretch
CVE-2018-17965ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage ...jessie, stretch
CVE-2018-17966ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage ...jessie, stretch
CVE-2018-17967ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in ...jessie, stretch
CVE-2018-18016ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage ...jessie, stretch
CVE-2018-18544There is a memory leak in the function WriteMSLImage of coders/msl.c ...jessie, stretch
CVE-2018-5246In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage ...jessie, stretch
CVE-2018-5247In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in ...jessie, stretch
CVE-2018-5357ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function ...jessie, stretch
CVE-2018-5358ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...jessie, stretch
CVE-2018-6405In the ReadDCMImage function in coders/dcm.c in ImageMagick before ...jessie, stretch
CVE-2018-7470An issue was discovered in ImageMagick 7.0.7-22 Q16. The ...jessie, stretch
CVE-2018-9135In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in ...jessie, stretch
TEMP-0869722-31618Bmemory leak in quantizejessie, stretch
initramfs-toolsCVE-2008-4996** DISPUTED ** ...buster, jessie, sid, stretch
ipsec-toolsCVE-2018-5389The Internet Key Exchange v1 main mode is vulnerable to offline ...buster, jessie, sid, stretch
iptablesCVE-2012-2663extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP ...buster, jessie, sid, stretch
irssiTEMP-0000000-E6792Firssi missing null terminatorjessie
isakmpdCVE-2018-5389The Internet Key Exchange v1 main mode is vulnerable to offline ...buster, sid, stretch
jasperCVE-2016-10248The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before ...jessie
CVE-2016-8883The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 ...jessie
CVE-2016-8887The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer ...jessie
CVE-2016-9387Integer overflow in the jpc_dec_process_siz function in ...jessie
CVE-2016-9388The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows ...jessie
CVE-2016-9389The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before ...jessie
CVE-2016-9390The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 ...jessie
CVE-2016-9391The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 ...jessie
CVE-2016-9392The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 ...jessie
CVE-2016-9393The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 ...jessie
CVE-2016-9394The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 ...jessie
CVE-2016-9395The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 ...jessie
CVE-2016-9396The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through ...jessie
CVE-2016-9397The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows ...jessie
CVE-2016-9398The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 ...jessie
CVE-2016-9399The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows ...jessie
CVE-2016-9583An out-of-bounds heap read vulnerability was found in the ...jessie
CVE-2016-9600JasPer before version 2.0.10 is vulnerable to a null pointer ...jessie
CVE-2017-1000050JasPer 2.0.12 is vulnerable to a NULL pointer exception in the ...jessie
CVE-2017-13745There is a reachable assertion abort in the function ...jessie
CVE-2017-13746There is a reachable assertion abort in the function ...jessie
CVE-2017-13747There is a reachable assertion abort in the function jpc_floorlog2() in ...jessie
CVE-2017-13749There is a reachable assertion abort in the function jpc_pi_nextrpcl() ...jessie
CVE-2017-13750There is a reachable assertion abort in the function ...jessie
CVE-2017-13751There is a reachable assertion abort in the function calcstepsizes() in ...jessie
CVE-2017-13752There is a reachable assertion abort in the function jpc_dequantize() ...jessie
CVE-2017-5498libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote ...jessie
CVE-2017-5499Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows ...jessie
CVE-2017-5500libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to ...jessie
CVE-2017-5501Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows ...jessie
CVE-2017-5502libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to ...jessie
CVE-2017-5504The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer ...jessie
CVE-2017-5505The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows ...jessie
CVE-2017-6850The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 ...jessie
CVE-2017-6851The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows ...jessie
CVE-2018-9055JasPer 2.0.14 allows denial of service via a reachable assertion in the ...jessie
CVE-2018-9252JasPer 2.0.14 allows denial of service via a reachable assertion in the ...jessie
jbigkitCVE-2017-9937In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A ...buster, jessie, sid, stretch
jettyCVE-2009-3579Cross-site scripting (XSS) vulnerability in the CookieDump.java sample ...jessie
jheadCVE-2018-6612An integer underflow bug in the process_EXIF function of the exif.c ...jessie, stretch
jqueryCVE-2007-2379The jQuery framework exchanges data using JavaScript Object Notation ...buster, jessie, sid, stretch
json-glibTEMP-0772585-D41D8Cbuster, jessie, sid, stretch
jythonCVE-2017-17522** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not ...buster, jessie, sid, stretch
kannelCVE-2017-14609The server daemons in Kannel 1.5.0 and earlier create a PID file after ...buster, jessie, sid, stretch
kde-baseappsCVE-2012-4512buster, jessie, sid, stretch
CVE-2012-4513khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows ...buster, jessie, sid, stretch
CVE-2012-4514rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows ...buster, jessie, sid, stretch
CVE-2012-4515Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in ...buster, jessie, sid, stretch
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...buster, jessie, sid, stretch
kde4libsCVE-2009-1692WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, ...buster, jessie, sid, stretch
CVE-2009-1718WebKit in Apple Safari before 4.0 allows user-assisted remote ...buster, jessie, sid, stretch
CVE-2009-1724Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...buster, jessie, sid, stretch
CVE-2009-3015QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...buster, jessie, sid, stretch
CVE-2009-3272Stack consumption vulnerability in WebKit.dll in WebKit in Apple ...buster, jessie, sid, stretch
TEMP-0560108-565B70browser-based css info disclosurebuster, jessie, sid, stretch
TEMP-0568486-B6FCB6browser javascript document.write denial-of-servicebuster, jessie, sid, stretch
kdepimCVE-2006-7139Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, ...jessie, stretch
CVE-2007-1265KMail 1.9.5 and earlier does not properly use the --status-fd argument ...jessie, stretch
keepalivedCVE-2018-19044keepalived 2.0.8 didn't check for pathnames with symlinks when writing ...jessie, stretch
CVE-2018-19045keepalived 2.0.8 used mode 0666 when creating new temporary files upon ...jessie, stretch
CVE-2018-19046keepalived 2.0.8 didn't check for existing plain files when writing ...jessie, stretch
kfreebsd-10CVE-2011-2393The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...jessie, sid, stretch
CVE-2015-1417The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, ...jessie
CVE-2015-5675The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 ...jessie
CVE-2016-1879The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 ...jessie, sid, stretch
CVE-2016-1880The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and ...jessie
CVE-2016-1881The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause ...jessie
CVE-2016-1882FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow ...jessie
CVE-2016-1883The issetugid system call in the Linux compatibility layer in FreeBSD ...jessie
CVE-2016-1885Integer signedness error in the amd64_set_ldt function in ...jessie
CVE-2016-1886Integer signedness error in the genkbd_commonioctl function in ...jessie
CVE-2016-1887Integer signedness error in the sockargs function in ...jessie
CVE-2017-1081In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and ...jessie, sid, stretch
CVE-2017-1082In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the ...jessie, sid, stretch
CVE-2017-1083In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is ...jessie, sid, stretch
CVE-2017-1084In FreeBSD before 11.2-RELEASE, multiple issues with the ...jessie, sid, stretch
CVE-2017-1085In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() ...jessie, sid, stretch
CVE-2017-1086In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, ...jessie, sid, stretch
CVE-2017-1087In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and ...jessie, sid, stretch
CVE-2017-1088In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, ...jessie, sid, stretch
CVE-2017-15037In FreeBSD through 11.1, the smb_strdupin function in ...jessie, sid, stretch
CVE-2018-17154In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and ...jessie, sid, stretch
CVE-2018-17155In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, ...jessie, sid, stretch
CVE-2018-17156In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to ...jessie, sid, stretch
CVE-2018-6916In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, ...jessie, sid, stretch
CVE-2018-6917In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, ...jessie, sid, stretch
CVE-2018-6918In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, ...jessie, sid, stretch
CVE-2018-6919In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, ...jessie, sid, stretch
CVE-2018-6920In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, ...jessie, sid, stretch
CVE-2018-6921In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to ...jessie, sid, stretch
CVE-2018-6922One of the data structures that holds TCP segments in all versions of ...jessie, sid, stretch
CVE-2018-6923In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip ...jessie, sid, stretch
CVE-2018-6924In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, ...jessie, sid, stretch
CVE-2018-6925In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, ...jessie, sid, stretch
kiwiCVE-2017-17532examples/framework/news/news3.py in Kiwi 1.9.22 does not validate ...buster, jessie, sid, stretch
krb5CVE-2004-0971The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...buster, jessie, sid, stretch
CVE-2017-15088plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka ...jessie, stretch
CVE-2018-5709An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. ...buster, jessie, sid, stretch
latex2rtfCVE-2015-8106Format string vulnerability in the CmdKeywords function in funct1.c in ...jessie
lbreakout2TEMP-0608980-E8B8DFCrash with long HOME environment variablebuster, jessie, sid, stretch
leptonlibCVE-2018-7247An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in ...jessie, stretch
CVE-2018-7441Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might ...jessie, stretch
TEMP-0830660-09AE85Insecure use of /tmpjessie
lessCVE-2014-9488The is_utf8_well_formed function in GNU less before 475 allows remote ...jessie
libapache-poi-javaCVE-2016-5000The XLSX2CSV example in Apache POI before 3.14 allows remote attackers ...buster, jessie, sid, stretch
libavCVE-2016-7477The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 ...jessie
CVE-2016-7499The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote ...jessie
CVE-2016-8675The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote ...jessie
CVE-2016-8676The get_vlc2 function in get_bits.h in Libav 11.9 allows remote ...jessie
CVE-2016-9825libswscale/utils.c in libav 11.8 allows remote attackers to cause a ...jessie
CVE-2016-9826libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause ...jessie
libcommons-collections4-javaCVE-2015-7501Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data ...buster, jessie, sid, stretch
libcommons-fileupload-javaCVE-2016-1000031Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation ...buster, jessie, sid, stretch
libcrypto++CVE-2016-7420Crypto++ (aka cryptopp) through 5.6.4 does not document the ...buster, jessie, sid, stretch
libdata-uuid-perlCVE-2013-4184symlink attacksbuster, jessie, sid, stretch
libemail-address-perlCVE-2015-7686Algorithmic complexity vulnerability in Address.pm in the ...buster, jessie, sid, stretch
CVE-2018-12558The parse() method in the Email::Address module through 1.909 for Perl ...buster, jessie, sid, stretch
libgaduCVE-2013-4488libgadu before 1.12.0 does not verify X.509 certificates from SSL ...buster, jessie, sid, stretch
libgcrypt20CVE-2018-6829cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt ...buster, jessie, sid, stretch
libgnumail-javaCVE-2005-1105Directory traversal vulnerability in the MimeBodyPart.getFileName ...jessie, stretch
libjpeg6bCVE-2016-3616The cjpeg utility in libjpeg allows remote attackers to cause a denial ...sid
libjs-handlebarsTEMP-0000000-345A3Bhandlebars: quoteless attributes in templates can lead to content injectionjessie, stretch
libjs-i18nextCVE-2017-16010i18next is a language translation framework. When using the .init ...buster, sid, stretch
libmp3-info-perlCVE-2013-6499loading a module relative to the cwdbuster, jessie, sid, stretch
libmspackCVE-2018-18586** DISPUTED ** chmextract.c in the chmextract sample program, as ...jessie, stretch
libnl3CVE-2017-0553An elevation of privilege vulnerability in libnl could enable a local ...jessie
libphp-adodbCVE-2006-4976The Date Library in John Lim ADOdb Library for PHP allows remote ...buster, jessie, sid, stretch
CVE-2011-3699John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain ...buster, jessie, sid, stretch
libphp-phpmailerCVE-2017-11503PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email ...buster, jessie, sid, stretch
libpngCVE-2018-14550stack-based buffer overflow in contrib/pngminus/pnm2png.c:get_token()jessie, buster, sid, stretch
libquicktimeCVE-2017-12143In libquicktime 1.2.4, an allocation failure was found in the function ...buster, jessie, sid, stretch
CVE-2017-12145In libquicktime 1.2.4, an allocation failure was found in the function ...buster, jessie, sid, stretch
libreofficeCVE-2012-5639buster, jessie, sid, stretch
CVE-2018-10583An information disclosure vulnerability occurs when LibreOffice 6.0.3 ...buster, jessie, sid, stretch
libreswanCVE-2018-5389The Internet Key Exchange v1 main mode is vulnerable to offline ...buster, sid
libslf4j-javaCVE-2018-8088org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before ...jessie, stretch
libsndfileCVE-2018-13139A stack-based buffer overflow in psf_memset in common.c in libsndfile ...buster, jessie, sid, stretch
libspring-javaCVE-2016-1000027jessie
libuvCVE-2014-9748jessie
libv8-3.14CVE-2013-2632Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, ...jessie, sid, stretch
CVE-2013-2838Google V8, as used in Google Chrome before 27.0.1453.93, allows remote ...jessie, sid, stretch
CVE-2013-2882Google V8, as used in Google Chrome before 28.0.1500.95, allows remote ...jessie, sid, stretch
CVE-2013-2919Google V8, as used in Google Chrome before 30.0.1599.66, allows remote ...jessie, sid, stretch
CVE-2013-6638Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, ...jessie, sid, stretch
CVE-2013-6649Use-after-free vulnerability in the RenderSVGImage::paint function in ...jessie, sid, stretch
CVE-2013-6650The StoreBuffer::ExemptPopularPages function in store-buffer.cc in ...jessie, sid, stretch
CVE-2013-6668Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, ...jessie, sid, stretch
CVE-2014-1704Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, ...jessie, sid, stretch
CVE-2014-1705Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and ...jessie, sid, stretch
CVE-2014-1716Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype ...jessie, sid, stretch
CVE-2014-1717Google V8, as used in Google Chrome before 34.0.1847.116, does not ...jessie, sid, stretch
CVE-2014-1729Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, ...jessie, sid, stretch
CVE-2014-1730Google V8, as used in Google Chrome before 34.0.1847.131 on Windows ...jessie, sid, stretch
CVE-2014-1735Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, ...jessie, sid, stretch
CVE-2014-1736Integer overflow in api.cc in Google V8, as used in Google Chrome ...jessie, sid, stretch
CVE-2014-3152Integer underflow in the LCodeGen::PrepareKeyedOperand function in ...jessie, sid, stretch
CVE-2014-3188Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 ...jessie, sid, stretch
CVE-2014-3195Google V8, as used in Google Chrome before 38.0.2125.101, does not ...jessie, sid, stretch
CVE-2014-3199The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the ...jessie, sid, stretch
CVE-2014-7192Eval injection vulnerability in index.js in the syntax-error package ...jessie, sid, stretch
CVE-2014-7927The SimplifiedLowering::DoLoadBuffer function in ...jessie, sid, stretch
CVE-2014-7928hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, ...jessie, sid, stretch
CVE-2014-7931factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, ...jessie, sid, stretch
CVE-2014-7939Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 ...jessie, sid, stretch
CVE-2014-7967Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, ...jessie, sid, stretch
CVE-2015-1230The getHiddenProperty function in ...jessie, sid, stretch
CVE-2015-1290The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and ...jessie, sid, stretch
CVE-2015-1304object-observe.js in Google V8, as used in Google Chrome before ...jessie, sid, stretch
CVE-2015-1346Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, ...jessie, sid, stretch
CVE-2015-2238Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as ...jessie, sid, stretch
CVE-2015-3333Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as ...jessie, sid, stretch
CVE-2015-3336Google Chrome before 42.0.2311.90 does not always ask the user before ...jessie, sid, stretch
CVE-2015-6764The BasicJsonStringifier::SerializeJSArray function in ...jessie, sid, stretch
CVE-2015-6771js/array.js in Google V8, as used in Google Chrome before ...jessie, sid, stretch
CVE-2015-6774Use-after-free vulnerability in the GetLoadTimes function in ...jessie, sid, stretch
libvpxCVE-2015-1258Google Chrome before 43.0.2357.65 relies on libvpx code that was not ...jessie
CVE-2015-4506Buffer overflow in the vp9_init_context_buffers function in libvpx, as ...jessie
CVE-2017-0641A remote denial of service vulnerability in libvpx in Mediaserver ...buster, jessie, sid, stretch
libwebpCVE-2016-9085Multiple integer overflows in libwebp allows attackers to have ...buster, jessie, sid, stretch
libwmfCVE-2007-3476Array index error in gd_gif_in.c in the GD Graphics Library (libgd) ...buster, jessie, sid, stretch
CVE-2007-3477The (a) imagearc and (b) imagefilledarc functions in GD Graphics ...buster, jessie, sid, stretch
CVE-2007-3996Multiple integer overflows in libgd in PHP before 5.2.4 allow remote ...buster, jessie, sid, stretch
CVE-2009-3546The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before ...buster, jessie, sid, stretch
TEMP-0601525-BEBB65libgd2: gdImageColorTransparent can write outside bufferbuster, jessie, sid, stretch
libxerces2-javaCVE-2012-0881Apache Xerces2 Java allows remote attackers to cause a denial of ...buster, jessie, sid, stretch
libxfont1CVE-2017-13720In the PatternMatch function in fontfile/fontdir.c in libXfont through ...stretch
CVE-2017-13722In the pcfGetProperties function in bitmap/pcfread.c in libXfont ...stretch
CVE-2017-16611In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker ...stretch
libxsltCVE-2015-9019In libxslt 1.1.29 and earlier, the EXSLT math.random function was not ...buster, jessie, sid, stretch
liloCVE-2008-3895LILO 22.6.1 and earlier stores pre-boot authentication passwords in ...buster, jessie, sid, stretch
links2CVE-2017-11114The put_chars function in html_r.c in Twibright Links 2.14 allows ...jessie, stretch
linuxCVE-2004-0230TCP, when using a large Window Size, makes it easier for remote ...buster, jessie, sid, stretch
CVE-2005-3660Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...buster, jessie, sid, stretch
CVE-2007-3719The process scheduler in the Linux kernel 2.6.16 gives preference to ...buster, jessie, sid, stretch
CVE-2008-2544buster, jessie, sid, stretch
CVE-2008-4609The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...buster, jessie, sid, stretch
CVE-2010-4563The Linux kernel, when using IPv6, allows remote attackers to ...buster, jessie, sid, stretch
CVE-2010-5321Memory leak in drivers/media/video/videobuf-core.c in the videobuf ...buster, jessie, sid, stretch
CVE-2011-4915buster, jessie, sid, stretch
CVE-2011-4917buster, jessie, sid, stretch
CVE-2012-4542block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly ...buster, jessie, sid, stretch
CVE-2014-9892The snd_compr_tstamp function in sound/core/compress_offload.c in the ...buster, jessie, sid, stretch
CVE-2014-9900The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel ...buster, jessie, sid, stretch
CVE-2015-2877** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel ...buster, jessie, sid, stretch
CVE-2015-4001Integer signedness error in the oz_hcd_get_desc_cnf function in ...jessie
CVE-2015-4002drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux ...jessie
CVE-2015-4003The oz_usb_handle_ep_data function in ...jessie
CVE-2015-4004The OZWPAN driver in the Linux kernel through 4.0.5 relies on an ...jessie
CVE-2015-7837The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, ...jessie
CVE-2015-7885The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in ...jessie
CVE-2015-8967arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local ...jessie
CVE-2016-3857The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices ...jessie
CVE-2016-9120Race condition in the ion_ioctl function in ...jessie
CVE-2017-11472The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in ...buster, jessie, sid, stretch
CVE-2017-12762In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied ...jessie, stretch
CVE-2017-13693The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c ...buster, jessie, sid, stretch
CVE-2017-13694The acpi_ps_complete_final_op() function in ...buster, jessie, sid, stretch
CVE-2017-13695The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the ...jessie, stretch
CVE-2017-18255The perf_cpu_time_max_percent_handler function in kernel/events/core.c ...jessie
CVE-2017-9984The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in ...jessie
CVE-2017-9985The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in ...jessie
CVE-2017-9986The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel ...buster, jessie, sid, stretch
CVE-2018-1121procps-ng, procps is vulnerable to a process hiding through race ...buster, jessie, sid, stretch
CVE-2018-8043The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in ...buster, sid, stretch
CVE-2018-9465In task_get_unused_fd_flags of binder.c, there is a possible memory ...jessie, stretch
TEMP-0000000-F7A20FKernel: Unprivileged user can freeze journaldbuster, jessie, sid, stretch
lldpadCVE-2018-10932lldptool version 1.0.1 and older can print a raw, unsanitized attacker ...stretch
lrzipCVE-2017-8842The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in ...jessie, stretch
CVE-2017-8843The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 ...jessie, stretch
CVE-2017-8845The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in ...jessie, stretch
CVE-2017-8847The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in ...jessie, stretch
CVE-2018-9058In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the ...jessie, stretch
lynisCVE-2017-8108Unspecified tests in Lynis before 2.5.0 allow local users to write to ...jessie, stretch
m2cryptoCVE-2009-0127** DISPUTED ** M2Crypto does not properly check the return value from ...buster, jessie, sid, stretch
m4CVE-2008-1687The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before ...buster, jessie, sid, stretch
CVE-2008-1688Unspecified vulnerability in GNU m4 before 1.4.11 might allow ...buster, jessie, sid, stretch
magpierssCVE-2006-4735Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain ...buster, jessie, sid, stretch
maildirsyncCVE-2008-5150sample.sh in maildirsync 1.1 allows local users to append data to ...buster, jessie, sid, stretch
matanzaCVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...buster, jessie, sid, stretch
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...buster, jessie, sid, stretch
mbedtlsCVE-2018-1000061ARM mbedTLS version development branch, 2.7.0 and earlier contains a ...buster, sid, stretch
CVE-2018-1000520ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows ...buster, sid, stretch
mcollectiveCVE-2014-0175default password set at installbuster, jessie, sid
mdadmCVE-2014-5220The mdcheck script of the mdadm package for openSUSE 13.2 prior to ...jessie
mediaelementCVE-2016-4567Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as ...buster, jessie, sid, stretch
mediawikiCVE-2007-0894MediaWiki before 1.9.2 allows remote attackers to obtain sensitive ...buster, sid, stretch
CVE-2014-1686MediaWiki 1.18.0 allows remote attackers to obtain the installation ...buster, sid, stretch
mediawiki-extensionsCVE-2013-4305Cross-site scripting (XSS) vulnerability in contrib/example.php in the ...jessie
mensisCVE-2017-17534uiutil.c in Mensis 0.0.080507 does not validate strings before ...jessie
metviewCVE-2017-17515** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate ...buster, jessie, sid, stretch
mgettyCVE-2018-16742An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a ...jessie, stretch
CVE-2018-16743An issue was discovered in mgetty before 1.2.1. In ...jessie, stretch
mh-bookCVE-2008-5152inmail-show in mh-book 200605 allows local users to overwrite ...buster, jessie, sid, stretch
midoriCVE-2012-2132libsoup 2.32.2 and earlier does not validate certificates or clear the ...sid, stretch
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...sid, stretch
mingw-w64CVE-2018-5392mingw-w64 version 5.0.4 by default produces executables that opt in to ...buster, jessie, sid, stretch
mini-httpdCVE-2009-4490mini_httpd 1.19 writes data to a log file without sanitizing ...buster, sid, stretch
CVE-2017-17663The htpasswd implementation of mini_httpd before v1.28 and of thttpd ...buster, sid, stretch
minidjvuCVE-2017-12441The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can ...buster, jessie, sid, stretch
CVE-2017-12442The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can ...buster, jessie, sid, stretch
CVE-2017-12443The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 ...buster, jessie, sid, stretch
CVE-2017-12444The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in ...buster, jessie, sid, stretch
CVE-2017-12445The JB2BitmapCoder::code_row_by_refinement function in ...buster, jessie, sid, stretch
miniupnpcCVE-2017-1000494Uninitialized stack variable vulnerability in NameValueParserEndElt ...jessie, stretch
moinCVE-2007-0902Unspecified vulnerability in the "Show debugging information" feature ...buster, jessie, sid, stretch
mojarraCVE-2010-2087Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application ...buster, jessie, sid, stretch
mongodbCVE-2015-2327PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and ...buster, jessie, sid, stretch
CVE-2015-2328PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related ...buster, jessie, sid, stretch
mono-reference-assembliesCVE-2018-1002208sharplibzip before 1.0 RC1 is vulnerable to directory traversal, ...buster, sid, stretch
monopdCVE-2015-0841off-by-one buffer overflow in Listener::checkActivity in libcapsinetwork/monopdbuster, jessie, sid, stretch
mozilla-noscriptCVE-2018-16983NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other ...buster, jessie, sid, stretch
mp3spltCVE-2017-5665The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 ...buster, jessie, sid
CVE-2017-5851The free_options function in options_manager.c in mp3splt 2.6.2 allows ...buster, jessie, sid
mpg123CVE-2017-11126The III_i_stereo function in libmpg123/layer3.c in mpg123 through ...jessie, stretch
mupdfCVE-2016-10246Buffer overflow in the main function in jstest_main.c in Mujstest in ...buster, jessie, sid, stretch
CVE-2016-10247Buffer overflow in the my_getline function in jstest_main.c in ...buster, jessie, sid, stretch
CVE-2017-6060Stack-based buffer overflow in jstest_main.c in mujstest in Artifex ...buster, jessie, sid, stretch
CVE-2018-1000036In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser ...jessie, stretch
CVE-2018-10289In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space ...stretch
CVE-2018-19881In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause ...buster, jessie, sid, stretch
CVE-2018-19882In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c ...buster, jessie, sid, stretch
mustache.jsCVE-2015-8861The handlebars package before 4.0.0 for Node.js allows remote ...buster, jessie, sid, stretch
CVE-2015-8862mustache package before 2.2.1 for Node.js allows remote attackers to ...buster, jessie, sid, stretch
TEMP-0000000-137F0Aquoteless attributes in templates can lead to content injectionbuster, jessie, sid, stretch
muttCVE-2007-1268Mutt 1.5.13 and earlier does not properly use the --status-fd argument ...buster, jessie, sid, stretch
TEMP-0775199-D05A9Esmime_keys: insecure use of /tmpjessie
mysql-5.5CVE-2012-5613** DISPUTED ** ...jessie
CVE-2012-5627Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and ...jessie
nagios3CVE-2008-5027The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor ...jessie
nasmCVE-2017-14228In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access ...jessie, stretch
CVE-2018-1000667NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains ...jessie, stretch
CVE-2018-10316Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the ...jessie, stretch
CVE-2018-16382Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in ...jessie, stretch
CVE-2018-16517asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer ...jessie, stretch
CVE-2018-16999Netwide Assembler (NASM) 2.14rc15 has an invalid memory write ...jessie, stretch
CVE-2018-19209Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the ...jessie, stretch
CVE-2018-19213Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may ...buster, jessie, sid, stretch
CVE-2018-19214Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in ...jessie, stretch
CVE-2018-19215Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...jessie, stretch
net-toolsCVE-2002-1976ifconfig, when used on the Linux kernel 2.2 and later, does not report ...buster, jessie, sid, stretch
netsurfCVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...jessie, sid, stretch
network-manager-appletCVE-2017-6590An issue was discovered in network-manager-applet (aka ...buster, jessie, sid, stretch
nghttp2TEMP-0000000-A4EF31Null pointer access in inflatehd toolbuster, jessie, sid, stretch
nginxCVE-2009-4487nginx 0.7.64 writes data to a log file without sanitizing ...buster, jessie, sid, stretch
nip2CVE-2017-17514** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before ...buster, jessie, sid, stretch
nmapCVE-2018-15173Nmap through 7.70, when the -sV option is used, allows remote attackers ...buster, jessie, sid, stretch
node-bracesCVE-2018-1109buster, sid, stretch
node-cliCVE-2016-1000021jessie, sid
CVE-2016-10538The package `node-cli` before 1.0.0 insecurely uses the lock_file and ...jessie, sid
node-cookie-signatureCVE-2016-1000236buster, jessie, sid, stretch
node-debugCVE-2017-16137The debug module is vulnerable to regular expression denial of service ...jessie, stretch
node-deep-extendCVE-2018-3750The utilities function in all versions <= 0.5.0 of the deep-extend ...buster, sid, stretch
node-expressCVE-2014-6393The Express web framework before 3.11 and 4.x before 4.5 for Node.js ...buster, jessie, sid, stretch
node-freshCVE-2017-16119Fresh is a module used by the Express.js framework for HTTP response ...buster, jessie, sid, stretch
node-growlCVE-2017-16042Growl adds growl notification support to nodejs. Growl before 1.10.2 ...jessie, stretch
node-lodashCVE-2018-3721lodash node module before 4.17.5 suffers from a Modification of ...buster, jessie, sid, stretch
node-markedCVE-2015-1370Incomplete blacklist vulnerability in marked 0.3.2 and earlier for ...jessie
CVE-2015-8854The marked package before 0.3.4 for Node.js allows attackers to cause ...jessie
CVE-2016-10531marked is an application that is meant to parse and compile markdown. ...jessie
CVE-2017-1000427marked version 0.3.6 and earlier is vulnerable to an XSS attack in the ...jessie, stretch
CVE-2017-16114The marked module is vulnerable to a regular expression denial of ...jessie, stretch
node-mimeCVE-2017-16138The mime module is vulnerable to regular expression denial of service ...jessie, stretch
node-minimatchCVE-2016-10540Minimatch is a minimal matching utility that works by converting glob ...buster, jessie, sid, stretch
node-mixin-deepCVE-2018-3719mixin-deep node module before 1.3.1 suffers from a Modification of ...buster, sid, stretch
node-momentCVE-2017-18214The moment module before 2.19.3 for Node.js is prone to a regular ...stretch
node-negotiatorCVE-2016-1000022buster, jessie, sid, stretch
CVE-2016-10539negotiator is an HTTP content negotiator for Node.js and is used by ...jessie, stretch
node-postgresCVE-2017-16082A remote code execution vulnerability was found within the pg module ...jessie, sid
node-requestCVE-2017-16026Request is an http client. If a request is made using ```multipart```, ...buster, jessie, sid, stretch
node-semverCVE-2015-8855The semver package before 4.3.2 for Node.js allows attackers to cause ...jessie
node-sendCVE-2015-8859The send package before 0.11.1 for Node.js allows attackers to obtain ...buster, jessie, sid, stretch
TEMP-0000000-FD1F92root path disclosurebuster, jessie, sid, stretch
node-serve-indexCVE-2015-8856Cross-site scripting (XSS) vulnerability in the serve-index package ...buster, jessie, sid, stretch
node-sshpkCVE-2018-3737sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. ...buster, sid
node-superagentCVE-2017-16129The HTTP client module superagent is vulnerable to ZIP bomb attacks. ...buster, jessie, sid, stretch
node-tarCVE-2015-8860The tar package before 2.0.0 for Node.js allows remote attackers to ...buster, jessie, sid, stretch
node-url-parseCVE-2018-3774Incorrect parsing in url-parse <1.4.3 returns wrong hostname which ...buster, sid, stretch
node-uuidCVE-2015-8851buster, jessie, sid, stretch
node-wsCVE-2016-10518A vulnerability was found in the ping functionality of the ws module ...jessie
CVE-2016-10542ws is a "simple to use, blazing fast and thoroughly tested websocket ...buster, jessie, sid, stretch
TEMP-0000000-BBB7D8remote memory disclosurejessie
nodejsCVE-2014-5256Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider ...buster, jessie, sid, stretch
CVE-2014-9748jessie
CVE-2016-1669The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as ...jessie
CVE-2016-2086Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before ...jessie
CVE-2016-2216The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 ...jessie
CVE-2016-5325CRLF injection vulnerability in the ServerResponse#writeHead function ...jessie
CVE-2016-7099The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, ...jessie
CVE-2017-11499Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through ...jessie, stretch
CVE-2017-14919Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows ...buster, jessie, sid, stretch
CVE-2018-12115In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when ...buster, jessie, sid, stretch
CVE-2018-12116Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request ...buster, jessie, sid, stretch
CVE-2018-12120Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 ...jessie, stretch
CVE-2018-12121Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and ...buster, jessie, sid, stretch
CVE-2018-12122Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and ...buster, jessie, sid, stretch
CVE-2018-12123Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and ...buster, jessie, sid, stretch
CVE-2018-7158The `'path'` module in the Node.js 4.x release line contains a ...jessie, stretch
CVE-2018-7159The HTTP parser in all current versions of Node.js ignores spaces in ...buster, jessie, sid, stretch
CVE-2018-7160The Node.js inspector, in 6.x and later is vulnerable to a DNS ...buster, sid
CVE-2018-7161All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the ...buster, sid
CVE-2018-7162All versions of Node.js 9.x and 10.x are vulnerable and the severity ...buster, sid
CVE-2018-7164Node.js versions 9.7.0 and later and 10.x are vulnerable and the ...buster, sid
CVE-2018-7167Calling Buffer.fill() or Buffer.alloc() with some parameters can lead ...buster, jessie, sid, stretch
novaCVE-2013-0326_base images permissions world readablejessie, sid, stretch
CVE-2015-1850Host file disclosure through qcow2 backing filejessie, sid, stretch
nsdCVE-2016-6173NSD before 4.1.11 allows remote DNS master servers to cause a denial ...jessie
nssCVE-2017-11695Heap-based buffer overflow in the alloc_segs function in ...buster, jessie, sid, stretch
CVE-2017-11696Heap-based buffer overflow in the __hash_open function in ...buster, jessie, sid, stretch
CVE-2017-11697The __hash_open function in hash.c:229 in Mozilla Network Security ...buster, jessie, sid, stretch
CVE-2017-11698Heap-based buffer overflow in the __get_page function in ...buster, jessie, sid, stretch
ntpCVE-2016-2517NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to ...jessie
CVE-2017-6458Multiple buffer overflows in the ctl_put* functions in NTP before ...jessie
CVE-2017-6462Buffer overflow in the legacy Datum Programmable Time Server (DPTS) ...jessie
CVE-2018-12327Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 ...buster, jessie, sid, stretch
nviCVE-2015-2305Integer overflow in the regcomp implementation in the Henry Spencer ...jessie
nvidia-cg-toolkitCVE-2008-5144nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...buster, jessie, sid, stretch
ocaml-batteriesCVE-2017-17519batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) ...buster, jessie, sid, stretch
ocsinventory-serverCVE-2010-1733Multiple SQL injection vulnerabilities in OCS Inventory NG before ...buster, jessie, sid
CVE-2014-4722Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports ...buster, jessie, sid
CVE-2018-1000557OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross ...jessie
CVE-2018-1000558OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and ...jessie
CVE-2018-12482OCS Inventory 2.4.1 contains multiple SQL injections in the search ...buster, jessie, sid
CVE-2018-12483OCS Inventory 2.4.1 is prone to a remote command-execution ...buster, jessie, sid
CVE-2018-14473OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing ...buster, jessie, sid
CVE-2018-14857Unrestricted file upload (with remote code execution) in ...buster, jessie, sid
CVE-2018-15537Unrestricted file upload (with remote code execution) in OCS Inventory ...buster, jessie, sid
onionshareCVE-2018-19960The debug_mode function in web/web.py in OnionShare through 1.3.1, when ...buster, jessie
openexrCVE-2017-14988Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote ...buster, jessie, sid, stretch
CVE-2018-18444makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds ...buster, jessie, sid, stretch
openjdk-7CVE-2012-2739Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 ...jessie
openjpegCVE-2013-4289Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before ...jessie
CVE-2013-4290Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote ...jessie
openjpeg2CVE-2016-10505NULL pointer dereference vulnerabilities in the imagetopnm function in ...buster, jessie, sid, stretch
CVE-2016-10506Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, ...buster, jessie, sid, stretch
CVE-2016-7445convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a ...jessie
CVE-2016-9113There is a NULL pointer dereference in function imagetobmp of ...buster, jessie, sid, stretch
CVE-2016-9114There is a NULL Pointer Access in function imagetopnm of ...buster, jessie, sid, stretch
CVE-2016-9115Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in ...buster, jessie, sid, stretch
CVE-2016-9116NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in ...buster, jessie, sid, stretch
CVE-2016-9117NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in ...buster, jessie, sid, stretch
CVE-2016-9580An integer overflow vulnerability was found in tiftoimage function in ...buster, jessie, sid, stretch
CVE-2016-9581An infinite loop vulnerability in tiftoimage that results in heap ...buster, jessie, sid, stretch
CVE-2017-12982The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG ...buster, jessie, sid, stretch
CVE-2017-17479In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...buster, jessie, sid, stretch
CVE-2018-16375An issue was discovered in OpenJPEG 2.3.0. Missing checks for ...buster, jessie, sid, stretch
CVE-2018-16376An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow ...buster, jessie, sid, stretch
CVE-2018-7648An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The ...buster, jessie, sid, stretch
openldapCVE-2015-3276The nss_parse_ciphers function in libraries/libldap/tls_m.c in ...buster, jessie, sid, stretch
CVE-2017-14159slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ...buster, jessie, sid, stretch
CVE-2017-17740contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both ...buster, jessie, sid, stretch
openrptCVE-2015-2305Integer overflow in the regcomp implementation in the Henry Spencer ...jessie, sid, stretch
opensshCVE-2007-2243OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is ...buster, jessie, sid, stretch
CVE-2007-2768OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, ...buster, jessie, sid, stretch
CVE-2008-3234sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH ...buster, jessie, sid, stretch
CVE-2016-10010sshd in OpenSSH before 7.4, when privilege separation is not used, ...jessie
opensslCVE-2007-6755The NIST SP 800-90A default statement of the Dual Elliptic Curve ...buster, jessie, sid, stretch
CVE-2010-0928OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx ...buster, jessie, sid, stretch
openstack-troveCVE-2015-3156The _write_config function in ...jessie, sid, stretch
openvpnCVE-2006-2229OpenVPN 2.0.7 and earlier, when configured to use the --management ...buster, jessie, sid, stretch
CVE-2016-6329OpenVPN, when using a 64-bit block cipher, makes it easier for remote ...buster, jessie, sid, stretch
CVE-2017-7522OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...stretch
CVE-2018-7544** DISPUTED ** A cross-protocol scripting issue was discovered in the ...buster, jessie, sid, stretch
openvswitchCVE-2017-14970In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are ...jessie, stretch
CVE-2017-9263In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status ...stretch
CVE-2017-9264In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) ...stretch
CVE-2017-9265In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing ...stretch
optipngCVE-2015-7802gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote ...jessie
opus-toolsCVE-2014-9638oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial ...jessie
os-proberCVE-2008-5135** DISPUTED ** ...buster, jessie, sid, stretch
oscCVE-2012-1095osc before 0.134 might allow remote OBS repository servers or package ...buster, jessie, sid, stretch
otrs2CVE-2018-7567** DISPUTED ** In the Admin Package Manager in Open Ticket Request ...buster, jessie, sid, stretch
parallelCVE-2015-4155GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) ...jessie
CVE-2015-4156GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) ...jessie
pasdocCVE-2017-17527** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does ...jessie, stretch
passengerCVE-2016-10345In Phusion Passenger before 5.1.0, a known /tmp filename was used ...buster, sid, stretch
patchCVE-2010-4651Directory traversal vulnerability in util.c in GNU patch 2.6.1 and ...buster, jessie, sid, stretch
CVE-2016-10713An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access ...jessie, stretch
CVE-2018-6951An issue was discovered in GNU patch through 2.7.6. There is a ...buster, jessie, sid, stretch
CVE-2018-6952A double free exists in the another_hunk function in pch.c in GNU patch ...buster, jessie, sid, stretch
pax-utilsTEMP-0856196-13C562scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)jessie, stretch
pcre2CVE-2017-8786pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of ...stretch
pcre3CVE-2017-11164In PCRE 8.41, the OP_KETRMAX feature in the match function in ...buster, jessie, sid, stretch
CVE-2017-16231match() stack overflowbuster, jessie, sid, stretch
CVE-2017-7245Stack-based buffer overflow in the pcre32_copy_substring function in ...buster, jessie, sid, stretch
CVE-2017-7246Stack-based buffer overflow in the pcre32_copy_substring function in ...buster, jessie, sid, stretch
percona-toolkitCVE-2015-1027The version checking subroutine in percona-toolkit before 2.2.13 and ...jessie, jessie, sid
perlCVE-2011-4116unsafe traversal of symlinksbuster, jessie, sid, stretch
TEMP-0769606-4AA6CFa2p: buffer overflowjessie
phabricatorCVE-2017-17536Phabricator before 2017-11-10 does not block the --config and ...buster, sid, stretch
php-font-libCVE-2014-2570Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP ...buster, jessie, sid, stretch
php-gettextTEMP-0000000-07A77Dphp-gettext XSSbuster, jessie, sid, stretch
php-openidCVE-2016-2049examples/consumer/common.php in JanRain PHP OpenID library (aka ...jessie
php-pearCVE-2017-5630PECL in the download utility class in the Installer in PEAR Base System ...buster, sid, stretch
php5CVE-2006-0931Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...jessie
CVE-2006-4023The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...jessie
CVE-2006-6383PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...jessie
CVE-2006-7205The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...jessie
CVE-2007-0448The fopen function in PHP 5.2.0 does not properly handle invalid URI ...jessie
CVE-2007-1413Buffer overflow in the snmpget function in the snmp extension in PHP ...jessie
CVE-2007-1581The resource system in PHP 5.0.0 through 5.2.1 allows ...jessie
CVE-2007-1582The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...jessie
CVE-2007-1710The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...jessie
CVE-2007-1835PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...jessie
CVE-2007-1883PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...jessie
CVE-2007-1890Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...jessie
CVE-2007-3205The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, ...jessie
CVE-2007-3294Multiple buffer overflows in libtidy, as used in the Tidy extension ...jessie
CVE-2007-4255Buffer overflow in the mSQL extension in PHP 5.2.3 allows ...jessie
CVE-2007-4596The perl extension in PHP does not follow safe_mode restrictions, ...jessie
CVE-2007-4889The MySQL extension in PHP 5.2.4 and earlier allows remote attackers ...jessie
CVE-2007-5424The disable_functions feature in PHP 4 and 5 allows attackers to ...jessie
CVE-2008-2666Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...jessie
CVE-2008-4107The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...jessie
CVE-2008-5625PHP 5 before 5.2.7 does not enforce the error_log safe_mode ...jessie
CVE-2008-7002PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...jessie
CVE-2009-3559** DISPUTED ** ...jessie
CVE-2009-4418The unserialize function in PHP 5.3.0 and earlier allows ...jessie
CVE-2010-1861The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...jessie
CVE-2010-1862The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...jessie
CVE-2010-1868The (1) sqlite_single_query and (2) sqlite_array_query functions in ...jessie
CVE-2010-1914The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...jessie
CVE-2010-1915The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ...jessie
CVE-2010-2097The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...jessie
CVE-2010-2100The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) ...jessie
CVE-2010-2101The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) ...jessie
CVE-2010-2190The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions ...jessie
CVE-2010-3062mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through ...jessie
CVE-2010-3063The php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...jessie
CVE-2010-3064Stack-based buffer overflow in the php_mysqlnd_auth_write function in ...jessie
CVE-2012-1171The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to ...jessie
CVE-2012-3365The SQLite functionality in PHP before 5.3.15 allows remote attackers ...jessie
CVE-2013-3735** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 ...jessie
CVE-2013-6501The default soap.wsdl_cache_dir setting in (1) php.ini-production and ...jessie
CVE-2014-5459The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows ...jessie
CVE-2014-9425Double free vulnerability in the zend_ts_hash_graceful_destroy ...jessie
CVE-2015-9253An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before ...jessie
CVE-2016-5116gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used ...jessie
CVE-2017-11362In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ...jessie
CVE-2017-14107The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 ...jessie
CVE-2017-5630PECL in the download utility class in the Installer in PEAR Base System ...jessie
CVE-2017-7890The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in ...jessie
CVE-2017-9118PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a ...jessie
CVE-2017-9119The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ...jessie
php7.0CVE-2015-9253An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before ...stretch
CVE-2017-9118PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a ...stretch
CVE-2017-9119The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ...stretch
CVE-2017-9120PHP 7.x through 7.1.5 allows remote attackers to cause a denial of ...stretch
phpldapadminCVE-2018-12689phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id ...jessie, sid
phpmyadminCVE-2005-3622phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain ...buster, jessie, sid, stretch
CVE-2005-4349** DISPUTED ** ...buster, jessie, sid, stretch
CVE-2006-6373PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...buster, jessie, sid, stretch
CVE-2007-4306Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...buster, jessie, sid, stretch
CVE-2015-8669libraries/config/messages.inc.php in phpMyAdmin 4.0.x before ...jessie
CVE-2015-8980Arbitrary code execution in select_string, ngettext and npgettext count parameterjessie
CVE-2016-2038phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x ...jessie
CVE-2016-2042phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote ...jessie
CVE-2016-5730phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x ...jessie
CVE-2016-6610A full path disclosure vulnerability was discovered in phpMyAdmin ...jessie
CVE-2016-6625An issue was discovered in phpMyAdmin. An attacker can determine ...jessie
CVE-2016-6633An issue was discovered in phpMyAdmin. phpMyAdmin can be used to ...jessie
CVE-2016-9847An issue was discovered in phpMyAdmin. When the user does not specify ...jessie
CVE-2016-9848An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP ...jessie
CVE-2016-9852An issue was discovered in phpMyAdmin. By calling some scripts that ...jessie
CVE-2016-9853An issue was discovered in phpMyAdmin. By calling some scripts that ...jessie
CVE-2016-9854An issue was discovered in phpMyAdmin. By calling some scripts that ...jessie
CVE-2016-9855An issue was discovered in phpMyAdmin. By calling some scripts that ...jessie
CVE-2016-9856An XSS issue was discovered in phpMyAdmin because of an improper fix ...jessie
CVE-2016-9857An issue was discovered in phpMyAdmin. XSS is possible because of a ...jessie
CVE-2016-9858An issue was discovered in phpMyAdmin. With a crafted request ...jessie
CVE-2016-9859An issue was discovered in phpMyAdmin. With a crafted request ...jessie
CVE-2016-9860An issue was discovered in phpMyAdmin. An unauthenticated user can ...jessie
CVE-2016-9866An issue was discovered in phpMyAdmin. When the arg_separator is ...jessie
CVE-2017-1000013phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect ...jessie
CVE-2017-1000014phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the ...jessie
CVE-2017-1000015phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack ...jessie
CVE-2017-1000016A weakness was discovered where an attacker can inject arbitrary ...jessie
CVE-2017-1000017phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user ...jessie
CVE-2017-1000018phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the ...jessie
phppgadminCVE-2006-4976The Date Library in John Lim ADOdb Library for PHP allows remote ...buster, jessie, sid, stretch
phpsysinfoCVE-2006-3360Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 ...jessie, sid
pidginCVE-2008-2956** DISPUTED ** ...buster, jessie, sid, stretch
CVE-2012-1257buster, jessie, sid, stretch
pillowCVE-2014-3606buster, jessie, sid, stretch
CVE-2016-3076Heap-based buffer overflow in the j2k_encode_entry function in Pillow ...buster, jessie, sid, stretch
polarsslCVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft ...jessie
CVE-2018-1000520ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows ...jessie
popplerCVE-2013-4472The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 ...buster, jessie, sid, stretch
CVE-2017-2814An exploitable heap overflow vulnerability exists in the image ...buster, jessie, sid, stretch
CVE-2017-2818An exploitable heap overflow vulnerability exists in the image ...buster, jessie, sid, stretch
CVE-2017-2820An exploitable integer overflow vulnerability exists in the JPEG 2000 ...buster, jessie, sid, stretch
CVE-2017-7511poppler since version 0.17.3 has been vulnerable to NULL pointer ...jessie, stretch
CVE-2017-7515poppler through version 0.55.0 is vulnerable to an uncontrolled ...jessie, stretch
CVE-2017-9083poppler 0.54.0, as used in Evince and other products, has a NULL ...buster, jessie, sid, stretch
CVE-2018-19059An issue was discovered in Poppler 0.71.0. There is a out-of-bounds ...buster, jessie, sid, stretch
CVE-2018-19060An issue was discovered in Poppler 0.71.0. There is a NULL pointer ...buster, jessie, sid, stretch
CVE-2018-19149Poppler before 0.70.0 has a NULL pointer dereference in ...buster, jessie, sid, stretch
postbooksCVE-2017-17525guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate ...jessie, sid, stretch
postfixCVE-2008-4977** DISPUTED ** ...buster, jessie, sid, stretch
potraceCVE-2017-12067Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic ...jessie, stretch
powerpc-utilsCVE-2014-4040snap in powerpc-utils 1.2.20 produces an archive with fstab and ...jessie
pppCVE-2008-5366The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local ...buster, jessie, sid, stretch
CVE-2008-5367ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to ...buster, jessie, sid, stretch
printfilters-ppdCVE-2008-5034** DISPUTED ** ...jessie, sid
protobufCVE-2015-5237protobuf allows remote authenticated attackers to cause a heap-based ...buster, jessie, sid, stretch
psppCVE-2017-10791There is an Integer overflow in the hash_int function of the libpspp ...jessie, stretch
CVE-2017-10792There is a NULL Pointer Dereference in the function ll_insert() of the ...jessie, stretch
CVE-2017-12958There is an illegal address access in the function output_hex() in ...jessie, stretch
CVE-2017-12959There is a reachable assertion abort in the function dict_add_mrset() ...jessie, stretch
CVE-2017-12960There is a reachable assertion abort in the function dict_rename_var() ...jessie, stretch
CVE-2017-12961There is an assertion abort in the function parse_attributes() in ...jessie, stretch
ptlibCVE-2015-2305Integer overflow in the regcomp implementation in the Henry Spencer ...jessie, stretch
puppet-module-puppetlabs-apacheCVE-2018-6508Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a ...buster, jessie, sid, stretch, buster, jessie, sid, stretch, buster, jessie, sid, stretch
pwgenCVE-2013-4441Phonemes mode has heavy bias and is enabled by defaultbuster, jessie, sid, stretch
pycode-browserCVE-2015-0849predictable temporary file vulnerabilityjessie
python-defaultsCVE-2008-4108Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) ...buster, jessie, sid, stretch
python-rplyCVE-2014-1938insecure use of /tmpjessie
python-virtualenvCVE-2018-17793** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "python ...buster, jessie, sid, stretch
python2.7CVE-2013-7040Python 2.7 before 3.4 only uses the last eight bits of the prefix to ...buster, jessie, sid, stretch
CVE-2016-1000110jessie
CVE-2017-17522** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not ...buster, jessie, sid, stretch
CVE-2018-1000030Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a ...jessie, stretch
python3.4CVE-2016-1000110jessie
CVE-2017-17522** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not ...jessie, stretch, buster, sid, buster, sid
pyyamlCVE-2017-18342In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. ...buster, jessie, sid, stretch
qemuCVE-2016-10028The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in ...buster, sid, stretch
CVE-2017-5552Memory leak in the virgl_resource_attach_backing function in ...stretch
CVE-2017-5578Memory leak in the virtio_gpu_resource_attach_backing function in ...stretch
CVE-2017-8284** DISPUTED ** The disas_insn function in target/i386/translate.c in ...buster, jessie, sid, stretch
CVE-2017-9060Memory leak in the virtio_gpu_set_scanout function in ...buster, sid, stretch
qpid-protonCVE-2018-17187The Apache Qpid Proton-J transport includes an optional wrapper layer ...jessie, stretch
qt4-x11CVE-2009-3015QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...buster, jessie, sid, stretch
CVE-2009-3272Stack consumption vulnerability in WebKit.dll in WebKit in Apple ...buster, jessie, sid, stretch
TEMP-0560108-565B70browser-based css info disclosurebuster, jessie, sid, stretch
TEMP-0568486-B6FCB6browser javascript document.write denial-of-servicebuster, jessie, sid, stretch
qtwebkitCVE-2015-8079qt5-qtwebkit before 5.4 records private browsing URLs to its favicon ...buster, jessie, sid, stretch
quaggaCVE-2012-5521buster, jessie, sid, stretch
railsCVE-2010-3299ruby on rails: padding oracle attackbuster, jessie, sid, stretch
CVE-2011-3187The to_s method in ...buster, jessie, sid, stretch
CVE-2017-17916** DISPUTED ** SQL injection vulnerability in the 'find_by' method in ...buster, jessie, sid, stretch
CVE-2017-17917** DISPUTED ** SQL injection vulnerability in the 'where' method in ...buster, jessie, sid, stretch
CVE-2017-17919** DISPUTED ** SQL injection vulnerability in the 'order' method in ...buster, jessie, sid, stretch
CVE-2017-17920** DISPUTED ** SQL injection vulnerability in the 'reorder' method in ...buster, jessie, sid, stretch
redisCVE-2017-15047The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows ...stretch
remindCVE-2015-5957Buffer overflow in the DumpSysVar function in var.c in Remind before ...jessie
resiprocateCVE-2017-9454Buffer overflow in the ares_parse_a_reply function in the embedded ...jessie, stretch
rhn-client-toolsCVE-2015-1777rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on ...jessie, stretch
rhythmboxCVE-2008-7185GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of ...buster, jessie, sid, stretch
rieceTEMP-0601325-4C9A5Binsecure handling of /tmp files in debian/preinstjessie
roundcubeCVE-2018-1000071roundcube version 1.3.4 and earlier contains an Insecure Permissions ...buster, sid
rpmCVE-2010-2198lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the ...buster, jessie, sid, stretch
CVE-2010-2199lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the ...buster, jessie, sid, stretch
CVE-2017-7500It was found that rpm did not properly handle RPM installations when a ...buster, jessie, sid, stretch
CVE-2017-7501It was found that versions of rpm before 4.13.0.2 use temporary files ...buster, jessie, sid, stretch
rsyslogCVE-2015-3243rsyslog uses weak permissions for generating log files, which allows ...buster, jessie, sid, stretch
CVE-2017-12588The zmq3 input and output modules in rsyslog before 8.28.0 interpreted ...jessie, stretch
rtpproxyCVE-2017-14114RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in ...jessie, sid, stretch
rtvCVE-2017-17516scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 ...buster, sid, stretch
ruby-handlebars-assetsTEMP-0000000-345A3Bhandlebars: quoteless attributes in templates can lead to content injectionbuster, jessie, sid, stretch
ruby2.1CVE-2014-3916The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 ...jessie
s3dCVE-2014-1226The pipe_init_terminal function in main.c in s3dvt allows local users ...jessie
scalaCVE-2017-15288The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, ...jessie, stretch
scummvmCVE-2017-17528backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not ...buster, jessie, sid, stretch
seahorseCVE-2008-7320** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate ...buster, jessie, sid, stretch
shadowCVE-2007-5686initscripts in rPath Linux 1 sets insecure permissions for the ...buster, jessie, sid, stretch
CVE-2013-4235TOCTOU race conditions by copying and removing directory treesbuster, jessie, sid, stretch
TEMP-0628843-DBAD28more related to CVE-2005-4890buster, jessie, sid, stretch
shairport-syncCVE-2017-12087An exploitable heap overflow vulnerability exists in the tinysvcmdns ...stretch
sharutilsTEMP-0000000-95CBBFuudecode: stack out of bounds read accessbuster, jessie, sid, stretch
shotwellCVE-2017-1000024Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable ...jessie
simplesamlphpCVE-2016-3124The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote ...jessie
sipcrackCVE-2017-11654An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 ...buster, jessie, sid, stretch
CVE-2017-11655A memory leak was found in the way SIPcrack 0.2 handled processing of ...buster, jessie, sid, stretch
sleuthkitCVE-2017-13755In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image ...jessie, stretch
CVE-2017-13756In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers ...jessie, stretch
CVE-2017-13760In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in ...jessie, stretch
slimTEMP-0537604-F35BD7insecure tmp file vulnerability in slimbuster, jessie, sid, stretch
smsclientCVE-2008-5155mail2sms.sh in smsclient 2.0.8z allows local users to overwrite ...jessie
TEMP-0498901-F99C05unsafe use of tempfile in ssmclientjessie
sosreportCVE-2014-0246SOSreport stores the md5 hash of the GRUB bootloader password in an ...buster, jessie, sid, stretch
CVE-2015-7529sosreport in SoS 3.x allows local users to obtain sensitive ...jessie
spice-gtkCVE-2016-3066The spice-gtk widget allows remote authenticated users to obtain ...buster, jessie, sid, stretch
sql-ledgerCVE-2007-0667The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...buster, jessie, sid, stretch
CVE-2007-1329Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...buster, jessie, sid, stretch
CVE-2007-1923(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...buster, jessie, sid, stretch
CVE-2007-5372Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ...buster, jessie, sid, stretch
CVE-2008-4077The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) ...buster, jessie, sid, stretch
CVE-2008-4078SQL injection vulnerability in the AR/AP transaction report in (1) ...buster, jessie, sid, stretch
CVE-2009-3580Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ...buster, jessie, sid, stretch
CVE-2009-3581Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger ...buster, jessie, sid, stretch
CVE-2009-3582Multiple SQL injection vulnerabilities in the delete subroutine in ...buster, jessie, sid, stretch
CVE-2009-3583Directory traversal vulnerability in the Preferences menu item in ...buster, jessie, sid, stretch
CVE-2009-3584SQL-Ledger 2.8.24 does not set the secure flag for the session cookie ...buster, jessie, sid, stretch
CVE-2009-4402The default configuration of SQL-Ledger 2.8.24 allows remote attackers ...buster, jessie, sid, stretch
sqlite3CVE-2017-13685The dump_callback function in SQLite 3.20.0 allows remote attackers to ...jessie, stretch
squidCVE-2009-0801Squid, when transparent interception mode is enabled, uses the HTTP ...buster, sid
CVE-2014-6270Off-by-one error in the snmpHandleUdp function in snmp_core.cc in ...buster, sid
CVE-2015-3455Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, ...buster, sid
CVE-2016-2390The FwdState::connectedToPeer method in FwdState.cc in Squid before ...buster, sid
CVE-2018-1172This vulnerability allows remote attackers to deny service on ...buster, sid
squid3CVE-2015-3455Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, ...jessie
CVE-2016-2390The FwdState::connectedToPeer method in FwdState.cc in Squid before ...jessie
CVE-2018-1172This vulnerability allows remote attackers to deny service on ...jessie, stretch
CVE-2018-19131Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) ...jessie, stretch
squidguardCVE-2015-8936Cross-site scripting (XSS) vulnerability in squidGuard.cgi in ...jessie
ssmtpCVE-2004-0423The log_event function in ssmtp 2.50.6 and earlier allows local users ...jessie, sid, stretch
CVE-2008-7258** DISPUTED ** ...jessie, sid, stretch
stalinCVE-2015-8697stalin 0.11-5 allows local users to write to arbitrary files. ...buster, jessie, sid, stretch
strongswanCVE-2018-5389The Internet Key Exchange v1 main mode is vulnerable to offline ...buster, jessie, sid, stretch
sudoCVE-2005-1119Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...buster, jessie, sid, stretch
surfCVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...buster, jessie, sid, stretch
swftoolsCVE-2017-1000174In SWFTools, an address access exception was found in swfdump ...buster, jessie, sid, stretch
CVE-2017-1000182In SWFTools, a memory leak was found in wav2swf. ...buster, jessie, sid, stretch
CVE-2017-1000186In SWFTools, a stack overflow was found in pdf2swf. ...buster, jessie, sid, stretch
CVE-2017-1000187In SWFTools, an address access exception was found in pdf2swf. ...buster, jessie, sid, stretch
CVE-2017-10976When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to ...buster, jessie, sid, stretch
CVE-2017-11096When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead ...buster, jessie, sid, stretch
CVE-2017-11097When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a ...buster, jessie, sid, stretch
CVE-2017-11098When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to ...buster, jessie, sid, stretch
CVE-2017-11099When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to ...buster, jessie, sid, stretch
CVE-2017-11100When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead ...buster, jessie, sid, stretch
CVE-2017-11101When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead ...buster, jessie, sid, stretch
CVE-2017-16711The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c ...buster, jessie, sid, stretch
CVE-2017-16794The png_load function in lib/png.c in SWFTools 0.9.2 does not properly ...buster, jessie, sid, stretch
CVE-2017-16796In SWFTools 0.9.2, the png_load function in lib/png.c does not check ...buster, jessie, sid, stretch
CVE-2017-16868In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not ...buster, jessie, sid, stretch
CVE-2017-16890SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono ...buster, jessie, sid, stretch
CVE-2017-8401In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the ...buster, jessie, sid, stretch
CVE-2017-8420SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address ...buster, jessie, sid, stretch
CVE-2017-9924In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...buster, jessie, sid, stretch
CVE-2017-9925In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...buster, jessie, sid, stretch
CVE-2017-9926In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...buster, jessie, sid, stretch
CVE-2017-9927In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...buster, jessie, sid, stretch
swi-prologCVE-2017-17524library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings ...buster, jessie, sid, stretch
sylpheedCVE-2007-1267Sylpheed 2.2.7 and earlier does not properly use the --status-fd ...buster, jessie, sid, stretch
CVE-2017-17517libsylph/utils.c in Sylpheed through 3.6 does not validate strings ...buster, jessie, sid, stretch
symfonyCVE-2017-18343** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x ...jessie, stretch
CVE-2018-12040** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in ...jessie, stretch
systemdCVE-2013-4392systemd, when updating file permissions, allows local users to change ...buster, jessie, sid, stretch
CVE-2017-1000082systemd v233 and earlier fails to safely parse usernames starting with ...stretch
CVE-2017-18078systemd-tmpfiles in systemd before 237 attempts to support ...jessie, stretch
sysvinitTEMP-0517018-A83CE6sysvinit: no-root option in expert installer exposes locally exploitable security flawbuster, jessie, sid, stretch
t1utilsTEMP-0868134-294030out-of-bounds read in eexec_line()stretch
tarCVE-2005-2541Tar 1.15.1 does not properly warn the user when extracting setuid or ...buster, jessie, sid, stretch
TEMP-0290435-0B57B5tar's rmt command may have undesired side effectsbuster, jessie, sid, stretch
tcpdumpCVE-2018-19519In tcpdump 4.9.2, a stack-based buffer over-read exists in the ...buster, jessie, sid, stretch
tcpflowCVE-2018-18409A stack-based buffer over-read exists in setbit() at iptree.h of ...jessie, stretch
telegram-desktopCVE-2018-17231** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow ...buster, sid
tenshiCVE-2017-11746Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a ...buster, sid, stretch
texlive-baseCVE-2017-17513TeX Live through 20170524 does not validate strings before launching ...buster, jessie, sid, stretch
texlive-binCVE-2016-10243TeX Live allows remote attackers to execute arbitrary commands by ...buster, jessie, sid, stretch
CVE-2017-17513TeX Live through 20170524 does not validate strings before launching ...buster, jessie, sid, stretch
thrift-compilerCVE-2016-5397The Apache Thrift Go client library exposed the potential during code ...jessie, stretch
thunarCVE-2018-18398Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey ...buster, jessie, sid, stretch
TEMP-0517020-915121thunar: potential exploits via application launchersbuster, jessie, sid, stretch
tiffCVE-2010-2596The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and ...jessie
CVE-2014-8127LibTIFF 4.0.3 allows remote attackers to cause a denial of service ...jessie
CVE-2014-8130The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not ...buster, jessie, sid, stretch
CVE-2016-10268tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a ...jessie
CVE-2016-9539tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in ...jessie
CVE-2017-16232memory-based DoS in tiff2bwbuster, jessie, sid, stretch
CVE-2017-17095tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to ...jessie
CVE-2017-17973** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free ...buster, jessie, sid, stretch
CVE-2017-5563LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in ...buster, jessie, sid, stretch
CVE-2017-9117In LibTIFF 4.0.7, the program processes BMP images without verifying ...buster, jessie, sid, stretch
CVE-2018-10126LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 ...buster, jessie, sid, stretch
CVE-2018-18661An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer ...jessie, stretch
TEMP-0846838-9738BDtiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missingjessie
timidityCVE-2017-11546The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 ...jessie, stretch
CVE-2017-11547The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows ...jessie, stretch
CVE-2017-11549The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote ...buster, jessie, sid, stretch
tinCVE-2017-17520** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate ...buster, jessie, sid, stretch
tinymuxCVE-2007-1959Unspecified vulnerability in the process_cmdent function in ...buster, jessie, sid, stretch
tinyxml2CVE-2018-11210TinyXML2 6.2.0 has a heap-based buffer over-read in the ...buster, jessie, sid, stretch
tomcat7CVE-2012-5568Apache Tomcat through 7.0.x allows remote attackers to cause a denial ...jessie, stretch
tomcat8CVE-2016-5388Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI ...jessie
torCVE-2006-6893Tor allows remote attackers to discover the IP address of a hidden ...buster, jessie, sid, stretch
CVE-2007-1103Tor does not verify a node's uptime and bandwidth advertisements, ...buster, jessie, sid, stretch
CVE-2009-0654Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote ...buster, jessie, sid, stretch
transfigCVE-2018-16140A buffer underwrite vulnerability in get_line() (read.c) in fig2dev ...jessie
twigCVE-2018-13818** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection ...jessie, stretch
twistedCVE-2016-1000111buster, jessie, sid, stretch
u-bootCVE-2017-3225Das U-Boot is a device bootloader that can read its configuration from ...buster, jessie, sid, stretch
CVE-2017-3226Das U-Boot is a device bootloader that can read its configuration from ...buster, jessie, sid, stretch
CVE-2018-1000205U-Boot contains a CWE-20: Improper Input Validation vulnerability in ...buster, jessie, sid, stretch
CVE-2018-18439DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer ...buster, jessie, sid, stretch
CVE-2018-18440DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer ...buster, jessie, sid, stretch
uclibcCVE-2016-2224The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before ...buster, jessie, sid, stretch
CVE-2016-2225The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng ...buster, jessie, sid, stretch
CVE-2016-6264Integer signedness error in libc/string/arm/memset.S in uClibc and ...buster, jessie, sid, stretch
CVE-2017-9728In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp ...buster, jessie, sid, stretch
CVE-2017-9729In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) ...buster, jessie, sid, stretch
ufrawCVE-2018-19655A stack-based buffer overflow in the find_green() function of dcraw ...jessie, stretch
uglifyjsCVE-2015-8857The uglify-js package before 2.4.24 for Node.js does not properly ...buster, jessie, sid, stretch
CVE-2015-8858The uglify-js package before 2.6.0 for Node.js allows attackers to ...buster, jessie, sid, stretch
unixodbcCVE-2012-2657** DISPUTED ** ...jessie, stretch
CVE-2012-2658** DISPUTED ** ...jessie, stretch
unrar-freeCVE-2017-11189unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a ...buster, jessie, sid, stretch
CVE-2017-11190unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might ...buster, jessie, sid, stretch
CVE-2017-14121The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free ...jessie, stretch
CVE-2017-14122unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based ...jessie, stretch
upx-uclCVE-2017-15056p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote ...jessie, stretch
CVE-2017-16869** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause ...jessie, stretch
util-linuxCVE-2015-5218Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before ...jessie
CVE-2015-5224The mkostemp function in login-utils in util-linux when used ...jessie
CVE-2017-2616A race condition was found in util-linux before 2.32.1 in the way su ...jessie
TEMP-0786804-C23D2Bhwclock(8) SUID privilege escalationjessie
uzblCVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...jessie, stretch
varnishCVE-2009-4488** DISPUTED ** Varnish 2.0.6 writes data to a log file without ...buster, jessie, sid, stretch
vimCVE-2008-4677autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ...buster, jessie, sid, stretch
CVE-2017-1000382VIM version 8.0.1187 (and other versions most likely) ignores umask ...buster, jessie, sid, stretch
vinoCVE-2011-1164Vino before 2.99.4 can connect external networks contrary to the ...buster, jessie, sid, stretch
CVE-2011-1165Vino, possibly before 3.2, does not properly document that it opens ...buster, jessie, sid, stretch
vnc4CVE-2014-0011ZRLE decoding bounds checking issuejessie
CVE-2015-2305Integer overflow in the regcomp implementation in the Henry Spencer ...jessie
vorbis-toolsCVE-2017-11331The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ...buster, jessie, sid, stretch
vteCVE-2005-0023gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to ...buster, jessie, sid, stretch
w3mCVE-2018-6198w3m through 0.5.3 does not properly handle temporary files when the ...jessie
TEMP-0532514-9137E0predictable random number generator used in web browsersbuster, jessie, sid, stretch
web2pyCVE-2013-6837Cross-site scripting (XSS) vulnerability in the setTimeout function in ...jessie
webkit2gtkCVE-2015-7096WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before ...jessie
CVE-2015-7098WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before ...jessie
CVE-2016-4590WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles ...jessie
CVE-2016-4591WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...jessie
CVE-2016-4622WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...jessie
CVE-2016-4624WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...jessie
CVE-2016-4692An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-4743An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7586An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7587An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7589An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7592An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7598An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7599An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7610An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7611An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7623An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7632An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7635An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7639An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7640An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7641An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7642An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7645An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7646An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7648An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7649An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7652An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7654An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7656An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2017-1000121The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, ...jessie
CVE-2017-1000122The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, ...jessie
CVE-2017-13783An issue was discovered in certain Apple products. iOS before 11.1 is ...jessie
CVE-2017-13784An issue was discovered in certain Apple products. iOS before 11.1 is ...jessie
CVE-2017-13785An issue was discovered in certain Apple products. iOS before 11.1 is ...jessie
CVE-2017-13788An issue was discovered in certain Apple products. iOS before 11.1 is ...jessie
CVE-2017-13791An issue was discovered in certain Apple products. iOS before 11.1 is ...jessie
CVE-2017-13792An issue was discovered in certain Apple products. iOS before 11.1 is ...jessie
CVE-2017-13793An issue was discovered in certain Apple products. iOS before 11.1 is ...jessie
CVE-2017-13794An issue was discovered in certain Apple products. iOS before 11.1 is ...jessie
CVE-2017-13795An issue was discovered in certain Apple products. iOS before 11.1 is ...jessie
CVE-2017-13796An issue was discovered in certain Apple products. iOS before 11.1 is ...jessie
CVE-2017-13798An issue was discovered in certain Apple products. iOS before 11.1 is ...jessie
CVE-2017-13802An issue was discovered in certain Apple products. iOS before 11.1 is ...jessie
CVE-2017-13803An issue was discovered in certain Apple products. iOS before 11.1 is ...jessie
CVE-2017-13856An issue was discovered in certain Apple products. iOS before 11.2 is ...jessie
CVE-2017-13866An issue was discovered in certain Apple products. iOS before 11.2 is ...jessie
CVE-2017-13870An issue was discovered in certain Apple products. iOS before 11.2 is ...jessie
CVE-2017-13884An issue was discovered in certain Apple products. iOS before 11.2 is ...jessie
CVE-2017-13885An issue was discovered in certain Apple products. iOS before 11.2 is ...jessie
CVE-2017-17821WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology ...buster, jessie, sid, stretch
CVE-2017-2350An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2354An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2355An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2356An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2362An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2363An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2364An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2365An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2366An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2369An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2371An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2373An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2376An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2377An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2386An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2392An issue was discovered in certain Apple products. Safari before 10.1 ...jessie
CVE-2017-2394An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2395An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2396An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2405An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2415An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2419An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2424An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2433An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2442An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2445An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2446An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2447An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2454An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2455An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2457An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2459An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2460An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2464An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2465An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2466An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2468An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2469An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2470An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2471An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2475An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2476An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2481An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2496An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2504An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2505An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2506An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2508An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2510An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2514An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2515An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2521An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2525An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2526An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2528An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2530An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2531An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2536An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2538An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2539An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2544An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2547An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-2549An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-6980An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-6984An issue was discovered in certain Apple products. iOS before 10.3.2 ...jessie
CVE-2017-7006An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7011An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7012An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7018An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7019An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7020An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7030An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7034An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7037An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7038A DOMParser XSS issue was discovered in certain Apple products. iOS ...jessie
CVE-2017-7039An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7040An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7041An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7042An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7043An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7046An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7048An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7049An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7052An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7055An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7056An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7059A DOMParser XSS issue was discovered in certain Apple products. iOS ...jessie
CVE-2017-7061An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7064An issue was discovered in certain Apple products. iOS before 10.3.3 ...jessie
CVE-2017-7081An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7087An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7089An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7090An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7091An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7092An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7093An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7094An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7095An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7096An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7098An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7099An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7100An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7102An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7104An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7107An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7109An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7111An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7117An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7120An issue was discovered in certain Apple products. iOS before 11 is ...jessie
CVE-2017-7142An issue was discovered in certain Apple products. Safari before 11 is ...jessie
CVE-2017-7153An issue was discovered in certain Apple products. iOS before 11.2 is ...jessie
CVE-2017-7156An issue was discovered in certain Apple products. iOS before 11.2 is ...jessie
CVE-2017-7157An issue was discovered in certain Apple products. iOS before 11.2 is ...jessie
CVE-2017-7160An issue was discovered in certain Apple products. iOS before 11.2 is ...jessie
CVE-2017-7161An issue was discovered in certain Apple products. Safari before ...jessie
CVE-2017-7165An issue was discovered in certain Apple products. iOS before 11.2 is ...jessie
CVE-2018-11646webkitFaviconDatabaseSetIconForPageURL and ...jessie, stretch
CVE-2018-11712WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the ...jessie, stretch
CVE-2018-11713WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the ...jessie, stretch
CVE-2018-12293The getImageData function in the ImageBufferCairo class in ...jessie, stretch
CVE-2018-12294WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as ...jessie, stretch
CVE-2018-12911WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant ...jessie, stretch
CVE-2018-4088An issue was discovered in certain Apple products. iOS before 11.2.5 ...jessie
CVE-2018-4089An issue was discovered in certain Apple products. iOS before 11.2.5 ...jessie
CVE-2018-4096An issue was discovered in certain Apple products. iOS before 11.2.5 ...jessie
CVE-2018-4101An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4113An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4114An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4117An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4118An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4119An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4120An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4121An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4122An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4125An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4127An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4128An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4129An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4133An issue was discovered in certain Apple products. Safari before 11.1 ...jessie, stretch
CVE-2018-4146An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4161An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4162An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4163An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4165An issue was discovered in certain Apple products. iOS before 11.3 is ...jessie, stretch
CVE-2018-4190An issue was discovered in certain Apple products. iOS before 11.4 is ...jessie, stretch
CVE-2018-4191jessie, stretch
CVE-2018-4192An issue was discovered in certain Apple products. iOS before 11.4 is ...jessie, stretch
CVE-2018-4197jessie, stretch
CVE-2018-4199An issue was discovered in certain Apple products. iOS before 11.4 is ...jessie, stretch
CVE-2018-4200An issue was discovered in certain Apple products. iOS before 11.3.1 ...jessie, stretch
CVE-2018-4201An issue was discovered in certain Apple products. iOS before 11.4 is ...jessie, stretch
CVE-2018-4204An issue was discovered in certain Apple products. iOS before 11.4 is ...jessie, stretch
CVE-2018-4207jessie, stretch
CVE-2018-4208jessie, stretch
CVE-2018-4209jessie, stretch
CVE-2018-4210jessie, stretch
CVE-2018-4212jessie, stretch
CVE-2018-4213jessie, stretch
CVE-2018-4214An issue was discovered in certain Apple products. iOS before 11.4 is ...jessie, stretch
CVE-2018-4218An issue was discovered in certain Apple products. iOS before 11.4 is ...jessie, stretch
CVE-2018-4222An issue was discovered in certain Apple products. iOS before 11.4 is ...jessie, stretch
CVE-2018-4232An issue was discovered in certain Apple products. iOS before 11.4 is ...jessie, stretch
CVE-2018-4233An issue was discovered in certain Apple products. iOS before 11.4 is ...jessie, stretch
CVE-2018-4246An issue was discovered in certain Apple products. iOS before 11.4 is ...jessie, stretch
CVE-2018-4261jessie, stretch
CVE-2018-4262jessie, stretch
CVE-2018-4263jessie, stretch
CVE-2018-4264jessie, stretch
CVE-2018-4265jessie, stretch
CVE-2018-4266jessie, stretch
CVE-2018-4267jessie, stretch
CVE-2018-4270jessie, stretch
CVE-2018-4271jessie, stretch
CVE-2018-4272jessie, stretch
CVE-2018-4273jessie, stretch
CVE-2018-4278jessie, stretch
CVE-2018-4284jessie, stretch
CVE-2018-4299jessie, stretch
CVE-2018-4306jessie, stretch
CVE-2018-4309jessie, stretch
CVE-2018-4311jessie, stretch
CVE-2018-4312jessie, stretch
CVE-2018-4314jessie, stretch
CVE-2018-4315jessie, stretch
CVE-2018-4316jessie, stretch
CVE-2018-4317jessie, stretch
CVE-2018-4318jessie, stretch
CVE-2018-4319jessie, stretch
CVE-2018-4323jessie, stretch
CVE-2018-4328jessie, stretch
CVE-2018-4345jessie, stretch
CVE-2018-4358jessie, stretch
CVE-2018-4359jessie, stretch
CVE-2018-4361jessie, stretch
CVE-2018-4372jessie, stretch
CVE-2018-4373jessie, stretch
CVE-2018-4375jessie, stretch
CVE-2018-4376jessie, stretch
CVE-2018-4378jessie, stretch
CVE-2018-4382jessie, stretch
CVE-2018-4386jessie, stretch
CVE-2018-4392jessie, stretch
CVE-2018-4416jessie, stretch
webkitgtkCVE-2016-10222runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in ...jessie, stretch
CVE-2016-10226JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...jessie, stretch
CVE-2016-1856WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...jessie, stretch
CVE-2016-1857WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...jessie, stretch
CVE-2016-4657WebKit in Apple iOS before 9.3.5 allows remote attackers to execute ...jessie, stretch
CVE-2016-9642JavaScriptCore in WebKit allows attackers to cause a denial of service ...jessie, stretch
CVE-2016-9643The regex code in Webkit 2.4.11 allows remote attackers to cause a ...jessie, stretch
CVE-2017-2367An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie, stretch
CVE-2017-5949JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...jessie, stretch
whiteduneCVE-2017-17518swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not ...buster, jessie, sid, stretch
wineTEMP-0816034-9C45DCunsafe use of /tmpbuster, jessie, stretch, jessie, stretch
wordpressCVE-2006-0733** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress ...buster, jessie, sid, stretch
CVE-2008-0191WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...buster, jessie, sid, stretch
CVE-2011-4898** DISPUTED ** wp-admin/setup-config.php in the installation component ...buster, jessie, sid, stretch
CVE-2011-4899** DISPUTED ** wp-admin/setup-config.php in the installation component ...buster, jessie, sid, stretch
CVE-2012-0782** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...buster, jessie, sid, stretch
CVE-2012-0937** DISPUTED ** wp-admin/setup-config.php in the installation component ...buster, jessie, sid, stretch
CVE-2012-5868WordPress 3.4.2 does not invalidate a wordpress_sec session cookie ...buster, jessie, sid, stretch
CVE-2013-7233Cross-site request forgery (CSRF) vulnerability in the retrospam ...buster, jessie, sid, stretch
CVE-2018-6389In WordPress through 4.9.2, unauthenticated attackers can cause a ...buster, jessie, sid, stretch
wpaCVE-2017-13084Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...buster, jessie, sid, stretch
xbindkeys-configCVE-2014-9513Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows ...buster, jessie, sid, stretch
xbmcCVE-2013-1438Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in ...jessie
xcfaCVE-2014-5254Symlink following issuesjessie
CVE-2014-5255Insecure use of temporary file related to the /tmp/get_infos_dvd.shjessie
xchatCVE-2011-5129Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote ...buster, jessie, sid
xdg-user-dirsCVE-2017-15131It was found that system umask policy is not being honored when ...buster, jessie, sid, stretch
xenCVE-2014-9066Xen 4.4.x and earlier, when using a large number of VCPUs, does not ...buster, jessie, sid, stretch
xerces-cCVE-2012-0880Apache Xerces-C++ allows remote attackers to cause a denial of service ...buster, jessie, sid, stretch
xfigCVE-2009-4228Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and ...buster, jessie, sid, stretch
xloadimageCVE-2006-4484Buffer overflow in the LWZReadByte_ function in ...buster, jessie, sid, stretch
xpdfCVE-2010-0206xpdf: Invalid pointer dereference by processing JBIG2 PDF stream objectsbuster, jessie, sid, stretch
CVE-2010-0207xpdf: XRef table parsing infinite loopbuster, jessie, sid, stretch
CVE-2013-4472The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 ...buster, jessie, sid, stretch
CVE-2018-11033The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in ...buster, jessie, sid, stretch
CVE-2018-16368SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows ...buster, jessie, sid, stretch
CVE-2018-16369XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a ...buster, jessie, sid, stretch
CVE-2018-18454CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote ...buster, jessie, sid, stretch
CVE-2018-18455The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote ...buster, jessie, sid, stretch
CVE-2018-18456The function Object::isName() in Object.h (called from ...buster, jessie, sid, stretch
CVE-2018-18457The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows ...buster, jessie, sid, stretch
CVE-2018-18458The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows ...buster, jessie, sid, stretch
CVE-2018-18459The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows ...buster, jessie, sid, stretch
CVE-2018-7173A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an ...buster, jessie, sid, stretch
CVE-2018-7174An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref ...buster, jessie, sid, stretch
CVE-2018-7175An issue was discovered in xpdf 4.00. A NULL pointer dereference in ...buster, jessie, sid, stretch
CVE-2018-7452A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in ...buster, jessie, sid, stretch
CVE-2018-7453Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 ...buster, jessie, sid, stretch
CVE-2018-7454A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf ...buster, jessie, sid, stretch
CVE-2018-7455An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in ...buster, jessie, sid, stretch
CVE-2018-8100The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 ...buster, jessie, sid, stretch
CVE-2018-8101The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf ...buster, jessie, sid, stretch
CVE-2018-8102The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf ...buster, jessie, sid, stretch
CVE-2018-8103The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf ...buster, jessie, sid, stretch
CVE-2018-8104The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows ...buster, jessie, sid, stretch
CVE-2018-8105The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows ...buster, jessie, sid, stretch
CVE-2018-8106The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 ...buster, jessie, sid, stretch
CVE-2018-8107The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows ...buster, jessie, sid, stretch
xtermCVE-2006-4447X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, ...buster, jessie, sid, stretch
yawsCVE-2009-4495Yaws 1.85 writes data to a log file without sanitizing non-printable ...buster, jessie, sid, stretch
yumCVE-2013-1910Not removing bad metadata and using it in next runbuster, jessie, sid, stretch
zipCVE-2018-13410** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line ...buster, jessie, sid, stretch
zophCVE-2014-9235Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes ...buster, sid
CVE-2014-9236Cross-site scripting (XSS) vulnerability in php/edit_photos.php in ...buster, sid
zshCVE-2017-18205In builtin.c in zsh before 5.4, when sh compatibility mode is used, ...jessie, stretch
CVE-2018-7548In subst.c in zsh through 5.4.2, there is a NULL pointer dereference ...jessie, stretch
CVE-2018-7549In params.c in zsh through 5.4.2, there is a crash during a copy of an ...jessie, stretch
zziplibCVE-2018-17828Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers ...buster, jessie, sid, stretch
Search for package or bug name: Reporting problems