Packages that have open unimportant issues

This page lists packages that are affected by issues that are considered unimportant from a security perspective. These issues are thought to be unexploitable or uneffective in most situations (for example, browser denial-of-services).

PackageBugDescriptionReleases
9baseCVE-2014-19359base 1:6-6 and 1:6-7 insecurely creates temporary files which results ...bullseye, buster, sid, stretch
abcm2psCVE-2018-10753Stack-based buffer overflow in the delayed_output function in music.c ...stretch
CVE-2018-10771Stack-based buffer overflow in the get_key function in parse.c in abcm ...stretch
CVE-2019-1010069moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The ...stretch
abiwordCVE-2017-17529af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings ...bullseye, buster, sid, stretch
acpica-unixCVE-2017-13693The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils. ...stretch
CVE-2017-13694The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobje ...stretch
CVE-2017-13695The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the ...stretch
activemqCVE-2018-8006An instance of a cross-site scripting vulnerability was identified to ...stretch
CVE-2019-0222In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame ca ...buster
CVE-2020-13947An instance of a cross-site scripting vulnerability was identified to ...bullseye, buster, sid, stretch
CVE-2020-1941In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open ...bullseye, buster, sid, stretch
adnsCVE-2017-9103An issue was discovered in adns before 1.5.2. pap_mailbox822 does not ...buster, stretch
CVE-2017-9104An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if ...buster, stretch
CVE-2017-9105An issue was discovered in adns before 1.5.2. It corrupts a pointer wh ...buster, stretch
CVE-2017-9106An issue was discovered in adns before 1.5.2. adns_rr_info mishandles ...buster, stretch
CVE-2017-9107An issue was discovered in adns before 1.5.2. It overruns reading a bu ...buster, stretch
CVE-2017-9108An issue was discovered in adns before 1.5.2. adnshost mishandles a mi ...buster, stretch
CVE-2017-9109An issue was discovered in adns before 1.5.2. It fails to ignore appar ...buster, stretch
afflibCVE-2018-8050The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFL ...stretch
amandaCVE-2016-10729An issue was discovered in Amanda 3.3.1. A user with backup privileges ...bullseye, buster, sid, stretch
CVE-2016-10730An issue was discovered in Amanda 3.3.1. A user with backup privileges ...bullseye, buster, sid, stretch
amarokCVE-2020-13152A remote user can create a specially crafted M3U file, media playlist ...stretch
android-framework-23CVE-2017-0752A elevation of privilege vulnerability in the Android framework (windo ...bullseye, buster, sid, stretch
CVE-2017-0822An elevation of privilege vulnerability in the Android system (camera) ...bullseye, buster, sid, stretch
android-platform-frameworks-nativeCVE-2015-3875libutils in Android before 5.1.1 LMY48T allows remote attackers to exe ...bullseye, buster, sid, stretch
CVE-2015-6602libutils in Android through 5.1.1 LMY48M allows remote attackers to ex ...bullseye, buster, sid, stretch
CVE-2015-6609libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allo ...bullseye, buster, sid, stretch
android-platform-system-coreCVE-2012-5564android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users t ...bullseye, buster, sid, stretch
CVE-2017-0647An information disclosure vulnerability in libziparchive could enable ...stretch
CVE-2017-0841A remote code execution vulnerability in the Android system (libutils) ...bullseye, buster, sid, stretch
android-toolsCVE-2012-5564android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users t ...buster
ansibleCVE-2017-7550A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x bef ...stretch
CVE-2020-1734A flaw was found in the pipe lookup plugin of ansible. Arbitrary comma ...bullseye, buster, sid, stretch
CVE-2020-1736A flaw was found in Ansible Engine when a file is moved using atomic_m ...bullseye, buster, sid, stretch
CVE-2020-1737A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9 ...buster, stretch
CVE-2020-1738A flaw was found in Ansible Engine when the module package or service ...bullseye, buster, sid, stretch
aolserver4CVE-2009-4494AOLserver 4.5.1 writes data to a log file without sanitizing non-print ...stretch
apache2CVE-2001-1534mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's u ...bullseye, buster, sid, stretch
CVE-2003-1307bullseye, buster, sid, stretch
CVE-2003-1580The Apache HTTP Server 2.0.44, when DNS resolution is enabled for clie ...bullseye, buster, sid, stretch
CVE-2003-1581The Apache HTTP Server 2.0.44, when DNS resolution is enabled for clie ...bullseye, buster, sid, stretch
CVE-2007-0086bullseye, buster, sid, stretch
CVE-2007-1743suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combination ...bullseye, buster, sid, stretch
CVE-2007-3303Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows loc ...bullseye, buster, sid, stretch
CVE-2008-0456CRLF injection vulnerability in the mod_negotiation module in the Apac ...bullseye, buster, sid, stretch
aptCVE-2011-3374It was found that apt-key in apt, all versions, do not correctly valid ...bullseye, buster, sid, stretch
apt-setupCVE-2005-2214apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...bullseye, buster, sid, stretch
asn1cCVE-2017-12966The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1 ...bullseye, buster, sid, stretch
avahiCVE-2017-6519avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to ...buster, stretch
awffullCVE-2007-0510Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) prese ...bullseye, buster, sid, stretch
awstatsCVE-2018-10245A Full Path Disclosure vulnerability in AWStats through 7.6 allows rem ...bullseye, buster, sid, stretch
axisCVE-2007-2353Apache Axis 1.0 allows remote attackers to obtain sensitive informatio ...bullseye, buster, sid, stretch
CVE-2019-0227A Server Side Request Forgery (SSRF) vulnerability affected the Apache ...bullseye, buster, sid, stretch
bansheeCVE-2009-1175Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in th ...stretch
bashCVE-2019-18276An issue was discovered in disable_priv_mode in shell.c in GNU Bash th ...buster, stretch
TEMP-0841856-B18BAFPrivilege escalation possible to other user than rootbullseye, buster, sid, stretch
bash-completionCVE-2018-7738In util-linux before 2.32-rc1, bash-completion/umount allows local use ...bullseye, buster, sid, stretch
bibutilsCVE-2018-10773NULL pointer deference in the addsn function in serialno.c in libbibco ...buster, stretch
CVE-2018-10774Read access violation in the isiin_keyword function in isiin.c in libb ...buster, stretch
CVE-2018-10775NULL pointer dereference in the _fields_add function in fields.c in li ...buster, stretch
binaryenCVE-2019-15758An issue was discovered in Binaryen 1.38.32. Missing validation rules ...buster
CVE-2019-15759An issue was discovered in Binaryen 1.38.32. Two visitors in ir/Expres ...buster
bind9CVE-2016-6170ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x throug ...stretch
CVE-2018-5741To provide fine-grained controls over the ability to use Dynamic DNS ( ...stretch
binutilsCVE-2017-13716The C++ symbol demangler routine in cplus-dem.c in libiberty, as distr ...bullseye, buster, sid, stretch
CVE-2018-1000876binutils version 2.32 and earlier contains a Integer Overflow vulnerab ...buster, stretch
CVE-2018-12697A NULL pointer dereference (aka SEGV on unknown address 0x000000000000 ...buster, stretch
CVE-2018-12698demangle_template in cplus-dem.c in GNU libiberty, as distributed in G ...buster, stretch
CVE-2018-12699finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause ...buster, stretch
CVE-2018-12700A Stack Exhaustion issue was discovered in debug_write_type in debug.c ...buster, stretch
CVE-2018-12934remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU ...bullseye, buster, sid, stretch
CVE-2018-13033The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...stretch
CVE-2018-17358An issue was discovered in the Binary File Descriptor (BFD) library (a ...buster, stretch
CVE-2018-17359An issue was discovered in the Binary File Descriptor (BFD) library (a ...buster, stretch
CVE-2018-17360An issue was discovered in the Binary File Descriptor (BFD) library (a ...buster, stretch
CVE-2018-17794An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ...buster, stretch
CVE-2018-17985An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...buster, stretch
CVE-2018-18309An issue was discovered in the Binary File Descriptor (BFD) library (a ...buster, stretch
CVE-2018-18483The get_count function in cplus-dem.c in GNU libiberty, as distributed ...bullseye, buster, sid, stretch
CVE-2018-18484An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...buster, stretch
CVE-2018-18605A heap-based buffer over-read issue was discovered in the function sec ...buster, stretch
CVE-2018-18606An issue was discovered in the merge_strings function in merge.c in th ...buster, stretch
CVE-2018-18607An issue was discovered in elf_link_input_bfd in elflink.c in the Bina ...buster, stretch
CVE-2018-18700An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...buster, stretch
CVE-2018-18701An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...buster, stretch
CVE-2018-19931An issue was discovered in the Binary File Descriptor (BFD) library (a ...buster, stretch
CVE-2018-19932An issue was discovered in the Binary File Descriptor (BFD) library (a ...buster, stretch
CVE-2018-20002The _bfd_generic_read_minisymbols function in syms.c in the Binary Fil ...buster, stretch
CVE-2018-20623In GNU Binutils 2.31.1, there is a use-after-free in the error functio ...bullseye, buster, sid, stretch
CVE-2018-20651A NULL pointer dereference was discovered in elf_link_add_object_symbo ...buster, stretch
CVE-2018-20671load_specific_debug_section in objdump.c in GNU Binutils through 2.31. ...buster, stretch
CVE-2018-20673The demangle_template function in cplus-dem.c in GNU libiberty, as dis ...bullseye, buster, sid, stretch
CVE-2018-20712A heap-based buffer over-read exists in the function d_expression_1 in ...bullseye, buster, sid, stretch
CVE-2018-9138An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ...buster, stretch
CVE-2018-9996An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ...bullseye, buster, sid, stretch
CVE-2019-1010180GNU gdb All versions is affected by: Buffer Overflow - Out of bound me ...buster, stretch
CVE-2019-1010204GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is aff ...bullseye, buster, sid, stretch
CVE-2019-12972An issue was discovered in the Binary File Descriptor (BFD) library (a ...buster, stretch
CVE-2019-14250An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...buster, stretch
CVE-2019-14444apply_relocations in readelf.c in GNU Binutils 2.32 contains an intege ...buster, stretch
CVE-2019-17450find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) ...bullseye, buster, sid, stretch
CVE-2019-17451An issue was discovered in the Binary File Descriptor (BFD) library (a ...bullseye, buster, sid, stretch
CVE-2019-9070An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...buster, stretch
CVE-2019-9071An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...buster, stretch
CVE-2019-9073An issue was discovered in the Binary File Descriptor (BFD) library (a ...buster, stretch
CVE-2019-9074An issue was discovered in the Binary File Descriptor (BFD) library (a ...buster, stretch
CVE-2019-9075An issue was discovered in the Binary File Descriptor (BFD) library (a ...buster, stretch
CVE-2019-9077An issue was discovered in GNU Binutils 2.32. It is a heap-based buffe ...buster, stretch
CVE-2020-16590A double free vulnerability exists in the Binary File Descriptor (BFD) ...bullseye, buster, sid, stretch
CVE-2020-16591A Denial of Service vulnerability exists in the Binary File Descriptor ...bullseye, buster, sid, stretch
CVE-2020-16592A use after free issue exists in the Binary File Descriptor (BFD) libr ...bullseye, buster, sid, stretch
CVE-2020-16593A Null Pointer Dereference vulnerability exists in the Binary File Des ...bullseye, buster, sid, stretch
CVE-2020-16599A Null Pointer Dereference vulnerability exists in the Binary File Des ...bullseye, buster, sid, stretch
CVE-2020-35448An issue was discovered in the Binary File Descriptor (BFD) library (a ...bullseye, buster, sid, stretch
CVE-2020-35493A flaw exists in binutils in bfd/pef.c. An attacker who is able to sub ...buster, stretch
CVE-2020-35494There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is ab ...buster, stretch
CVE-2020-35495There's a flaw in binutils /bfd/pef.c. An attacker who is able to subm ...buster, stretch
CVE-2020-35496There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutil ...buster, stretch
CVE-2020-35507There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutil ...buster, stretch
CVE-2021-20197There is an open race window when writing output in the following util ...bullseye, buster, sid, stretch
CVE-2021-20284A flaw was found in GNU Binutils 2.35.1, where there is a heap-based b ...bullseye, buster, sid, stretch
CVE-2021-20294bullseye, buster, sid, stretch
CVE-2021-3487There's a flaw in the BFD library of binutils in versions before 2.36. ...bullseye, buster, sid, stretch
bisonCVE-2020-14150GNU Bison before 3.5.4 allows attackers to cause a denial of service ( ...buster, stretch
blenderCVE-2005-3151Buffer overflow in blenderplay in Blender Player 2.37a allows attacker ...bullseye, buster, sid, stretch
CVE-2009-3850Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execut ...bullseye, buster, sid, stretch
CVE-2010-5105The undo save quit routine in the kernel in Blender 2.5, 2.63a, and ea ...bullseye, buster, sid, stretch
bluezCVE-2016-9797In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" functio ...bullseye, buster, sid, stretch
CVE-2016-9798In BlueZ 5.42, a use-after-free was identified in "conf_opt" function ...bullseye, buster, sid, stretch
CVE-2016-9799In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" funct ...bullseye, buster, sid, stretch
CVE-2016-9800In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" ...bullseye, buster, sid, stretch
CVE-2016-9801In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" functi ...bullseye, buster, sid, stretch
CVE-2016-9802In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" fun ...bullseye, buster, sid, stretch
CVE-2016-9803In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" ...bullseye, buster, sid, stretch
CVE-2016-9804In BlueZ 5.42, a buffer overflow was observed in "commands_dump" funct ...bullseye, buster, sid, stretch
CVE-2016-9917In BlueZ 5.42, a buffer overflow was observed in "read_n" function in ...bullseye, buster, sid, stretch
CVE-2016-9918In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump ...bullseye, buster, sid, stretch
bochsCVE-2007-2894The emulated floppy disk controller in Bochs 2.3 allows local users of ...bullseye, buster, sid, stretch
brandyCVE-2019-14662Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in f ...bullseye, buster, sid, stretch
CVE-2019-14663Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fi ...bullseye, buster, sid, stretch
CVE-2019-14665Brandy 1.20.1 has a heap-based buffer overflow in define_array in vari ...bullseye, buster, sid, stretch
bubblewrapCVE-2019-12439bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories ...stretch
busyboxCVE-2016-6301The recv_and_process_client_pkt function in networking/ntpd.c in busyb ...stretch
CVE-2018-1000500Busybox contains a Missing SSL certificate validation vulnerability in ...bullseye, buster, sid, stretch
bwaCVE-2019-11371BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow vi ...bullseye, buster, sid, stretch
byobuCVE-2019-7306Byobu Apport hook may disclose sensitive information since it automati ...bullseye, buster, sid, stretch
byzanzCVE-2015-2785The GIF encoder in Byzanz allows remote attackers to cause a denial of ...bullseye, buster, sid, stretch
cactiCVE-2009-4112Cacti 0.8.7e and earlier allows remote authenticated administrators to ...stretch
CVE-2020-7058** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execut ...bullseye, buster, sid, stretch
cadaverCVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, a ...bullseye, buster, sid, stretch
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...bullseye, buster, sid, stretch
calamaresCVE-2019-13178modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2. ...buster
cantataCVE-2018-12559An issue was discovered in the cantata-mounter D-Bus service in Cantat ...stretch
CVE-2018-12560An issue was discovered in the cantata-mounter D-Bus service in Cantat ...stretch
CVE-2018-12561An issue was discovered in the cantata-mounter D-Bus service in Cantat ...stretch
CVE-2018-12562An issue was discovered in the cantata-mounter D-Bus service in Cantat ...stretch
capnprotoCVE-2017-7892Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to ...stretch
catdocCVE-2018-20451The process_file function in reader.c in libdoc through 2017-10-23 has ...bullseye, buster, sid, stretch
CVE-2018-20453The getlong function in numutils.c in libdoc through 2017-10-23 has a ...bullseye, buster, sid, stretch
CVE-2019-7156In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows divi ...bullseye, buster, sid, stretch
CVE-2019-7233In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer ...bullseye, buster, sid, stretch
cflowCVE-2019-16165GNU cflow through 1.6 has a use-after-free in the reference function i ...bullseye, buster, sid, stretch
CVE-2019-16166GNU cflow through 1.6 has a heap-based buffer over-read in the nexttok ...bullseye, buster, sid, stretch
checkinstallCVE-2020-25031checkinstall 1.6.2, when used to create a package that contains a syml ...bullseye, sid, stretch
chromium-browserCVE-2008-7246Google Chrome 0.2.149.29 and earlier allows remote attackers to cause ...stretch
CVE-2009-0374stretch
CVE-2009-1598Google Chrome executes DOM calls in response to a javascript: URI in t ...stretch
CVE-2010-1384Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...stretch
CVE-2010-1992Google Chrome 1.0.154.48 executes a mail application in situations whe ...stretch
CVE-2010-4037Unspecified vulnerability in Google Chrome before 7.0.517.41 allows re ...stretch
CVE-2010-4482Unspecified vulnerability in Google Chrome before 8.0.552.215 allows r ...stretch
CVE-2011-2599Google Chrome 11 does not block use of a cross-domain image as a WebGL ...stretch
CVE-2011-3640** DISPUTED ** Untrusted search path vulnerability in Mozilla Network ...stretch
CVE-2012-5851html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chr ...stretch
CVE-2018-6406The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libw ...stretch
CVE-2018-6548A use-after-free issue was discovered in libwebm through 2018-02-02. I ...stretch
chronyCVE-2020-14367A flaw was found in chrony versions before 3.5.1 when creating the PID ...stretch
cifs-utilsCVE-2014-2830Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils ...bullseye, buster, sid, stretch
clementineCVE-2018-14332An issue was discovered in Clementine Music Player 1.3.1. Clementine.e ...bullseye, buster, sid, stretch
coin3CVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, a ...bullseye, buster, sid, stretch
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...bullseye, buster, sid, stretch
confuseCVE-2018-19760cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. ...buster, stretch
conkerorCVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...stretch
contextCVE-2017-17513TeX Live through 20170524 does not validate strings before launching t ...bullseye, buster, sid, stretch
coreutilsCVE-2017-18018In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does no ...bullseye, buster, sid, stretch
courierCVE-2004-2313Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error message ...bullseye, buster, sid, stretch
CVE-2005-1308SqWebMail allows remote attackers to inject arbitrary web script or HT ...bullseye, buster, sid, stretch
crossroadsCVE-2018-18654Crossroads 2.81 does not properly handle the /tmp directory during a b ...stretch
ctnCVE-2008-5146add-accession-numbers in ctn 3.0.6 allows local users to overwrite arb ...bullseye, buster, sid, stretch
cupsCVE-2014-8166The browsing feature in the server in CUPS does not filter ANSI escape ...bullseye, buster, sid, stretch
db4oCVE-2012-6550Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 ...bullseye, buster, sid, stretch
CVE-2013-1808Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and Zero ...bullseye, buster, sid, stretch
CVE-2014-1869Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.s ...bullseye, buster, sid, stretch
dcrawCVE-2013-1438Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in lib ...stretch
CVE-2018-19565A buffer over-read in crop_masked_pixels in dcraw through 9.28 could b ...bullseye, buster, sid, stretch
CVE-2018-19566A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could ...bullseye, buster, sid, stretch
CVE-2018-19567A floating point exception in parse_tiff_ifd in dcraw through 9.28 cou ...bullseye, buster, sid, stretch
CVE-2018-19568A floating point exception in kodak_radc_load_raw in dcraw through 9.2 ...bullseye, buster, sid, stretch
CVE-2018-19655A stack-based buffer overflow in the find_green() function of dcraw th ...stretch
dhcpcd5CVE-2014-7913The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...stretch
diaCVE-2019-19451When GNOME Dia before 2019-11-27 is launched with a filename argument ...bullseye, buster, sid, stretch
dilloTEMP-0560108-565B70browser-based css info disclosurebullseye, buster, sid, stretch
dnspythonCVE-2008-1447The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...bullseye, buster, sid, stretch
dnstracerCVE-2017-9430Stack-based buffer overflow in dnstracer through 1.9 allows attackers ...bullseye, buster, sid, stretch
dogtag-pkiCVE-2015-0234Multiple temporary file creation vulnerabilities in pki-core 10.2.0. ...bullseye, sid
dokuwikiCVE-2016-7965DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the ...bullseye, buster, sid
dovecotCVE-2008-4870dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedor ...bullseye, buster, sid, stretch
dpkg-crossCVE-2008-4950** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to overw ...bullseye, buster, sid, stretch
drupal7CVE-2007-6752** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drup ...stretch
duo-unixCVE-2020-12135bson before 0.8 incorrectly uses int rather than size_t for many varia ...bullseye, buster, sid, stretch
edk2CVE-2014-4859Integer overflow in the Drive Execution Environment (DXE) phase in the ...buster, stretch
CVE-2014-4860Multiple integer overflows in the Pre-EFI Initialization (PEI) boot ph ...buster, stretch
CVE-2018-12179Improper configuration in system firmware for EDK II may allow unauthe ...buster, stretch
CVE-2018-12182Insufficient memory write check in SMM service for EDK II may allow an ...buster, stretch
CVE-2019-14553Improper authentication in EDK II may allow a privileged user to poten ...buster, stretch
elfutilsCVE-2019-7148An attempted excessive memory allocation was discovered in the functio ...stretch
epiphany-browserCVE-2007-1084Mozilla Firefox 2.0.0.1 and earlier does not prompt users before savin ...bullseye, buster, sid, stretch
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...bullseye, buster, sid, stretch
CVE-2018-11396ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3 ...stretch
CVE-2018-12016libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows rem ...stretch
TEMP-0560108-565B70browser-based css info disclosurebullseye, buster, sid, stretch
erlangCVE-2009-0130** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not proper ...bullseye, buster, sid, stretch
CVE-2016-1000107inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1 ...bullseye, buster, sid, stretch
evolutionCVE-2007-1266Evolution 2.8.1 and earlier does not properly use the --status-fd argu ...bullseye, buster, sid, stretch
CVE-2011-3201GNOME Evolution before 3.2.3 allows user-assisted remote attackers to ...bullseye, buster, sid, stretch
CVE-2013-4166The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNO ...bullseye, buster, sid, stretch
CVE-2017-17689The S/MIME specification allows a Cipher Block Chaining (CBC) malleabi ...bullseye, buster, sid, stretch
CVE-2021-3349** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signat ...bullseye, buster, sid, stretch
evolution-data-serverCVE-2018-12422** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evol ...stretch
exifCVE-2021-27815NULL Pointer Deference in the exif command line tool, when printing ou ...bullseye, buster, sid, stretch
exiv2CVE-2017-11683There is a reachable assertion in the Internal::TiffReader::visitDirec ...buster, stretch
CVE-2018-14338samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realp ...bullseye, buster, sid, stretch
CVE-2019-13113Exiv2 through 0.27.1 allows an attacker to cause a denial of service ( ...buster, stretch
expatCVE-2013-0340expat 2.1.0 and earlier does not properly handle entities expansion un ...bullseye, buster, sid, stretch
faacCVE-2018-19886An invalid memory address dereference was discovered in the huffcode f ...buster, stretch
CVE-2018-19887An invalid memory address dereference was discovered in the huffcode f ...buster, stretch
CVE-2018-19888An invalid memory address dereference was discovered in the huffcode f ...buster, stretch
CVE-2018-19889An invalid memory address dereference was discovered in the huffcode f ...buster, stretch
CVE-2018-19890An invalid memory address dereference was discovered in the huffcode f ...buster, stretch
CVE-2018-19891An invalid memory address dereference was discovered in the huffcode f ...buster, stretch
fig2devCVE-2018-16140A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3. ...stretch
CVE-2019-19746make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fau ...stretch
firefoxCVE-2004-1639Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows re ...sid
CVE-2005-2395Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...sid
CVE-2005-4685Firefox and Mozilla can associate a cookie with multiple domains when ...sid
CVE-2019-12383Tor Browser before 8.0.1 has an information exposure vulnerability. It ...sid, bullseye, buster, sid, stretch
fireholCVE-2008-4953bullseye, buster, sid, stretch
flexCVE-2019-6293An issue was discovered in the function mark_beginning_as_normal in nf ...bullseye, buster, sid, stretch
fontforgeCVE-2017-11570FontForge 20161012 is vulnerable to a buffer over-read in umodenc (par ...bullseye, buster, sid, stretch
CVE-2017-11573FontForge 20161012 is vulnerable to a buffer over-read in ValidatePost ...bullseye, buster, sid, stretch
CVE-2017-17521uiutil.c in FontForge through 20170731 does not validate strings befor ...bullseye, buster, sid, stretch
foomatic-filtersCVE-2011-2923foomatic-rip filter, all versions, used insecurely creates temporary f ...bullseye, buster, sid, stretch
TEMP-0000000-ACBC4Cbuffer overflows in init_cupsbullseye, buster, sid, stretch
freeipaCVE-2015-5179FreeIPA might display user data improperly via vectors involving non-p ...buster, sid
CVE-2017-12169It was found that FreeIPA 4.2.0 and later could disclose password hash ...buster, sid
freeradiusCVE-2007-0080bullseye, buster, sid, stretch
CVE-2019-10143** DISPUTED ** It was discovered freeradius up to and including versio ...bullseye, buster, sid, stretch
frrCVE-2020-12831** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Rang ...bullseye, buster, sid
ganglia-webCVE-2015-6816ganglia-web before 3.7.1 allows remote attackers to bypass authenticat ...buster, stretch
CVE-2019-20378ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via th ...bullseye, buster, sid, stretch
CVE-2019-20379ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via th ...bullseye, buster, sid, stretch
gcc-mingw-w64CVE-2016-4973Binaries compiled against targets that use the libssp library in GCC f ...bullseye, buster, sid, stretch
gdalCVE-2019-17546tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0. ...bullseye, buster, sid, stretch
gdbCVE-2014-8501The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutil ...bullseye, buster, sid, stretch
CVE-2017-9778GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length f ...buster, stretch
gdk-pixbufCVE-2017-2870An exploitable integer overflow vulnerability exists in the tiff_image ...stretch
CVE-2017-6311gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attack ...stretch
gdnsdCVE-2019-13952The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and ...stretch
geditCVE-2017-14108libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to ca ...bullseye, buster, sid, stretch
geomviewCVE-2017-17530common/help.c in Geomview 1.9.5 does not validate strings before launc ...bullseye, buster, sid, stretch
gettextCVE-2018-18751An issue was discovered in GNU gettext 0.19.8. There is a double free ...stretch
giacCVE-2017-17526Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings be ...bullseye, buster, sid
gif2pngCVE-2019-17371gif2png 2.5.13 has a memory leak in the writefile function. ...stretch
gifsicleCVE-2017-18120A double-free bug in the read_gif function in gifread.c in gifsicle 1. ...stretch
gimpCVE-2007-3126Gimp before 2.8.22 allows context-dependent attackers to cause a denia ...stretch
CVE-2012-4245The scriptfu network server in GIMP 2.6 does not require authenticatio ...bullseye, buster, sid, stretch
CVE-2018-12713GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary f ...bullseye, buster, sid, stretch
gitCVE-2017-15298Git through 2.14.2 mishandles layers of tree objects, which allows rem ...stretch
CVE-2018-1000021GIT version 2.15.1 and earlier contains a Input Validation Error vulne ...bullseye, buster, sid, stretch
CVE-2019-1350A remote code execution vulnerability exists when Git for Visual Studi ...stretch
CVE-2019-1351A tampering vulnerability exists when Git for Visual Studio improperly ...stretch
CVE-2019-1354A remote code execution vulnerability exists when Git for Visual Studi ...stretch
gjots2CVE-2017-17535lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before ...buster, sid, stretch
glanceCVE-2013-4354The API before 2.1 in OpenStack Image Registry and Delivery Service (G ...bullseye, buster, sid, stretch
CVE-2015-8234The image signature algorithm in OpenStack Glance 11.0.0 allows remote ...bullseye, buster, sid, stretch
CVE-2016-4383The glance-manage db in all versions of HPE Helion Openstack Glance al ...bullseye, buster, sid, stretch
CVE-2016-8611A vulnerability was found in Openstack Glance. No limits are enforced ...bullseye, buster, sid, stretch
glib2.0CVE-2012-0039** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function i ...bullseye, buster, sid, stretch
CVE-2020-35457** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that ...buster, stretch
glibcCVE-2010-4051The regcomp implementation in the GNU C Library (aka glibc or libc6) t ...bullseye, buster, sid, stretch
CVE-2010-4052Stack consumption vulnerability in the regcomp implementation in the G ...bullseye, buster, sid, stretch
CVE-2010-4756The glob implementation in the GNU C Library (aka glibc or libc6) allo ...bullseye, buster, sid, stretch
CVE-2015-8985The pop_fail_stack function in the GNU C Library (aka glibc or libc6) ...stretch
CVE-2018-20796In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limi ...bullseye, buster, sid, stretch
CVE-2019-1010022** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The ...bullseye, buster, sid, stretch
CVE-2019-1010023** DISPUTED ** GNU Libc current is affected by: Re-mapping current loa ...bullseye, buster, sid, stretch
CVE-2019-1010024** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The ...bullseye, buster, sid, stretch
CVE-2019-1010025** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The ...bullseye, buster, sid, stretch
CVE-2019-6488The string component in the GNU C Library (aka glibc or libc6) through ...stretch
CVE-2019-7309In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp fun ...stretch
CVE-2019-9192** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, ...bullseye, buster, sid, stretch
gnome-font-viewerCVE-2019-19308In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, ...buster, stretch
gnome-keyringCVE-2018-19358GNOME Keyring through 3.28.2 allows local users to retrieve login cred ...bullseye, buster, sid, stretch
CVE-2018-20781In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's pas ...stretch
gnome-orcaCVE-2013-4245Orca has arbitrary code execution due to insecure Python module load ...stretch
gnome-shellCVE-2012-4427The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...bullseye, buster, sid, stretch
gnome-sushiCVE-2019-19308In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, ...bullseye, buster, sid, stretch
gnuchessCVE-2019-15767In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_ ...buster, stretch
gnumailCVE-2007-1269GNUMail 1.1.2 and earlier does not properly use the --status-fd argume ...bullseye, buster, sid, stretch
gnupg1CVE-2018-6829cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt mess ...bullseye, buster, sid, stretch
gnuplotCVE-2018-19490An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue all ...bullseye, buster, sid, stretch
CVE-2018-19491An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allow ...bullseye, buster, sid, stretch
CVE-2018-19492An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allo ...bullseye, buster, sid, stretch
CVE-2020-25412com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write ...bullseye, buster, sid, stretch
CVE-2020-25559gnuplot 5.5 is affected by double free when executing print_set_output ...bullseye, buster, sid, stretch
gnutls28CVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft Windo ...bullseye, buster, sid, stretch
golang-1.11CVE-2020-29509The encoding/xml package in Go (all versions) does not correctly prese ...buster, bullseye, sid, stretch, stretch
google-perftoolsCVE-2018-13420** DISPUTED ** Google gperftools 2.7 has a memory leak in malloc_exten ...bullseye, buster, sid, stretch
gppCVE-2018-17076GPP through 2.25 will try to use more memory space than is available o ...buster, stretch
gpwCVE-2011-4931gpw generates shorter passwords than required ...bullseye, buster, sid, stretch
graphicsmagickCVE-2017-13736There are lots of memory leaks in the GMCommand function in magick/com ...bullseye, buster, sid, stretch
CVE-2018-18544There is a memory leak in the function WriteMSLImage of coders/msl.c i ...stretch
CVE-2019-16709ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrate ...stretch
CVE-2019-7397In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, seve ...stretch
graphvizCVE-2019-11023The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39. ...bullseye, buster, sid, stretch
grubCVE-2008-3896Grub Legacy 0.97 and earlier stores pre-boot authentication passwords ...bullseye, buster, sid, stretch
gssproxyCVE-2020-12658** DISPUTED ** gssproxy (aka gss-proxy) before 0.8.3 does not unlock c ...bullseye, buster, sid
haskell-tlsCVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft Windo ...bullseye, buster, sid, stretch
hdf5CVE-2017-17507In HDF5 1.10.1, there is an out of bounds read vulnerability in the fu ...bullseye, buster, sid, stretch
CVE-2018-17432A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in ...bullseye, buster, sid, stretch
CVE-2018-17438A SIGFPE signal is raised in the function H5D__select_io() of H5Dselec ...buster, stretch
CVE-2019-8397An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...bullseye, buster, sid, stretch
CVE-2019-9151An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...bullseye, buster, sid, stretch
CVE-2019-9152An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...bullseye, buster, sid, stretch
CVE-2020-10809An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...bullseye, buster, sid, stretch
CVE-2020-10810An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...bullseye, buster, sid, stretch
CVE-2020-10811An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...bullseye, buster, sid, stretch
CVE-2020-10812An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...bullseye, buster, sid, stretch
hex-a-hopTEMP-0528250-2E3658hex-a-hop: buffer overflow in loading save gamesbullseye, buster, sid, stretch
htmldocCVE-2021-20308Integer overflow in the htmldoc 1.9.11 and before may allow attackers ...bullseye, buster, sid, stretch
htslibCVE-2018-14329In HTSlib 1.8, a race condition in cram/cram_io.c might allow local us ...bullseye, buster, sid, stretch
hugoCVE-2020-26284Hugo is a fast and Flexible Static Site Generator built in Go. Hugo de ...buster, stretch
hunspellCVE-2019-16707Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommon ...buster, stretch
icecast2CVE-2005-0837IceCast 2.20 allows remote attackers to bypass the XSL parser and obta ...bullseye, buster, sid, stretch
CVE-2005-0838Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...bullseye, buster, sid, stretch
imagemagickCVE-2005-0406A design flaw in image processing software that modifies JPEG images m ...bullseye, buster, sid, stretch
CVE-2008-3134Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 al ...bullseye, buster, sid, stretch
CVE-2016-8678The IsPixelMonochrome function in MagickCore/pixel-accessor.h in Image ...bullseye, buster, sid, stretch
CVE-2017-11531When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...stretch
CVE-2017-11532When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...stretch
CVE-2017-11534When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...stretch
CVE-2017-11536When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...stretch
CVE-2017-11539When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...stretch
CVE-2017-11644When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...stretch
CVE-2017-11724The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9 ...stretch
CVE-2017-11751The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ...stretch
CVE-2017-11752The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 ...stretch
CVE-2017-11754The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ...bullseye, buster, sid, stretch
CVE-2017-11755The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ...bullseye, buster, sid, stretch
CVE-2017-12418ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM ...stretch
CVE-2017-12427The ProcessMSLScript function in coders/msl.c in ImageMagick before 6. ...stretch
CVE-2017-12433In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the f ...stretch
CVE-2017-12564In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the f ...stretch
CVE-2017-12565In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the f ...stretch
CVE-2017-12566In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the f ...stretch
CVE-2017-12641ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage ...stretch
CVE-2017-12642ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in ...stretch
CVE-2017-12644ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in ...stretch
CVE-2017-12654The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 all ...stretch
CVE-2017-12662ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage i ...stretch
CVE-2017-12663ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage i ...stretch
CVE-2017-12664ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage ...stretch
CVE-2017-12665ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage ...stretch
CVE-2017-12666ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImag ...stretch
CVE-2017-12667ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in ...stretch
CVE-2017-12668ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage i ...stretch
CVE-2017-12669ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage ...stretch
CVE-2017-12672In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...stretch
CVE-2017-12673In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...stretch
CVE-2017-12675In ImageMagick 7.0.6-3, a missing check for multidimensional data was ...stretch
CVE-2017-12676In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...stretch
CVE-2017-13058In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the f ...stretch
CVE-2017-13059In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the f ...stretch
CVE-2017-13060In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the f ...stretch
CVE-2017-13062In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the f ...stretch
CVE-2017-13131In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the f ...stretch
CVE-2017-13146In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memor ...stretch
CVE-2017-14137ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue whe ...stretch
CVE-2017-14138ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage i ...stretch
CVE-2017-14139ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage i ...stretch
CVE-2017-14324In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...stretch
CVE-2017-14325In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...stretch
CVE-2017-14326In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...stretch
CVE-2017-14342ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGIm ...stretch
CVE-2017-14343ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in ...stretch
CVE-2017-14531ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in c ...stretch
CVE-2017-14533ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. ...stretch
CVE-2017-14684In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in t ...stretch
CVE-2017-15016ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...stretch
CVE-2017-15032ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage i ...stretch
CVE-2017-15033ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in ...stretch
CVE-2017-15217ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. ...stretch
CVE-2017-15218ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png ...stretch
CVE-2017-17680In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...stretch
CVE-2017-17880In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based ...stretch
CVE-2017-17881In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...stretch
CVE-2017-17882In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...stretch
CVE-2017-17883In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...stretch
CVE-2017-17884In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...stretch
CVE-2017-17885In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...stretch
CVE-2017-17886In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...stretch
CVE-2017-17887In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...stretch
CVE-2017-17934ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, rela ...stretch
CVE-2017-18008In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in ...stretch
CVE-2017-18022In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCom ...stretch
CVE-2017-18027In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...stretch
CVE-2017-18028In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was foun ...stretch
CVE-2017-18029In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in ...stretch
CVE-2017-18251An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerabil ...stretch
CVE-2017-18254An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerabil ...stretch
CVE-2017-6502An issue was discovered in ImageMagick 6.9.7. A specially crafted webp ...stretch
CVE-2017-7275The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allow ...bullseye, buster, sid, stretch
CVE-2018-10804ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage ...stretch
CVE-2018-10805ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage ...stretch
CVE-2018-11655In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was fo ...stretch
CVE-2018-11656In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was fo ...stretch
CVE-2018-13153In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand f ...stretch
CVE-2018-14434ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage ...stretch
CVE-2018-14435ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. ...stretch
CVE-2018-14436ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff. ...stretch
CVE-2018-14437ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. ...stretch
CVE-2018-15607In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x3 ...bullseye, buster, sid, stretch
CVE-2018-16640ImageMagick 7.0.8-5 has a memory leak vulnerability in the function Re ...stretch
CVE-2018-16750In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfr ...stretch
CVE-2018-17965ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage ...stretch
CVE-2018-17966ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage ...stretch
CVE-2018-17967ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage i ...stretch
CVE-2018-18016ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage ...stretch
CVE-2018-18544There is a memory leak in the function WriteMSLImage of coders/msl.c i ...stretch
CVE-2018-5246In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImag ...stretch
CVE-2018-5247In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in ...stretch
CVE-2018-5357ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function ...stretch
CVE-2018-5358ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...stretch
CVE-2018-6405In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0 ...stretch
CVE-2018-7470An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLo ...stretch
CVE-2018-9135In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in ...stretch
CVE-2019-10649In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SV ...stretch
CVE-2019-12975ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXIm ...stretch
CVE-2019-12976ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in ...stretch
CVE-2019-13137ImageMagick before 7.0.8-50 has a memory leak vulnerability in the fun ...stretch
CVE-2019-13301ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory becau ...stretch
CVE-2019-13309ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...stretch
CVE-2019-13310ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...buster, stretch
CVE-2019-13311ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...stretch
CVE-2019-16708ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to ...stretch
CVE-2019-16709ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrate ...buster, stretch
CVE-2019-16710ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrate ...stretch
CVE-2019-16711ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in code ...stretch
CVE-2019-16712ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in code ...stretch
CVE-2019-16713ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrate ...stretch
CVE-2019-7175In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage ...stretch
CVE-2019-7395In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChanne ...stretch
CVE-2019-7396In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage ...stretch
CVE-2019-7397In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, seve ...stretch
CVE-2019-7398In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage ...stretch
CVE-2020-27753There are several memory leaks in the MIFF coder in /coders/miff.c due ...buster, stretch
CVE-2020-27755in SetImageExtent() of /MagickCore/image.c, an incorrect image depth s ...buster, stretch
TEMP-0869722-31618Bmemory leak in quantizestretch
initramfs-toolsCVE-2008-4996bullseye, buster, sid, stretch
ioquake3CVE-2019-1010043Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: P ...bullseye, buster, sid, stretch
iotjsCVE-2020-29657In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unh ...bullseye, buster, sid
ipsec-toolsCVE-2018-5389The Internet Key Exchange v1 main mode is vulnerable to offline dictio ...stretch
iptablesCVE-2012-2663extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP S ...bullseye, buster, sid, stretch
CVE-2019-11360A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allo ...buster, stretch
isakmpdCVE-2018-5389The Internet Key Exchange v1 main mode is vulnerable to offline dictio ...buster, sid, stretch
italcCVE-2019-15680TightVNC code version 1.3.10 contains null pointer dereference in Hand ...stretch
jbigkitCVE-2017-9937In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A cr ...bullseye, buster, sid, stretch
jheadCVE-2018-6612An integer underflow bug in the process_EXIF function of the exif.c fi ...stretch
CVE-2019-1010301jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of s ...buster, stretch
CVE-2019-1010302jhead 3.03 is affected by: Incorrect Access Control. The impact is: De ...buster, stretch
CVE-2019-19035jhead 3.03 is affected by: heap-based buffer over-read. The impact is: ...buster, stretch
CVE-2020-6624jhead through 3.04 has a heap-based buffer over-read in process_DQT in ...bullseye, buster, sid, stretch
CVE-2020-6625jhead through 3.04 has a heap-based buffer over-read in Get32s when ca ...bullseye, buster, sid, stretch
CVE-2021-3496heap-based buffer overflow in Get16u() in exif.cbullseye, buster, sid, stretch
jinja2CVE-2019-8341** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string ...bullseye, buster, sid, stretch
jqueryCVE-2007-2379The jQuery framework exchanges data using JavaScript Object Notation ( ...buster, stretch
CVE-2018-18405** DISPUTED ** jQuery v2.2.2 allows XSS via a crafted onerror attribut ...buster, stretch
json-glibTEMP-0772585-D41D8Cbullseye, buster, sid, stretch
jsonpickleCVE-2020-22083** DISPUTED ** jsonpickle through 1.4.1 allows remote code execution d ...bullseye, buster, sid, stretch
jythonCVE-2017-17522** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not vali ...bullseye, buster, sid, stretch
kde-baseappsCVE-2012-4512The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 all ...stretch
CVE-2012-4513khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remot ...stretch
CVE-2012-4514rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows ...stretch
CVE-2012-4515Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in ...stretch
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...stretch
kde4libsCVE-2009-1692WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iP ...buster, stretch
CVE-2009-1718WebKit in Apple Safari before 4.0 allows user-assisted remote attacker ...buster, stretch
CVE-2009-1724Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...buster, stretch
CVE-2009-3015QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and d ...buster, stretch
CVE-2009-3272Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safar ...buster, stretch
TEMP-0560108-565B70browser-based css info disclosurebuster, stretch
TEMP-0568486-B6FCB6browser javascript document.write denial-of-servicebuster, stretch
kdepimCVE-2006-7139Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, al ...stretch
CVE-2007-1265KMail 1.9.5 and earlier does not properly use the --status-fd argument ...stretch
keepalivedCVE-2018-19044keepalived 2.0.8 didn't check for pathnames with symlinks when writing ...stretch
CVE-2018-19045keepalived 2.0.8 used mode 0666 when creating new temporary files upon ...stretch
CVE-2018-19046keepalived 2.0.8 didn't check for existing plain files when writing da ...stretch
keepass2CVE-2019-20184KeePass 2.4.1 allows CSV injection in the title field of a CSV export. ...bullseye, buster, sid, stretch
kfreebsd-10CVE-2011-2393The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...buster, sid, stretch
CVE-2016-1879The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 ...buster, sid, stretch
CVE-2017-1081In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3 ...buster, sid, stretch
CVE-2017-1082In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the ...buster, sid, stretch
CVE-2017-1083In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is ...buster, sid, stretch
CVE-2017-1084In FreeBSD before 11.2-RELEASE, multiple issues with the implementatio ...buster, sid, stretch
CVE-2017-1085In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() ...buster, sid, stretch
CVE-2017-1086In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4 ...buster, sid, stretch
CVE-2017-1087In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE- ...buster, sid, stretch
CVE-2017-1088In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4 ...buster, sid, stretch
CVE-2017-15037In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_s ...buster, sid, stretch
CVE-2018-17154In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELE ...buster, sid, stretch
CVE-2018-17155In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE- ...buster, sid, stretch
CVE-2018-17156In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to inc ...buster, sid, stretch
CVE-2018-6916In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELE ...buster, sid, stretch
CVE-2018-6917In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELE ...buster, sid, stretch
CVE-2018-6918In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELE ...buster, sid, stretch
CVE-2018-6919In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELE ...buster, sid, stretch
CVE-2018-6920In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE( ...buster, sid, stretch
CVE-2018-6921In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to in ...buster, sid, stretch
CVE-2018-6922One of the data structures that holds TCP segments in all versions of ...buster, sid, stretch
CVE-2018-6923In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip f ...buster, sid, stretch
CVE-2018-6924In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4 ...buster, sid, stretch
CVE-2018-6925In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE- ...buster, sid, stretch
CVE-2019-15874In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEAS ...buster, sid, stretch
CVE-2019-15875In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEAS ...buster, sid, stretch
CVE-2019-15878In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and ...buster, sid, stretch
CVE-2019-5595In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r ...buster, sid, stretch
CVE-2019-5596In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE b ...buster, sid, stretch
CVE-2019-5597In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEAS ...buster, sid, stretch
CVE-2019-5598In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, ...buster, sid, stretch
CVE-2019-5601In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEAS ...buster, sid, stretch
CVE-2019-5602In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEAS ...buster, sid, stretch
CVE-2019-5603In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEAS ...buster, sid, stretch
CVE-2019-5605In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEAS ...buster, sid, stretch
CVE-2019-5606In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEAS ...buster, sid, stretch
CVE-2019-5609In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEAS ...buster, sid, stretch
CVE-2019-5611In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEAS ...buster, sid, stretch
CVE-2019-5612In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEAS ...buster, sid, stretch
CVE-2019-5614In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEAS ...buster, sid, stretch
CVE-2020-25578In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12. ...buster, sid, stretch
CVE-2020-25579In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12. ...buster, sid, stretch
CVE-2020-25581In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12. ...buster, sid, stretch
CVE-2020-25582In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12. ...buster, sid, stretch
CVE-2020-7452In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEAS ...buster, sid, stretch
CVE-2020-7453In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEAS ...buster, sid, stretch
CVE-2020-7456In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-ST ...buster, sid, stretch
CVE-2020-7459In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-ST ...buster, sid, stretch
CVE-2020-7462In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, imprope ...buster, sid, stretch
CVE-2020-7463In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12. ...buster, sid, stretch
CVE-2020-7464In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12. ...buster, sid, stretch
CVE-2021-29626In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11. ...buster, sid, stretch
kiwiCVE-2017-17532examples/framework/news/news3.py in Kiwi 1.9.22 does not validate stri ...buster, stretch
kopano-webapp-plugin-filesCVE-2019-16774In phpfastcache before 5.1.3, there is a possible object injection vul ...buster
krb5CVE-2004-0971The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Sec ...bullseye, buster, sid, stretch
CVE-2017-15088plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka ...stretch
CVE-2018-5709An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...bullseye, buster, sid, stretch
lbreakout2TEMP-0608980-E8B8DFCrash with long HOME environment variablebullseye, buster, sid, stretch
leptonlibCVE-2018-7247An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Lepto ...stretch
CVE-2018-7441Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might al ...stretch
libaoCVE-2017-11548The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 a ...bullseye, buster, sid, stretch
libapache-poi-javaCVE-2016-5000The XLSX2CSV example in Apache POI before 3.14 allows remote attackers ...bullseye, buster, sid, stretch
libcommons-collections4-javaCVE-2015-7501Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data G ...bullseye, buster, sid, stretch
libcommons-fileupload-javaCVE-2016-1000031Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation ...bullseye, buster, sid, stretch
libcrypto++CVE-2016-7420Crypto++ (aka cryptopp) through 5.6.4 does not document the requiremen ...bullseye, buster, sid, stretch
libdata-uuid-perlCVE-2013-4184Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink a ...bullseye, buster, sid, stretch
libdata-validate-ip-perlCVE-2021-29662The Data::Validate::IP module through 0.29 for Perl does not properly ...bullseye, buster, stretch
libesmtpCVE-2019-19977libESMTP through 1.0.6 mishandles domain copying into a fixed-size buf ...bullseye, buster, sid, stretch
libfsntfsCVE-2018-11727** DISPUTED ** The libfsntfs_attribute_read_from_mft function in libfs ...stretch
CVE-2018-11728** DISPUTED ** The libfsntfs_reparse_point_values_read_data function i ...stretch
CVE-2018-11729** DISPUTED ** The libfsntfs_mft_entry_read_header function in libfsnt ...stretch
CVE-2018-11730** DISPUTED ** The libfsntfs_security_descriptor_values_free function ...stretch
CVE-2018-11731** DISPUTED ** The libfsntfs_mft_entry_read_attributes function in lib ...stretch
libfwsiCVE-2019-17263** DISPUTED ** In libyal libfwsi before 20191006, libfwsi_extension_bl ...bullseye, buster, sid, stretch
libgaduCVE-2013-4488libgadu before 1.12.0 does not verify X.509 certificates from SSL serv ...bullseye, buster, sid, stretch
libgcrypt20CVE-2018-6829cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt mess ...bullseye, buster, sid, stretch
libgigCVE-2018-14449An issue was discovered in libgig 4.1.0. There is an out of bounds rea ...bullseye, buster, sid, stretch
CVE-2018-14450An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...bullseye, buster, sid, stretch
CVE-2018-14451An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...bullseye, buster, sid, stretch
CVE-2018-14452An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...bullseye, buster, sid, stretch
CVE-2018-14453An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...bullseye, buster, sid, stretch
CVE-2018-14454An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...bullseye, buster, sid, stretch
CVE-2018-14455An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...bullseye, buster, sid, stretch
CVE-2018-14456An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...bullseye, buster, sid, stretch
CVE-2018-14457An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...bullseye, buster, sid, stretch
CVE-2018-14458An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...bullseye, buster, sid, stretch
CVE-2018-14459An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...bullseye, buster, sid, stretch
CVE-2018-18192An issue was discovered in libgig 4.1.0. There is a NULL pointer deref ...bullseye, buster, sid, stretch
CVE-2018-18193An issue was discovered in libgig 4.1.0. There is operator new[] failu ...bullseye, buster, sid, stretch
CVE-2018-18194An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...bullseye, buster, sid, stretch
CVE-2018-18195An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-ze ...bullseye, buster, sid, stretch
CVE-2018-18196An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...bullseye, buster, sid, stretch
CVE-2018-18197An issue was discovered in libgig 4.1.0. There is an operator new[] fa ...bullseye, buster, sid, stretch
libgnumail-javaCVE-2005-1105Directory traversal vulnerability in the MimeBodyPart.getFileName meth ...stretch
libjpeg-turboCVE-2017-15232libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and j ...buster, stretch
CVE-2018-11813libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles ...buster, stretch
libjpeg6bCVE-2016-3616The cjpeg utility in libjpeg allows remote attackers to cause a denial ...sid
libjs-handlebarsTEMP-0000000-345A3Bhandlebars: quoteless attributes in templates can lead to content injectionstretch
libjs-i18nextCVE-2017-16010i18next is a language translation framework. When using the .init meth ...buster, stretch
liblivemediaCVE-2019-7732In Live555 0.95, a setup packet can cause a memory leak leading to DoS ...buster, stretch
liblnkCVE-2018-12096** DISPUTED ** The liblnk_data_string_get_utf8_string_size function in ...stretch
CVE-2018-12097** DISPUTED ** The liblnk_location_information_read_data function in l ...stretch
CVE-2018-12098** DISPUTED ** The liblnk_data_block_read function in liblnk_data_bloc ...stretch
CVE-2019-17263** DISPUTED ** In libyal libfwsi before 20191006, libfwsi_extension_bl ...bullseye, buster, sid, stretch
CVE-2019-17264** DISPUTED ** In libyal liblnk before 20191006, liblnk_location_infor ...bullseye, buster, sid, stretch
CVE-2019-17401** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-rea ...bullseye, buster, sid, stretch
libmspackCVE-2018-18586** DISPUTED ** chmextract.c in the chmextract sample program, as distr ...stretch
libokhttp-javaCVE-2018-20200** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12.0 all ...bullseye, buster, sid
libopenmptCVE-2019-14382DSM in libopenmpt before 0.4.2 allows an assertion failure during file ...stretch
CVE-2019-14383J2B in libopenmpt before 0.4.2 allows an assertion failure during file ...stretch
libphp-adodbCVE-2006-4976The Date Library in John Lim ADOdb Library for PHP allows remote attac ...bullseye, buster, sid, stretch
CVE-2011-3699John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain ...bullseye, buster, sid, stretch
libphp-phpmailerCVE-2017-11503PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Add ...stretch
libpng1.6CVE-2018-14048An issue has been found in libpng 1.6.34. It is a SEGV in the function ...buster, stretch
CVE-2018-14550An issue has been found in third-party PNM decoding associated with li ...buster, stretch
CVE-2019-6129** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a ...bullseye, buster, sid, stretch
libpodofoCVE-2018-20797An issue was discovered in PoDoFo 0.9.6. There is an attempted excessi ...bullseye, buster, sid, stretch
libqbCVE-2019-12779libqb before 1.0.5 allows local users to overwrite arbitrary files via ...stretch
libquicktimeCVE-2017-12143In libquicktime 1.2.4, an allocation failure was found in the function ...bullseye, buster, sid, stretch
CVE-2017-12145In libquicktime 1.2.4, an allocation failure was found in the function ...bullseye, buster, sid, stretch
librawCVE-2020-24890** DISPUTED ** libraw 20.0 has a null pointer dereference vulnerabilit ...bullseye, buster, sid, stretch
libreofficeCVE-2012-5639LibreOffice and OpenOffice automatically open embedded content ...bullseye, buster, sid, stretch
CVE-2018-10583An information disclosure vulnerability occurs when LibreOffice 6.0.3 ...bullseye, buster, sid, stretch
libreswanCVE-2018-5389The Internet Key Exchange v1 main mode is vulnerable to offline dictio ...bullseye, buster, sid
libsassCVE-2019-18797LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sas ...bullseye, buster, sid, stretch
libseccompCVE-2019-9893libseccomp before 2.4.0 did not correctly generate 64-bit syscall argu ...buster, stretch
libsixelCVE-2019-11024The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has ...buster, stretch
libslf4j-javaCVE-2018-8088org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before ...stretch
libslirpCVE-2020-7211tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ ...bullseye, sid
libsndfileCVE-2018-13139A stack-based buffer overflow in psf_memset in common.c in libsndfile ...stretch
CVE-2018-19432An issue was discovered in libsndfile 1.0.28. There is a NULL pointer ...stretch
libsolvCVE-2018-20534** DISPUTED ** There is an illegal address access at ext/testcase.c in ...buster, stretch
libspiroCVE-2019-19847Libspiro through 20190731 has a stack-based buffer overflow in the spi ...buster, stretch
libtasn1-6CVE-2018-1000654GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 c ...buster, stretch
libuv1CVE-2020-8252The implementation of realpath in libuv < 10.22.1, < 12.18.4, an ...buster
libv8-3.14CVE-2013-2632Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, ...stretch
CVE-2013-2838Google V8, as used in Google Chrome before 27.0.1453.93, allows remote ...stretch
CVE-2013-2882Google V8, as used in Google Chrome before 28.0.1500.95, allows remote ...stretch
CVE-2013-2919Google V8, as used in Google Chrome before 30.0.1599.66, allows remote ...stretch
CVE-2013-6638Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, ...stretch
CVE-2013-6649Use-after-free vulnerability in the RenderSVGImage::paint function in ...stretch
CVE-2013-6650The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Goo ...stretch
CVE-2013-6668Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, a ...stretch
CVE-2014-1704Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, a ...stretch
CVE-2014-1705Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and L ...stretch
CVE-2014-1716Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype f ...stretch
CVE-2014-1717Google V8, as used in Google Chrome before 34.0.1847.116, does not pro ...stretch
CVE-2014-1729Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, a ...stretch
CVE-2014-1730Google V8, as used in Google Chrome before 34.0.1847.131 on Windows an ...stretch
CVE-2014-1735Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, a ...stretch
CVE-2014-1736Integer overflow in api.cc in Google V8, as used in Google Chrome befo ...stretch
CVE-2014-3152Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm ...stretch
CVE-2014-3188Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 ...stretch
CVE-2014-3195Google V8, as used in Google Chrome before 38.0.2125.101, does not pro ...stretch
CVE-2014-3199The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the ...stretch
CVE-2014-7192Eval injection vulnerability in index.js in the syntax-error package b ...stretch
CVE-2014-7927The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-l ...stretch
CVE-2014-7928hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, d ...stretch
CVE-2014-7931factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, ...stretch
CVE-2014-7939Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 ...stretch
CVE-2014-7967Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, a ...stretch
CVE-2015-1230The getHiddenProperty function in bindings/core/v8/V8EventListenerList ...stretch
CVE-2015-1290The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and ...stretch
CVE-2015-1304object-observe.js in Google V8, as used in Google Chrome before 45.0.2 ...stretch
CVE-2015-1346Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, a ...stretch
CVE-2015-2238Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as ...stretch
CVE-2015-3333Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as ...stretch
CVE-2015-3336Google Chrome before 42.0.2311.90 does not always ask the user before ...stretch
CVE-2015-6764The BasicJsonStringifier::SerializeJSArray function in json-stringifie ...stretch
CVE-2015-6771js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73 ...stretch
CVE-2015-6774Use-after-free vulnerability in the GetLoadTimes function in renderer/ ...stretch
libvncserverCVE-2019-15680TightVNC code version 1.3.10 contains null pointer dereference in Hand ...bullseye, buster, sid, stretch
libvpxCVE-2017-0641A remote denial of service vulnerability in libvpx in Mediaserver coul ...bullseye, buster, sid, stretch
libvtermCVE-2018-20786libvterm through 0+bzr726, as used in Vim and other products, mishandl ...bullseye, buster, sid, stretch
libwebpCVE-2016-9085Multiple integer overflows in libwebp allows attackers to have unspeci ...bullseye, buster, sid, stretch
libwmfCVE-2007-3476Array index error in gd_gif_in.c in the GD Graphics Library (libgd) be ...bullseye, buster, sid, stretch
CVE-2007-3477The (a) imagearc and (b) imagefilledarc functions in GD Graphics Libra ...bullseye, buster, sid, stretch
CVE-2007-3996Multiple integer overflows in libgd in PHP before 5.2.4 allow remote a ...bullseye, buster, sid, stretch
CVE-2009-3546The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5. ...bullseye, buster, sid, stretch
TEMP-0601525-BEBB65libgd2: gdImageColorTransparent can write outside bufferbullseye, buster, sid, stretch
libxerces2-javaCVE-2012-0881Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to ca ...bullseye, buster, sid, stretch
libxfont1CVE-2017-13720In the PatternMatch function in fontfile/fontdir.c in libXfont through ...stretch
CVE-2017-13722In the pcfGetProperties function in bitmap/pcfread.c in libXfont throu ...stretch
CVE-2017-16611In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker ...stretch
libxml2CVE-2020-24977GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerabil ...buster
libxsltCVE-2015-9019In libxslt 1.1.29 and earlier, the EXSLT math.random function was not ...bullseye, buster, sid, stretch
liloCVE-2008-3895LILO 22.6.1 and earlier stores pre-boot authentication passwords in th ...buster, sid, stretch
links2CVE-2017-11114The put_chars function in html_r.c in Twibright Links 2.14 allows remo ...stretch
linuxCVE-2004-0230TCP, when using a large Window Size, makes it easier for remote attack ...bullseye, buster, sid, stretch
CVE-2005-3660Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...bullseye, buster, sid, stretch
CVE-2007-3719The process scheduler in the Linux kernel 2.6.16 gives preference to " ...bullseye, buster, sid, stretch
CVE-2008-2544bullseye, buster, sid, stretch
CVE-2008-4609The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...bullseye, buster, sid, stretch
CVE-2010-4563The Linux kernel, when using IPv6, allows remote attackers to determin ...bullseye, buster, sid, stretch
CVE-2010-5321Memory leak in drivers/media/video/videobuf-core.c in the videobuf sub ...bullseye, buster, sid, stretch
CVE-2011-4915fs/proc/base.c in the Linux kernel through 3.1 allows local users to o ...bullseye, buster, sid, stretch
CVE-2011-4917bullseye, buster, sid, stretch
CVE-2012-4542block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly c ...bullseye, buster, sid, stretch
CVE-2014-9892The snd_compr_tstamp function in sound/core/compress_offload.c in the ...bullseye, buster, sid, stretch
CVE-2014-9900The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel ...bullseye, buster, sid, stretch
CVE-2015-2877** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.3 ...bullseye, buster, sid, stretch
CVE-2016-10723** DISPUTED ** An issue was discovered in the Linux kernel through 4.1 ...bullseye, buster, sid, stretch
CVE-2016-8660The XFS subsystem in the Linux kernel through 4.8.2 allows local users ...bullseye, buster, sid, stretch
CVE-2017-0630An information disclosure vulnerability in the kernel trace subsystem ...bullseye, buster, sid, stretch
CVE-2017-11472The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in t ...stretch
CVE-2017-12762In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied in ...stretch
CVE-2017-13693The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils. ...bullseye, buster, sid, stretch
CVE-2017-13694The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobje ...bullseye, buster, sid, stretch
CVE-2017-13695The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the ...stretch
CVE-2017-9986The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel thr ...stretch
CVE-2018-1121procps-ng, procps is vulnerable to a process hiding through race condi ...bullseye, buster, sid, stretch
CVE-2018-17977The Linux kernel 4.14.67 mishandles certain interaction among XFRM Net ...bullseye, buster, sid, stretch
CVE-2018-20669An issue where a provided address with access_ok() is not checked was ...stretch
CVE-2018-8043The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in ...stretch
CVE-2019-11191** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT i ...bullseye, buster, sid, stretch
CVE-2019-12378** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/i ...bullseye, buster, sid, stretch
CVE-2019-12379** DISPUTED ** An issue was discovered in con_insert_unipair in driver ...bullseye, buster, sid, stretch
CVE-2019-12380**DISPUTED** An issue was discovered in the efi subsystem in the Linux ...bullseye, buster, sid, stretch
CVE-2019-12381** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip ...bullseye, buster, sid, stretch
CVE-2019-12382** DISPUTED ** An issue was discovered in drm_load_edid_firmware in dr ...bullseye, buster, sid, stretch
CVE-2019-12455** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in driv ...bullseye, buster, sid, stretch
CVE-2019-12456** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl ...bullseye, buster, sid, stretch
CVE-2019-12615An issue was discovered in get_vdev_port_node_info in arch/sparc/kerne ...buster, stretch
CVE-2019-16229** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux ...bullseye, buster, sid, stretch
CVE-2019-16230** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux ke ...bullseye, buster, sid, stretch
CVE-2019-16231drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check ...bullseye, buster, sid, stretch
CVE-2019-16232drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5. ...bullseye, buster, sid, stretch
CVE-2019-16233drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not chec ...bullseye, buster, sid, stretch
CVE-2019-16234drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5. ...bullseye, buster, sid, stretch
CVE-2019-18808A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ ...stretch
CVE-2019-19046** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in ...stretch
CVE-2019-19054A memory leak in the cx23888_ir_probe() function in drivers/media/pci/ ...stretch
CVE-2019-19060A memory leak in the adis_update_scan_mode() function in drivers/iio/i ...stretch
CVE-2019-19061A memory leak in the adis_update_scan_mode_burst() function in drivers ...stretch
CVE-2019-19064** DISPUTED ** A memory leak in the fsl_lpspi_probe() function in driv ...buster, stretch
CVE-2019-19067** DISPUTED ** Four memory leaks in the acp_hw_init() function in driv ...stretch
CVE-2019-19070** DISPUTED ** A memory leak in the spi_gpio_probe() function in drive ...bullseye, buster, sid, stretch
CVE-2019-19075A memory leak in the ca8210_probe() function in drivers/net/ieee802154 ...stretch
CVE-2019-19083Memory leaks in *clock_source_create() functions under drivers/gpu/drm ...buster
CVE-2020-11725** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux k ...bullseye, buster, sid, stretch
CVE-2020-27820use-after-free in nouveau kernel modulebullseye, buster, sid, stretch
CVE-2021-26934An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...bullseye, buster, sid
TEMP-0000000-F7A20FKernel: Unprivileged user can freeze journaldbullseye, buster, sid, stretch
lldpadCVE-2018-10932lldptool version 1.0.1 and older can print a raw, unsanitized attacker ...stretch
lrzipCVE-2017-8842The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrz ...stretch
CVE-2017-8843The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 al ...stretch
CVE-2017-8845The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lr ...stretch
CVE-2017-8847The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrz ...stretch
CVE-2018-9058In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the ...stretch
CVE-2019-10654The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in ...bullseye, buster, sid, stretch
lua-cgiCVE-2014-2875The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses wea ...bullseye, buster, sid, stretch
luajitCVE-2019-19391** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1. ...bullseye, buster, sid, stretch
CVE-2020-15890LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc hand ...bullseye, buster, sid
CVE-2020-24372LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in ...bullseye, buster, sid, stretch
lucene-solrCVE-2017-3164Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (in ...bullseye, buster, sid, stretch
CVE-2019-17558Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code ...bullseye, buster, sid, stretch
lxcCVE-2019-5736runc through 1.0-rc6, as used in Docker before 18.09.2 and other produ ...stretch
lynisCVE-2017-8108Unspecified tests in Lynis before 2.5.0 allow local users to write to ...stretch
CVE-2019-13033In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by ...buster, stretch
CVE-2020-13882CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TO ...buster, stretch
m2cryptoCVE-2009-0127** DISPUTED ** M2Crypto does not properly check the return value from ...bullseye, buster, sid, stretch
m4CVE-2008-1687The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1. ...bullseye, buster, sid, stretch
CVE-2008-1688Unspecified vulnerability in GNU m4 before 1.4.11 might allow context- ...bullseye, buster, sid, stretch
magpierssCVE-2006-4735Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sens ...buster, stretch
maildirsyncCVE-2008-5150sample.sh in maildirsync 1.1 allows local users to append data to arbi ...bullseye, buster, sid, stretch
mailutilsCVE-2019-18862maidag in GNU Mailutils before 3.8 is installed setuid and allows loca ...stretch
matanzaCVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, a ...bullseye, buster, sid, stretch
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...bullseye, buster, sid, stretch
mbedtlsCVE-2018-1000520ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows In ...bullseye, buster, sid, stretch
mcollectiveCVE-2014-0175mcollective has a default password set at install ...bullseye, buster, sid
mediaelementCVE-2016-4567Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as ...bullseye, buster, sid, stretch
mediawikiCVE-2007-0894MediaWiki before 1.9.2 allows remote attackers to obtain sensitive inf ...bullseye, buster, sid, stretch
CVE-2014-1686MediaWiki 1.18.0 allows remote attackers to obtain the installation pa ...bullseye, buster, sid, stretch
mercurialCVE-2018-17983cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read du ...stretch
metviewCVE-2017-17515** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strin ...bullseye, buster, sid, stretch
mgettyCVE-2018-16742An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a ...stretch
CVE-2018-16743An issue was discovered in mgetty before 1.2.1. In contrib/next-login/ ...stretch
mh-bookCVE-2008-5152inmail-show in mh-book 200605 allows local users to overwrite arbitrar ...bullseye, buster, sid, stretch
midoriCVE-2012-2132libsoup 2.32.2 and earlier does not validate certificates or clear the ...bullseye, buster, sid, stretch
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...bullseye, buster, sid, stretch
mingw-w64CVE-2018-5392mingw-w64 version 5.0.4 by default produces executables that opt in to ...bullseye, buster, sid, stretch
mini-httpdCVE-2009-4490mini_httpd 1.19 writes data to a log file without sanitizing non-print ...bullseye, buster, sid, stretch
CVE-2017-17663The htpasswd implementation of mini_httpd before v1.28 and of thttpd b ...bullseye, buster, sid, stretch
minidjvuCVE-2017-12441The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can ca ...bullseye, buster, sid, stretch
CVE-2017-12442The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can ca ...bullseye, buster, sid, stretch
CVE-2017-12443The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 c ...bullseye, buster, sid, stretch
CVE-2017-12444The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidj ...bullseye, buster, sid, stretch
CVE-2017-12445The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cp ...bullseye, buster, sid, stretch
miniupnpcCVE-2017-1000494Uninitialized stack variable vulnerability in NameValueParserEndElt (u ...stretch
modsecurity-crsCVE-2019-11387An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...buster, stretch
CVE-2019-11388** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule ...bullseye, buster, sid, stretch
CVE-2019-11389** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule ...bullseye, buster, sid, stretch
CVE-2019-11390** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule ...bullseye, buster, sid, stretch
CVE-2019-11391** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule ...bullseye, buster, sid, stretch
moinCVE-2007-0902Unspecified vulnerability in the "Show debugging information" feature ...buster, stretch
mojarraCVE-2010-2087Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application ...bullseye, buster, sid, stretch
mongodbCVE-2015-2327PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern ...stretch
CVE-2015-2328PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related ...stretch
mono-reference-assembliesCVE-2018-1002208SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...stretch
monopdCVE-2015-0841Off-by-one error in the readBuf function in listener.cpp in libcapsine ...bullseye, buster, sid, stretch
mozilla-noscriptCVE-2018-16983NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other ...buster, sid
mp3spltCVE-2017-5665The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allo ...bullseye, buster, sid
CVE-2017-5666The free_options function in options_manager.c in mp3splt 2.6.2 allows ...bullseye, buster, sid
CVE-2017-5851The free_options function in options_manager.c in mp3splt 2.6.2 allows ...bullseye, buster, sid
mpg123CVE-2017-11126The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25 ...stretch
mupdfCVE-2016-10246Buffer overflow in the main function in jstest_main.c in Mujstest in A ...stretch
CVE-2016-10247Buffer overflow in the my_getline function in jstest_main.c in Mujstes ...stretch
CVE-2017-6060Stack-based buffer overflow in jstest_main.c in mujstest in Artifex So ...stretch
CVE-2018-1000036In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser a ...stretch
CVE-2018-10289In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space functi ...stretch
CVE-2018-19777In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg ...buster, stretch
CVE-2018-19881In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to caus ...buster, stretch
CVE-2018-19882In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c a ...buster, stretch
mustache.jsCVE-2015-8861The handlebars package before 4.0.0 for Node.js allows remote attacker ...bullseye, buster, sid, stretch
CVE-2015-8862mustache package before 2.2.1 for Node.js allows remote attackers to c ...bullseye, buster, sid, stretch
TEMP-0000000-137F0Aquoteless attributes in templates can lead to content injectionbullseye, buster, sid, stretch
muttCVE-2007-1268Mutt 1.5.13 and earlier does not properly use the --status-fd argument ...bullseye, buster, sid, stretch
CVE-2020-14154Mutt before 1.14.3 proceeds with a connection even if, in response to ...stretch
mxmlCVE-2018-20005An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after ...bullseye, buster, sid, stretch
naclCVE-2015-0565NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks ...bullseye, buster, sid, stretch
nasmCVE-2017-14228In Netwide Assembler (NASM) 2.14rc0, there is an illegal address acces ...stretch
CVE-2018-1000667NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains ...stretch
CVE-2018-1000886nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability ...bullseye, buster, sid, stretch
CVE-2018-10316Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the asse ...stretch
CVE-2018-16382Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regfla ...stretch
CVE-2018-16517asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dere ...stretch
CVE-2018-16999Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segment ...stretch
CVE-2018-19209Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in th ...stretch
CVE-2018-19213Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may le ...bullseye, buster, sid, stretch
CVE-2018-19214Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in ...stretch
CVE-2018-19215Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...stretch
CVE-2018-19755There is an illegal address access at asm/preproc.c (function: is_mmac ...buster, stretch
CVE-2018-20535There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...buster, stretch
CVE-2018-20538There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...bullseye, buster, sid, stretch
CVE-2019-14248In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows ...buster, stretch
CVE-2019-20334In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# ...bullseye, buster, sid, stretch
CVE-2019-20352In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occ ...buster, stretch
CVE-2019-6290An infinite recursion issue was discovered in eval.c in Netwide Assemb ...bullseye, buster, sid, stretch
CVE-2019-6291An issue was discovered in the function expr6 in eval.c in Netwide Ass ...bullseye, buster, sid, stretch
CVE-2019-8343In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in past ...bullseye, buster, sid, stretch
CVE-2020-24241In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in ...buster, stretch
CVE-2020-24242In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_tex ...buster, stretch
neomuttCVE-2020-14154Mutt before 1.14.3 proceeds with a connection even if, in response to ...buster
net-toolsCVE-2002-1976ifconfig, when used on the Linux kernel 2.2 and later, does not report ...bullseye, buster, sid, stretch
netbeansCVE-2019-17560The "Apache NetBeans" autoupdate system does not validate SSL certific ...stretch
CVE-2019-17561The "Apache NetBeans" autoupdate system does not fully validate code s ...stretch
netdataCVE-2019-9834** DISPUTED ** The Netdata web application through 1.13.0 allows remot ...bullseye, buster, sid
nethackCVE-2019-19905NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability ...buster, stretch
CVE-2020-5209In NetHack before 3.6.5, unknown options starting with -de and -i can ...buster, stretch
CVE-2020-5210In NetHack before 3.6.5, an invalid argument to the -w command line op ...buster, stretch
CVE-2020-5211In NetHack before 3.6.5, an invalid extended command in value for the ...buster, stretch
CVE-2020-5212In NetHack before 3.6.5, an extremely long value for the MENUCOLOR con ...buster, stretch
CVE-2020-5213In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ...buster, stretch
CVE-2020-5214In NetHack before 3.6.5, detecting an unknown configuration file optio ...buster, stretch
netmaskTEMP-0921565-C5FF8Enetmask: buffer overflow vulnerabilitystretch
network-managerCVE-2020-10754It was found that nmcli, a command line interface to NetworkManager di ...buster, stretch
network-manager-appletCVE-2017-6590An issue was discovered in network-manager-applet (aka network-manager ...bullseye, buster, sid, stretch
nghttp2TEMP-0000000-A4EF31Null pointer access in inflatehd toolbullseye, buster, sid, stretch
nginxCVE-2009-4487nginx 0.7.64 writes data to a log file without sanitizing non-printabl ...bullseye, buster, sid, stretch
nip2CVE-2017-17514** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before ...bullseye, buster, sid, stretch
nmapCVE-2017-18594nse_libssh2.cc in Nmap 7.70 is subject to a denial of service conditio ...buster, stretch
CVE-2018-15173Nmap through 7.70, when the -sV option is used, allows remote attacker ...bullseye, buster, sid, stretch
node-cookie-signatureCVE-2016-1000236Node-cookie-signature before 1.0.6 is affected by a timing attack due ...stretch
node-debugCVE-2017-16137The debug module is vulnerable to regular expression denial of service ...stretch
node-deep-extendCVE-2018-3750The utilities function in all versions <= 0.5.0 of the deep-extend ...stretch
node-expressCVE-2014-6393The Express web framework before 3.11 and 4.x before 4.5 for Node.js d ...stretch
node-extendCVE-2018-16491A prototype pollution vulnerability was found in node.extend <1.1.7 ...stretch
CVE-2018-16492A prototype pollution vulnerability was found in module extend <2.0 ...stretch
node-lodashCVE-2018-16487A prototype pollution vulnerability was found in lodash <4.17.11 wh ...stretch
CVE-2018-3721lodash node module before 4.17.5 suffers from a Modification of Assume ...stretch
CVE-2019-1010266lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource ...stretch
node-markedCVE-2017-1000427marked version 0.3.6 and earlier is vulnerable to an XSS attack in the ...stretch
CVE-2017-16114The marked module is vulnerable to a regular expression denial of serv ...stretch
node-mimeCVE-2017-16138The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expr ...stretch
node-momentCVE-2017-18214The moment module before 2.19.3 for Node.js is prone to a regular expr ...stretch
node-negotiatorCVE-2016-10539negotiator is an HTTP content negotiator for Node.js and is used by ma ...stretch
node-sendCVE-2015-8859The send package before 0.11.1 for Node.js allows attackers to obtain ...stretch
TEMP-0000000-FD1F92root path disclosurestretch
node-serve-indexCVE-2015-8856Cross-site scripting (XSS) vulnerability in the serve-index package be ...stretch
node-static-evalCVE-2021-23334All versions of package static-eval are vulnerable to Arbitrary Code E ...bullseye, buster, sid
node-uuidCVE-2015-8851node-uuid before 1.4.4 uses insufficiently random data to create a GUI ...stretch
nodejsCVE-2017-11499Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11. ...stretch
CVE-2018-12115In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when use ...stretch
CVE-2018-12116Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request ...stretch
CVE-2018-12120Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 list ...stretch
CVE-2018-12121Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...stretch
CVE-2018-12122Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...stretch
CVE-2018-12123Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...stretch
CVE-2018-7158The `'path'` module in the Node.js 4.x release line contains a potenti ...stretch
CVE-2018-7159The HTTP parser in all current versions of Node.js ignores spaces in t ...stretch
CVE-2018-7167Calling Buffer.fill() or Buffer.alloc() with some parameters can lead ...stretch
CVE-2019-5737In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before ...stretch
CVE-2019-5739Keep-alive HTTP and HTTPS connections can remain open and inactive for ...stretch
novaCVE-2013-0326OpenStack nova base images permissions are world readable ...bullseye, buster, sid, stretch
nssCVE-2017-11695Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/h ...bullseye, buster, sid, stretch
CVE-2017-11696Heap-based buffer overflow in the __hash_open function in lib/dbm/src/ ...bullseye, buster, sid, stretch
CVE-2017-11697The __hash_open function in hash.c:229 in Mozilla Network Security Ser ...bullseye, buster, sid, stretch
CVE-2017-11698Heap-based buffer overflow in the __get_page function in lib/dbm/src/h ...bullseye, buster, sid, stretch
ntpCVE-2018-12327Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 ...bullseye, buster, sid, stretch
nvidia-cg-toolkitCVE-2008-5144nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...bullseye, buster, sid, stretch
ocaml-batteriesCVE-2017-17519batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) ...bullseye, buster, sid, stretch
ocsinventory-serverCVE-2010-1733Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02 ...bullseye, buster, sid
CVE-2014-4722Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports ...bullseye, buster, sid
CVE-2018-14857Unrestricted file upload (with remote code execution) in require/mail/ ...bullseye, buster, sid
CVE-2018-15537Unrestricted file upload (with remote code execution) in OCS Inventory ...bullseye, buster, sid
CVE-2020-14947OCS Inventory NG 2.7 allows Remote Command Execution via shell metacha ...bullseye, buster, sid
openconnectCVE-2020-12105OpenConnect through 8.08 mishandles negative return values from X509_c ...bullseye, buster, sid, stretch
CVE-2020-12823OpenConnect 8.09 has a buffer overflow, causing a denial of service (a ...buster, stretch
opendkimCVE-2020-35766The test suite in libopendkim in OpenDKIM through 2.10.3 allows local ...bullseye, buster, sid, stretch
opendmarcCVE-2019-20790OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, ...bullseye, buster, sid, stretch
openexrCVE-2017-14988** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2 ...bullseye, buster, sid, stretch
CVE-2018-18443OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/Ilm ...buster, stretch
CVE-2018-18444makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bound ...buster, stretch
openfortivpnCVE-2020-7043An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL ...buster
openjpeg2CVE-2016-10505NULL pointer dereference vulnerabilities in the imagetopnm function in ...bullseye, buster, sid, stretch
CVE-2016-10506Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, op ...bullseye, buster, sid, stretch
CVE-2016-9113There is a NULL pointer dereference in function imagetobmp of convertb ...bullseye, buster, sid, stretch
CVE-2016-9114There is a NULL Pointer Access in function imagetopnm of convert.c:194 ...bullseye, buster, sid, stretch
CVE-2016-9115Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in ...bullseye, buster, sid, stretch
CVE-2016-9116NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in O ...bullseye, buster, sid, stretch
CVE-2016-9117NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in O ...bullseye, buster, sid, stretch
CVE-2016-9580An integer overflow vulnerability was found in tiftoimage function in ...bullseye, buster, sid, stretch
CVE-2016-9581An infinite loop vulnerability in tiftoimage that results in heap buff ...bullseye, buster, sid, stretch
CVE-2017-12982The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG ...stretch
CVE-2017-17479In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...bullseye, buster, sid, stretch
CVE-2018-16375An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_i ...bullseye, buster, sid, stretch
CVE-2018-16376An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflo ...bullseye, buster, sid, stretch
CVE-2018-20845Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_nex ...buster, stretch
CVE-2018-20846Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi ...bullseye, buster, sid, stretch
CVE-2018-5727In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the o ...buster, stretch
CVE-2018-7648An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. Th ...buster, stretch
openldapCVE-2015-3276The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDA ...bullseye, buster, sid, stretch
CVE-2017-14159slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ...bullseye, buster, sid, stretch
CVE-2017-17740contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when bot ...bullseye, buster, sid, stretch
CVE-2020-15719libldap in certain third-party OpenLDAP packages has a certificate-val ...bullseye, buster, sid, stretch
openrptCVE-2015-2305Integer overflow in the regcomp implementation in the Henry Spencer BS ...buster, stretch
openscCVE-2019-6502sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory ...buster, stretch
opensshCVE-2007-2243OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabl ...bullseye, buster, sid, stretch
CVE-2007-2768OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, a ...bullseye, buster, sid, stretch
CVE-2008-3234sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapsh ...bullseye, buster, sid, stretch
CVE-2019-16905OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an expe ...buster
CVE-2019-6110In OpenSSH 7.9, due to accepting and displaying arbitrary stderr outpu ...bullseye, buster, sid, stretch
CVE-2020-12062** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplica ...buster, stretch
CVE-2020-14145The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepan ...bullseye, buster, sid, stretch
CVE-2020-15778** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection i ...bullseye, buster, sid, stretch
opensslCVE-2007-6755The NIST SP 800-90A default statement of the Dual Elliptic Curve Deter ...bullseye, buster, sid, stretch
CVE-2010-0928OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex- ...bullseye, buster, sid, stretch
openstack-troveCVE-2015-3156The _write_config function in trove/guestagent/datastore/experimental/ ...sid, stretch
openvpnCVE-2006-2229OpenVPN 2.0.7 and earlier, when configured to use the --management opt ...bullseye, buster, sid, stretch
CVE-2016-6329OpenVPN, when using a 64-bit block cipher, makes it easier for remote ...bullseye, buster, sid, stretch
CVE-2017-7522OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to deni ...stretch
CVE-2018-7544** DISPUTED ** A cross-protocol scripting issue was discovered in the ...bullseye, buster, sid, stretch
openvswitchCVE-2017-14970In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multip ...stretch
CVE-2017-9263In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status mes ...stretch
CVE-2017-9264In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS ...stretch
CVE-2017-9265In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsin ...stretch
os-proberCVE-2008-5135bullseye, buster, sid, stretch
otrs2CVE-2018-7567** DISPUTED ** In the Admin Package Manager in Open Ticket Request Sys ...bullseye, buster, sid, stretch
pandasCVE-2020-13091** DISPUTED ** pandas through 1.0.3 can unserialize and execute comman ...bullseye, buster, sid, stretch
parsoCVE-2019-12760** DISPUTED ** A deserialization vulnerability exists in the way parso ...buster
pasdocCVE-2017-17527** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does n ...stretch
passengerCVE-2016-10345In Phusion Passenger before 5.1.0, a known /tmp filename was used duri ...bullseye, buster, sid, stretch
password-storeCVE-2020-28086pass through 1.7.3 has a possibility of using a password for an uninte ...bullseye, buster, sid, stretch
patchCVE-2010-4651Directory traversal vulnerability in util.c in GNU patch 2.6.1 and ear ...bullseye, buster, sid, stretch
CVE-2016-10713An issue was discovered in GNU patch before 2.7.6. Out-of-bounds acces ...stretch
CVE-2018-6951An issue was discovered in GNU patch through 2.7.6. There is a segment ...bullseye, buster, sid, stretch
CVE-2018-6952A double free exists in the another_hunk function in pch.c in GNU patc ...bullseye, buster, sid, stretch
pax-utilsTEMP-0856196-13C562scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)stretch
pcre2CVE-2017-8786pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial o ...stretch
pcre3CVE-2017-11164In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exe ...bullseye, buster, sid, stretch
CVE-2017-16231** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC ...bullseye, buster, sid, stretch
CVE-2017-7245Stack-based buffer overflow in the pcre32_copy_substring function in p ...bullseye, buster, sid, stretch
CVE-2017-7246Stack-based buffer overflow in the pcre32_copy_substring function in p ...bullseye, buster, sid, stretch
CVE-2019-20838libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT w ...bullseye, buster, sid, stretch
pdfresurrectCVE-2019-14267PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because ...buster, stretch
CVE-2020-9549In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bou ...buster, stretch
pdnsCVE-2020-24696An issue was discovered in PowerDNS Authoritative through 4.3.0 when - ...bullseye, buster, sid, stretch
CVE-2020-24697An issue was discovered in PowerDNS Authoritative through 4.3.0 when - ...bullseye, buster, sid, stretch
CVE-2020-24698An issue was discovered in PowerDNS Authoritative through 4.3.0 when - ...bullseye, buster, sid, stretch
pdns-recursorCVE-2020-10030An issue has been found in PowerDNS Recursor 4.1.0 up to and including ...buster
perlCVE-2011-4116_is_safe in the File::Temp module for Perl does not properly handle sy ...bullseye, buster, sid, stretch
phabricatorCVE-2017-17536Phabricator before 2017-11-10 does not block the --config and --debugg ...bullseye, buster, sid, stretch
phantomjsCVE-2019-17221PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as d ...buster, stretch
php-font-libCVE-2014-2570Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP ...bullseye, buster, sid, stretch
php-gettextTEMP-0000000-07A77Dphp-gettext XSSbullseye, buster, sid, stretch
php-hordeCVE-2019-12094Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin ...bullseye, buster, sid, stretch
php-horde-treanCVE-2019-12095Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 ...bullseye, buster, sid, stretch
php-pearCVE-2017-5630PECL in the download utility class in the Installer in PEAR Base Syste ...bullseye, buster, sid, stretch
php7.0CVE-2015-9253An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before ...stretch
CVE-2017-9118PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a c ...stretch
CVE-2017-9119The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 all ...stretch
CVE-2017-9120PHP 7.x through 7.1.5 allows remote attackers to cause a denial of ser ...stretch
CVE-2019-6977gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka ...stretch
phpldapadminCVE-2018-12689phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id param ...sid
phpmyadminCVE-2005-3622phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain t ...bullseye, sid, stretch
CVE-2007-4306Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10 ...bullseye, sid, stretch
CVE-2020-11441** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated ...bullseye, sid, stretch
phpsysinfoCVE-2006-3360Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 all ...bullseye, sid
picolibcCVE-2019-14876In the __lshift function of the newlib libc library, all versions prio ...bullseye, sid
pidginCVE-2008-2956bullseye, buster, sid, stretch
CVE-2012-1257Pidgin 2.10.0 uses DBUS for certain cleartext communication, which all ...bullseye, buster, sid, stretch
pillowCVE-2020-10994In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multipl ...buster, stretch
pluxmlCVE-2020-18184In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_ ...buster, sid, stretch
CVE-2020-18185class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrar ...buster, sid, stretch
popplerCVE-2013-4472The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 a ...bullseye, buster, sid, stretch
CVE-2017-2814An exploitable heap overflow vulnerability exists in the image renderi ...bullseye, buster, sid, stretch
CVE-2017-2818An exploitable heap overflow vulnerability exists in the image renderi ...bullseye, buster, sid, stretch
CVE-2017-2820An exploitable integer overflow vulnerability exists in the JPEG 2000 ...bullseye, buster, sid, stretch
CVE-2017-7511poppler since version 0.17.3 has been vulnerable to NULL pointer deref ...stretch
CVE-2017-7515poppler through version 0.55.0 is vulnerable to an uncontrolled recurs ...stretch
CVE-2017-9083poppler 0.54.0, as used in Evince and other products, has a NULL point ...bullseye, buster, sid, stretch
CVE-2018-19059An issue was discovered in Poppler 0.71.0. There is a out-of-bounds re ...buster, stretch
CVE-2018-19060An issue was discovered in Poppler 0.71.0. There is a NULL pointer der ...buster, stretch
CVE-2018-19149Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attac ...stretch
postbooksCVE-2017-17525guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate st ...buster, stretch
postgresql-11CVE-2019-9193** DISPUTED ** In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGR ...buster, stretch
potraceCVE-2017-12067Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubi ...stretch
pppCVE-2008-5366The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local u ...bullseye, buster, sid, stretch
CVE-2008-5367ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to o ...bullseye, buster, sid, stretch
printfilters-ppdCVE-2008-5034sid
proftpd-dfsgCVE-2020-9272ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap ...buster, stretch
prometheus-blackbox-exporterCVE-2020-16248** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /pro ...bullseye, buster, sid, stretch
protobufCVE-2015-5237protobuf allows remote authenticated attackers to cause a heap-based b ...bullseye, buster, sid, stretch
psppCVE-2017-10791There is an Integer overflow in the hash_int function of the libpspp l ...stretch
CVE-2017-10792There is a NULL Pointer Dereference in the function ll_insert() of the ...stretch
CVE-2017-12958There is an illegal address access in the function output_hex() in dat ...stretch
CVE-2017-12959There is a reachable assertion abort in the function dict_add_mrset() ...stretch
CVE-2017-12960There is a reachable assertion abort in the function dict_rename_var() ...stretch
CVE-2017-12961There is an assertion abort in the function parse_attributes() in data ...stretch
CVE-2019-9211There is a reachable assertion abort in the function write_long_string ...buster, stretch
ptlibCVE-2015-2305Integer overflow in the regcomp implementation in the Henry Spencer BS ...stretch
puppetCVE-2020-7942Previously, Puppet operated on a model that a node with a valid certif ...bullseye, buster, sid, stretch
puppet-module-puppetlabs-apacheCVE-2018-6508Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remot ...bullseye, buster, sid, stretch, bullseye, buster, sid, stretch, bullseye, buster, sid, stretch
puttyCVE-2019-17069PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial o ...buster, stretch
pwgenCVE-2013-4441The Phonemes mode in Pwgen 2.06 generates predictable passwords, which ...bullseye, buster, sid, stretch
py-lmdbCVE-2019-16224An issue was discovered in py-lmdb 0.97. For certain values of md_flag ...bullseye, sid, stretch
CVE-2019-16225An issue was discovered in py-lmdb 0.97. For certain values of mp_flag ...bullseye, sid, stretch
CVE-2019-16226An issue was discovered in py-lmdb 0.97. mdb_node_del does not validat ...bullseye, sid, stretch
CVE-2019-16227An issue was discovered in py-lmdb 0.97. For certain values of mn_flag ...bullseye, sid, stretch
CVE-2019-16228An issue was discovered in py-lmdb 0.97. There is a divide-by-zero err ...bullseye, sid, stretch
pypyCVE-2020-29651A denial of service via regular expression in the py.path.svnwc compon ...bullseye, buster, sid, stretch, bullseye, buster, sid
python-defaultsCVE-2008-4108Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) i ...bullseye, buster, sid, stretch
python-numpyCVE-2017-12852The numpy.pad function in Numpy 1.13.1 and older versions is missing i ...stretch
python-pipCVE-2018-20225** DISPUTED ** An issue was discovered in pip (all versions) because i ...bullseye, buster, sid, stretch
python-scrapyCVE-2017-14158Scrapy 1.4 allows remote attackers to cause a denial of service (memor ...bullseye, buster, sid, stretch
python2.7CVE-2013-7040Python 2.7 before 3.4 only uses the last eight bits of the prefix to r ...bullseye, buster, sid, stretch
CVE-2017-17522** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not vali ...bullseye, buster, sid, stretch
CVE-2018-1000030Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Hea ...stretch
CVE-2019-18348An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ...buster, stretch
CVE-2019-9674Lib/zipfile.py in Python through 3.7.2 allows remote attackers to caus ...bullseye, buster, sid, stretch
python3.5CVE-2017-17522** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not vali ...stretch
CVE-2019-9674Lib/zipfile.py in Python through 3.7.2 allows remote attackers to caus ...stretch
python3.7CVE-2017-17522** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not vali ...buster
CVE-2019-18348An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ...buster
CVE-2019-9674Lib/zipfile.py in Python through 3.7.2 allows remote attackers to caus ...buster
CVE-2020-27619In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK ...buster, bullseye, sid
pyyamlCVE-2017-18342In PyYAML before 5.1, the yaml.load() API could execute arbitrary code ...buster, stretch
qemuCVE-2016-10028The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEM ...stretch
CVE-2017-5552Memory leak in the virgl_resource_attach_backing function in hw/displa ...stretch
CVE-2017-5578Memory leak in the virtio_gpu_resource_attach_backing function in hw/d ...stretch
CVE-2017-8284** DISPUTED ** The disas_insn function in target/i386/translate.c in Q ...stretch
CVE-2017-9060Memory leak in the virtio_gpu_set_scanout function in hw/display/virti ...stretch
CVE-2018-20123pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak ...buster
CVE-2018-20124hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of ...buster
CVE-2018-20125hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of ...buster
CVE-2018-20126hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory ...buster
CVE-2018-20191hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation ...buster
CVE-2018-20216QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c becaus ...buster
CVE-2019-12247** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qga/comm ...bullseye, buster, sid, stretch
CVE-2019-12928** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 and earli ...bullseye, buster, sid, stretch
CVE-2019-12929** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is ...bullseye, buster, sid, stretch
CVE-2019-20175** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core. ...bullseye, buster, sid, stretch
CVE-2020-24352An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory ...bullseye, sid
qpid-protonCVE-2018-17187The Apache Qpid Proton-J transport includes an optional wrapper layer ...stretch
qt4-x11CVE-2009-3015QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and d ...buster, stretch
CVE-2009-3272Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safar ...buster, stretch
TEMP-0560108-565B70browser-based css info disclosurebuster, stretch
TEMP-0568486-B6FCB6browser javascript document.write denial-of-servicebuster, stretch
qtwebkitCVE-2015-8079qt5-qtwebkit before 5.4 records private browsing URLs to its favicon d ...buster, stretch
quaggaCVE-2012-5521quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon pe ...buster, sid, stretch
qutebrowserCVE-2020-11054In qutebrowser versions less than 1.11.1, reloading a page with certif ...buster
railsCVE-2010-3299The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to p ...bullseye, buster, sid, stretch
CVE-2011-3187The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip ...bullseye, buster, sid, stretch
CVE-2017-17916** DISPUTED ** SQL injection vulnerability in the 'find_by' method in ...bullseye, buster, sid, stretch
CVE-2017-17917** DISPUTED ** SQL injection vulnerability in the 'where' method in Ru ...bullseye, buster, sid, stretch
CVE-2017-17919** DISPUTED ** SQL injection vulnerability in the 'order' method in Ru ...bullseye, buster, sid, stretch
CVE-2017-17920** DISPUTED ** SQL injection vulnerability in the 'reorder' method in ...bullseye, buster, sid, stretch
rbdoom3bfgCVE-2020-15007A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tec ...bullseye, buster, sid, stretch
recutilsCVE-2019-11637An issue was discovered in GNU recutils 1.8. There is a NULL pointer d ...bullseye, buster, sid, stretch
CVE-2019-11638An issue was discovered in GNU recutils 1.8. There is a NULL pointer d ...bullseye, buster, sid, stretch
CVE-2019-11639An issue was discovered in GNU recutils 1.8. There is a stack-based bu ...bullseye, buster, sid, stretch
CVE-2019-11640An issue was discovered in GNU recutils 1.8. There is a heap-based buf ...bullseye, buster, sid, stretch
CVE-2019-6455An issue was discovered in GNU Recutils 1.8. There is a double-free pr ...bullseye, buster, sid, stretch
CVE-2019-6456An issue was discovered in GNU Recutils 1.8. There is a NULL pointer d ...bullseye, buster, sid, stretch
CVE-2019-6457An issue was discovered in GNU Recutils 1.8. There is a memory leak in ...bullseye, buster, sid, stretch
CVE-2019-6458An issue was discovered in GNU Recutils 1.8. There is a memory leak in ...bullseye, buster, sid, stretch
CVE-2019-6459An issue was discovered in GNU Recutils 1.8. There is a memory leak in ...bullseye, buster, sid, stretch
CVE-2019-6460An issue was discovered in GNU Recutils 1.8. There is a NULL pointer d ...bullseye, buster, sid, stretch
redisCVE-2017-15047The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows atta ...stretch
CVE-2021-3470A heap overflow issue was found in Redis in versions before 5.0.10, be ...buster, stretch
resiprocateCVE-2017-9454Buffer overflow in the ares_parse_a_reply function in the embedded are ...stretch
rhn-client-toolsCVE-2015-1777rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Re ...stretch
rhythmboxCVE-2008-7185GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of se ...bullseye, buster, sid, stretch
roundcubeCVE-2020-12640Roundcube Webmail before 1.4.4 allows attackers to include local files ...stretch
CVE-2020-12641rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to ...stretch
rpmCVE-2010-2198lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...bullseye, buster, sid, stretch
CVE-2010-2199lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...bullseye, buster, sid, stretch
CVE-2017-7500It was found that rpm did not properly handle RPM installations when a ...bullseye, buster, sid, stretch
CVE-2017-7501It was found that versions of rpm before 4.13.0.2 use temporary files ...bullseye, buster, sid, stretch
rsyslogCVE-2015-3243rsyslog uses weak permissions for generating log files, which allows l ...bullseye, buster, sid, stretch
CVE-2017-12588The zmq3 input and output modules in rsyslog before 8.28.0 interpreted ...stretch
rtpproxyCVE-2017-14114RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in ...sid, stretch
rtvCVE-2017-17516scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 d ...bullseye, buster, sid, stretch
ruamel.yamlCVE-2019-20478In ruamel.yaml through 0.16.7, the load method allows remote code exec ...bullseye, buster, sid, stretch
ruby-handlebars-assetsTEMP-0000000-345A3Bhandlebars: quoteless attributes in templates can lead to content injectionbullseye, buster, sid, stretch
ruby-oauthCVE-2016-11086lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby doe ...bullseye, buster, sid, stretch
sambaCVE-2019-3824A flaw was found in the way an LDAP search expression could crash the ...stretch
CVE-2020-27840Heap corruption via crafted DN stringsbullseye, buster, sid, stretch
CVE-2021-20277Out of bounds read in AD DC LDAP serverbullseye, buster, sid, stretch
sargCVE-2019-18932log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows ...stretch
scalaCVE-2017-15288The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, ...stretch
scikit-learnCVE-2020-13092** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unseriali ...bullseye, buster, sid, stretch
scummvmCVE-2017-17528backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not valida ...bullseye, buster, sid, stretch
seahorseCVE-2008-7320** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate ...bullseye, buster, sid, stretch
shadowCVE-2007-5686initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...bullseye, buster, sid, stretch
CVE-2013-4235shadow: TOCTOU (time-of-check time-of-use) race condition when copying ...bullseye, buster, sid, stretch
CVE-2019-19882shadow 4.8, in certain circumstances affecting at least Gentoo, Arch L ...bullseye, buster, sid, stretch
TEMP-0628843-DBAD28more related to CVE-2005-4890bullseye, buster, sid, stretch
shadowsocks-libevCVE-2019-5152An exploitable information disclosure vulnerability exists in the netw ...bullseye, buster, sid, stretch
shairport-syncCVE-2017-12087An exploitable heap overflow vulnerability exists in the tinysvcmdns l ...stretch
sharutilsTEMP-0000000-95CBBFuudecode: stack out of bounds read accessbullseye, buster, sid, stretch
shibboleth-spCVE-2019-19191Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file ...bullseye, buster, sid
sipcrackCVE-2017-11654An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 ...bullseye, buster, sid, stretch
CVE-2017-11655A memory leak was found in the way SIPcrack 0.2 handled processing of ...bullseye, buster, sid, stretch
sleuthkitCVE-2017-13755In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image trigge ...stretch
CVE-2017-13756In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers i ...stretch
CVE-2017-13760In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in t ...stretch
CVE-2019-1010065The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The ...stretch
CVE-2019-14531An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out ...bullseye, buster, sid, stretch
CVE-2019-14532An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off ...bullseye, buster, sid, stretch
CVE-2020-10233In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap- ...bullseye, buster, sid, stretch
slimTEMP-0537604-F35BD7insecure tmp file vulnerability in slimbullseye, buster, sid, stretch
slurm-llnlCVE-2019-19727SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd ...buster, stretch
sosreportCVE-2014-0246SOSreport stores the md5 hash of the GRUB bootloader password in an ar ...bullseye, buster, sid, stretch
sphinxsearchCVE-2019-14511Sphinx Technologies Sphinx 3.1.1 by default has no authentication and ...bullseye, buster, sid, stretch
spice-gtkCVE-2016-3066The spice-gtk widget allows remote authenticated users to obtain infor ...bullseye, buster, sid, stretch
sql-ledgerCVE-2007-0667The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2 ...bullseye, buster, sid, stretch
CVE-2007-1329Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...bullseye, buster, sid, stretch
CVE-2007-1923(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...bullseye, buster, sid, stretch
CVE-2007-5372Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ...bullseye, buster, sid, stretch
CVE-2008-4077The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledg ...bullseye, buster, sid, stretch
CVE-2008-4078SQL injection vulnerability in the AR/AP transaction report in (1) Led ...bullseye, buster, sid, stretch
CVE-2009-3580Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ...bullseye, buster, sid, stretch
CVE-2009-3581Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8. ...bullseye, buster, sid, stretch
CVE-2009-3582Multiple SQL injection vulnerabilities in the delete subroutine in SQL ...bullseye, buster, sid, stretch
CVE-2009-3583Directory traversal vulnerability in the Preferences menu item in SQL- ...bullseye, buster, sid, stretch
CVE-2009-3584SQL-Ledger 2.8.24 does not set the secure flag for the session cookie ...bullseye, buster, sid, stretch
CVE-2009-4402The default configuration of SQL-Ledger 2.8.24 allows remote attackers ...bullseye, buster, sid, stretch
sqlite3CVE-2017-13685The dump_callback function in SQLite 3.20.0 allows remote attackers to ...stretch
CVE-2019-19244sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-sel ...buster
CVE-2020-11656In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...buster, stretch
sqliteodbcCVE-2020-12050SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.99 ...bullseye, buster, sid, stretch
squidCVE-2019-12522An issue was discovered in Squid through 4.7. When Squid is run as roo ...bullseye, buster, sid
CVE-2020-14058An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due ...buster
CVE-2020-8517An issue was discovered in Squid before 4.10. Due to incorrect input v ...buster
squid3CVE-2018-1172This vulnerability allows remote attackers to deny service on vulnerab ...stretch
CVE-2018-19131Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S ...stretch
CVE-2019-12522An issue was discovered in Squid through 4.7. When Squid is run as roo ...stretch
CVE-2020-14058An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due ...stretch
CVE-2020-8517An issue was discovered in Squid before 4.10. Due to incorrect input v ...stretch
ssmtpCVE-2004-0423The log_event function in ssmtp 2.50.6 and earlier allows local users ...bullseye, sid, stretch
CVE-2008-7258bullseye, sid, stretch
stalinCVE-2015-8697stalin 0.11-5 allows local users to write to arbitrary files. ...bullseye, buster, sid, stretch
strongswanCVE-2018-5389The Internet Key Exchange v1 main mode is vulnerable to offline dictio ...bullseye, buster, sid, stretch
sudoCVE-2005-1119Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...bullseye, buster, sid, stretch
CVE-2019-19232** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Ru ...buster, stretch
CVE-2019-19234** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been b ...buster, stretch
CVE-2021-23240selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a loc ...buster, stretch
supervisorCVE-2019-12105** DISPUTED ** In Supervisor through 4.0.2, an unauthenticated user ca ...bullseye, buster, sid, stretch
surfCVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...bullseye, buster, sid, stretch
svgppCVE-2019-6245An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...bullseye, buster, sid
CVE-2019-6247An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...bullseye, buster, sid
swftoolsCVE-2017-1000174In SWFTools, an address access exception was found in swfdump swf_GetB ...stretch
CVE-2017-1000182In SWFTools, a memory leak was found in wav2swf. ...stretch
CVE-2017-1000186In SWFTools, a stack overflow was found in pdf2swf. ...stretch
CVE-2017-1000187In SWFTools, an address access exception was found in pdf2swf. FoFiTru ...stretch
CVE-2017-10976When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead t ...stretch
CVE-2017-11096When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lea ...stretch
CVE-2017-11097When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a ...stretch
CVE-2017-11098When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead t ...stretch
CVE-2017-11099When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead t ...stretch
CVE-2017-11100When SWFTools 0.9.2 processes a crafted file in swfextract, it can lea ...stretch
CVE-2017-11101When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lea ...stretch
CVE-2017-16711The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c ...stretch
CVE-2017-16794The png_load function in lib/png.c in SWFTools 0.9.2 does not properly ...stretch
CVE-2017-16796In SWFTools 0.9.2, the png_load function in lib/png.c does not check t ...stretch
CVE-2017-16868In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not ...stretch
CVE-2017-16890SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono func ...stretch
CVE-2017-8401In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the ...stretch
CVE-2017-8420SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address ...stretch
CVE-2017-9924In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...stretch
CVE-2017-9925In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...stretch
CVE-2017-9926In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...stretch
CVE-2017-9927In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...stretch
swi-prologCVE-2017-17524library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings b ...bullseye, buster, sid, stretch
sylpheedCVE-2007-1267Sylpheed 2.2.7 and earlier does not properly use the --status-fd argum ...bullseye, buster, sid, stretch
CVE-2017-17517libsylph/utils.c in Sylpheed through 3.6 does not validate strings bef ...bullseye, buster, sid, stretch
symfonyCVE-2017-18343** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x befo ...stretch
CVE-2018-12040** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in t ...stretch
sysstatCVE-2019-19725sysstat through 12.2.0 has a double free in check_file_actlst in sa_co ...buster
systemdCVE-2013-4392systemd, when updating file permissions, allows local users to change ...bullseye, buster, sid, stretch
CVE-2017-1000082systemd v233 and earlier fails to safely parse usernames starting with ...stretch
CVE-2017-18078systemd-tmpfiles in systemd before 237 attempts to support ownership/p ...stretch
CVE-2019-20386An issue was discovered in button_open in login/logind-button.c in sys ...buster, stretch
CVE-2020-13776systemd through v245 mishandles numerical usernames such as ones compo ...buster, stretch
sysvinitTEMP-0517018-A83CE6sysvinit: no-root option in expert installer exposes locally exploitable security flawbullseye, buster, sid, stretch
t1utilsTEMP-0868134-294030out-of-bounds read in eexec_line()stretch
tarCVE-2005-2541Tar 1.15.1 does not properly warn the user when extracting setuid or s ...bullseye, buster, sid, stretch
CVE-2019-9923pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointe ...buster, stretch
CVE-2021-20193A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw ...buster, stretch
TEMP-0290435-0B57B5tar's rmt command may have undesired side effectsbullseye, buster, sid, stretch
tccCVE-2018-20374An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...bullseye, buster, sid, stretch
CVE-2018-20375An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...bullseye, buster, sid, stretch
CVE-2018-20376An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...bullseye, buster, sid, stretch
tcpdumpCVE-2018-19519In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_p ...bullseye, buster, sid, stretch
CVE-2019-1010220tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. T ...bullseye, buster, sid, stretch
tcpflowCVE-2018-18409A stack-based buffer over-read exists in setbit() at iptree.h of TCPFL ...stretch
tcpreplayCVE-2019-8376An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference ...buster, stretch
CVE-2019-8377An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference ...buster, stretch
CVE-2019-8381An issue was discovered in Tcpreplay 4.3.1. An invalid memory access o ...buster, stretch
CVE-2020-12740tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-rea ...buster, stretch
CVE-2020-24265An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap b ...bullseye, buster, sid, stretch
CVE-2020-24266An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap b ...bullseye, buster, sid, stretch
telegram-desktopCVE-2018-17231** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow atta ...bullseye, buster, sid
CVE-2018-17613Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enab ...bullseye, buster, sid
texlive-baseCVE-2017-17513TeX Live through 20170524 does not validate strings before launching t ...bullseye, buster, sid, stretch
texlive-binCVE-2016-10243TeX Live allows remote attackers to execute arbitrary commands by leve ...buster, stretch
CVE-2017-17513TeX Live through 20170524 does not validate strings before launching t ...bullseye, buster, sid, stretch
CVE-2019-19601OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of ...bullseye, buster, sid, stretch
thrift-compilerCVE-2016-5397The Apache Thrift Go client library exposed the potential during code ...stretch
thunarCVE-2018-18398Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey ...bullseye, buster, sid, stretch
TEMP-0517020-915121thunar: potential exploits via application launchersbullseye, buster, sid, stretch
tiffCVE-2014-8130The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not rejec ...bullseye, buster, sid, stretch
CVE-2017-16232** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, ...bullseye, buster, sid, stretch
CVE-2017-17973** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free ...bullseye, buster, sid, stretch
CVE-2017-5563LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read i ...bullseye, buster, sid, stretch
CVE-2017-9117In LibTIFF 4.0.7, the program processes BMP images without verifying t ...bullseye, buster, sid, stretch
CVE-2018-10126LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 fu ...bullseye, buster, sid, stretch
CVE-2018-18661An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dere ...stretch
CVE-2019-6128The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory l ...stretch
CVE-2020-35521A flaw was found in libtiff. Due to a memory allocation failure in tif ...buster, stretch
CVE-2020-35522In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A craf ...buster, stretch
timidityCVE-2017-11546The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allo ...stretch
CVE-2017-11547The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows ...stretch
CVE-2017-11549The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remot ...bullseye, buster, sid, stretch
tinCVE-2017-17520** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate str ...bullseye, buster, sid, stretch
tinymuxCVE-2007-1959Unspecified vulnerability in the process_cmdent function in command.cp ...bullseye, buster, sid, stretch
tinyxml2CVE-2018-11210** DISPUTED ** TinyXML2 6.2.0 has a heap-based buffer over-read in the ...bullseye, buster, sid, stretch
tomcat7CVE-2012-5568Apache Tomcat through 7.0.x allows remote attackers to cause a denial ...stretch
CVE-2021-24122When serving resources from a network location using the NTFS file sys ...stretch, buster
torCVE-2006-6893Tor allows remote attackers to discover the IP address of a hidden ser ...bullseye, buster, sid, stretch
CVE-2007-1103Tor does not verify a node's uptime and bandwidth advertisements, whic ...bullseye, buster, sid, stretch
CVE-2009-0654Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attacke ...bullseye, buster, sid, stretch
CVE-2020-15572Tor before 0.4.3.6 has an out-of-bounds memory access that allows a re ...buster, stretch
CVE-2020-8516** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0 ...bullseye, buster, sid, stretch
tripleaCVE-2018-1000546Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XX ...bullseye, sid, stretch
trousersCVE-2020-24330An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...bullseye, buster, sid, stretch
CVE-2020-24331An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...bullseye, buster, sid, stretch
CVE-2020-24332An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...bullseye, buster, sid, stretch
twigCVE-2018-13818** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection ...stretch
u-bootCVE-2017-3225Das U-Boot is a device bootloader that can read its configuration from ...bullseye, buster, sid, stretch
CVE-2017-3226Das U-Boot is a device bootloader that can read its configuration from ...bullseye, buster, sid, stretch
CVE-2018-1000205U-Boot contains a CWE-20: Improper Input Validation vulnerability in V ...bullseye, buster, sid, stretch
CVE-2018-18439DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer over ...bullseye, buster, sid, stretch
CVE-2018-18440DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overf ...bullseye, buster, sid, stretch
uclibcCVE-2016-2224The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before ...bullseye, buster, sid, stretch
CVE-2016-2225The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng bef ...bullseye, buster, sid, stretch
CVE-2016-6264Integer signedness error in libc/string/arm/memset.S in uClibc and uCl ...bullseye, buster, sid, stretch
CVE-2017-9728In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp f ...bullseye, buster, sid, stretch
CVE-2017-9729In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) ...bullseye, buster, sid, stretch
ufrawCVE-2018-19655A stack-based buffer overflow in the find_green() function of dcraw th ...stretch
uglifyjsCVE-2015-8857The uglify-js package before 2.4.24 for Node.js does not properly acco ...bullseye, buster, sid, stretch
unboundCVE-2019-18934Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec modul ...bullseye, buster, sid
undertowCVE-2019-19343A flaw was found in Undertow when using Remoting as shipped in Red Hat ...sid
unixodbcCVE-2012-2657stretch
CVE-2012-2658stretch
unrar-freeCVE-2017-11189unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a ...bullseye, buster, sid, stretch
CVE-2017-11190unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might ...bullseye, buster, sid, stretch
upx-uclCVE-2017-15056p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote a ...stretch
CVE-2017-16869** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause ...stretch
CVE-2019-14295An Integer overflow in the getElfSections function in p_vmlinx.cpp in ...buster, stretch
CVE-2019-14296canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause ...buster, stretch
CVE-2019-20021A heap-based buffer over-read was discovered in canUnpack in p_mach.cp ...buster, stretch
CVE-2019-20051A floating-point exception was discovered in PackLinuxElf::elf_hash in ...buster, stretch
CVE-2019-20053An invalid memory address dereference was discovered in the canUnpack ...buster, stretch
CVE-2019-20805p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacki ...buster, stretch
CVE-2021-20285A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw ...bullseye, buster, sid, stretch
CVE-2021-30500bullseye, buster, sid, stretch
uwsgiCVE-2020-11984Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure an ...bullseye, buster, sid
uzblCVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...stretch
varnishCVE-2009-4488** DISPUTED ** Varnish 2.0.6 writes data to a log file without sanitiz ...bullseye, buster, sid, stretch
vimCVE-2008-4677autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ...bullseye, buster, sid, stretch
CVE-2017-1000382VIM version 8.0.1187 (and other versions most likely) ignores umask wh ...bullseye, buster, sid, stretch
vinoCVE-2011-1164Vino before 2.99.4 can connect external networks contrary to the state ...bullseye, buster, sid, stretch
CVE-2011-1165Vino, possibly before 3.2, does not properly document that it opens po ...bullseye, buster, sid, stretch
vorbis-toolsCVE-2017-11331The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ...bullseye, buster, sid, stretch
vteCVE-2005-0023gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to sp ...bullseye, buster, sid, stretch
w3mTEMP-0532514-9137E0predictable random number generator used in web browsersbullseye, buster, sid, stretch
webkit2gtkCVE-2017-17821WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology ...stretch
CVE-2018-11646webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIco ...stretch
CVE-2018-11712WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the li ...stretch
CVE-2018-11713WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the li ...stretch
CVE-2018-12293The getImageData function in the ImageBufferCairo class in WebCore/pla ...stretch
CVE-2018-12294WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as ...stretch
CVE-2018-12911WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bou ...stretch
CVE-2018-4101An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4113An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4114An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4117An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4118An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4119An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4120An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4121An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4122An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4125An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4127An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4128An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4129An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4133An issue was discovered in certain Apple products. Safari before 11.1 ...stretch
CVE-2018-4146An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4161An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4162An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4163An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4165An issue was discovered in certain Apple products. iOS before 11.3 is ...stretch
CVE-2018-4190An issue was discovered in certain Apple products. iOS before 11.4 is ...stretch
CVE-2018-4191A memory corruption issue was addressed with improved validation. This ...stretch
CVE-2018-4192An issue was discovered in certain Apple products. iOS before 11.4 is ...stretch
CVE-2018-4197A use after free issue was addressed with improved memory management. ...stretch
CVE-2018-4199An issue was discovered in certain Apple products. iOS before 11.4 is ...stretch
CVE-2018-4200An issue was discovered in certain Apple products. iOS before 11.3.1 i ...stretch
CVE-2018-4201An issue was discovered in certain Apple products. iOS before 11.4 is ...stretch
CVE-2018-4204An issue was discovered in certain Apple products. iOS before 11.4 is ...stretch
CVE-2018-4207In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...stretch
CVE-2018-4208In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...stretch
CVE-2018-4209In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...stretch
CVE-2018-4210In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS befo ...stretch
CVE-2018-4212In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...stretch
CVE-2018-4213In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...stretch
CVE-2018-4214An issue was discovered in certain Apple products. iOS before 11.4 is ...stretch
CVE-2018-4218An issue was discovered in certain Apple products. iOS before 11.4 is ...stretch
CVE-2018-4222An issue was discovered in certain Apple products. iOS before 11.4 is ...stretch
CVE-2018-4232An issue was discovered in certain Apple products. iOS before 11.4 is ...stretch
CVE-2018-4233An issue was discovered in certain Apple products. iOS before 11.4 is ...stretch
CVE-2018-4246An issue was discovered in certain Apple products. iOS before 11.4 is ...stretch
CVE-2018-4261Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4262In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11 ...stretch
CVE-2018-4263Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4264Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4265Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4266A race condition was addressed with additional validation. This issue ...stretch
CVE-2018-4267Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4270A memory corruption issue was addressed with improved memory handling. ...stretch
CVE-2018-4271Multiple memory corruption issues were addressed with improved input v ...stretch
CVE-2018-4272Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4273Multiple memory corruption issues were addressed with improved input v ...stretch
CVE-2018-4278In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11 ...stretch
CVE-2018-4284A type confusion issue was addressed with improved memory handling. Th ...stretch
CVE-2018-4299Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4306A use after free issue was addressed with improved memory management. ...stretch
CVE-2018-4309A cross-site scripting issue existed in Safari. This issue was address ...stretch
CVE-2018-4311The issue was addressed by removing origin information. This issue aff ...stretch
CVE-2018-4312A use after free issue was addressed with improved memory management. ...stretch
CVE-2018-4314A use after free issue was addressed with improved memory management. ...stretch
CVE-2018-4315A use after free issue was addressed with improved memory management. ...stretch
CVE-2018-4316A memory corruption issue was addressed with improved state management ...stretch
CVE-2018-4317A use after free issue was addressed with improved memory management. ...stretch
CVE-2018-4318A use after free issue was addressed with improved memory management. ...stretch
CVE-2018-4319A cross-origin issue existed with "iframe" elements. This was addresse ...stretch
CVE-2018-4323Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4328Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4345A cross-site scripting issue existed in Safari. This issue was address ...stretch
CVE-2018-4358Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4359Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4361A memory consumption issue was addressed with improved memory handling ...stretch
CVE-2018-4372Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4373Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4375Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4376Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4378A memory corruption issue was addressed with improved validation. This ...stretch
CVE-2018-4382Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4386Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4392Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4416Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4437Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2018-4438A logic issue existed resulting in memory corruption. This was address ...stretch
CVE-2018-4441A memory corruption issue was addressed with improved memory handling. ...stretch
CVE-2018-4442A memory corruption issue was addressed with improved memory handling. ...stretch
CVE-2018-4443A memory corruption issue was addressed with improved memory handling. ...stretch
CVE-2018-4464Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2019-6212Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2019-6215A type confusion issue was addressed with improved memory handling. Th ...stretch
CVE-2019-6216Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2019-6217Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2019-6226Multiple memory corruption issues were addressed with improved memory ...stretch
CVE-2019-6227A memory corruption issue was addressed with improved memory handling. ...stretch
CVE-2019-6229A logic issue was addressed with improved validation. This issue is fi ...stretch
CVE-2019-6233A memory corruption issue was addressed with improved memory handling. ...stretch
CVE-2019-6234A memory corruption issue was addressed with improved memory handling. ...stretch
CVE-2019-8375The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.9 ...stretch
webkitgtkCVE-2016-10222runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in ...stretch
CVE-2016-10226JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...stretch
CVE-2016-1856WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tv ...stretch
CVE-2016-1857WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tv ...stretch
CVE-2016-4657WebKit in Apple iOS before 9.3.5 allows remote attackers to execute ar ...stretch
CVE-2016-4761WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow rem ...stretch
CVE-2016-9642JavaScriptCore in WebKit allows attackers to cause a denial of service ...stretch
CVE-2016-9643The regex code in Webkit 2.4.11 allows remote attackers to cause a den ...stretch
CVE-2017-2367An issue was discovered in certain Apple products. iOS before 10.3 is ...stretch
CVE-2017-5949JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...stretch
whiteduneCVE-2017-17518** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30. ...bullseye, buster, sid, stretch
wineTEMP-0816034-9C45DCunsafe use of /tmpstretch, stretch
wordpressCVE-2006-0733** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2 ...bullseye, buster, sid, stretch
CVE-2008-0191WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...bullseye, buster, sid, stretch
CVE-2011-4898** DISPUTED ** wp-admin/setup-config.php in the installation component ...bullseye, buster, sid, stretch
CVE-2011-4899** DISPUTED ** wp-admin/setup-config.php in the installation component ...bullseye, buster, sid, stretch
CVE-2012-0782** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...bullseye, buster, sid, stretch
CVE-2012-0937** DISPUTED ** wp-admin/setup-config.php in the installation component ...bullseye, buster, sid, stretch
CVE-2012-5868WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upo ...bullseye, buster, sid, stretch
CVE-2013-7233Cross-site request forgery (CSRF) vulnerability in the retrospam compo ...bullseye, buster, sid, stretch
CVE-2017-6514WordPress 4.7.2 mishandles listings of post authors, which allows remo ...bullseye, buster, sid, stretch
CVE-2018-6389In WordPress through 4.9.2, unauthenticated attackers can cause a deni ...bullseye, buster, sid, stretch
CVE-2021-29447Wordpress is an open source CMS. A user with the ability to upload fil ...bullseye, buster, stretch
wpaCVE-2016-10743hostapd before 2.6 does not prevent use of the low-quality PRNG that i ...stretch
CVE-2017-13084Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Sta ...bullseye, buster, sid, stretch
CVE-2019-5061An exploitable denial-of-service vulnerability exists in the hostapd 2 ...buster, stretch
CVE-2019-5062An exploitable denial-of-service vulnerability exists in the 802.11w s ...bullseye, buster, sid, stretch
CVE-2021-30004In wpa_supplicant and hostapd 2.9, forging attacks may occur because A ...bullseye, buster, sid, stretch
xbindkeys-configCVE-2014-9513Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows rem ...bullseye, buster, sid, stretch
xchatCVE-2011-5129Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote at ...buster
xdg-user-dirsCVE-2017-15131It was found that system umask policy is not being honored when creati ...bullseye, buster, sid, stretch
xenCVE-2014-9066Xen 4.4.x and earlier, when using a large number of VCPUs, does not pr ...bullseye, buster, sid, stretch
xerces-cCVE-2012-0880Apache Xerces-C++ allows remote attackers to cause a denial of service ...bullseye, buster, sid, stretch
xfigCVE-2009-4228Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlie ...bullseye, buster, sid, stretch
xloadimageCVE-2006-4484Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in ...bullseye, buster, sid, stretch
xpdfCVE-2010-0206xpdf allows remote attackers to cause a denial of service (NULL pointe ...bullseye, buster, sid, stretch
CVE-2010-0207In xpdf, the xref table contains an infinite loop which allows remote ...bullseye, buster, sid, stretch
CVE-2013-4472The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 a ...bullseye, buster, sid, stretch
CVE-2018-11033The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in ...bullseye, buster, sid, stretch
CVE-2018-16368SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows ...bullseye, buster, sid, stretch
CVE-2018-16369XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a ...bullseye, buster, sid, stretch
CVE-2018-18454CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote atta ...bullseye, buster, sid, stretch
CVE-2018-18455The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote a ...bullseye, buster, sid, stretch
CVE-2018-18456The function Object::isName() in Object.h (called from Gfx::opSetFillC ...bullseye, buster, sid, stretch
CVE-2018-18457The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remo ...bullseye, buster, sid, stretch
CVE-2018-18458The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows r ...bullseye, buster, sid, stretch
CVE-2018-18459The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remo ...bullseye, buster, sid, stretch
CVE-2018-7173A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an ...bullseye, buster, sid, stretch
CVE-2018-7174An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref a ...bullseye, buster, sid, stretch
CVE-2018-7175An issue was discovered in xpdf 4.00. A NULL pointer dereference in re ...bullseye, buster, sid, stretch
CVE-2018-7452A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc i ...bullseye, buster, sid, stretch
CVE-2018-7453Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 ...bullseye, buster, sid, stretch
CVE-2018-7454A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpd ...bullseye, buster, sid, stretch
CVE-2018-7455An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xp ...bullseye, buster, sid, stretch
CVE-2018-8100The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allo ...bullseye, buster, sid, stretch
CVE-2018-8101The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf ...bullseye, buster, sid, stretch
CVE-2018-8102The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4 ...bullseye, buster, sid, stretch
CVE-2018-8103The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf ...bullseye, buster, sid, stretch
CVE-2018-8104The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows atta ...bullseye, buster, sid, stretch
CVE-2018-8105The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allow ...bullseye, buster, sid, stretch
CVE-2018-8106The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 ...bullseye, buster, sid, stretch
CVE-2018-8107The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows atta ...bullseye, buster, sid, stretch
xtermCVE-2006-4447X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtran ...bullseye, buster, sid, stretch
yabasicCVE-2019-19720Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() functio ...bullseye, buster, sid, stretch
CVE-2019-19796Yabasic 2.86.2 has a heap-based buffer overflow in myformat in functio ...bullseye, buster, sid, stretch
yaraCVE-2019-19648In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, ...bullseye, buster, sid, stretch
yawsCVE-2009-4495Yaws 1.85 writes data to a log file without sanitizing non-printable c ...bullseye, buster, sid, stretch
yumCVE-2013-1910yum does not properly handle bad metadata, which allows an attacker to ...buster, stretch
zimCVE-2020-10870Zim through 0.72.1 creates temporary directories with predictable name ...buster, stretch
zipCVE-2018-13410** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line opti ...bullseye, buster, sid, stretch
zoneminderCVE-2019-7330Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...bullseye, sid
CVE-2019-7350Session fixation exists in ZoneMinder through 1.32.3, as an attacker c ...bullseye, sid
CVE-2019-7351Log Injection exists in ZoneMinder through 1.32.3, as an attacker can ...bullseye, sid
CVE-2019-8423ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/view ...bullseye, sid
CVE-2019-8424ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sor ...bullseye, sid
CVE-2019-8425includes/database.php in ZoneMinder before 1.32.3 has XSS in the const ...bullseye, sid
CVE-2019-8426skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS ...bullseye, sid
CVE-2019-8427daemonControl in includes/functions.php in ZoneMinder before 1.32.3 al ...bullseye, sid
CVE-2019-8428ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views ...bullseye, sid
CVE-2019-8429ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php fil ...bullseye, sid
zophCVE-2014-9235Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Pho ...bullseye, buster, sid
CVE-2014-9236Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zop ...bullseye, buster, sid
zshCVE-2017-18205In builtin.c in zsh before 5.4, when sh compatibility mode is used, th ...stretch
CVE-2018-7548In subst.c in zsh through 5.4.2, there is a NULL pointer dereference w ...stretch
CVE-2018-7549In params.c in zsh through 5.4.2, there is a crash during a copy of an ...stretch
zziplibCVE-2018-17828Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers ...bullseye, buster, sid, stretch
CVE-2018-6542In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trail ...bullseye, buster, sid, stretch
zziplibCVE-2018-7727An issue was discovered in ZZIPlib 0.13.68. There is a memory leak tri ...bullseye, buster, sid, stretch
Search for package or bug name: Reporting problems