Packages that have open unimportant issues

This page lists packages that are affected by issues that are considered unimportant from a security perspective. These issues are thought to be unexploitable or uneffective in most situations (for example, browser denial-of-services).

Package	Bug	Description	Releases
389-admin	CVE-2015-0233		jessie
9base	CVE-2014-1935	insecure use of /tmp	buster, jessie, sid, stretch, wheezy
ace	CVE-2014-6311	/tmp file vulnerability in generate_doxygen.pl	wheezy
activemq	CVE-2016-6810		jessie, wheezy
android-platform-frameworks-native	CVE-2015-3875	libutils in Android before 5.1.1 LMY48T allows remote attackers to ...	buster, jessie, sid, stretch
	CVE-2015-6602	libutils in Android through 5.1.1 LMY48M allows remote attackers to ...	buster, jessie, sid, stretch
	CVE-2015-6609	libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 ...	buster, jessie, sid, stretch
android-platform-system-core	CVE-2012-5564	android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users ...	buster, jessie, sid, stretch
	CVE-2016-0807	The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x ...	jessie
	CVE-2016-3861	LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...	jessie
	CVE-2017-0647	An information disclosure vulnerability in libziparchive could enable ...	stretch
android-tools	CVE-2012-5564	android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users ...	buster, jessie, sid
aolserver4	CVE-2009-4494	AOLserver 4.5.1 writes data to a log file without sanitizing ...	buster, jessie, sid, stretch, wheezy
apache2	CVE-2001-1534	mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...	buster, jessie, sid, stretch, wheezy
	CVE-2003-1307	DISPUTED ...	buster, jessie, sid, stretch, wheezy
	CVE-2003-1580	The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...	buster, jessie, sid, stretch, wheezy
	CVE-2003-1581	The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...	buster, jessie, sid, stretch, wheezy
	CVE-2007-0086	DISPUTED ...	buster, jessie, sid, stretch, wheezy
	CVE-2007-1743	suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...	buster, jessie, sid, stretch, wheezy
	CVE-2007-3303	Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...	buster, jessie, sid, stretch, wheezy
	CVE-2008-0455	Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...	buster, jessie, sid, stretch, wheezy
	CVE-2008-0456	CRLF injection vulnerability in the mod_negotiation module in the ...	buster, jessie, sid, stretch, wheezy
	CVE-2011-4415	The ap_pregsub function in server/util.c in the Apache HTTP Server ...	wheezy
apt	CVE-2011-3374	apt-key insecure validation	buster, jessie, sid, stretch, wheezy
apt-setup	CVE-2005-2214	apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...	buster, jessie, sid, stretch, wheezy
arora	CVE-2011-3367	Arora, possibly 0.11 and other versions, does not use a certain font ...	jessie, sid, wheezy
	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...	jessie, sid, wheezy
audit	CVE-2015-5186	log terminal emulator escape sequences handling	jessie, wheezy
automake1.11	TEMP-0827346-22ED59	install-sh: insecure use of /tmp	jessie, wheezy
awffull	CVE-2007-0510	Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) ...	buster, jessie, sid, stretch, wheezy
axis	CVE-2007-2353	Apache Axis 1.0 allows remote attackers to obtain sensitive ...	buster, jessie, sid, stretch, wheezy
banshee	CVE-2009-1175	Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in ...	buster, jessie, sid, stretch, wheezy
base-passwd	TEMP-0274229-6E02C2	base-passwd: sets valid shells for system services	wheezy
bash	CVE-2016-0634	bash prompt expanding return value from gethostname()	wheezy
	TEMP-0841856-B18BAF	Privilege escalation possible to other user than root	buster, jessie, sid, stretch, wheezy
blender	CVE-2005-3151	Buffer overflow in blenderplay in Blender Player 2.37a allows ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-3850	Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to ...	buster, jessie, sid, stretch, wheezy
	CVE-2010-5105	The undo save quit routine in the kernel in Blender 2.5, 2.63a, and ...	buster, jessie, sid, stretch, wheezy
boa	CVE-2009-4496	Boa 0.94.14rc21 writes data to a log file without sanitizing ...	wheezy
bochs	CVE-2007-2894	The emulated floppy disk controller in Bochs 2.3 allows local users of ...	buster, jessie, sid, stretch, wheezy
busybox	CVE-2016-6301	The recv_and_process_client_pkt function in networking/ntpd.c in ...	buster, jessie, sid, stretch, wheezy
cableswig	CVE-2009-3560	The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...	jessie, wheezy
	CVE-2009-3720	The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...	jessie, wheezy
cacti	CVE-2009-4112	Cacti 0.8.7e and earlier allows remote authenticated administrators to ...	buster, jessie, sid, stretch, wheezy
cadaver	CVE-2009-3560	The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-3720	The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...	buster, jessie, sid, stretch, wheezy
capnproto	CVE-2017-7892	Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a ...	buster, sid, stretch
chromium-browser	CVE-2008-7246	Google Chrome 0.2.149.29 and earlier allows remote attackers to cause ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-0374	DISPUTED ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-1598	Google Chrome executes DOM calls in response to a javascript: URI in ...	buster, jessie, sid, stretch, wheezy
	CVE-2010-1384	Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...	buster, jessie, sid, stretch, wheezy
	CVE-2010-1992	Google Chrome 1.0.154.48 executes a mail application in situations ...	buster, jessie, sid, stretch, wheezy
	CVE-2010-4037	Unspecified vulnerability in Google Chrome before 7.0.517.41 allows ...	buster, jessie, sid, stretch, wheezy
	CVE-2010-4482	Unspecified vulnerability in Google Chrome before 8.0.552.215 allows ...	buster, jessie, sid, stretch, wheezy
	CVE-2011-2599	Google Chrome 11 does not block use of a cross-domain image as a WebGL ...	buster, jessie, sid, stretch, wheezy
	CVE-2011-3640	DISPUTED Untrusted search path vulnerability in Mozilla Network ...	buster, jessie, sid, stretch, wheezy
	CVE-2012-5851	html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google ...	buster, jessie, sid, stretch, wheezy
cifs-utils	CVE-2014-2830	Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils ...	buster, jessie, sid, stretch
coin3	CVE-2009-3560	The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-3720	The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...	buster, jessie, sid, stretch, wheezy
conkeror	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...	buster, jessie, sid, stretch, wheezy
coreutils	CVE-2017-2616	Sending SIGKILL to other processes with root privileges via su	wheezy
courier	CVE-2004-2313	Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error ...	buster, jessie, sid, stretch, wheezy
	CVE-2005-1308	SqWebMail allows remote attackers to inject arbitrary web script or ...	buster, jessie, sid, stretch, wheezy
cryptsetup	CVE-2016-4484	The Debian initrd script for the cryptsetup package 2:1.7.3-2 and ...	jessie, wheezy
ctn	CVE-2008-5146	add-accession-numbers in ctn 3.0.6 allows local users to overwrite ...	buster, jessie, sid, stretch
cups	CVE-2014-8166	code execution via unescape ANSI escape sequences	buster, jessie, sid, stretch, wheezy
cups-filters	TEMP-0000000-ACBC4C	buffer overflows in init_cups	jessie, wheezy
curl	CVE-2016-3739	The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) ...	jessie, wheezy
	CVE-2017-7407	The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow ...	jessie
darktable	CVE-2013-2126	Multiple double free vulnerabilities in the LibRaw::unpack function in ...	wheezy
db4o	CVE-2012-6550	Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 ...	buster, sid, stretch, wheezy
	CVE-2013-1808	Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ...	buster, sid, stretch, wheezy
	CVE-2014-1869	Multiple cross-site scripting (XSS) vulnerabilities in ...	buster, sid, stretch, wheezy
dcmtk	CVE-2013-6825	(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) ...	buster, jessie, sid, stretch, wheezy
dcraw	CVE-2013-1438	Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in ...	buster, jessie, sid, stretch, wheezy
dhcpcd5	CVE-2014-7913	The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...	buster, jessie, sid, stretch
dillo	TEMP-0560108-565B70	browser-based css info disclosure	buster, jessie, sid, stretch, wheezy
dirmngr	CVE-2011-2207		jessie, wheezy
distribute	CVE-2013-1633	easy_install in setuptools before 0.7 uses HTTP to retrieve packages ...	wheezy
djvulibre	TEMP-0775193-7F000E	djvudigital: insecure use of /tmp	jessie, wheezy
dnspython	CVE-2008-1447	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...	buster, jessie, sid, stretch, wheezy
dnstracer	CVE-2017-9430	Stack-based buffer overflow in dnstracer through 1.9 allows attackers ...	buster, jessie, sid, stretch, wheezy
dogtag-pki	CVE-2015-0234		sid
dokuwiki	CVE-2012-3354	doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain ...	wheezy
dovecot	CVE-2008-4870	dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly ...	buster, jessie, sid, stretch, wheezy
dpkg	CVE-2017-8283	dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU ...	jessie, wheezy
dpkg-cross	CVE-2008-4950	DISPUTED gccross in dpkg-cross 2.3.0 allows local users to ...	buster, sid, stretch, wheezy
dropbear	CVE-2016-7409	The dbclient and server in Dropbear SSH before 2016.74, when compiled ...	jessie, wheezy
drupal7	CVE-2007-6752	DISPUTED Cross-site request forgery (CSRF) vulnerability in ...	buster, jessie, sid, stretch, wheezy
	CVE-2012-2922	The request_path function in includes/bootstrap.inc in Drupal 7.14 and ...	wheezy
dwb	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...	jessie, wheezy
edk2	CVE-2014-4859		buster, jessie, sid, stretch
	CVE-2014-4860		buster, jessie, sid, stretch
eglibc	CVE-2010-3192	Certain run-time memory protection mechanisms in the GNU C Library ...	wheezy
	CVE-2010-4051	The regcomp implementation in the GNU C Library (aka glibc or libc6) ...	wheezy
	CVE-2010-4052	Stack consumption vulnerability in the regcomp implementation in the ...	wheezy
	CVE-2010-4756	The glob implementation in the GNU C Library (aka glibc or libc6) ...	wheezy
emacs24	CVE-2014-9483	a left-click in Emacs sometimes modifies the PRIMARY selection	jessie
epiphany-browser	CVE-2007-1084	Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...	buster, jessie, sid, stretch, wheezy
	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-1000025	GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 ...	jessie, wheezy
	TEMP-0560108-565B70	browser-based css info disclosure	buster, jessie, sid, stretch, wheezy
erlang	CVE-2009-0130	DISPUTED lib/crypto/c_src/crypto_drv.c in erlang does not ...	buster, jessie, sid, stretch, wheezy
	CVE-2016-1000107		buster, jessie, sid, stretch, wheezy
evolution	CVE-2007-1266	Evolution 2.8.1 and earlier does not properly use the --status-fd ...	buster, jessie, sid, stretch, wheezy
	CVE-2011-3201	GNOME Evolution before 3.2.3 allows user-assisted remote attackers to ...	buster, jessie, sid, stretch, wheezy
	CVE-2013-4166	problem in GPG key selection when encrypting mail	buster, jessie, sid, stretch, wheezy
expat	CVE-2013-0340	expat 2.1.0 and earlier does not properly handle entities expansion ...	buster, jessie, sid, stretch, wheezy
eyed3	CVE-2014-1934	tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for ...	jessie, wheezy
fetchmail	CVE-2011-1947	fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time ...	wheezy
firefox	CVE-2004-1639	Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...	sid
	CVE-2005-2395	Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...	sid
	CVE-2005-4685	Firefox and Mozilla can associate a cookie with multiple domains when ...	sid
firehol	CVE-2008-4953	DISPUTED ...	buster, jessie, sid, stretch, wheezy
flashrom	TEMP-0000000-C3CEDB	fscanf format string security bug in flashrom layout code	jessie, wheezy
foomatic-filters	CVE-2011-2923		buster, jessie, sid, stretch, wheezy
	TEMP-0000000-ACBC4C	buffer overflows in init_cups	buster, jessie, sid, stretch, wheezy
freebsd-sendpr	CVE-2008-5142	sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local ...	wheezy
freeipa	CVE-2014-7850	Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x ...	sid
freeradius	CVE-2007-0080	DISPUTED ...	buster, jessie, sid, stretch, wheezy
freerdp	CVE-2014-0250	Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP ...	wheezy
	CVE-2014-0791	Integer overflow in the license_read_scope_list function in ...	buster, jessie, sid, stretch, wheezy
freetype	TEMP-0773084-4AB1FB	freetype: out of bounds write	jessie
freevo	CVE-2008-4955	freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary ...	jessie, sid, wheezy
gallery	CVE-2008-3600	Directory traversal vulnerability in contrib/phpBB2/modules.php in ...	wheezy
ganglia	CVE-2015-6816	Ganglia-web auth bypass	wheezy
ganglia-web	CVE-2013-6395	Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web ...	buster, jessie, sid, stretch
	CVE-2015-6816	Ganglia-web auth bypass	buster, jessie, sid, stretch
gcc-mingw-w64	CVE-2016-4973	Binaries compiled against targets that use the libssp library in GCC ...	buster, jessie, sid, stretch, wheezy
gdb	CVE-2006-4146	Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 ...	buster, jessie, sid, stretch, wheezy
	CVE-2011-4355	GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is ...	buster, jessie, sid, stretch, wheezy
	CVE-2014-8501	The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU ...	buster, jessie, sid, stretch, wheezy
	CVE-2014-9939	ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow ...	jessie, wheezy
	CVE-2017-9778	GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length ...	buster, jessie, sid, stretch, wheezy
gdk-pixbuf	CVE-2017-6311	gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent ...	buster, sid, stretch
ghostscript	CVE-2017-7948	Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 ...	buster, sid, stretch
	CVE-2017-8908	The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 ...	buster, sid, stretch
giflib	CVE-2016-3177	Multiple use-after-free and double-free vulnerabilities in gifcolor.c ...	buster, jessie, sid, stretch, wheezy
gimp	CVE-2007-3126	Gimp before 2.8.22 allows context-dependent attackers to cause a ...	buster, jessie, sid, stretch, wheezy
	CVE-2012-4245	The scriptfu network server in GIMP 2.6 does not require ...	buster, jessie, sid, stretch, wheezy
git-repair	TEMP-0807341-84E914	uses non-random tempdir /tmp/tmprepo.0/.git/	jessie
glance	CVE-2013-4354	The API before 2.1 in OpenStack Image Registry and Delivery Service ...	buster, jessie, sid, stretch, wheezy
	CVE-2015-8234	The image signature algorithm in OpenStack Glance 11.0.0 allows remote ...	buster, jessie, sid, stretch, wheezy
	CVE-2016-8611	Glance Image service v1 and v2 api image-create vulnerability	buster, jessie, sid, stretch, wheezy
glib2.0	CVE-2012-0039	DISPUTED GLib 2.31.8 and earlier, when the g_str_hash function ...	buster, jessie, sid, stretch, wheezy
glibc	CVE-2010-4051	The regcomp implementation in the GNU C Library (aka glibc or libc6) ...	buster, jessie, sid, stretch
	CVE-2010-4052	Stack consumption vulnerability in the regcomp implementation in the ...	buster, jessie, sid, stretch
	CVE-2010-4756	The glob implementation in the GNU C Library (aka glibc or libc6) ...	buster, jessie, sid, stretch
	CVE-2015-8985	The pop_fail_stack function in the GNU C Library (aka glibc or libc6) ...	buster, jessie, sid, stretch
glpi	CVE-2010-1618	Cross-site scripting (XSS) vulnerability in the phpCAS client library ...	jessie, wheezy
	CVE-2010-2795	phpCAS before 1.1.2 allows remote authenticated users to hijack ...	jessie, wheezy
	CVE-2010-2796	Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when ...	jessie, wheezy
	CVE-2010-3690	Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before ...	jessie, wheezy
	CVE-2010-3691	PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is ...	jessie, wheezy
	CVE-2010-3692	Directory traversal vulnerability in the callback function in ...	jessie, wheezy
	CVE-2013-2225	inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote ...	wheezy
	CVE-2013-2226	Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow ...	wheezy
	CVE-2013-2227	local file inclusion	wheezy
	CVE-2013-5696	inc/central.class.php in GLPI before 0.84.2 does not attempt to make ...	wheezy
	CVE-2014-5032	GLPI before 0.84.7 does not properly restrict access to cost ...	jessie, wheezy
	CVE-2014-8360	Directory traversal vulnerability in inc/autoload.function.php in GLPI ...	jessie, wheezy
	CVE-2014-9258	SQL injection vulnerability in ajax/getDropdownValue.php in GLPI ...	jessie, wheezy
	CVE-2015-7684	Unrestricted file upload in GLPI before 0.85.3 allows remote ...	jessie, wheezy
	CVE-2015-7685	GLPI before 0.85.3 allows remote authenticated users to create ...	jessie, wheezy
	CVE-2016-7507	Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows ...	jessie, wheezy
	CVE-2016-7508	Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an ...	jessie, wheezy
	CVE-2016-7509	Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote ...	jessie, wheezy
	CVE-2017-11329	GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php ...	jessie, wheezy
	CVE-2017-11474	GLPI before 9.1.5.1 has SQL Injection in the $crit variable in ...	jessie, wheezy
	CVE-2017-11475	GLPI before 9.1.5.1 has SQL Injection in the condition rule field, ...	jessie, wheezy
glusterfs	CVE-2012-5635	The GlusterFS functionality in Red Hat Storage Management Console 2.0, ...	buster, jessie, sid, stretch, wheezy
gnome-orca	CVE-2013-4245	Arbitrary code execution due to insecure CWD Python module load	buster, jessie, sid, stretch, wheezy
gnome-shell	CVE-2012-4427	The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...	buster, jessie, sid, stretch, wheezy
gnuchess	CVE-2015-8972	Stack-based buffer overflow in the ValidateMove function in ...	jessie, wheezy
gnumail	CVE-2007-1269	GNUMail 1.1.2 and earlier does not properly use the --status-fd ...	buster, sid, stretch
gnutls26	CVE-2011-3389	The SSL protocol, as used in certain configurations in Microsoft ...	wheezy, buster, jessie, sid, stretch
gnutls28	TEMP-0000000-1BAE4D	GNUTLS-SA-2016-2: certificate verification issue	jessie
golang	CVE-2016-5386	The net/http package in Go through 1.6 does not attempt to address RFC ...	jessie, wheezy
gpw	CVE-2011-4931		buster, jessie, sid, stretch, wheezy
graphicsmagick	CVE-2014-1947	Buffer overflow vulnerability	wheezy
grub	CVE-2008-3896	Grub Legacy 0.97 and earlier stores pre-boot authentication passwords ...	buster, jessie, sid, stretch, wheezy
grub2	CVE-2013-4577	A certain Debian patch for GNU GRUB uses world-readable permissions ...	wheezy
	CVE-2017-9763	The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before ...	wheezy
haskell-tls	CVE-2011-3389	The SSL protocol, as used in certain configurations in Microsoft ...	buster, jessie, sid, stretch, wheezy
hex-a-hop	TEMP-0528250-2E3658	hex-a-hop: buffer overflow in loading save games	buster, jessie, sid, stretch, wheezy
icecast2	CVE-2005-0837	IceCast 2.20 allows remote attackers to bypass the XSL parser and ...	buster, jessie, sid, stretch, wheezy
	CVE-2005-0838	Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...	buster, jessie, sid, stretch, wheezy
icedove	CVE-2006-5633	Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...	buster, jessie, sid, stretch, wheezy
	CVE-2008-5430	Mozilla Thunderbird 2.0.14 does not properly handle (1) ...	buster, jessie, sid, stretch, wheezy
iceweasel	CVE-2004-1639	Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...	wheezy
	CVE-2005-2395	Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...	wheezy
	CVE-2005-4685	Firefox and Mozilla can associate a cookie with multiple domains when ...	wheezy
	CVE-2006-2723	Unspecified versions of Mozilla Firefox allow remote attackers to ...	wheezy
	CVE-2006-5633	Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...	wheezy
	CVE-2006-6954	Flock beta 1 0.7 allows remote attackers to cause a denial of service ...	wheezy
	CVE-2007-1084	Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...	wheezy
	CVE-2007-1256	Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address ...	wheezy
	CVE-2007-1736	Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or ...	wheezy
	CVE-2007-1970	Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...	wheezy
	CVE-2007-2162	(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...	wheezy
	CVE-2007-2671	Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of ...	wheezy
	CVE-2007-4357	Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof ...	wheezy
	CVE-2007-5415	Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when ...	wheezy
	CVE-2007-5896	Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of ...	wheezy
	CVE-2007-6715	Mozilla Firefox allows remote attackers to cause a denial of service ...	wheezy
	CVE-2008-2014	Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial ...	wheezy
	CVE-2008-3444	The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows ...	wheezy
	CVE-2008-4324	The user interface event dispatcher in Mozilla Firefox 3.0.3 on ...	wheezy
	CVE-2008-5715	Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to ...	wheezy
	CVE-2009-0071	Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is ...	wheezy
	CVE-2009-0821	Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause ...	wheezy
	CVE-2009-3010	Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...	wheezy
	CVE-2009-3014	Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...	wheezy
	CVE-2011-0082	The X.509 certificate validation functionality in Mozilla Firefox ...	wheezy
	CVE-2011-4688	Mozilla Firefox 8.0.1 and earlier does not prevent capture of data ...	wheezy
	CVE-2013-6167	Mozilla Firefox through 27 sends HTTP Cookie headers without first ...	wheezy
imagemagick	CVE-2005-0406	A design flaw in image processing software that modifies JPEG images ...	buster, jessie, sid, stretch, wheezy
	CVE-2008-3134	Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 ...	buster, jessie, sid, stretch, wheezy
	CVE-2016-8678	The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-6502	An issue was discovered in ImageMagick 6.9.7. A specially crafted webp ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-7275	The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows ...	buster, jessie, sid, stretch, wheezy
initramfs-tools	CVE-2008-4996	DISPUTED ...	buster, jessie, sid, stretch, wheezy
iptables	CVE-2012-2663	extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP ...	buster, jessie, sid, stretch, wheezy
irssi	TEMP-0000000-E6792F	irssi missing null terminator	jessie, wheezy
jasper	CVE-2016-10248	The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before ...	jessie, wheezy
	CVE-2016-8883	The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 ...	jessie
	CVE-2016-8887	The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer ...	jessie
	CVE-2016-9387	Integer overflow in the jpc_dec_process_siz function in ...	jessie, wheezy
	CVE-2016-9388	The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows ...	jessie, wheezy
	CVE-2016-9389	The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before ...	jessie, wheezy
	CVE-2016-9390	The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 ...	jessie, wheezy
	CVE-2016-9391	The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 ...	jessie, wheezy
	CVE-2016-9392	The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 ...	jessie, wheezy
	CVE-2016-9393	The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 ...	jessie, wheezy
	CVE-2016-9394	The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 ...	jessie, wheezy
	CVE-2016-9395	The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 ...	jessie, wheezy
	CVE-2016-9396	The JPC_NOMINALGAIN function in jpc_t1cod.c in JasPer before 1.900.12 ...	jessie, wheezy
	CVE-2016-9397	The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows ...	jessie, wheezy
	CVE-2016-9398	The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 ...	jessie, wheezy
	CVE-2016-9399	The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows ...	jessie, wheezy
	CVE-2016-9583	Out of bounds heap read in jpc_pi_nextpcrl()	jessie, wheezy
	CVE-2016-9600	Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder	jessie, wheezy
	CVE-2017-1000050	JasPer 2.0.12 is vulnerable to a NULL pointer exception in the ...	jessie, wheezy
	CVE-2017-5498	libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote ...	jessie, wheezy
	CVE-2017-5499	Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows ...	jessie, wheezy
	CVE-2017-5500	libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to ...	jessie, wheezy
	CVE-2017-5502	libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to ...	jessie, wheezy
	CVE-2017-5504	The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer ...	jessie, wheezy
	CVE-2017-5505	The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows ...	jessie, wheezy
	CVE-2017-6850	The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 ...	jessie, wheezy
	CVE-2017-6851	The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows ...	jessie, wheezy
jetty	CVE-2009-3579	Cross-site scripting (XSS) vulnerability in the CookieDump.java sample ...	jessie, wheezy
jquery	CVE-2007-2379	The jQuery framework exchanges data using JavaScript Object Notation ...	buster, jessie, sid, stretch, wheezy
json-glib	TEMP-0772585-D41D8C		buster, jessie, sid, stretch
kde-baseapps	CVE-2012-4512		buster, jessie, sid, stretch, wheezy
	CVE-2012-4513	khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows ...	buster, jessie, sid, stretch, wheezy
	CVE-2012-4514	rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows ...	buster, jessie, sid, stretch, wheezy
	CVE-2012-4515	Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in ...	buster, jessie, sid, stretch, wheezy
	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...	buster, jessie, sid, stretch, wheezy
kde-workspace	CVE-2013-4133	memory leak	wheezy
	CVE-2014-8651	The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and ...	wheezy
kde4libs	CVE-2009-1692	WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-1718	WebKit in Apple Safari before 4.0 allows user-assisted remote ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-1724	Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-3015	QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-3272	Stack consumption vulnerability in WebKit.dll in WebKit in Apple ...	buster, jessie, sid, stretch, wheezy
	TEMP-0560108-565B70	browser-based css info disclosure	buster, jessie, sid, stretch, wheezy
	TEMP-0568486-B6FCB6	browser javascript document.write denial-of-service	buster, jessie, sid, stretch, wheezy
kdepim	CVE-2006-7139	Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, ...	buster, jessie, sid, stretch, wheezy
	CVE-2007-1265	KMail 1.9.5 and earlier does not properly use the --status-fd argument ...	buster, jessie, sid, stretch, wheezy
kfreebsd-10	CVE-2011-2393	The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...	buster, jessie, sid, stretch
	CVE-2015-5675	IRET privilege escalation	jessie
	CVE-2016-1879	The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 ...	buster, jessie, sid, stretch
	CVE-2016-1880	The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and ...	jessie
	CVE-2016-1881	The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause ...	jessie
	CVE-2016-1882	FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow ...	jessie
	CVE-2016-1883	The issetugid system call in the Linux compatibility layer in FreeBSD ...	jessie
	CVE-2016-1885	Integer signedness error in the amd64_set_ldt function in ...	jessie
	CVE-2016-1886	Integer signedness error in the genkbd_commonioctl function in ...	jessie
	CVE-2016-1887	Integer signedness error in the sockargs function in ...	jessie
kfreebsd-9	CVE-2016-1883	The issetugid system call in the Linux compatibility layer in FreeBSD ...	wheezy
krb5	CVE-2004-0971	The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...	buster, jessie, sid, stretch, wheezy
latex2rtf	CVE-2015-8106	Format string vulnerability in the CmdKeywords function in funct1.c in ...	jessie
lbreakout2	TEMP-0608980-E8B8DF	Crash with long HOME environment variable	buster, jessie, sid, stretch, wheezy
leptonlib	TEMP-0830660-09AE85	Insecure use of /tmp	jessie, wheezy
less	CVE-2014-9488	The is_utf8_well_formed function in GNU less before 475 allows remote ...	buster, jessie, sid, stretch, wheezy
lftp	CVE-2007-2348	mirror --script in lftp before 3.5.9 does not properly quote shell ...	buster, jessie, sid, stretch, wheezy
libapache-poi-java	CVE-2016-5000	The XLSX2CSV example in Apache POI before 3.14 allows remote attackers ...	buster, jessie, sid, stretch, wheezy
libav	CVE-2016-7477	The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 ...	jessie, wheezy
	CVE-2016-7499	The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote ...	jessie, wheezy
	CVE-2016-8675	The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote ...	jessie, wheezy
	CVE-2016-8676	The get_vlc2 function in get_bits.h in Libav 11.9 allows remote ...	jessie, wheezy
	CVE-2016-9819	libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause ...	jessie
	CVE-2016-9820	libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to ...	jessie
	CVE-2016-9825	libswscale/utils.c in libav 11.8 allows remote attackers to cause a ...	jessie, wheezy
	CVE-2016-9826	libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause ...	jessie, wheezy
libcapsinetwork	CVE-2015-0841	off-by-one buffer overflow in Listener::checkActivity in libcapsinetwork/monopd	wheezy
libcommons-collections4-java	CVE-2015-7501	java unserialisation issues	buster, jessie, sid, stretch
libcommons-fileupload-java	CVE-2013-0248	The default configuration of javax.servlet.context.tempdir in Apache ...	wheezy
	CVE-2016-1000031	Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation ...	buster, jessie, sid, stretch, wheezy
libcrypto++	CVE-2016-7420	Crypto++ (aka cryptopp) through 5.6.4 does not document the ...	buster, jessie, sid, stretch, wheezy
libdata-uuid-perl	CVE-2013-4184	symlink attacks	buster, jessie, sid, stretch
libemail-address-perl	CVE-2015-7686	Algorithmic complexity vulnerability in Address.pm in the ...	buster, jessie, sid, stretch, wheezy
libgadu	CVE-2013-4488	libgadu before 1.12.0 does not verify X.509 certificates from SSL ...	buster, jessie, sid, stretch, wheezy
libgnumail-java	CVE-2005-1105	Directory traversal vulnerability in the MimeBodyPart.getFileName ...	jessie, stretch, wheezy
libjpeg6b	CVE-2016-3616	The cjpeg utility in libjpeg allows remote attackers to cause a denial ...	sid, wheezy
libjs-handlebars	TEMP-0000000-345A3B	handlebars: quoteless attributes in templates can lead to content injection	buster, jessie, sid, stretch
libmp3-info-perl	CVE-2013-6499	loading a module relative to the cwd	buster, jessie, sid, stretch, wheezy
libnl3	CVE-2017-0553	An elevation of privilege vulnerability in libnl could enable a local ...	jessie
libphp-adodb	CVE-2006-4976	The Date Library in John Lim ADOdb Library for PHP allows remote ...	buster, jessie, sid, stretch, wheezy
	CVE-2011-3699	John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain ...	buster, jessie, sid, stretch, wheezy
libphp-phpmailer	CVE-2017-11503	PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email ...	buster, jessie, sid, stretch, wheezy
libreoffice	CVE-2012-5639		buster, jessie, sid, stretch, wheezy
	CVE-2013-4156	Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to ...	wheezy
libspring-java	CVE-2016-1000027		jessie, wheezy
libstruts1.2-java	CVE-2012-1007	Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...	wheezy
libuv	CVE-2014-9748		jessie, sid
libv8	CVE-2015-3910	Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as ...	wheezy
	CVE-2015-5605	The regular-expression implementation in Google V8, as used in Google ...	wheezy
	CVE-2015-7834	Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as ...	wheezy
	CVE-2015-8478	Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as ...	wheezy
	CVE-2016-1646	The Array.prototype.concat implementation in builtins.cc in Google V8, ...	wheezy
	CVE-2016-1653	The LoadBuffer implementation in Google V8, as used in Google Chrome ...	wheezy
	CVE-2016-1665	The JSGenericLowering class in compiler/js-generic-lowering.cc in ...	wheezy
	CVE-2016-1669	The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as ...	wheezy
	CVE-2016-1677	uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before ...	wheezy
	CVE-2016-1678	objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome ...	wheezy
	CVE-2016-1688	The regexp (aka regular expression) implementation in Google V8 before ...	wheezy
	CVE-2016-2051	Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, ...	wheezy
	CVE-2016-3679	Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, ...	wheezy
	CVE-2016-5129	Google V8 before 5.2.361.32, as used in Google Chrome before ...	wheezy
	CVE-2016-5198	V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 ...	wheezy
	CVE-2016-5200	V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 ...	wheezy
	CVE-2016-5213	A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, ...	wheezy
	CVE-2016-5219	A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for ...	wheezy
	CVE-2016-9651		wheezy
	CVE-2017-5012	A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for ...	wheezy
	CVE-2017-5030	Incorrect handling of complex species in V8 in Google Chrome prior to ...	wheezy
	CVE-2017-5040	V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux ...	wheezy
	CVE-2017-5053		wheezy
	CVE-2017-5054		wheezy
	CVE-2017-5070		wheezy
	CVE-2017-5071		wheezy
libv8-3.14	CVE-2013-2632	Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, ...	buster, jessie, sid, stretch
	CVE-2013-2838	Google V8, as used in Google Chrome before 27.0.1453.93, allows remote ...	buster, jessie, sid, stretch
	CVE-2013-2882	Google V8, as used in Google Chrome before 28.0.1500.95, allows remote ...	buster, jessie, sid, stretch
	CVE-2013-2919	Google V8, as used in Google Chrome before 30.0.1599.66, allows remote ...	buster, jessie, sid, stretch
	CVE-2013-6638	Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, ...	buster, jessie, sid, stretch
	CVE-2013-6649	Use-after-free vulnerability in the RenderSVGImage::paint function in ...	buster, jessie, sid, stretch
	CVE-2013-6650	The StoreBuffer::ExemptPopularPages function in store-buffer.cc in ...	buster, jessie, sid, stretch
	CVE-2013-6668	Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, ...	buster, jessie, sid, stretch
	CVE-2014-1704	Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, ...	buster, jessie, sid, stretch
	CVE-2014-1705	Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and ...	buster, jessie, sid, stretch
	CVE-2014-1716	Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype ...	buster, jessie, sid, stretch
	CVE-2014-1717	Google V8, as used in Google Chrome before 34.0.1847.116, does not ...	buster, jessie, sid, stretch
	CVE-2014-1729	Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, ...	buster, jessie, sid, stretch
	CVE-2014-1730	Google V8, as used in Google Chrome before 34.0.1847.131 on Windows ...	buster, jessie, sid, stretch
	CVE-2014-1735	Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, ...	buster, jessie, sid, stretch
	CVE-2014-1736	Integer overflow in api.cc in Google V8, as used in Google Chrome ...	buster, jessie, sid, stretch
	CVE-2014-3152	Integer underflow in the LCodeGen::PrepareKeyedOperand function in ...	buster, jessie, sid, stretch
	CVE-2014-3188	Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 ...	buster, jessie, sid, stretch
	CVE-2014-3195	Google V8, as used in Google Chrome before 38.0.2125.101, does not ...	buster, jessie, sid, stretch
	CVE-2014-3199	The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the ...	buster, jessie, sid, stretch
	CVE-2014-7192	Eval injection vulnerability in index.js in the syntax-error package ...	buster, jessie, sid, stretch
	CVE-2014-7927	The SimplifiedLowering::DoLoadBuffer function in ...	buster, jessie, sid, stretch
	CVE-2014-7928	hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, ...	buster, jessie, sid, stretch
	CVE-2014-7931	factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, ...	buster, jessie, sid, stretch
	CVE-2014-7939	Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 ...	buster, jessie, sid, stretch
	CVE-2014-7967	Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, ...	buster, jessie, sid, stretch
	CVE-2015-1230	The getHiddenProperty function in ...	buster, jessie, sid, stretch
	CVE-2015-1304	object-observe.js in Google V8, as used in Google Chrome before ...	buster, jessie, sid, stretch
	CVE-2015-1346	Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, ...	buster, jessie, sid, stretch
	CVE-2015-2238	Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as ...	buster, jessie, sid, stretch
	CVE-2015-3333	Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as ...	buster, jessie, sid, stretch
	CVE-2015-3336	Google Chrome before 42.0.2311.90 does not always ask the user before ...	buster, jessie, sid, stretch
	CVE-2015-6764	The BasicJsonStringifier::SerializeJSArray function in ...	buster, jessie, sid, stretch
	CVE-2015-6771	js/array.js in Google V8, as used in Google Chrome before ...	buster, jessie, sid, stretch
	CVE-2015-6774	Use-after-free vulnerability in the GetLoadTimes function in ...	buster, jessie, sid, stretch
libvirt	CVE-2013-4311	libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x ...	wheezy
libvpx	CVE-2015-1258	Google Chrome before 43.0.2357.65 relies on libvpx code that was not ...	jessie
	CVE-2015-4506	Buffer overflow in the vp9_init_context_buffers function in libvpx, as ...	jessie
libwebp	CVE-2016-9085	Multiple integer overflows in libwebp allows attackers to have ...	buster, jessie, sid, stretch
libwmf	CVE-2007-3476	Array index error in gd_gif_in.c in the GD Graphics Library (libgd) ...	buster, jessie, sid, stretch, wheezy
	CVE-2007-3477	The (a) imagearc and (b) imagefilledarc functions in GD Graphics ...	buster, jessie, sid, stretch, wheezy
	CVE-2007-3996	Multiple integer overflows in libgd in PHP before 5.2.4 allow remote ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-3546	The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before ...	buster, jessie, sid, stretch, wheezy
	TEMP-0601525-BEBB65	libgd2: gdImageColorTransparent can write outside buffer	buster, jessie, sid, stretch, wheezy
libxerces2-java	CVE-2012-0881	xerces-j2 hash table collisions CPU usage DoS	buster, jessie, sid, stretch, wheezy
libxslt	CVE-2015-9019	In libxslt 1.1.29 and earlier, the EXSLT math.random function was not ...	buster, jessie, sid, stretch, wheezy
lilo	CVE-2008-3895	LILO 22.6.1 and earlier stores pre-boot authentication passwords in ...	buster, jessie, sid, stretch, wheezy
lintian	CVE-2013-1429	Lintian unsafe symlinks	wheezy
linux	CVE-2004-0230	TCP, when using a large Window Size, makes it easier for remote ...	buster, jessie, sid, stretch, wheezy
	CVE-2005-3660	Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...	buster, jessie, sid, stretch, wheezy
	CVE-2007-3719	The process scheduler in the Linux kernel 2.6.16 gives preference to ...	buster, jessie, sid, stretch, wheezy
	CVE-2008-2544		buster, jessie, sid, stretch, wheezy
	CVE-2008-4609	The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...	buster, jessie, sid, stretch, wheezy
	CVE-2010-4563	The Linux kernel, when using IPv6, allows remote attackers to ...	buster, jessie, sid, stretch, wheezy
	CVE-2010-5321	Memory leak in drivers/media/video/videobuf-core.c in the videobuf ...	buster, jessie, sid, stretch, wheezy
	CVE-2011-4915		buster, jessie, sid, stretch, wheezy
	CVE-2011-4917		buster, jessie, sid, stretch, wheezy
	CVE-2012-4542	block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly ...	buster, jessie, sid, stretch, wheezy
	CVE-2012-5374	The CRC32C feature in the Btrfs implementation in the Linux kernel ...	wheezy
	CVE-2012-5375	The CRC32C feature in the Btrfs implementation in the Linux kernel ...	wheezy
	CVE-2013-4514	Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in ...	wheezy
	CVE-2013-4515	The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the ...	wheezy
	CVE-2014-9892	The snd_compr_tstamp function in sound/core/compress_offload.c in the ...	buster, jessie, sid, stretch, wheezy
	CVE-2014-9900	The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel ...	buster, jessie, sid, stretch, wheezy
	CVE-2015-2877	DISPUTED Kernel Samepage Merging (KSM) in the Linux kernel ...	buster, jessie, sid, stretch, wheezy
	CVE-2015-4001	Integer signedness error in the oz_hcd_get_desc_cnf function in ...	jessie
	CVE-2015-4002	drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux ...	jessie
	CVE-2015-4003	The oz_usb_handle_ep_data function in ...	jessie
	CVE-2015-4004	The OZWPAN driver in the Linux kernel through 4.0.5 relies on an ...	jessie
	CVE-2015-7837		jessie, wheezy
	CVE-2015-7885	The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in ...	jessie
	CVE-2015-8967	arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local ...	jessie, wheezy
	CVE-2016-2085	The evm_verify_hmac function in security/integrity/evm/evm_main.c in ...	wheezy
	CVE-2016-3707	The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org ...	wheezy
	CVE-2016-3857	The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices ...	jessie
	CVE-2016-9120	Race condition in the ion_ioctl function in ...	jessie
	CVE-2017-9984	The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-9985	The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-9986	The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel ...	buster, jessie, sid, stretch, wheezy
	TEMP-0000000-F7A20F	Kernel: Unprivileged user can freeze journald	buster, jessie, sid, stretch, wheezy
lrzip	CVE-2017-8842	The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-8843	The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-8845	The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-8847	The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in ...	buster, jessie, sid, stretch, wheezy
lxc	CVE-2013-6441	The lxc-sshd template (templates/lxc-sshd.in) in LXC before ...	wheezy
lynis	CVE-2017-8108	Unspecified tests in Lynis before 2.5.0 allow local users to write to ...	jessie, stretch
m2crypto	CVE-2009-0127	DISPUTED M2Crypto does not properly check the return value from ...	buster, jessie, sid, stretch, wheezy
m4	CVE-2008-1687	The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before ...	buster, jessie, sid, stretch, wheezy
	CVE-2008-1688	Unspecified vulnerability in GNU m4 before 1.4.11 might allow ...	buster, jessie, sid, stretch, wheezy
magpierss	CVE-2006-4735	Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain ...	buster, jessie, sid, stretch, wheezy
maildirsync	CVE-2008-5150	sample.sh in maildirsync 1.1 allows local users to append data to ...	buster, jessie, sid, stretch, wheezy
mailman	CVE-2006-2191	DISPUTED ...	buster, jessie, sid, stretch, wheezy
mantis	CVE-2014-9279	The print_test_result function in admin/upgrade_unattended.php in ...	wheezy
matanza	CVE-2009-3560	The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-3720	The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...	buster, jessie, sid, stretch, wheezy
mcollective	CVE-2014-0175	default password set at install	jessie, sid, wheezy
mediaelement	CVE-2016-4567	Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as ...	buster, jessie, sid, stretch
mediawiki	CVE-2007-0894	MediaWiki before 1.9.2 allows remote attackers to obtain sensitive ...	buster, sid, stretch, wheezy
	CVE-2014-1686		buster, sid, stretch, wheezy
	CVE-2015-2941	Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, ...	wheezy
	CVE-2015-2942	MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before ...	wheezy
mediawiki-extensions	CVE-2013-4305	Cross-site scripting (XSS) vulnerability in contrib/example.php in the ...	jessie, wheezy
mh-book	CVE-2008-5152	inmail-show in mh-book 200605 allows local users to overwrite ...	buster, jessie, sid, stretch, wheezy
midori	CVE-2012-2132	libsoup 2.32.2 and earlier does not validate certificates or clear the ...	stretch, wheezy
	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...	stretch, wheezy
mini-httpd	CVE-2009-4490	mini_httpd 1.19 writes data to a log file without sanitizing ...	buster, sid, stretch, wheezy
moin	CVE-2007-0902	Unspecified vulnerability in the "Show debugging information" feature ...	buster, jessie, sid, stretch, wheezy
mojarra	CVE-2010-2087	Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application ...	buster, jessie, sid, stretch, wheezy
mongodb	CVE-2015-2327	PCRE before 8.36 mishandles the /(((a\2)\|(a)\g<-1>))/ pattern and ...	buster, jessie, sid, stretch, wheezy
	CVE-2015-2328	PCRE before 8.36 mishandles the /((?(R)a\|(?1)))+/ pattern and related ...	buster, jessie, sid, stretch, wheezy
monitoring-plugins	CVE-2013-4215	The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins ...	buster, jessie, sid, stretch
	CVE-2014-4701	The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local ...	buster, jessie, sid, stretch
	CVE-2014-4702	The check_icmp plugin in Nagios Plugins before 2.0.2 allows local ...	buster, jessie, sid, stretch
	CVE-2014-4703	lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain ...	buster, jessie, sid, stretch
monopd	CVE-2015-0841	off-by-one buffer overflow in Listener::checkActivity in libcapsinetwork/monopd	buster, jessie, sid, stretch, wheezy
moodle	CVE-2006-4976	The Date Library in John Lim ADOdb Library for PHP allows remote ...	sid
	CVE-2008-3327	Moodle 1.6.5, when display_errors is enabled, allows remote attackers ...	sid
	CVE-2017-7298	In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add ...	sid
mp3splt	CVE-2017-5665	The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 ...	buster, jessie, sid, wheezy
	CVE-2017-5851	The free_options function in options_manager.c in mp3splt 2.6.2 allows ...	buster, jessie, sid, wheezy
mpg123	CVE-2017-11126	The III_i_stereo function in libmpg123/layer3.c in mpg123 through ...	buster, jessie, sid, stretch, wheezy
mupdf	CVE-2016-10246	Buffer overflow in the main function in jstest_main.c in Mujstest in ...	buster, jessie, sid, stretch, wheezy
	CVE-2016-10247	Buffer overflow in the my_getline function in jstest_main.c in ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-6060	Stack-based buffer overflow in jstest_main.c in mujstest in Artifex ...	buster, jessie, sid, stretch, wheezy
mustache.js	CVE-2015-8861	The handlebars package before 4.0.0 for Node.js allows remote ...	buster, jessie, sid, stretch
	CVE-2015-8862	mustache package before 2.2.1 for Node.js allows remote attackers to ...	buster, jessie, sid, stretch
	TEMP-0000000-137F0A	quoteless attributes in templates can lead to content injection	buster, jessie, sid, stretch
mutt	CVE-2007-1268	Mutt 1.5.13 and earlier does not properly use the --status-fd argument ...	buster, jessie, sid, stretch, wheezy
	TEMP-0775199-D05A9E	smime_keys: insecure use of /tmp	jessie, wheezy
mysql-5.5	CVE-2012-5613	DISPUTED ...	jessie, wheezy
	CVE-2012-5627	Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and ...	jessie, wheezy
nagios-nrpe	CVE-2014-2913	DISPUTED Incomplete blacklist vulnerability in nrpe.c in Nagios ...	wheezy
nagios-plugins	CVE-2013-4215	The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins ...	wheezy
	CVE-2014-4701	The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local ...	wheezy
	CVE-2014-4702	The check_icmp plugin in Nagios Plugins before 2.0.2 allows local ...	wheezy
	CVE-2014-4703	lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain ...	wheezy
nagios3	CVE-2008-5027	The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor ...	jessie, wheezy
net-tools	CVE-2002-1976	ifconfig, when used on the Linux kernel 2.2 and later, does not report ...	buster, jessie, sid, stretch, wheezy
netsurf	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...	buster, jessie, sid, stretch, wheezy
network-manager-applet	CVE-2017-6590	An issue was discovered in network-manager-applet (aka ...	buster, jessie, sid, stretch, wheezy
nghttp2	TEMP-0000000-A4EF31	Null pointer access in inflatehd tool	buster, jessie, sid, stretch
nginx	CVE-2009-4487	nginx 0.7.64 writes data to a log file without sanitizing ...	buster, jessie, sid, stretch, wheezy
node-cli	CVE-2016-1000021		jessie, sid
node-cookie-signature	CVE-2016-1000236		buster, jessie, sid, stretch
node-express	CVE-2014-6393	cross-site scripting via content-type header	buster, jessie, sid, stretch
node-marked	CVE-2015-1370	Incomplete blacklist vulnerability in marked 0.3.2 and earlier for ...	buster, jessie, sid, stretch
	CVE-2015-8854	The marked package before 0.3.4 for Node.js allows attackers to cause ...	buster, jessie, sid, stretch
	CVE-2016-1000013		buster, jessie, sid, stretch
node-minimatch	CVE-2016-1000023		buster, jessie, sid, stretch
node-moment	CVE-2016-4055	The duration function in the moment package before 2.11.2 for Node.js ...	buster, sid, stretch
	TEMP-0000000-750F16	regular expression DoS	buster, sid, stretch
node-negotiator	CVE-2016-1000022		buster, jessie, sid, stretch
node-semver	CVE-2015-8855	The semver package before 4.3.2 for Node.js allows attackers to cause ...	buster, jessie, sid, stretch
node-send	CVE-2015-8859	The send package before 0.11.1 for Node.js allows attackers to obtain ...	buster, jessie, sid, stretch
	TEMP-0000000-FD1F92	root path disclosure	buster, jessie, sid, stretch
node-serve-index	CVE-2015-8856	Cross-site scripting (XSS) vulnerability in the serve-index package ...	buster, jessie, sid, stretch
node-tar	CVE-2015-8860	The tar package before 2.0.0 for Node.js allows remote attackers to ...	buster, jessie, sid, stretch
node-uuid	CVE-2015-8851		buster, jessie, sid, stretch
node-ws	CVE-2016-1000025		buster, jessie, sid, stretch
	TEMP-0000000-BBB7D8	remote memory disclosure	jessie
nodejs	CVE-2014-5256	Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider ...	buster, jessie, sid, stretch
	CVE-2014-9748		jessie
	CVE-2016-1669	The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as ...	jessie
	CVE-2016-2086	Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before ...	jessie
	CVE-2016-2216	The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 ...	jessie
	CVE-2016-5325	CRLF injection vulnerability in the ServerResponse#writeHead function ...	jessie
	CVE-2016-7099	The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, ...	jessie
	TEMP-0868162-BE151A	nodejs hash seed	jessie, stretch
nova	CVE-2013-0326	_base images permissions world readable	buster, jessie, sid, stretch, wheezy
	CVE-2015-1850	Host file disclosure through qcow2 backing file	buster, jessie, sid, stretch, wheezy
nsd	CVE-2016-6173	NSD before 4.1.11 allows remote DNS master servers to cause a denial ...	buster, jessie, sid, stretch
ntp	CVE-2016-2517	NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to ...	jessie, wheezy
	CVE-2017-6458	Multiple buffer overflows in the ctl_put* functions in NTP before ...	jessie, wheezy
	CVE-2017-6462	Buffer overflow in the legacy Datum Programmable Time Server (DPTS) ...	jessie, wheezy
nvi	CVE-2015-2305	Integer overflow in the regcomp implementation in the Henry Spencer ...	jessie, wheezy
nvidia-cg-toolkit	CVE-2008-5144	nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...	buster, jessie, sid, stretch, wheezy
ocsinventory-server	CVE-2010-1733	Multiple SQL injection vulnerabilities in OCS Inventory NG before ...	jessie, sid, wheezy
	CVE-2014-4722	Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports ...	jessie, sid, wheezy
openjdk-6	CVE-2007-0012	Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...	wheezy
	CVE-2007-5019	Buffer overflow in the Sun Java Web Start ActiveX control in Java ...	wheezy
	CVE-2012-2739	Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 ...	wheezy, jessie, wheezy
openjpeg	CVE-2013-4289	Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before ...	jessie, wheezy
	CVE-2013-4290	Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote ...	jessie, wheezy
openjpeg2	CVE-2016-7445	convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a ...	jessie
	CVE-2016-9113	There is a NULL pointer dereference in function imagetobmp of ...	buster, jessie, sid, stretch
	CVE-2016-9114	There is a NULL Pointer Access in function imagetopnm of ...	buster, jessie, sid, stretch
	CVE-2016-9115	Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in ...	buster, jessie, sid, stretch
	CVE-2016-9116	NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in ...	buster, jessie, sid, stretch
	CVE-2016-9117	NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in ...	buster, jessie, sid, stretch
	CVE-2016-9580	integer overflow in tiftoimage resulting into heap buffer overflow	buster, jessie, sid, stretch
	CVE-2016-9581	infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1	buster, jessie, sid, stretch
openldap	CVE-2015-3276	The nss_parse_ciphers function in libraries/libldap/tls_m.c in ...	buster, jessie, sid, stretch, wheezy
openoffice.org	CVE-2005-4636	OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, ...	wheezy
	CVE-2007-4251	OpenOffice.org (OOo) 2.2 does not properly handle files with multiple ...	wheezy
	CVE-2013-4156	Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to ...	wheezy
openrpt	CVE-2015-2305	Integer overflow in the regcomp implementation in the Henry Spencer ...	buster, jessie, sid, stretch
openssh	CVE-2007-2243	OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is ...	buster, jessie, sid, stretch, wheezy
	CVE-2007-2768	OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, ...	buster, jessie, sid, stretch, wheezy
	CVE-2008-3234	sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH ...	buster, jessie, sid, stretch, wheezy
	CVE-2016-10010	sshd in OpenSSH before 7.4, when privilege separation is not used, ...	jessie, wheezy
openssl	CVE-2007-6755	The NIST SP 800-90A default statement of the Dual Elliptic Curve ...	buster, jessie, sid, stretch, wheezy
	CVE-2010-0928	OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx ...	buster, jessie, sid, stretch, wheezy
openstack-trove	CVE-2015-3156	multiple insecure /tmp file usage issues	buster, jessie, sid, stretch
openvpn	CVE-2006-2229	OpenVPN 2.0.7 and earlier, when configured to use the --management ...	buster, jessie, sid, stretch, wheezy
	CVE-2016-6329	OpenVPN, when using a 64-bit block cipher, makes it easier for remote ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-7522	OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...	stretch
openvswitch	CVE-2017-9263	In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status ...	buster, sid, stretch
	CVE-2017-9264	In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) ...	buster, sid, stretch
	CVE-2017-9265	In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing ...	buster, sid, stretch
optipng	CVE-2015-7802	gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote ...	jessie, wheezy
opus-tools	CVE-2014-9638	oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial ...	jessie, wheezy
os-prober	CVE-2008-5135	DISPUTED ...	buster, jessie, sid, stretch, wheezy
osc	CVE-2012-1095	osc before 0.134 might allow remote OBS repository servers or package ...	buster, jessie, sid, stretch, wheezy
parallel	CVE-2015-4155	GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) ...	jessie, wheezy
	CVE-2015-4156	GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) ...	jessie, wheezy
passenger	CVE-2016-10345	In Phusion Passenger before 5.1.0, a known /tmp filename was used ...	buster, sid, stretch
patch	CVE-2010-4651	Directory traversal vulnerability in util.c in GNU patch 2.6.1 and ...	buster, jessie, sid, stretch, wheezy
pax-utils	TEMP-0856196-13C562	scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)	buster, jessie, sid, stretch, wheezy
pcre2	CVE-2017-8786	pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of ...	buster, sid, stretch
pcre3	CVE-2015-2325	heap buffer overflow in compile_branch()	wheezy
	CVE-2017-11164	In PCRE 8.41, the OP_KETRMAX feature in the match function in ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-7245	Stack-based buffer overflow in the pcre32_copy_substring function in ...	buster, jessie, sid, stretch
	CVE-2017-7246	Stack-based buffer overflow in the pcre32_copy_substring function in ...	buster, jessie, sid, stretch
percona-toolkit	CVE-2015-1027	MITM vulnerability via version check	jessie, jessie, sid
perl	CVE-2010-4777	The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, ...	wheezy
	CVE-2011-4116	unsafe traversal of symlinks	buster, jessie, sid, stretch, wheezy
	CVE-2012-3878	Perl require Directive Path Subversion Arbitrary Module / File Loading Weakness	buster, jessie, sid, stretch, wheezy
	TEMP-0769606-4AA6CF	a2p: buffer overflow	jessie, wheezy
php-apc	CVE-2010-3294	Cross-site scripting (XSS) vulnerability in apc.php in the Alternative ...	wheezy
php-font-lib	CVE-2014-2570	Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP ...	buster, jessie, sid, stretch
php-gettext	TEMP-0000000-07A77D	php-gettext XSS	buster, jessie, sid, stretch, wheezy
php-openid	CVE-2016-2049	examples/consumer/common.php in JanRain PHP OpenID library (aka ...	jessie, wheezy
php-pear	CVE-2017-5630	PECL in the download utility class in the Installer in PEAR Base System ...	buster, sid, stretch
php5	CVE-2006-0931	Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...	jessie, wheezy
	CVE-2006-4023	The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...	jessie, wheezy
	CVE-2006-6383	PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...	jessie, wheezy
	CVE-2006-7205	The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...	jessie, wheezy
	CVE-2007-0448	The fopen function in PHP 5.2.0 does not properly handle invalid URI ...	jessie, wheezy
	CVE-2007-1413	Buffer overflow in the snmpget function in the snmp extension in PHP ...	jessie, wheezy
	CVE-2007-1581	The resource system in PHP 5.0.0 through 5.2.1 allows ...	jessie, wheezy
	CVE-2007-1582	The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...	jessie, wheezy
	CVE-2007-1710	The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...	jessie, wheezy
	CVE-2007-1835	PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...	jessie, wheezy
	CVE-2007-1883	PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...	jessie, wheezy
	CVE-2007-1890	Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...	jessie, wheezy
	CVE-2007-3205	The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...	jessie, wheezy
	CVE-2007-3294	Multiple buffer overflows in libtidy, as used in the Tidy extension ...	jessie, wheezy
	CVE-2007-4255	Buffer overflow in the mSQL extension in PHP 5.2.3 allows ...	jessie, wheezy
	CVE-2007-4596	The perl extension in PHP does not follow safe_mode restrictions, ...	jessie, wheezy
	CVE-2007-4889	The MySQL extension in PHP 5.2.4 and earlier allows remote attackers ...	jessie, wheezy
	CVE-2007-5424	The disable_functions feature in PHP 4 and 5 allows attackers to ...	jessie, wheezy
	CVE-2008-2666	Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...	jessie, wheezy
	CVE-2008-4107	The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...	jessie, wheezy
	CVE-2008-5625	PHP 5 before 5.2.7 does not enforce the error_log safe_mode ...	jessie, wheezy
	CVE-2008-7002	PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...	jessie, wheezy
	CVE-2009-3559	DISPUTED ...	jessie, wheezy
	CVE-2009-4418	The unserialize function in PHP 5.3.0 and earlier allows ...	jessie, wheezy
	CVE-2010-1861	The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...	jessie, wheezy
	CVE-2010-1862	The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...	jessie, wheezy
	CVE-2010-1868	The (1) sqlite_single_query and (2) sqlite_array_query functions in ...	jessie, wheezy
	CVE-2010-1914	The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...	jessie, wheezy
	CVE-2010-1915	The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ...	jessie, wheezy
	CVE-2010-2097	The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...	jessie, wheezy
	CVE-2010-2100	The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) ...	jessie, wheezy
	CVE-2010-2101	The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) ...	jessie, wheezy
	CVE-2010-2190	The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions ...	jessie, wheezy
	CVE-2010-3062	mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through ...	jessie, wheezy
	CVE-2010-3063	The php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...	jessie, wheezy
	CVE-2010-3064	Stack-based buffer overflow in the php_mysqlnd_auth_write function in ...	jessie, wheezy
	CVE-2012-1171	The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to ...	jessie, wheezy
	CVE-2012-3365	The SQLite functionality in PHP before 5.3.15 allows remote attackers ...	jessie, wheezy
	CVE-2013-3735	DISPUTED The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 ...	jessie, wheezy
	CVE-2013-4635	Integer overflow in the SdnToJewish function in jewish.c in the ...	wheezy
	CVE-2013-6501	The default soap.wsdl_cache_dir setting in (1) php.ini-production and ...	jessie, wheezy
	CVE-2013-7456	gd_interpolation.c in the GD Graphics Library (aka libgd) before ...	wheezy
	CVE-2014-3622	Posthandler Potential Illegal efree() vulnerability	wheezy
	CVE-2014-3981	acinclude.m4, as used in the configure script in PHP 5.5.13 and ...	wheezy
	CVE-2014-4698	Use-after-free vulnerability in ext/spl/spl_array.c in the SPL ...	wheezy
	CVE-2014-9425	Double free vulnerability in the zend_ts_hash_graceful_destroy ...	jessie, wheezy
	CVE-2014-9709	The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used ...	wheezy
	CVE-2015-4116	Use-after-free vulnerability in the spl_ptr_heap_insert function in ...	wheezy
	CVE-2015-8874	Stack consumption vulnerability in GD in PHP before 5.6.12 allows ...	wheezy
	CVE-2015-8877	The gdImageScaleTwoPass function in gd_interpolation.c in the GD ...	wheezy
	CVE-2016-10167	The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics ...	wheezy
	CVE-2016-10168	Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) ...	wheezy
	CVE-2016-3074	Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or ...	wheezy
	CVE-2016-5116	gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used ...	jessie, wheezy
	CVE-2016-5766	Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD ...	wheezy
	CVE-2016-5767	Integer overflow in the gdImageCreate function in gd.c in the GD ...	wheezy
	CVE-2016-6207	Integer overflow in the _gdContributionsAlloc function in ...	wheezy
	CVE-2016-7126	The imagetruecolortopalette function in ext/gd/gd.c in PHP before ...	wheezy
	CVE-2016-7127	The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and ...	wheezy
	CVE-2016-7568	Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD ...	wheezy
	CVE-2016-9933	Stack consumption vulnerability in the gdImageFillToBorder function in ...	wheezy
	CVE-2017-11362	In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ...	jessie, wheezy
	CVE-2017-5630	PECL in the download utility class in the Installer in PEAR Base System ...	jessie, wheezy
	CVE-2017-7890	Buffer over-read into uninitialized memory	jessie, wheezy
	CVE-2017-9119	The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ...	jessie, wheezy
php7.0	CVE-2017-11362	In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ...	buster, sid, stretch
	CVE-2017-7890	Buffer over-read into uninitialized memory	buster, sid, stretch
	CVE-2017-9119	The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ...	buster, sid, stretch
php7.1	CVE-2017-11362	In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ...	buster, sid
	CVE-2017-7890	Buffer over-read into uninitialized memory	buster, sid
	CVE-2017-9119	The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ...	buster, sid
phpmyadmin	CVE-2005-3622	phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain ...	buster, jessie, sid, stretch, wheezy
	CVE-2005-4349	DISPUTED ...	buster, jessie, sid, stretch, wheezy
	CVE-2006-6373	PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...	buster, jessie, sid, stretch, wheezy
	CVE-2007-4306	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...	buster, jessie, sid, stretch, wheezy
	CVE-2012-4219	show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows ...	wheezy
	CVE-2013-4998	phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote ...	wheezy
	CVE-2013-4999	phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain ...	wheezy
	CVE-2013-5000	phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain ...	wheezy
	CVE-2015-8669	libraries/config/messages.inc.php in phpMyAdmin 4.0.x before ...	jessie, wheezy
	CVE-2015-8980	Arbitrary code execution in select_string, ngettext and npgettext count parameter	jessie, wheezy
	CVE-2016-2038	phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x ...	jessie
	CVE-2016-2042	phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote ...	jessie
	CVE-2016-5730	phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x ...	jessie, wheezy
	CVE-2016-6610	A full path disclosure vulnerability was discovered in phpMyAdmin ...	jessie
	CVE-2016-6633	An issue was discovered in phpMyAdmin. phpMyAdmin can be used to ...	jessie
	CVE-2016-9847	An issue was discovered in phpMyAdmin. When the user does not specify ...	jessie, wheezy
	CVE-2016-9848	An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP ...	jessie, wheezy
	CVE-2016-9852	An issue was discovered in phpMyAdmin. By calling some scripts that ...	jessie, wheezy
	CVE-2016-9853	An issue was discovered in phpMyAdmin. By calling some scripts that ...	jessie, wheezy
	CVE-2016-9854	An issue was discovered in phpMyAdmin. By calling some scripts that ...	jessie, wheezy
	CVE-2016-9855	An issue was discovered in phpMyAdmin. By calling some scripts that ...	jessie, wheezy
	CVE-2016-9856	An XSS issue was discovered in phpMyAdmin because of an improper fix ...	jessie, wheezy
	CVE-2016-9857	An issue was discovered in phpMyAdmin. XSS is possible because of a ...	jessie, wheezy
	CVE-2016-9858	An issue was discovered in phpMyAdmin. With a crafted request ...	jessie, wheezy
	CVE-2016-9859	An issue was discovered in phpMyAdmin. With a crafted request ...	jessie, wheezy
	CVE-2016-9860	An issue was discovered in phpMyAdmin. An unauthenticated user can ...	jessie, wheezy
	CVE-2016-9866	An issue was discovered in phpMyAdmin. When the arg_separator is ...	jessie, wheezy
	CVE-2017-1000013	phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect ...	jessie, wheezy
	CVE-2017-1000014	phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the ...	jessie, wheezy
	CVE-2017-1000015	phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack ...	jessie, wheezy
	CVE-2017-1000016	A weakness was discovered where an attacker can inject arbitrary ...	jessie, wheezy
	CVE-2017-1000017	phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user ...	jessie, wheezy
	CVE-2017-1000018	phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the ...	jessie, wheezy
phppgadmin	CVE-2006-4976	The Date Library in John Lim ADOdb Library for PHP allows remote ...	buster, jessie, sid, stretch, wheezy
phpsysinfo	CVE-2006-3360	Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 ...	jessie, sid, wheezy
pidgin	CVE-2008-2956	DISPUTED ...	buster, jessie, sid, stretch, wheezy
	CVE-2012-1257		buster, jessie, sid, stretch, wheezy
	CVE-2016-1000030	X.509 Certificates Improperly Imported	wheezy
pillow	CVE-2014-3606		buster, jessie, sid, stretch
	CVE-2016-3076	Heap-based buffer overflow in the j2k_encode_entry function in Pillow ...	buster, jessie, sid, stretch
pnp4nagios	CVE-2012-3457	PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for ...	wheezy
polarssl	CVE-2011-3389	The SSL protocol, as used in certain configurations in Microsoft ...	jessie, wheezy
poppler	CVE-2012-2142	Insufficient sanitization of escape sequences in the error message	wheezy
	CVE-2013-4472	The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-2814	An exploitable heap overflow vulnerability exists in the image ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-2818	An exploitable heap overflow vulnerability exists in the image ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-2820	An exploitable integer overflow vulnerability exists in the JPEG 2000 ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-7511	poppler since version 0.17.3 has been vulnerable to NULL pointer ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-7515	poppler through version 0.55.0 is vulnerable to an uncontrolled ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-9083	poppler 0.54.0, as used in Evince and other products, has a NULL ...	buster, jessie, sid, stretch, wheezy
postfix	CVE-2008-4977	DISPUTED ...	buster, jessie, sid, stretch, wheezy
powerpc-utils	CVE-2014-4040	snap in powerpc-utils 1.2.20 produces an archive with fstab and ...	jessie, wheezy
ppp	CVE-2008-5366	The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local ...	buster, jessie, sid, stretch, wheezy
	CVE-2008-5367	ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to ...	buster, jessie, sid, stretch, wheezy
printfilters-ppd	CVE-2008-5034	DISPUTED ...	jessie, sid, wheezy
protobuf	CVE-2015-5237	Integer overflow in protobuf serialization	buster, jessie, sid, stretch, wheezy
pspp	CVE-2017-10791	There is an Integer overflow in the hash_int function of the libpspp ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-10792	There is a NULL Pointer Dereference in the function ll_insert() of the ...	buster, jessie, sid, stretch, wheezy
ptlib	CVE-2015-2305	Integer overflow in the regcomp implementation in the Henry Spencer ...	buster, jessie, sid, stretch, wheezy
pwgen	CVE-2013-4440	Password Generator (aka Pwgen) before 2.07 generates weak non-tty ...	wheezy
	CVE-2013-4441	Phonemes mode has heavy bias and is enabled by default	buster, jessie, sid, stretch, wheezy
	CVE-2013-4442	Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated ...	wheezy
pycode-browser	CVE-2015-0849	predictable temporary file vulnerability	jessie
python-defaults	CVE-2008-4108	Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) ...	buster, jessie, sid, stretch, wheezy
python-imaging	CVE-2014-3606		wheezy
	CVE-2016-3076	Heap-based buffer overflow in the j2k_encode_entry function in Pillow ...	wheezy
python-pip	CVE-2013-5123	insecure mirroring	wheezy
python-rply	CVE-2014-1938	insecure use of /tmp	jessie
python2.6	CVE-2011-4940	The list_directory function in Lib/SimpleHTTPServer.py in ...	wheezy
	CVE-2013-7040	Python 2.7 before 3.4 only uses the last eight bits of the prefix to ...	wheezy
	CVE-2016-1000110		wheezy
python2.7	CVE-2010-3492	The asyncore module in Python before 3.2 does not properly handle ...	wheezy
	CVE-2013-7040	Python 2.7 before 3.4 only uses the last eight bits of the prefix to ...	buster, jessie, sid, stretch, wheezy
	CVE-2016-1000110		jessie, wheezy
python3.2	CVE-2010-3492	The asyncore module in Python before 3.2 does not properly handle ...	wheezy
	CVE-2013-7040	Python 2.7 before 3.4 only uses the last eight bits of the prefix to ...	wheezy
	CVE-2016-1000110		wheezy, jessie
qemu	CVE-2014-9718	The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in ...	wheezy
	CVE-2016-10028	The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in ...	buster, sid, stretch
	CVE-2017-5552	Memory leak in the virgl_resource_attach_backing function in ...	buster, sid, stretch
	CVE-2017-5578	Memory leak in the virtio_gpu_resource_attach_backing function in ...	buster, sid, stretch
	CVE-2017-8284	DISPUTED The disas_insn function in target/i386/translate.c in ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-9060	Memory leak in the virtio_gpu_set_scanout function in ...	buster, sid, stretch
qemu-kvm	CVE-2014-9718	The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in ...	wheezy
	CVE-2015-8619	The Human Monitor Interface support in QEMU allows remote attackers to ...	wheezy
	CVE-2017-8284	DISPUTED The disas_insn function in target/i386/translate.c in ...	wheezy
qt4-x11	CVE-2009-3015	QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-3272	Stack consumption vulnerability in WebKit.dll in WebKit in Apple ...	buster, jessie, sid, stretch, wheezy
	TEMP-0560108-565B70	browser-based css info disclosure	buster, jessie, sid, stretch, wheezy
	TEMP-0568486-B6FCB6	browser javascript document.write denial-of-service	buster, jessie, sid, stretch, wheezy
qtwebkit	CVE-2015-8079		buster, jessie, sid, stretch, wheezy
quagga	CVE-2012-5521		buster, jessie, sid, stretch, wheezy
rails	CVE-2010-3299	ruby on rails: padding oracle attack	buster, jessie, sid, stretch, wheezy
	CVE-2011-3187	The to_s method in ...	buster, jessie, sid, stretch, wheezy
rawstudio	CVE-2013-1438	Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in ...	wheezy
rc	CVE-2014-1936	insecure use of /tmp	wheezy
remind	CVE-2015-5957	Buffer overflow in the DumpSysVar function in var.c in Remind before ...	jessie, wheezy
rhythmbox	CVE-2008-7185	GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of ...	buster, jessie, sid, stretch, wheezy
riece	TEMP-0601325-4C9A5B	insecure handling of /tmp files in debian/preinst	jessie, wheezy
rpm	CVE-2010-2198	lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the ...	buster, jessie, sid, stretch, wheezy
	CVE-2010-2199	lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-7500	Following symlinks to directories when installing packages allows privilege escalation	buster, jessie, sid, stretch, wheezy
	CVE-2017-7501	Following symlinks to files when installing packages allows privilege escalation	buster, jessie, sid, stretch, wheezy
rrdtool	CVE-2013-2131	Format string vulnerability in the rrdtool module 1.4.7 for Python, as ...	wheezy
rsyslog	CVE-2015-3243	some log files are created world-readable	buster, jessie, sid, stretch, wheezy
ruby-activerecord-3.2	CVE-2013-3221	The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and ...	wheezy
ruby-handlebars-assets	TEMP-0000000-345A3B	handlebars: quoteless attributes in templates can lead to content injection	buster, jessie, sid, stretch
ruby1.8	CVE-2014-3916	The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 ...	wheezy, wheezy, jessie
ruby2.1	CVE-2016-2336	Type confusion exists in two methods of Ruby's WIN32OLE class, ...	jessie, buster, sid, stretch
rubygems	CVE-2013-4287	Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN ...	wheezy
	CVE-2013-4363	Algorithmic complexity vulnerability in ...	wheezy
s3d	CVE-2013-6876		wheezy
	CVE-2014-1226		jessie, wheezy
shadow	CVE-2007-5686	initscripts in rPath Linux 1 sets insecure permissions for the ...	buster, jessie, sid, stretch, wheezy
	CVE-2013-4235	TOCTOU race conditions by copying and removing directory trees	buster, jessie, sid, stretch, wheezy
	TEMP-0628843-DBAD28	more related to CVE-2005-4890	buster, jessie, sid, stretch, wheezy
sharutils	TEMP-0000000-95CBBF	uudecode: stack out of bounds read access	buster, jessie, sid, stretch, wheezy
shotwell	CVE-2017-1000024	Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable ...	jessie, wheezy
simplesamlphp	CVE-2016-3124	The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote ...	jessie, wheezy
sleuthkit	CVE-2012-5619	The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file ...	wheezy
slim	TEMP-0537604-F35BD7	insecure tmp file vulnerability in slim	buster, jessie, sid, stretch, wheezy
smarty3	TEMP-0000000-2C7EFD	incorrect handling of {$smarty.template} and {$smarty.current_dir}	buster, jessie, sid, stretch, wheezy
smsclient	CVE-2008-5155	mail2sms.sh in smsclient 2.0.8z allows local users to overwrite ...	jessie, wheezy
	TEMP-0498901-F99C05	unsafe use of tempfile in ssmclient	jessie, wheezy
sosreport	CVE-2014-0246	SOSreport stores the md5 hash of the GRUB bootloader password in an ...	buster, jessie, sid, stretch
	CVE-2015-7529	Usage of predictable temporary files allows privilege escalation	jessie
spice-gtk	CVE-2016-3066	The spice-gtk widget allows remote authenticated users to obtain ...	buster, jessie, sid, stretch, wheezy
sql-ledger	CVE-2007-0667	The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...	buster, jessie, sid, stretch, wheezy
	CVE-2007-1329	Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...	buster, jessie, sid, stretch, wheezy
	CVE-2007-1923	(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...	buster, jessie, sid, stretch, wheezy
	CVE-2007-5372	Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ...	buster, jessie, sid, stretch, wheezy
	CVE-2008-4077	The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) ...	buster, jessie, sid, stretch, wheezy
	CVE-2008-4078	SQL injection vulnerability in the AR/AP transaction report in (1) ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-3580	Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-3581	Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-3582	Multiple SQL injection vulnerabilities in the delete subroutine in ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-3583	Directory traversal vulnerability in the Preferences menu item in ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-3584	SQL-Ledger 2.8.24 does not set the secure flag for the session cookie ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-4402	The default configuration of SQL-Ledger 2.8.24 allows remote attackers ...	buster, jessie, sid, stretch, wheezy
squid	CVE-2009-0801	Squid, when transparent interception mode is enabled, uses the HTTP ...	wheezy
	CVE-2014-6270	Off-by-one error in the snmpHandleUdp function in snmp_core.cc in ...	wheezy
	CVE-2015-3455	Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, ...	wheezy
	CVE-2016-2390	The FwdState::connectedToPeer method in FwdState.cc in Squid before ...	wheezy
squid3	CVE-2009-0801	Squid, when transparent interception mode is enabled, uses the HTTP ...	wheezy
	CVE-2014-0128	Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is ...	wheezy
	CVE-2015-3455	Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, ...	jessie, wheezy
	CVE-2016-2390	The FwdState::connectedToPeer method in FwdState.cc in Squid before ...	jessie, wheezy
squidguard	CVE-2015-8936	Cross-site scripting (XSS) vulnerability in squidGuard.cgi in ...	jessie
ssmtp	CVE-2004-0423	The log_event function in ssmtp 2.50.6 and earlier allows local users ...	buster, jessie, sid, stretch, wheezy
	CVE-2008-7258	DISPUTED ...	buster, jessie, sid, stretch, wheezy
stalin	CVE-2015-8697	stalin 0.11-5 allows local users to write to arbitrary files. ...	buster, jessie, sid, stretch, wheezy
subversion	CVE-2013-2088	contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 ...	wheezy
	CVE-2013-4262	svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile ...	wheezy
	CVE-2013-4505	The is_this_legal function in mod_dontdothat for Apache Subversion ...	wheezy
	CVE-2013-7393	The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local ...	wheezy
	CVE-2014-3522	The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before ...	wheezy
suckless-tools	CVE-2012-1620	slock 0.9 does not properly handle the XRaiseWindow event when the ...	wheezy
sudo	CVE-2005-1119	Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...	buster, jessie, sid, stretch, wheezy
surf	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...	buster, jessie, sid, stretch, wheezy
swftools	CVE-2017-10976	When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-11096	When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-11097	When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-11100	When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-11101	When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-8401	In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the ...	buster, jessie, sid, stretch
sylpheed	CVE-2007-1267	Sylpheed 2.2.7 and earlier does not properly use the --status-fd ...	buster, jessie, sid, stretch, wheezy
syncevolution	CVE-2014-1639	syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses ...	wheezy
systemd	CVE-2013-4392	systemd, when updating file permissions, allows local users to change ...	buster, jessie, sid, stretch
	CVE-2017-1000082	systemd v233 and earlier fails to safely parse usernames starting with ...	buster, sid, stretch
sysvinit	TEMP-0517018-A83CE6	sysvinit: no-root option in expert installer exposes locally exploitable security flaw	buster, jessie, sid, stretch, wheezy
tar	CVE-2005-2541	Tar 1.15.1 does not properly warn the user when extracting setuid or ...	buster, jessie, sid, stretch, wheezy
	TEMP-0290435-0B57B5	tar's rmt command may have undesired side effects	buster, jessie, sid, stretch, wheezy
texlive-bin	CVE-2016-10243	TeX Live allows remote attackers to execute arbitrary commands by ...	buster, jessie, sid, stretch, wheezy
thunar	TEMP-0517020-915121	thunar: potential exploits via application launchers	buster, jessie, sid, stretch, wheezy
tiff	CVE-2010-2596	The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and ...	jessie, wheezy
	CVE-2014-8127	LibTIFF 4.0.3 allows remote attackers to cause a denial of service ...	jessie
	CVE-2014-8130	divide by zero	buster, jessie, sid, stretch, wheezy
	CVE-2016-10268	tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a ...	jessie
	CVE-2016-9539	tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in ...	jessie, wheezy
	CVE-2017-5563	LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-9117	In LibTIFF 4.0.7, the program processes BMP images without verifying ...	buster, jessie, sid, stretch, wheezy
	TEMP-0846838-9738BD	tiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing	jessie, wheezy
tinymux	CVE-2007-1959	Unspecified vulnerability in the process_cmdent function in ...	buster, jessie, sid, stretch, wheezy
tomcat7	CVE-2012-5568	Apache Tomcat through 7.0.x allows remote attackers to cause a denial ...	buster, jessie, sid, stretch, wheezy
	CVE-2016-5388	Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows ...	jessie, wheezy, jessie
tor	CVE-2006-6893	Tor allows remote attackers to discover the IP address of a hidden ...	buster, jessie, sid, stretch, wheezy
	CVE-2007-1103	Tor does not verify a node's uptime and bandwidth advertisements, ...	buster, jessie, sid, stretch, wheezy
	CVE-2009-0654	Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote ...	buster, jessie, sid, stretch, wheezy
twisted	CVE-2016-1000111		buster, jessie, sid, stretch
uclibc	CVE-2016-2224	The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before ...	buster, jessie, sid, stretch
	CVE-2016-2225	The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng ...	buster, jessie, sid, stretch
	CVE-2016-6264	Integer signedness error in libc/string/arm/memset.S in uClibc and ...	buster, jessie, sid, stretch
	CVE-2017-9728	In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-9729	In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) ...	buster, jessie, sid, stretch, wheezy
uglifyjs	CVE-2015-8857	The uglify-js package before 2.4.24 for Node.js does not properly ...	buster, jessie, sid, stretch
	CVE-2015-8858	The uglify-js package before 2.6.0 for Node.js allows attackers to ...	buster, jessie, sid, stretch
unixodbc	CVE-2012-2657	DISPUTED ...	buster, jessie, sid, stretch, wheezy
	CVE-2012-2658	DISPUTED ...	buster, jessie, sid, stretch, wheezy
unrar-free	CVE-2017-11189	unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a ...	buster, jessie, sid, stretch, wheezy
	CVE-2017-11190	unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might ...	buster, jessie, sid, stretch, wheezy
util-linux	CVE-2015-5218	Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before ...	jessie, wheezy
	CVE-2015-5224	login-utils: file name collision due to incorrect mkstemp use	jessie, wheezy
	CVE-2017-2616	Sending SIGKILL to other processes with root privileges via su	jessie, wheezy
	TEMP-0786804-C23D2B	hwclock(8) SUID privilege escalation	jessie, wheezy
uzbl	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...	jessie, stretch, wheezy
varnish	CVE-2009-4488	DISPUTED Varnish 2.0.6 writes data to a log file without ...	buster, jessie, sid, stretch, wheezy
vim	CVE-2008-4677	autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ...	buster, jessie, sid, stretch, wheezy
vino	CVE-2011-1164	Vino before 2.99.4 can connect external networks contrary to the ...	buster, jessie, sid, stretch, wheezy
	CVE-2011-1165	Vino, possibly before 3.2, does not properly document that it opens ...	buster, jessie, sid, stretch, wheezy
vlc	CVE-2012-5855	The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and ...	buster, jessie, sid, stretch, wheezy
	CVE-2013-3245	DISPUTED plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media ...	wheezy
	CVE-2013-3565	XSS in HTTP Interface	wheezy
	CVE-2013-6283	VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to ...	wheezy
	CVE-2013-7340	VideoLAN VLC Media Player before 2.0.7 allows remote attackers to ...	wheezy
	CVE-2014-1684	The ASF_ReadObject_file_properties function in ...	wheezy
vnc4	CVE-2014-0011	ZRLE decoding bounds checking issue	jessie, wheezy
	CVE-2015-2305	Integer overflow in the regcomp implementation in the Henry Spencer ...	jessie, wheezy
vsftpd	CVE-2015-1419	Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote ...	wheezy
vte	CVE-2005-0023	gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to ...	buster, jessie, sid, stretch, wheezy
w3m	TEMP-0532514-9137E0	predictable random number generator used in web browsers	buster, jessie, sid, stretch, wheezy
web2py	CVE-2013-6837	Cross-site scripting (XSS) vulnerability in the setTimeout function in ...	jessie, sid, wheezy
webkit	CVE-2010-1729	WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, ...	wheezy
	CVE-2012-5851	html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google ...	wheezy
	TEMP-0560108-565B70	browser-based css info disclosure	wheezy
	TEMP-0568486-B6FCB6	browser javascript document.write denial-of-service	wheezy
webkit2gtk	CVE-2015-7096	WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before ...	jessie
	CVE-2015-7098	WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before ...	jessie
	CVE-2016-4590	WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles ...	jessie
	CVE-2016-4591	WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...	jessie
	CVE-2016-4622	WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...	jessie
	CVE-2016-4624	WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...	jessie
	CVE-2016-4692	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-4743	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7586	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7587	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7589	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7592	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7598	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7599	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7610	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7611	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7623	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7632	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7635	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7639	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7640	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7641	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7642	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7645	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7646	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7648	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7649	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7652	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7654	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7656	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2017-2350	An issue was discovered in certain Apple products. iOS before 10.2.1 ...	jessie
	CVE-2017-2354	An issue was discovered in certain Apple products. iOS before 10.2.1 ...	jessie
	CVE-2017-2355	An issue was discovered in certain Apple products. iOS before 10.2.1 ...	jessie
	CVE-2017-2356	An issue was discovered in certain Apple products. iOS before 10.2.1 ...	jessie
	CVE-2017-2362	An issue was discovered in certain Apple products. iOS before 10.2.1 ...	jessie
	CVE-2017-2363	An issue was discovered in certain Apple products. iOS before 10.2.1 ...	jessie
	CVE-2017-2364	An issue was discovered in certain Apple products. iOS before 10.2.1 ...	jessie
	CVE-2017-2365	An issue was discovered in certain Apple products. iOS before 10.2.1 ...	jessie
	CVE-2017-2366	An issue was discovered in certain Apple products. iOS before 10.2.1 ...	jessie
	CVE-2017-2369	An issue was discovered in certain Apple products. iOS before 10.2.1 ...	jessie
	CVE-2017-2371	An issue was discovered in certain Apple products. iOS before 10.2.1 ...	jessie
	CVE-2017-2373	An issue was discovered in certain Apple products. iOS before 10.2.1 ...	jessie
	CVE-2017-2376	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2377	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2386	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2392	An issue was discovered in certain Apple products. Safari before 10.1 ...	jessie
	CVE-2017-2394	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2395	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2396	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2405	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2415	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2419	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2424	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2433	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2442	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2445	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2446	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2447	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2454	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2455	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2457	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2459	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2460	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2464	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2465	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2466	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2468	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2469	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2470	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2471	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2475	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2476	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2481	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2496	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2504	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2505	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2506	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2508	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2510	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2514	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2515	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2521	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2525	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2526	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2528	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2530	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2531	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2536	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2538	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie, stretch
	CVE-2017-2539	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2544	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2547	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-2549	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-6980	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
	CVE-2017-6984	An issue was discovered in certain Apple products. iOS before 10.3.2 ...	jessie
webkitgtk	CVE-2016-10222	runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in ...	buster, jessie, sid, stretch
	CVE-2016-10226	JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...	buster, jessie, sid, stretch
	CVE-2016-1856	WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...	buster, jessie, sid, stretch
	CVE-2016-1857	WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...	buster, jessie, sid, stretch
	CVE-2016-4657	WebKit in Apple iOS before 9.3.5 allows remote attackers to execute ...	buster, jessie, sid, stretch
	CVE-2016-9642	JavaScriptCore in WebKit allows attackers to cause a denial of service ...	buster, jessie, sid, stretch
	CVE-2016-9643	The regex code in Webkit 2.4.11 allows remote attackers to cause a ...	buster, jessie, sid, stretch
	CVE-2017-2367	An issue was discovered in certain Apple products. iOS before 10.3 is ...	buster, jessie, sid, stretch
	CVE-2017-5949	JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...	buster, jessie, sid, stretch
webkitkde	CVE-2014-8600	Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime ...	wheezy
wine	TEMP-0816034-9C45DC	unsafe use of /tmp	buster, jessie, sid, stretch, wheezy, buster, jessie, sid, stretch
wine-gecko-1.4	CVE-2013-0800	Integer signedness error in the pixman_fill_sse2 function in ...	wheezy
wordpress	CVE-2006-0733	DISPUTED Cross-site scripting (XSS) vulnerability in WordPress ...	buster, jessie, sid, stretch, wheezy
	CVE-2008-0191	WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...	buster, jessie, sid, stretch, wheezy
	CVE-2011-4898	DISPUTED wp-admin/setup-config.php in the installation component ...	buster, jessie, sid, stretch, wheezy
	CVE-2011-4899	DISPUTED wp-admin/setup-config.php in the installation component ...	buster, jessie, sid, stretch, wheezy
	CVE-2012-0782	DISPUTED Multiple cross-site scripting (XSS) vulnerabilities in ...	buster, jessie, sid, stretch, wheezy
	CVE-2012-0937	DISPUTED wp-admin/setup-config.php in the installation component ...	buster, jessie, sid, stretch, wheezy
	CVE-2012-5868	WordPress 3.4.2 does not invalidate a wordpress_sec session cookie ...	buster, jessie, sid, stretch, wheezy
	CVE-2013-7233	Cross-site request forgery (CSRF) vulnerability in the retrospam ...	buster, jessie, sid, stretch, wheezy
	TEMP-0500295-A176F7	possible script injection via /etc/wordpress/wp-config.php	buster, jessie, sid, stretch, wheezy
xbindkeys-config	CVE-2014-9513	insecure use of temporary files	buster, jessie, sid, stretch, wheezy
xbmc	CVE-2013-1438	Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in ...	jessie, wheezy
xcfa	CVE-2014-5254	Symlink following issues	jessie, wheezy
	CVE-2014-5255	Insecure use of temporary file related to the /tmp/get_infos_dvd.sh	jessie, wheezy
xchat	CVE-2011-5129	Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote ...	jessie, wheezy
xen	CVE-2013-2212	The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling ...	wheezy
	CVE-2013-3495	The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x ...	wheezy
	CVE-2014-9066	Xen 4.4.x and earlier, when using a large number of VCPUs, does not ...	buster, jessie, sid, stretch, wheezy
xerces-c	CVE-2012-0880	xerces-c hash table collisions CPU usage DoS	buster, jessie, sid, stretch, wheezy
xerces-c2	CVE-2008-4482	The XML parser in Xerces-C++ before 3.0.0 allows context-dependent ...	wheezy
xfig	CVE-2009-4228	Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and ...	buster, jessie, sid, stretch, wheezy
xine-lib	CVE-2008-5247	The real_parse_audio_specific_data function in demux_real.c in ...	wheezy
xloadimage	CVE-2006-4484	Buffer overflow in the LWZReadByte_ function in ...	buster, jessie, sid, stretch, wheezy
xpdf	CVE-2010-0206	xpdf: Invalid pointer dereference by processing JBIG2 PDF stream objects	buster, jessie, sid, stretch, wheezy
	CVE-2010-0207	xpdf: XRef table parsing infinite loop	buster, jessie, sid, stretch, wheezy
	CVE-2013-4472	The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 ...	buster, jessie, sid, stretch, wheezy
xterm	CVE-2006-4447	X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, ...	buster, jessie, sid, stretch, wheezy
xulrunner	CVE-2005-4685	Firefox and Mozilla can associate a cookie with multiple domains when ...	wheezy
	CVE-2006-0496	Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...	wheezy
	CVE-2006-2723	Unspecified versions of Mozilla Firefox allow remote attackers to ...	wheezy
	CVE-2006-5633	Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...	wheezy
	CVE-2008-5822	Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other ...	wheezy
	CVE-2008-7244	Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a ...	wheezy
	CVE-2009-1232	Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote ...	wheezy
	CVE-2009-1827	The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to ...	wheezy
	CVE-2009-1828	Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of ...	wheezy
	CVE-2009-2043	nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows ...	wheezy
	CVE-2009-2953	Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote ...	wheezy
	CVE-2009-3560	The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...	wheezy
	CVE-2009-3720	The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...	wheezy
	CVE-2010-0220	The nsObserverList::FillObserverArray function in ...	wheezy
	CVE-2010-1585	The nsIScriptableUnescapeHTML.parseFragment method in the ...	wheezy
	CVE-2010-1986	Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...	wheezy
	CVE-2010-1987	Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...	wheezy
	CVE-2010-1988	Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...	wheezy
	CVE-2010-1990	Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, ...	wheezy
	CVE-2010-2117	Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to ...	wheezy
	CVE-2010-2760	Use-after-free vulnerability in the nsTreeSelection function in ...	wheezy
	CVE-2010-2763	The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...	wheezy
	CVE-2010-2764	Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...	wheezy
	CVE-2010-2765	Integer overflow in the FRAMESET element implementation in Mozilla ...	wheezy
	CVE-2010-2766	The normalizeDocument function in Mozilla Firefox before 3.5.12 and ...	wheezy
	CVE-2010-2767	The navigator.plugins implementation in Mozilla Firefox before 3.5.12 ...	wheezy
	CVE-2010-2768	Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...	wheezy
	CVE-2010-2769	Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...	wheezy
	CVE-2010-3166	Heap-based buffer overflow in the nsTextFrameUtils::TransformText ...	wheezy
	CVE-2010-3167	The nsTreeContentView function in Mozilla Firefox before 3.5.12 and ...	wheezy
	CVE-2010-3168	Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...	wheezy
	CVE-2010-3169	Multiple unspecified vulnerabilities in the browser engine in Mozilla ...	wheezy
	CVE-2010-3174	Unspecified vulnerability in the browser engine in Mozilla Firefox ...	wheezy
	CVE-2010-3176	Multiple unspecified vulnerabilities in the browser engine in Mozilla ...	wheezy
	CVE-2010-3177	Multiple cross-site scripting (XSS) vulnerabilities in the Gopher ...	wheezy
	CVE-2010-3178	Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird ...	wheezy
	CVE-2010-3179	Stack-based buffer overflow in the text-rendering functionality in ...	wheezy
	CVE-2010-3180	Use-after-free vulnerability in the nsBarProp function in Mozilla ...	wheezy
	CVE-2010-3183	The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox ...	wheezy
	CVE-2010-3765	Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, ...	wheezy
	CVE-2010-3766	Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and ...	wheezy
	CVE-2010-3767	Integer overflow in the NewIdArray function in Mozilla Firefox before ...	wheezy
	CVE-2010-3768	Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird ...	wheezy
	CVE-2010-3769	The line-breaking implementation in Mozilla Firefox before 3.5.16 and ...	wheezy
	CVE-2010-3770	Multiple cross-site scripting (XSS) vulnerabilities in the rendering ...	wheezy
	CVE-2010-3771	Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...	wheezy
	CVE-2010-3772	Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...	wheezy
	CVE-2010-3773	Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...	wheezy
	CVE-2010-3774	The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h ...	wheezy
	CVE-2010-3775	Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...	wheezy
	CVE-2010-3776	Multiple unspecified vulnerabilities in the browser engine in Mozilla ...	wheezy
	CVE-2010-3778	Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, ...	wheezy
	CVE-2011-0051	Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey ...	wheezy
	CVE-2011-0053	Multiple unspecified vulnerabilities in the browser engine in Mozilla ...	wheezy
	CVE-2011-0056	Buffer overflow in the JavaScript engine in Mozilla Firefox before ...	wheezy
	CVE-2011-0059	Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox ...	wheezy
	CVE-2011-0065	Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and ...	wheezy
	CVE-2011-0066	Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and ...	wheezy
	CVE-2011-0067	Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey ...	wheezy
	CVE-2011-0070	Unspecified vulnerability in the browser engine in Mozilla Firefox ...	wheezy
	CVE-2011-0071	Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and ...	wheezy
	CVE-2011-0072	Unspecified vulnerability in the browser engine in Mozilla Firefox ...	wheezy
	CVE-2011-0073	Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey ...	wheezy
	CVE-2011-0074	Unspecified vulnerability in the browser engine in Mozilla Firefox ...	wheezy
	CVE-2011-0075	Unspecified vulnerability in the browser engine in Mozilla Firefox ...	wheezy
	CVE-2011-0077	Unspecified vulnerability in the browser engine in Mozilla Firefox ...	wheezy
	CVE-2011-0078	Unspecified vulnerability in the browser engine in Mozilla Firefox ...	wheezy
	CVE-2011-0080	Multiple unspecified vulnerabilities in the browser engine in Mozilla ...	wheezy
	CVE-2011-0082	The X.509 certificate validation functionality in Mozilla Firefox ...	wheezy
	CVE-2011-0083	Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem ...	wheezy
	CVE-2011-0085	Use-after-free vulnerability in the nsXULCommandDispatcher function in ...	wheezy
	CVE-2011-1202	The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 ...	wheezy
	CVE-2011-2362	Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and ...	wheezy
	CVE-2011-2363	Use-after-free vulnerability in the nsSVGPointList::AppendElement ...	wheezy
	CVE-2011-2371	Integer overflow in the Array.reduceRight method in Mozilla Firefox ...	wheezy
	CVE-2011-2372	Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before ...	wheezy
	CVE-2011-2373	Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x ...	wheezy
	CVE-2011-2374	Multiple unspecified vulnerabilities in the browser engine in Mozilla ...	wheezy
	CVE-2011-2376	Multiple unspecified vulnerabilities in the browser engine in Mozilla ...	wheezy
	CVE-2011-2378	The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird ...	wheezy
	CVE-2011-2605	CRLF injection vulnerability in the ...	wheezy
	CVE-2011-2981	The event-management implementation in Mozilla Firefox before 3.6.20, ...	wheezy
	CVE-2011-2982	Multiple unspecified vulnerabilities in the browser engine in Mozilla ...	wheezy
	CVE-2011-2983	Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, ...	wheezy
	CVE-2011-2984	Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before ...	wheezy
	CVE-2011-2995	Multiple unspecified vulnerabilities in the browser engine in Mozilla ...	wheezy
	CVE-2011-2998	Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote ...	wheezy
	CVE-2011-2999	Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before ...	wheezy
	CVE-2011-3000	Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before ...	wheezy
	CVE-2011-3647	The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird ...	wheezy
	CVE-2011-3648	Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...	wheezy
	CVE-2011-3650	Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird ...	wheezy
	CVE-2011-3670	Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before ...	wheezy
	CVE-2012-0442	Multiple unspecified vulnerabilities in the browser engine in Mozilla ...	wheezy
	CVE-2012-0449	Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before ...	wheezy
	TEMP-0560108-565B70	browser-based css info disclosure	wheezy
	TEMP-0568486-B6FCB6	browser javascript document.write denial-of-service	wheezy
yaws	CVE-2009-4495	Yaws 1.85 writes data to a log file without sanitizing non-printable ...	buster, jessie, sid, stretch, wheezy
yui	CVE-2007-2385	The Yahoo! UI framework exchanges data using JavaScript Object ...	wheezy
	CVE-2010-4710	Cross-site scripting (XSS) vulnerability in the addItem method in the ...	wheezy
yum	CVE-2013-1910	Not removing bad metadata and using it in next run	buster, jessie, sid, stretch, wheezy
zabbix	CVE-2016-9140	RCE	jessie
zope2.12	CVE-2012-5487	The sandbox whitelisting function (allowmodule.py) in Plone before ...	wheezy
zoph	CVE-2014-9235	Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes ...	buster, sid
zoph	CVE-2014-9236	Cross-site scripting (XSS) vulnerability in php/edit_photos.php in ...	buster, sid