This page lists packages that are affected by issues that are considered unimportant from a security perspective. These issues are thought to be unexploitable or uneffective in most situations (for example, browser denial-of-services).
| Package | Bug | Description | Releases |
|---|---|---|---|
| 9base | CVE-2014-1935 | 9base 1:6-6 and 1:6-7 insecurely creates temporary files which results ... | bookworm, bullseye, buster, sid |
| abcm2ps | CVE-2021-32434 | abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in th ... | bullseye, buster |
| CVE-2021-32436 | An out-of-bounds read in the function write_title() in subs.c of abcm2 ... | bullseye, buster | |
| abiword | CVE-2017-17529 | af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings ... | bookworm, bullseye, buster, sid |
| activemq | CVE-2019-0222 | In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame ca ... | buster |
| CVE-2020-1941 | In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open ... | bookworm, bullseye, buster, sid | |
| CVE-2020-13947 | An instance of a cross-site scripting vulnerability was identified to ... | bookworm, bullseye, buster, sid | |
| adns | CVE-2017-9103 | An issue was discovered in adns before 1.5.2. pap_mailbox822 does not ... | buster |
| CVE-2017-9104 | An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if ... | buster | |
| CVE-2017-9105 | An issue was discovered in adns before 1.5.2. It corrupts a pointer wh ... | buster | |
| CVE-2017-9106 | An issue was discovered in adns before 1.5.2. adns_rr_info mishandles ... | buster | |
| CVE-2017-9107 | An issue was discovered in adns before 1.5.2. It overruns reading a bu ... | buster | |
| CVE-2017-9108 | An issue was discovered in adns before 1.5.2. adnshost mishandles a mi ... | buster | |
| CVE-2017-9109 | An issue was discovered in adns before 1.5.2. It fails to ignore appar ... | buster | |
| amanda | CVE-2016-10729 | An issue was discovered in Amanda 3.3.1. A user with backup privileges ... | bookworm, bullseye, buster, sid |
| CVE-2016-10730 | An issue was discovered in Amanda 3.3.1. A user with backup privileges ... | bookworm, bullseye, buster, sid | |
| android-framework-23 | CVE-2017-0752 | A elevation of privilege vulnerability in the Android framework (windo ... | bookworm, bullseye, buster, sid |
| CVE-2017-0822 | An elevation of privilege vulnerability in the Android system (camera) ... | bookworm, bullseye, buster, sid | |
| android-platform-frameworks-base | CVE-2021-39796 | In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there ... | bookworm, bullseye, buster, sid |
| CVE-2022-20011 | In getArray of NotificationManagerService.java , there is a possible l ... | bookworm, bullseye, buster, sid | |
| android-platform-frameworks-native | CVE-2015-3875 | libutils in Android before 5.1.1 LMY48T allows remote attackers to exe ... | bookworm, bullseye, buster, sid |
| CVE-2015-6602 | libutils in Android through 5.1.1 LMY48M allows remote attackers to ex ... | bookworm, bullseye, buster, sid | |
| CVE-2015-6609 | libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allo ... | bookworm, bullseye, buster, sid | |
| android-platform-system-core | CVE-2012-5564 | android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users t ... | bullseye, buster, sid |
| CVE-2017-0841 | A remote code execution vulnerability in the Android system (libutils) ... | bullseye, buster, sid | |
| android-tools | CVE-2012-5564 | android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users t ... | buster |
| ansible | CVE-2020-1734 | A flaw was found in the pipe lookup plugin of ansible. Arbitrary comma ... | bookworm, bullseye, buster, sid |
| CVE-2020-1736 | A flaw was found in Ansible Engine when a file is moved using atomic_m ... | bookworm, bullseye, buster, sid | |
| CVE-2020-1737 | A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9 ... | buster | |
| CVE-2020-1738 | A flaw was found in Ansible Engine when the module package or service ... | bookworm, bullseye, buster, sid | |
| ant | CVE-2021-36373 | When reading a specially crafted TAR archive an Apache Ant build can b ... | bullseye, buster |
| CVE-2021-36374 | When reading a specially crafted ZIP archive, or a derived formats, an ... | bullseye, buster | |
| apache2 | CVE-2001-1534 | mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's u ... | bookworm, bullseye, buster, sid |
| CVE-2003-1307 | bookworm, bullseye, buster, sid | ||
| CVE-2003-1580 | The Apache HTTP Server 2.0.44, when DNS resolution is enabled for clie ... | bookworm, bullseye, buster, sid | |
| CVE-2003-1581 | The Apache HTTP Server 2.0.44, when DNS resolution is enabled for clie ... | bookworm, bullseye, buster, sid | |
| CVE-2007-0086 | bookworm, bullseye, buster, sid | ||
| CVE-2007-1743 | suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combination ... | bookworm, bullseye, buster, sid | |
| CVE-2007-3303 | Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows loc ... | bookworm, bullseye, buster, sid | |
| CVE-2008-0456 | CRLF injection vulnerability in the mod_negotiation module in the Apac ... | bookworm, bullseye, buster, sid | |
| apt | CVE-2011-3374 | It was found that apt-key in apt, all versions, do not correctly valid ... | bookworm, bullseye, buster, sid |
| apt-setup | CVE-2005-2214 | apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ... | bookworm, bullseye, buster, sid |
| asn1c | CVE-2017-12966 | The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1 ... | bookworm, bullseye, buster, sid |
| avahi | CVE-2017-6519 | avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to ... | buster |
| awffull | CVE-2007-0510 | Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) prese ... | bookworm, bullseye, buster, sid |
| awstats | CVE-2018-10245 | A Full Path Disclosure vulnerability in AWStats through 7.6 allows rem ... | bookworm, bullseye, buster, sid |
| axis | CVE-2007-2353 | Apache Axis 1.0 allows remote attackers to obtain sensitive informatio ... | bookworm, bullseye, buster, sid |
| CVE-2019-0227 | A Server Side Request Forgery (SSRF) vulnerability affected the Apache ... | bookworm, bullseye, buster, sid | |
| bash | CVE-2019-18276 | An issue was discovered in disable_priv_mode in shell.c in GNU Bash th ... | buster |
| TEMP-0841856-B18BAF | Privilege escalation possible to other user than root | bookworm, bullseye, buster, sid | |
| bash-completion | CVE-2018-7738 | In util-linux before 2.32-rc1, bash-completion/umount allows local use ... | bookworm, bullseye, buster, sid |
| bibutils | CVE-2018-10773 | NULL pointer deference in the addsn function in serialno.c in libbibco ... | buster |
| CVE-2018-10774 | Read access violation in the isiin_keyword function in isiin.c in libb ... | buster | |
| CVE-2018-10775 | NULL pointer dereference in the _fields_add function in fields.c in li ... | buster | |
| binaryen | CVE-2019-15758 | An issue was discovered in Binaryen 1.38.32. Missing validation rules ... | buster |
| CVE-2019-15759 | An issue was discovered in Binaryen 1.38.32. Two visitors in ir/Expres ... | buster | |
| CVE-2021-45290 | A Denial of Service vulnerability exits in Binaryen 103 due to an asse ... | bullseye, buster | |
| CVE-2021-45293 | A Denial of Service vulnerability exists in Binaryen 103 due to an Inv ... | bullseye, buster | |
| CVE-2021-46048 | A Denial of Service vulnerability exists in Binaryen 104 due to an ass ... | bookworm, bullseye, buster, sid | |
| CVE-2021-46050 | A Stack Overflow vulnerability exists in Binaryen 103 via the printf_c ... | bookworm, bullseye, buster, sid | |
| CVE-2021-46052 | A Denial of Service vulnerability exists in Binaryen 104 due to an ass ... | bookworm, bullseye, buster, sid | |
| CVE-2021-46053 | A Denial of Service vulnerability exists in Binaryen 103. The program ... | bookworm, bullseye, buster, sid | |
| CVE-2021-46054 | A Denial of Service vulnerability exists in Binaryen 104 due to an ass ... | bookworm, bullseye, buster, sid | |
| CVE-2021-46055 | A Denial of Service vulnerability exists in Binaryen 104 due to an ass ... | bookworm, bullseye, buster, sid | |
| binutils | CVE-2017-13716 | The C++ symbol demangler routine in cplus-dem.c in libiberty, as distr ... | bookworm, bullseye, buster, sid |
| CVE-2018-9138 | An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ... | buster | |
| CVE-2018-9996 | An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ... | bookworm, bullseye, buster, sid | |
| CVE-2018-12697 | A NULL pointer dereference (aka SEGV on unknown address 0x000000000000 ... | buster | |
| CVE-2018-12698 | demangle_template in cplus-dem.c in GNU libiberty, as distributed in G ... | buster | |
| CVE-2018-12699 | finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause ... | buster | |
| CVE-2018-12934 | remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU ... | bookworm, bullseye, buster, sid | |
| CVE-2018-17358 | An issue was discovered in the Binary File Descriptor (BFD) library (a ... | buster | |
| CVE-2018-17359 | An issue was discovered in the Binary File Descriptor (BFD) library (a ... | buster | |
| CVE-2018-17360 | An issue was discovered in the Binary File Descriptor (BFD) library (a ... | buster | |
| CVE-2018-17794 | An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ... | buster | |
| CVE-2018-17985 | An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ... | buster | |
| CVE-2018-18309 | An issue was discovered in the Binary File Descriptor (BFD) library (a ... | buster | |
| CVE-2018-18483 | The get_count function in cplus-dem.c in GNU libiberty, as distributed ... | bookworm, bullseye, buster, sid | |
| CVE-2018-18484 | An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ... | buster | |
| CVE-2018-18605 | A heap-based buffer over-read issue was discovered in the function sec ... | buster | |
| CVE-2018-18606 | An issue was discovered in the merge_strings function in merge.c in th ... | buster | |
| CVE-2018-18607 | An issue was discovered in elf_link_input_bfd in elflink.c in the Bina ... | buster | |
| CVE-2018-18700 | An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ... | buster | |
| CVE-2018-18701 | An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ... | buster | |
| CVE-2018-19931 | An issue was discovered in the Binary File Descriptor (BFD) library (a ... | buster | |
| CVE-2018-19932 | An issue was discovered in the Binary File Descriptor (BFD) library (a ... | buster | |
| CVE-2018-20002 | The _bfd_generic_read_minisymbols function in syms.c in the Binary Fil ... | buster | |
| CVE-2018-20623 | In GNU Binutils 2.31.1, there is a use-after-free in the error functio ... | bookworm, bullseye, buster, sid | |
| CVE-2018-20651 | A NULL pointer dereference was discovered in elf_link_add_object_symbo ... | buster | |
| CVE-2018-20671 | load_specific_debug_section in objdump.c in GNU Binutils through 2.31. ... | buster | |
| CVE-2018-20673 | The demangle_template function in cplus-dem.c in GNU libiberty, as dis ... | bookworm, bullseye, buster, sid | |
| CVE-2018-20712 | A heap-based buffer over-read exists in the function d_expression_1 in ... | bookworm, bullseye, buster, sid | |
| CVE-2018-1000876 | binutils version 2.32 and earlier contains a Integer Overflow vulnerab ... | buster | |
| CVE-2019-9070 | An issue was discovered in GNU libiberty, as distributed in GNU Binuti ... | buster | |
| CVE-2019-9071 | An issue was discovered in GNU libiberty, as distributed in GNU Binuti ... | buster | |
| CVE-2019-9073 | An issue was discovered in the Binary File Descriptor (BFD) library (a ... | buster | |
| CVE-2019-9074 | An issue was discovered in the Binary File Descriptor (BFD) library (a ... | buster | |
| CVE-2019-9075 | An issue was discovered in the Binary File Descriptor (BFD) library (a ... | buster | |
| CVE-2019-9077 | An issue was discovered in GNU Binutils 2.32. It is a heap-based buffe ... | buster | |
| CVE-2019-12972 | An issue was discovered in the Binary File Descriptor (BFD) library (a ... | buster | |
| CVE-2019-14250 | An issue was discovered in GNU libiberty, as distributed in GNU Binuti ... | buster | |
| CVE-2019-14444 | apply_relocations in readelf.c in GNU Binutils 2.32 contains an intege ... | buster | |
| CVE-2019-17450 | find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) ... | buster | |
| CVE-2019-17451 | An issue was discovered in the Binary File Descriptor (BFD) library (a ... | buster | |
| CVE-2019-1010180 | GNU gdb All versions is affected by: Buffer Overflow - Out of bound me ... | buster | |
| CVE-2019-1010204 | GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is aff ... | bookworm, bullseye, buster, sid | |
| CVE-2020-16590 | A double free vulnerability exists in the Binary File Descriptor (BFD) ... | buster | |
| CVE-2020-16591 | A Denial of Service vulnerability exists in the Binary File Descriptor ... | buster | |
| CVE-2020-16592 | A use after free issue exists in the Binary File Descriptor (BFD) libr ... | buster | |
| CVE-2020-16593 | A Null Pointer Dereference vulnerability exists in the Binary File Des ... | buster | |
| CVE-2020-16599 | A Null Pointer Dereference vulnerability exists in the Binary File Des ... | buster | |
| CVE-2020-35448 | An issue was discovered in the Binary File Descriptor (BFD) library (a ... | bookworm, bullseye, buster, sid | |
| CVE-2020-35493 | A flaw exists in binutils in bfd/pef.c. An attacker who is able to sub ... | buster | |
| CVE-2020-35494 | There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is ab ... | buster | |
| CVE-2020-35495 | There's a flaw in binutils /bfd/pef.c. An attacker who is able to subm ... | buster | |
| CVE-2020-35496 | There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutil ... | buster | |
| CVE-2020-35507 | There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutil ... | buster | |
| CVE-2021-3487 | There's a flaw in the BFD library of binutils in versions before 2.36. ... | bullseye, buster | |
| CVE-2021-3530 | A flaw was discovered in GNU libiberty within demangle_path() in rust- ... | bookworm, bullseye, buster, sid | |
| CVE-2021-3549 | An out of bounds flaw was found in GNU binutils objdump utility versio ... | bullseye, buster | |
| CVE-2021-20197 | There is an open race window when writing output in the following util ... | bullseye, buster | |
| CVE-2021-20284 | A flaw was found in GNU Binutils 2.35.1, where there is a heap-based b ... | bullseye, buster | |
| CVE-2021-20294 | A flaw was found in binutils readelf 2.35 program. An attacker who is ... | buster | |
| CVE-2021-45078 | stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows ... | bullseye, buster | |
| CVE-2021-46195 | GCC v12.0 was discovered to contain an uncontrolled recursion via the ... | bookworm, bullseye, buster, sid | |
| bison | CVE-2020-14150 | GNU Bison before 3.5.4 allows attackers to cause a denial of service ( ... | buster |
| blender | CVE-2005-3151 | Buffer overflow in blenderplay in Blender Player 2.37a allows attacker ... | bullseye, buster, sid |
| CVE-2009-3850 | Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execut ... | bullseye, buster, sid | |
| CVE-2010-5105 | The undo save quit routine in the kernel in Blender 2.5, 2.63a, and ea ... | bullseye, buster, sid | |
| bluez | CVE-2016-9797 | In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" functio ... | bookworm, bullseye, buster, sid |
| CVE-2016-9798 | In BlueZ 5.42, a use-after-free was identified in "conf_opt" function ... | bookworm, bullseye, buster, sid | |
| CVE-2016-9799 | In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" funct ... | bookworm, bullseye, buster, sid | |
| CVE-2016-9800 | In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" ... | bookworm, bullseye, buster, sid | |
| CVE-2016-9801 | In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" functi ... | bookworm, bullseye, buster, sid | |
| CVE-2016-9802 | In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" fun ... | bookworm, bullseye, buster, sid | |
| CVE-2016-9803 | In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" ... | bookworm, bullseye, buster, sid | |
| CVE-2016-9804 | In BlueZ 5.42, a buffer overflow was observed in "commands_dump" funct ... | bookworm, bullseye, buster, sid | |
| CVE-2016-9917 | In BlueZ 5.42, a buffer overflow was observed in "read_n" function in ... | bookworm, bullseye, buster, sid | |
| CVE-2016-9918 | In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump ... | bookworm, bullseye, buster, sid | |
| bochs | CVE-2007-2894 | The emulated floppy disk controller in Bochs 2.3 allows local users of ... | bookworm, bullseye, buster, sid |
| brandy | CVE-2019-14662 | Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in f ... | bullseye, buster |
| CVE-2019-14663 | Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fi ... | bullseye, buster | |
| CVE-2019-14665 | Brandy 1.20.1 has a heap-based buffer overflow in define_array in vari ... | bullseye, buster | |
| CVE-2020-27372 | A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1 ... | bookworm, bullseye, buster, sid | |
| busybox | CVE-2018-1000500 | Busybox contains a Missing SSL certificate validation vulnerability in ... | bookworm, bullseye, buster, sid |
| CVE-2021-42373 | A NULL pointer dereference in Busybox's man applet leads to denial of ... | bullseye, buster | |
| CVE-2021-42374 | An out-of-bounds heap read in Busybox's unlzma applet leads to informa ... | bullseye, buster | |
| CVE-2021-42375 | An incorrect handling of a special element in Busybox's ash applet lea ... | bullseye, buster | |
| CVE-2021-42376 | A NULL pointer dereference in Busybox's hush applet leads to denial of ... | bullseye, buster | |
| CVE-2022-30065 | A use-after-free in Busybox 1.35-x's awk applet leads to denial of ser ... | bookworm, bullseye, buster, sid | |
| bwa | CVE-2019-11371 | BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow vi ... | bookworm, bullseye, buster, sid |
| bwm-ng | CVE-2022-1341 | An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write e ... | buster |
| byobu | CVE-2019-7306 | Byobu Apport hook may disclose sensitive information since it automati ... | bookworm, bullseye, buster, sid |
| byzanz | CVE-2015-2785 | The GIF encoder in Byzanz allows remote attackers to cause a denial of ... | bookworm, bullseye, buster, sid |
| cacti | CVE-2020-7058 | ** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execut ... | bookworm, bullseye, buster, sid |
| cadaver | CVE-2009-3560 | The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, a ... | bookworm, bullseye, buster, sid |
| CVE-2009-3720 | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ... | bookworm, bullseye, buster, sid | |
| calamares | CVE-2019-13178 | modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2. ... | buster |
| catdoc | CVE-2018-20451 | The process_file function in reader.c in libdoc through 2017-10-23 has ... | bookworm, bullseye, buster, sid |
| CVE-2018-20453 | The getlong function in numutils.c in libdoc through 2017-10-23 has a ... | bookworm, bullseye, buster, sid | |
| CVE-2019-7156 | In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows divi ... | bookworm, bullseye, buster, sid | |
| CVE-2019-7233 | In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer ... | bookworm, bullseye, buster, sid | |
| cflow | CVE-2019-16165 | GNU cflow through 1.6 has a use-after-free in the reference function i ... | bullseye, buster |
| CVE-2019-16166 | GNU cflow through 1.6 has a heap-based buffer over-read in the nexttok ... | bullseye, buster | |
| CVE-2020-23856 | Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, ... | bullseye, buster | |
| chafa | CVE-2022-1507 | chafa: NULL Pointer Dereference in function gif_internal_decode_frame ... | bullseye, buster |
| CVE-2022-2061 | Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior ... | bullseye, buster | |
| CVE-2022-2301 | Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3. ... | bullseye, buster | |
| checkinstall | CVE-2020-25031 | checkinstall 1.6.2, when used to create a package that contains a syml ... | bookworm, bullseye, sid |
| cifs-utils | CVE-2014-2830 | Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils ... | bookworm, bullseye, buster, sid |
| civetweb | CVE-2020-27304 | The CivetWeb web library does not validate uploaded filepaths when run ... | bullseye |
| clementine | CVE-2018-14332 | An issue was discovered in Clementine Music Player 1.3.1. Clementine.e ... | bookworm, bullseye, buster, sid |
| CVE-2021-40826 | Clementine Music Player through 1.3.1 is vulnerable to a User Mode Wri ... | bookworm, bullseye, buster, sid | |
| CVE-2021-40827 | Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) ... | bookworm, bullseye, buster, sid | |
| coin3 | CVE-2009-3560 | The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, a ... | bookworm, bullseye, buster, sid |
| CVE-2009-3720 | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ... | bookworm, bullseye, buster, sid | |
| confuse | CVE-2018-19760 | cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. ... | buster |
| context | CVE-2017-17513 | TeX Live through 20170524 does not validate strings before launching t ... | bookworm, bullseye, buster, sid |
| coreutils | CVE-2017-18018 | In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does no ... | bookworm, bullseye, buster, sid |
| courier | CVE-2004-2313 | Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error message ... | bookworm, bullseye, buster, sid |
| CVE-2005-1308 | SqWebMail allows remote attackers to inject arbitrary web script or HT ... | bookworm, bullseye, buster, sid | |
| ctn | CVE-2008-5146 | add-accession-numbers in ctn 3.0.6 allows local users to overwrite arb ... | bookworm, bullseye, buster, sid |
| cups | CVE-2014-8166 | The browsing feature in the server in CUPS does not filter ANSI escape ... | bookworm, bullseye, buster, sid |
| curl | CVE-2021-22922 | When curl is instructed to download content using the metalink feature ... | bookworm, bullseye, buster, sid |
| CVE-2021-22923 | When curl is instructed to get content using the metalink feature, and ... | bookworm, bullseye, buster, sid | |
| dacs | CVE-2021-29629 | In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before ... | buster |
| db4o | CVE-2012-6550 | Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 ... | bookworm, bullseye, buster, sid |
| CVE-2013-1808 | Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and Zero ... | bookworm, bullseye, buster, sid | |
| CVE-2014-1869 | Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.s ... | bookworm, bullseye, buster, sid | |
| dcraw | CVE-2018-19565 | A buffer over-read in crop_masked_pixels in dcraw through 9.28 could b ... | bookworm, bullseye, buster, sid |
| CVE-2018-19566 | A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could ... | bookworm, bullseye, buster, sid | |
| CVE-2018-19567 | A floating point exception in parse_tiff_ifd in dcraw through 9.28 cou ... | bookworm, bullseye, buster, sid | |
| CVE-2018-19568 | A floating point exception in kodak_radc_load_raw in dcraw through 9.2 ... | bookworm, bullseye, buster, sid | |
| dia | CVE-2019-19451 | When GNOME Dia before 2019-11-27 is launched with a filename argument ... | bullseye, buster |
| dillo | TEMP-0560108-565B70 | browser-based css info disclosure | bookworm, bullseye, buster, sid |
| dlt-daemon | CVE-2021-29507 | GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interfa ... | bookworm, bullseye, buster, sid |
| dmg2img | CVE-2021-3548 | A flaw was found in dmg2img through 20170502. dmg2img did not validate ... | bookworm, bullseye, buster, sid |
| CVE-2021-32614 | A flaw was found in dmg2img through 20170502. fill_mishblk() does not ... | bookworm, bullseye, buster, sid | |
| dnsmasq | CVE-2021-45951 | ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in check_ ... | bookworm, bullseye, buster, sid |
| CVE-2021-45952 | ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_r ... | bookworm, bullseye, buster, sid | |
| CVE-2021-45953 | ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in extrac ... | bookworm, bullseye, buster, sid | |
| CVE-2021-45954 | ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in extrac ... | bookworm, bullseye, buster, sid | |
| CVE-2021-45955 | ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in resize ... | bookworm, bullseye, buster, sid | |
| CVE-2021-45956 | ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in print_ ... | bookworm, bullseye, buster, sid | |
| CVE-2021-45957 | ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in answer ... | bookworm, bullseye, buster, sid | |
| dnspython | CVE-2008-1447 | The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ... | bookworm, bullseye, buster, sid |
| dnstracer | CVE-2017-9430 | Stack-based buffer overflow in dnstracer through 1.9 allows attackers ... | bookworm, bullseye, buster, sid |
| dogtag-pki | CVE-2015-0234 | Multiple temporary file creation vulnerabilities in pki-core 10.2.0. ... | bullseye, sid |
| dokuwiki | CVE-2016-7965 | DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the ... | bookworm, bullseye, buster, sid |
| dovecot | CVE-2008-4870 | dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedor ... | bookworm, bullseye, buster, sid |
| dpkg-cross | CVE-2008-4950 | ** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to overw ... | bookworm, bullseye, buster, sid |
| dropbear | CVE-2020-36254 | scp.c in Dropbear before 2020.79 mishandles the filename of . or an em ... | buster |
| duo-unix | CVE-2020-12135 | bson before 0.8 incorrectly uses int rather than size_t for many varia ... | bookworm, bullseye, buster, sid |
| edk2 | CVE-2014-4859 | Integer overflow in the Drive Execution Environment (DXE) phase in the ... | buster |
| CVE-2014-4860 | Multiple integer overflows in the Pre-EFI Initialization (PEI) boot ph ... | buster | |
| CVE-2018-12179 | Improper configuration in system firmware for EDK II may allow unauthe ... | buster | |
| CVE-2018-12182 | Insufficient memory write check in SMM service for EDK II may allow an ... | buster | |
| CVE-2019-14553 | Improper authentication in EDK II may allow a privileged user to poten ... | buster | |
| CVE-2021-28213 | Example EDK2 encrypted private key in the IpSecDxe.efi present potenti ... | buster | |
| epiphany-browser | CVE-2007-1084 | Mozilla Firefox 2.0.0.1 and earlier does not prompt users before savin ... | bookworm, bullseye, buster, sid |
| CVE-2014-3566 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ... | bookworm, bullseye, buster, sid | |
| TEMP-0560108-565B70 | browser-based css info disclosure | bookworm, bullseye, buster, sid | |
| erlang | CVE-2009-0130 | ** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not proper ... | bookworm, bullseye, buster, sid |
| CVE-2016-1000107 | inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1 ... | bookworm, bullseye, buster, sid | |
| evolution | CVE-2007-1266 | Evolution 2.8.1 and earlier does not properly use the --status-fd argu ... | bookworm, bullseye, buster, sid |
| CVE-2011-3201 | GNOME Evolution before 3.2.3 allows user-assisted remote attackers to ... | bookworm, bullseye, buster, sid | |
| CVE-2013-4166 | The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNO ... | bookworm, bullseye, buster, sid | |
| CVE-2017-17689 | The S/MIME specification allows a Cipher Block Chaining (CBC) malleabi ... | bookworm, bullseye, buster, sid | |
| CVE-2021-3349 | ** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signat ... | bookworm, bullseye, buster, sid | |
| exif | CVE-2021-27815 | NULL Pointer Deference in the exif command line tool, when printing ou ... | bookworm, bullseye, buster, sid |
| exiv2 | CVE-2017-11683 | There is a reachable assertion in the Internal::TiffReader::visitDirec ... | buster |
| CVE-2018-14338 | samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realp ... | bookworm, bullseye, buster, sid | |
| CVE-2019-13113 | Exiv2 through 0.27.1 allows an attacker to cause a denial of service ( ... | buster | |
| CVE-2020-18773 | An invalid memory access in the decode function in iptc.cpp of Exiv2 0 ... | bookworm, bullseye, buster, sid | |
| CVE-2020-18774 | A float point exception in the printLong function in tags_int.cpp of E ... | bookworm, bullseye, buster, sid | |
| CVE-2020-18898 | A stack exhaustion issue in the printIFDStructure function of Exiv2 0. ... | bookworm, bullseye, buster, sid | |
| expat | CVE-2013-0340 | expat 2.1.0 and earlier does not properly handle entities expansion un ... | bullseye, buster |
| faac | CVE-2018-19886 | An invalid memory address dereference was discovered in the huffcode f ... | buster |
| CVE-2018-19887 | An invalid memory address dereference was discovered in the huffcode f ... | buster | |
| CVE-2018-19888 | An invalid memory address dereference was discovered in the huffcode f ... | buster | |
| CVE-2018-19889 | An invalid memory address dereference was discovered in the huffcode f ... | buster | |
| CVE-2018-19890 | An invalid memory address dereference was discovered in the huffcode f ... | buster | |
| CVE-2018-19891 | An invalid memory address dereference was discovered in the huffcode f ... | buster | |
| faust | CVE-2021-32275 | An issue was discovered in faust through v2.30.5. A NULL pointer deref ... | bookworm, bullseye, buster, sid |
| fetchmail | CVE-2021-36386 | report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits i ... | buster |
| ffmpeg | CVE-2020-20445 | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, ... | bookworm, sid |
| CVE-2020-20450 | FFmpeg 4.2 is affected by null pointer dereference passed as argument ... | buster | |
| CVE-2020-20451 | Denial of Service issue in FFmpeg 4.2 due to resource management error ... | buster | |
| CVE-2020-20898 | Integer Overflow vulnerability in function filter16_prewitt in libavfi ... | buster | |
| CVE-2020-22038 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ... | bullseye, buster | |
| CVE-2020-22039 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ... | buster | |
| CVE-2020-22040 | A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memor ... | buster | |
| CVE-2020-22041 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ... | buster | |
| CVE-2020-22042 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ... | buster | |
| CVE-2020-22043 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ... | buster | |
| CVE-2020-22044 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ... | buster | |
| CVE-2020-22046 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ... | buster | |
| CVE-2020-22048 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ... | buster | |
| CVE-2020-22051 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ... | buster | |
| CVE-2020-22056 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ... | buster | |
| CVE-2021-38090 | Integer Overflow vulnerability in function filter16_roberts in libavfi ... | buster | |
| CVE-2021-38091 | Integer Overflow vulnerability in function filter16_sobel in libavfilt ... | buster | |
| CVE-2021-38092 | Integer Overflow vulnerability in function filter_prewitt in libavfilt ... | buster | |
| CVE-2021-38093 | Integer Overflow vulnerability in function filter_robert in libavfilte ... | buster | |
| CVE-2021-38094 | Integer Overflow vulnerability in function filter_sobel in libavfilter ... | buster | |
| fig2dev | CVE-2020-21678 | A global buffer overflow in the genmp_writefontmacro_latex component i ... | buster |
| CVE-2020-21680 | A stack-based buffer overflow in the put_arrow() component in genpict2 ... | buster | |
| CVE-2020-21681 | A global buffer overflow in the set_color component in genge.c of fig2 ... | buster | |
| CVE-2020-21682 | A global buffer overflow in the set_fill component in genge.c of fig2d ... | buster | |
| CVE-2020-21683 | A global buffer overflow in the shade_or_tint_name_after_declare_color ... | buster | |
| CVE-2020-21684 | A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2 ... | buster | |
| firefox | CVE-2004-1639 | Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows re ... | sid |
| CVE-2005-2395 | Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ... | sid | |
| CVE-2005-4685 | Firefox and Mozilla can associate a cookie with multiple domains when ... | sid | |
| CVE-2019-12383 | Tor Browser before 8.0.1 has an information exposure vulnerability. It ... | sid, bookworm, bullseye, buster, sid | |
| firehol | CVE-2008-4953 | bookworm, bullseye, buster, sid | |
| flask-caching | CVE-2021-33026 | The Flask-Caching extension through 1.10.1 for Flask relies on Pickle ... | bookworm, bullseye, sid |
| flex | CVE-2019-6293 | An issue was discovered in the function mark_beginning_as_normal in nf ... | bookworm, bullseye, buster, sid |
| fontforge | CVE-2017-11570 | FontForge 20161012 is vulnerable to a buffer over-read in umodenc (par ... | bookworm, bullseye, buster, sid |
| CVE-2017-11573 | FontForge 20161012 is vulnerable to a buffer over-read in ValidatePost ... | bookworm, bullseye, buster, sid | |
| CVE-2017-17521 | uiutil.c in FontForge through 20170731 does not validate strings befor ... | bookworm, bullseye, buster, sid | |
| foomatic-filters | CVE-2011-2923 | foomatic-rip filter, all versions, used insecurely creates temporary f ... | bookworm, bullseye, buster, sid |
| TEMP-0000000-ACBC4C | buffer overflows in init_cups | bookworm, bullseye, buster, sid | |
| freeipa | CVE-2015-5179 | FreeIPA might display user data improperly via vectors involving non-p ... | bookworm, buster, sid |
| CVE-2017-12169 | It was found that FreeIPA 4.2.0 and later could disclose password hash ... | bookworm, buster, sid | |
| CVE-2019-14826 | A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies ... | bookworm, buster, sid | |
| freeradius | CVE-2007-0080 | bookworm, bullseye, buster, sid | |
| CVE-2019-10143 | ** DISPUTED ** It was discovered freeradius up to and including versio ... | bookworm, bullseye, buster, sid | |
| freetype | CVE-2022-31782 | ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based bu ... | bullseye, buster |
| frr | CVE-2020-12831 | ** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Rang ... | bullseye, buster, sid |
| ganglia-web | CVE-2015-6816 | ganglia-web before 3.7.1 allows remote attackers to bypass authenticat ... | buster |
| CVE-2019-20378 | ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via th ... | bookworm, bullseye, buster, sid | |
| CVE-2019-20379 | ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via th ... | bookworm, bullseye, buster, sid | |
| gcc-12 | CVE-2022-27943 | libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in ... | bookworm, sid |
| gcc-mingw-w64 | CVE-2016-4973 | Binaries compiled against targets that use the libssp library in GCC f ... | bookworm, bullseye, buster, sid |
| gdal | CVE-2019-17546 | tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0. ... | bookworm, bullseye, buster, sid |
| gdb | CVE-2014-8501 | The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutil ... | bookworm, bullseye, buster, sid |
| CVE-2017-9778 | GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length f ... | buster | |
| gedit | CVE-2017-14108 | libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to ca ... | bookworm, bullseye, buster, sid |
| geomview | CVE-2017-17530 | ** DISPUTED ** common/help.c in Geomview 1.9.5 does not validate strin ... | bookworm, bullseye, buster, sid |
| gerbv | CVE-2021-40400 | An out-of-bounds read vulnerability exists in the RS-274X aperture mac ... | bullseye, buster |
| CVE-2021-40402 | An out-of-bounds read vulnerability exists in the RS-274X aperture mac ... | bookworm, bullseye, buster, sid | |
| ghostscript | CVE-2022-1350 | A vulnerability classified as problematic was found in GhostPCL 9.55.0 ... | bookworm, bullseye, buster, sid |
| giac | CVE-2017-17526 | Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings be ... | bookworm, bullseye, buster, sid |
| gif2apng | CVE-2021-45907 | An issue was discovered in gif2apng 1.9. There is a stack-based buffer ... | bullseye, buster |
| CVE-2021-45908 | An issue was discovered in gif2apng 1.9. There is a stack-based buffer ... | bullseye, buster | |
| giflib | CVE-2021-40633 | A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5 ... | bookworm, bullseye, buster, sid |
| CVE-2022-28506 | There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RG ... | bookworm, bullseye, buster, sid | |
| gifsicle | CVE-2020-19752 | The find_color_or_error function in gifsicle 1.92 contains a NULL poin ... | bullseye, buster |
| giftrans | CVE-2021-45972 | The giftrans function in giftrans 1.12.2 contains a stack-based buffer ... | bookworm, bullseye, buster, sid |
| gimp | CVE-2012-4245 | The scriptfu network server in GIMP 2.6 does not require authenticatio ... | bookworm, bullseye, buster, sid |
| CVE-2018-12713 | GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary f ... | bookworm, bullseye, buster, sid | |
| CVE-2022-30067 | GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a ... | bullseye, buster | |
| CVE-2022-32990 | An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allow ... | bullseye, buster | |
| git | CVE-2018-1000021 | GIT version 2.15.1 and earlier contains a Input Validation Error vulne ... | bookworm, bullseye, buster, sid |
| CVE-2022-24975 | The --mirror documentation for Git through 2.35.1 does not mention the ... | bookworm, bullseye, buster, sid | |
| gjots2 | CVE-2017-17535 | lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before ... | buster |
| glance | CVE-2013-4354 | The API before 2.1 in OpenStack Image Registry and Delivery Service (G ... | bookworm, bullseye, buster, sid |
| CVE-2015-8234 | The image signature algorithm in OpenStack Glance 11.0.0 allows remote ... | bookworm, bullseye, buster, sid | |
| CVE-2016-4383 | The glance-manage db in all versions of HPE Helion Openstack Glance al ... | bookworm, bullseye, buster, sid | |
| CVE-2016-8611 | A vulnerability was found in Openstack Glance. No limits are enforced ... | bookworm, bullseye, buster, sid | |
| glib2.0 | CVE-2012-0039 | ** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function i ... | bookworm, bullseye, buster, sid |
| CVE-2020-35457 | ** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that ... | buster | |
| glibc | CVE-2010-4756 | The glob implementation in the GNU C Library (aka glibc or libc6) allo ... | bookworm, bullseye, buster, sid |
| CVE-2018-20796 | In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limi ... | bookworm, bullseye, buster, sid | |
| CVE-2019-9192 | ** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, ... | bookworm, bullseye, buster, sid | |
| CVE-2019-1010022 | ** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The ... | bookworm, bullseye, buster, sid | |
| CVE-2019-1010023 | ** DISPUTED ** GNU Libc current is affected by: Re-mapping current loa ... | bookworm, bullseye, buster, sid | |
| CVE-2019-1010024 | ** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The ... | bookworm, bullseye, buster, sid | |
| CVE-2019-1010025 | ** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The ... | bookworm, bullseye, buster, sid | |
| gnome-font-viewer | CVE-2019-19308 | In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, ... | buster |
| gnome-keyring | CVE-2018-19358 | GNOME Keyring through 3.28.2 allows local users to retrieve login cred ... | bookworm, bullseye, buster, sid |
| gnome-remote-desktop | CVE-2022-1736 | bullseye, buster | |
| gnome-shell | CVE-2012-4427 | The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ... | buster |
| gnome-sushi | CVE-2019-19308 | In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, ... | bookworm, bullseye, buster, sid |
| gnuchess | CVE-2019-15767 | In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_ ... | buster |
| gnumail | CVE-2007-1269 | GNUMail 1.1.2 and earlier does not properly use the --status-fd argume ... | bookworm, bullseye, buster, sid |
| gnupg1 | CVE-2018-6829 | cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt mess ... | bookworm, bullseye, buster, sid |
| gnuplot | CVE-2018-19490 | An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue all ... | bookworm, bullseye, buster, sid |
| CVE-2018-19491 | An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allow ... | bookworm, bullseye, buster, sid | |
| CVE-2018-19492 | An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allo ... | bookworm, bullseye, buster, sid | |
| CVE-2020-25412 | com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write ... | bookworm, bullseye, buster, sid | |
| CVE-2020-25559 | gnuplot 5.5 is affected by double free when executing print_set_output ... | bookworm, bullseye, buster, sid | |
| CVE-2021-44917 | A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d ... | buster | |
| gnutls28 | CVE-2011-3389 | The SSL protocol, as used in certain configurations in Microsoft Windo ... | bookworm, bullseye, buster, sid |
| gocr | CVE-2021-33479 | A stack-based buffer overflow vulnerability was discovered in gocr thr ... | bookworm, bullseye, buster, sid |
| CVE-2021-33480 | An use-after-free vulnerability was discovered in gocr through 0.53-20 ... | bookworm, bullseye, buster, sid | |
| CVE-2021-33481 | A stack-based buffer overflow vulnerability was discovered in gocr thr ... | bookworm, bullseye, buster, sid | |
| golang-1.11 | CVE-2020-29509 | The encoding/xml package in Go (all versions) does not correctly prese ... | buster |
| CVE-2020-29510 | The encoding/xml package in Go versions 1.15 and earlier does not corr ... | buster | |
| CVE-2020-29511 | The encoding/xml package in Go (all versions) does not correctly prese ... | buster | |
| golang-1.15 | CVE-2020-29509 | The encoding/xml package in Go (all versions) does not correctly prese ... | bullseye |
| CVE-2020-29510 | The encoding/xml package in Go versions 1.15 and earlier does not corr ... | bullseye | |
| CVE-2020-29511 | The encoding/xml package in Go (all versions) does not correctly prese ... | bullseye | |
| golang-github-blevesearch-bleve | CVE-2022-31022 | Bleve is a text indexing library for go. Bleve includes HTTP utilities ... | bookworm, bullseye, buster, sid |
| google-perftools | CVE-2018-13420 | ** DISPUTED ** Google gperftools 2.7 has a memory leak in malloc_exten ... | bookworm, bullseye, buster, sid |
| gpac | CVE-2020-22673 | Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows ... | buster |
| CVE-2020-22679 | Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 a ... | buster | |
| CVE-2021-31256 | Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0. ... | buster | |
| CVE-2021-31261 | The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to rea ... | buster | |
| CVE-2021-33361 | Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ... | bookworm, bullseye, sid | |
| CVE-2021-33363 | Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allo ... | bookworm, bullseye, sid | |
| CVE-2021-33364 | Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 ... | bookworm, bullseye, sid | |
| CVE-2021-33365 | Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0. ... | bookworm, bullseye, buster, sid | |
| CVE-2021-33366 | Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC ... | bookworm, bullseye, sid | |
| gpp | CVE-2018-17076 | GPP through 2.25 will try to use more memory space than is available o ... | buster |
| gpw | CVE-2011-4931 | gpw generates shorter passwords than required ... | bookworm, bullseye, buster, sid |
| graphicsmagick | CVE-2017-13736 | There are lots of memory leaks in the GMCommand function in magick/com ... | bookworm, bullseye, buster, sid |
| graphviz | CVE-2019-11023 | The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39. ... | bookworm, bullseye, buster, sid |
| grub | CVE-2008-3896 | Grub Legacy 0.97 and earlier stores pre-boot authentication passwords ... | bookworm, bullseye, buster, sid |
| gsoap | CVE-2021-21783 | A code execution vulnerability exists in the WS-Addressing plugin func ... | bookworm, bullseye, buster, sid |
| gssproxy | CVE-2020-12658 | ** DISPUTED ** gssproxy (aka gss-proxy) before 0.8.3 does not unlock c ... | bookworm, bullseye, buster, sid |
| gthumb | CVE-2020-36427 | GNOME gThumb before 3.10.1 allows an application crash via a malformed ... | buster |
| haskell-tls | CVE-2011-3389 | The SSL protocol, as used in certain configurations in Microsoft Windo ... | bookworm, bullseye, buster, sid |
| hdf5 | CVE-2017-17507 | In HDF5 1.10.1, there is an out of bounds read vulnerability in the fu ... | bookworm, bullseye, buster, sid |
| CVE-2018-14031 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | bookworm, bullseye, buster, sid | |
| CVE-2018-14033 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | bookworm, bullseye, buster, sid | |
| CVE-2018-14034 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ... | bookworm, bullseye, buster, sid | |
| CVE-2018-14035 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | bookworm, bullseye, buster, sid | |
| CVE-2018-14460 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ... | bookworm, bullseye, buster, sid | |
| CVE-2018-15671 | An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stac ... | bookworm, bullseye, buster, sid | |
| CVE-2018-16438 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ... | bookworm, bullseye, buster, sid | |
| CVE-2018-17432 | A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in ... | bookworm, bullseye, buster, sid | |
| CVE-2018-17433 | A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ... | bookworm, bullseye, buster, sid | |
| CVE-2018-17435 | A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ... | bookworm, bullseye, buster, sid | |
| CVE-2018-17436 | ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allo ... | bookworm, bullseye, buster, sid | |
| CVE-2018-17438 | A SIGFPE signal is raised in the function H5D__select_io() of H5Dselec ... | buster | |
| CVE-2018-17439 | An issue was discovered in the HDF HDF5 1.10.3 library. There is a sta ... | bookworm, bullseye, buster, sid | |
| CVE-2019-8397 | An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ... | bookworm, bullseye, buster, sid | |
| CVE-2019-9151 | An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ... | bookworm, bullseye, buster, sid | |
| CVE-2019-9152 | An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ... | bookworm, bullseye, buster, sid | |
| CVE-2020-10809 | An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ... | bookworm, bullseye, buster, sid | |
| CVE-2020-10810 | An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ... | bookworm, bullseye, buster, sid | |
| CVE-2020-10811 | An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ... | bookworm, bullseye, buster, sid | |
| CVE-2020-10812 | An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ... | bookworm, bullseye, buster, sid | |
| CVE-2021-45829 | HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denia ... | bookworm, bullseye, buster, sid | |
| CVE-2021-45830 | A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via ... | bookworm, bullseye, buster, sid | |
| CVE-2021-45832 | A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at ... | bookworm, bullseye, buster, sid | |
| CVE-2021-45833 | A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ... | bookworm, bullseye, buster, sid | |
| CVE-2021-46242 | HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the ... | bookworm, bullseye, buster, sid | |
| CVE-2021-46243 | An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1- ... | bookworm, bullseye, buster, sid | |
| CVE-2021-46244 | A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the functi ... | bookworm, bullseye, buster, sid | |
| hex-a-hop | TEMP-0528250-2E3658 | hex-a-hop: buffer overflow in loading save games | bookworm, bullseye, buster, sid |
| hiredis | CVE-2021-32765 | Hiredis is a minimalistic C client library for the Redis database. In ... | bullseye, buster |
| htmldoc | CVE-2021-33235 | Buffer overflow vulnerability in write_node in htmldoc through 1.9.11 ... | bullseye, buster |
| CVE-2021-33236 | Buffer Overflow vulnerability in write_header in htmldoc through 1.9.1 ... | bullseye, buster | |
| CVE-2022-24191 | In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can l ... | buster | |
| CVE-2022-28085 | A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in ... | buster | |
| CVE-2022-34033 | HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_h ... | bullseye, buster | |
| CVE-2022-34035 | HTMLDoc v1.9.12 and below was discovered to contain a heap overflow vi ... | bullseye, buster | |
| htslib | CVE-2018-14329 | In HTSlib 1.8, a race condition in cram/cram_io.c might allow local us ... | bookworm, bullseye, buster, sid |
| hugo | CVE-2020-26284 | Hugo is a fast and Flexible Static Site Generator built in Go. Hugo de ... | buster |
| hunspell | CVE-2019-16707 | Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommon ... | buster |
| icecast2 | CVE-2005-0837 | IceCast 2.20 allows remote attackers to bypass the XSL parser and obta ... | bookworm, bullseye, buster, sid |
| CVE-2005-0838 | Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ... | bookworm, bullseye, buster, sid | |
| icedtea-web | CVE-2015-5236 | It was discovered that the IcedTea-Web used codebase attribute of the ... | bookworm, bullseye, buster, sid |
| imagemagick | CVE-2005-0406 | A design flaw in image processing software that modifies JPEG images m ... | bookworm, bullseye, buster, sid |
| CVE-2008-3134 | Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 al ... | bookworm, bullseye, buster, sid | |
| CVE-2016-8678 | The IsPixelMonochrome function in MagickCore/pixel-accessor.h in Image ... | bookworm, bullseye, buster, sid | |
| CVE-2017-7275 | The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allow ... | bookworm, bullseye, buster, sid | |
| CVE-2017-11754 | The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ... | bookworm, bullseye, buster, sid | |
| CVE-2017-11755 | The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ... | bookworm, bullseye, buster, sid | |
| CVE-2018-15607 | In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x3 ... | bookworm, bullseye, buster, sid | |
| CVE-2019-13310 | ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ... | buster | |
| CVE-2019-16709 | ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrate ... | buster | |
| CVE-2020-27753 | There are several memory leaks in the MIFF coder in /coders/miff.c due ... | buster | |
| CVE-2020-27755 | in SetImageExtent() of /MagickCore/image.c, an incorrect image depth s ... | buster | |
| CVE-2021-20311 | A flaw was found in ImageMagick in versions before 7.0.11, where a div ... | bookworm, bullseye, buster, sid | |
| initramfs-tools | CVE-2008-4996 | bookworm, bullseye, buster, sid | |
| inkscape | CVE-2021-42700 | Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow ... | buster |
| CVE-2021-42702 | Inkscape version 0.91 can access an uninitialized pointer, which may a ... | buster | |
| CVE-2021-42704 | Inkscape version 0.91 is vulnerable to an out-of-bounds write, which m ... | buster | |
| ioquake3 | CVE-2019-1010043 | Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: P ... | bookworm, bullseye, buster, sid |
| iotjs | CVE-2020-29657 | In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unh ... | bullseye, buster |
| iptables | CVE-2012-2663 | extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP S ... | bookworm, bullseye, buster, sid |
| CVE-2019-11360 | A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allo ... | buster | |
| isakmpd | CVE-2018-5389 | The Internet Key Exchange v1 main mode is vulnerable to offline dictio ... | buster, sid |
| jakarta-el-api | CVE-2021-28170 | In the Jakarta Expression Language implementation 3.0.3 and earlier, a ... | bookworm, bullseye, sid |
| jansson | CVE-2020-36325 | ** DISPUTED ** An issue was discovered in Jansson through 2.13.1. Due ... | bookworm, bullseye, buster, sid |
| janus | CVE-2021-4124 | janus-gateway is vulnerable to Improper Neutralization of Input During ... | bookworm, sid |
| jbigkit | CVE-2017-9937 | In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A cr ... | bookworm, bullseye, buster, sid |
| jhead | CVE-2019-19035 | jhead 3.03 is affected by: heap-based buffer over-read. The impact is: ... | buster |
| CVE-2019-1010301 | jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of s ... | buster | |
| CVE-2019-1010302 | jhead 3.03 is affected by: Incorrect Access Control. The impact is: De ... | buster | |
| CVE-2020-6624 | jhead through 3.04 has a heap-based buffer over-read in process_DQT in ... | bookworm, bullseye, buster, sid | |
| CVE-2020-6625 | jhead through 3.04 has a heap-based buffer over-read in Get32s when ca ... | bookworm, bullseye, buster, sid | |
| CVE-2020-26208 | JHEAD is a simple command line tool for displaying and some manipulati ... | buster | |
| CVE-2021-3496 | A heap-based buffer overflow was found in jhead in version 3.06 in Get ... | buster | |
| CVE-2021-28275 | A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to ... | bullseye, buster | |
| CVE-2021-28276 | A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a ... | bookworm, bullseye, buster, sid | |
| CVE-2021-28277 | A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.0 ... | bullseye, buster | |
| CVE-2021-28278 | A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3. ... | bullseye, buster | |
| jinja2 | CVE-2019-8341 | ** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string ... | bookworm, bullseye, buster, sid |
| jpegoptim | CVE-2022-32325 | JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation wh ... | bookworm, bullseye, buster, sid |
| jquery | CVE-2007-2379 | The jQuery framework exchanges data using JavaScript Object Notation ( ... | buster |
| CVE-2018-18405 | ** DISPUTED ** jQuery v2.2.2 allows XSS via a crafted onerror attribut ... | buster | |
| jquery-goodies | CVE-2022-23395 | jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead ... | bookworm, bullseye, buster, sid |
| json-glib | TEMP-0772585-D41D8C | bookworm, bullseye, buster, sid | |
| json-smart | CVE-2021-31684 | A vulnerability was discovered in the indexOf function of JSONParserBy ... | bookworm, bullseye, buster, sid |
| jsonpickle | CVE-2020-22083 | ** DISPUTED ** jsonpickle through 1.4.1 allows remote code execution d ... | bullseye, buster, sid |
| jython | CVE-2017-17522 | ** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not vali ... | bookworm, bullseye, buster, sid |
| kde4libs | CVE-2009-1692 | WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iP ... | buster |
| CVE-2009-1718 | WebKit in Apple Safari before 4.0 allows user-assisted remote attacker ... | buster | |
| CVE-2009-1724 | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ... | buster | |
| CVE-2009-3015 | QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and d ... | buster | |
| CVE-2009-3272 | Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safar ... | buster | |
| TEMP-0560108-565B70 | browser-based css info disclosure | buster | |
| TEMP-0568486-B6FCB6 | browser javascript document.write denial-of-service | buster | |
| keepass2 | CVE-2019-20184 | KeePass 2.4.1 allows CSV injection in the title field of a CSV export. ... | bullseye, buster, sid |
| kfreebsd-10 | CVE-2011-2393 | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ... | buster, sid |
| CVE-2016-1879 | The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 ... | buster, sid | |
| CVE-2017-1081 | In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3 ... | buster, sid | |
| CVE-2017-1082 | In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the ... | buster, sid | |
| CVE-2017-1083 | In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is ... | buster, sid | |
| CVE-2017-1084 | In FreeBSD before 11.2-RELEASE, multiple issues with the implementatio ... | buster, sid | |
| CVE-2017-1085 | In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() ... | buster, sid | |
| CVE-2017-1086 | In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4 ... | buster, sid | |
| CVE-2017-1087 | In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE- ... | buster, sid | |
| CVE-2017-1088 | In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4 ... | buster, sid | |
| CVE-2017-15037 | In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_s ... | buster, sid | |
| CVE-2018-6916 | In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELE ... | buster, sid | |
| CVE-2018-6917 | In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELE ... | buster, sid | |
| CVE-2018-6918 | In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELE ... | buster, sid | |
| CVE-2018-6919 | In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELE ... | buster, sid | |
| CVE-2018-6920 | In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE( ... | buster, sid | |
| CVE-2018-6921 | In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to in ... | buster, sid | |
| CVE-2018-6922 | One of the data structures that holds TCP segments in all versions of ... | buster, sid | |
| CVE-2018-6923 | In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip f ... | buster, sid | |
| CVE-2018-6924 | In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4 ... | buster, sid | |
| CVE-2018-6925 | In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE- ... | buster, sid | |
| CVE-2018-17154 | In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELE ... | buster, sid | |
| CVE-2018-17155 | In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE- ... | buster, sid | |
| CVE-2018-17156 | In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to inc ... | buster, sid | |
| CVE-2019-5595 | In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r ... | buster, sid | |
| CVE-2019-5596 | In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE b ... | buster, sid | |
| CVE-2019-5597 | In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEAS ... | buster, sid | |
| CVE-2019-5598 | In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, ... | buster, sid | |
| CVE-2019-5601 | In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEAS ... | buster, sid | |
| CVE-2019-5602 | In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEAS ... | buster, sid | |
| CVE-2019-5603 | In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEAS ... | buster, sid | |
| CVE-2019-5605 | In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEAS ... | buster, sid | |
| CVE-2019-5606 | In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEAS ... | buster, sid | |
| CVE-2019-5609 | In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEAS ... | buster, sid | |
| CVE-2019-5611 | In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEAS ... | buster, sid | |
| CVE-2019-5612 | In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEAS ... | buster, sid | |
| CVE-2019-5614 | In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEAS ... | buster, sid | |
| CVE-2019-15874 | In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEAS ... | buster, sid | |
| CVE-2019-15875 | In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEAS ... | buster, sid | |
| CVE-2019-15878 | In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and ... | buster, sid | |
| CVE-2020-7452 | In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEAS ... | buster, sid | |
| CVE-2020-7453 | In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEAS ... | buster, sid | |
| CVE-2020-7456 | In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-ST ... | buster, sid | |
| CVE-2020-7459 | In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-ST ... | buster, sid | |
| CVE-2020-7462 | In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, imprope ... | buster, sid | |
| CVE-2020-7463 | In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12. ... | buster, sid | |
| CVE-2020-7464 | In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12. ... | buster, sid | |
| CVE-2020-7469 | In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12. ... | buster, sid | |
| CVE-2020-25578 | In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12. ... | buster, sid | |
| CVE-2020-25579 | In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12. ... | buster, sid | |
| CVE-2020-25581 | In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12. ... | buster, sid | |
| CVE-2020-25582 | In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12. ... | buster, sid | |
| CVE-2021-29626 | In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11. ... | buster, sid | |
| CVE-2021-29632 | In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before ... | buster, sid | |
| kiwi | CVE-2017-17532 | examples/framework/news/news3.py in Kiwi 1.9.22 does not validate stri ... | bookworm, buster, sid |
| knot-resolver | CVE-2022-32983 | Knot Resolver through 5.5.1 may allow DNS cache poisoning when there i ... | bullseye, buster, sid |
| kopano-webapp-plugin-files | CVE-2019-16774 | In phpfastcache before 5.1.3, there is a possible object injection vul ... | buster |
| krb5 | CVE-2004-0971 | The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Sec ... | bookworm, bullseye, buster, sid |
| CVE-2018-5709 | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ... | bookworm, bullseye, buster, sid | |
| lbreakout2 | TEMP-0608980-E8B8DF | Crash with long HOME environment variable | bookworm, bullseye, buster, sid |
| leocad | CVE-2021-31804 | LeoCAD before 21.03 sometimes allows a use-after-free during the openi ... | bookworm, bullseye, buster, sid |
| libao | CVE-2017-11548 | The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 a ... | bookworm, bullseye, buster, sid |
| libapache-poi-java | CVE-2016-5000 | The XLSX2CSV example in Apache POI before 3.14 allows remote attackers ... | bookworm, bullseye, buster, sid |
| CVE-2019-12415 | In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to conv ... | bookworm, bullseye, buster, sid | |
| libcaca | CVE-2022-0856 | libcaca is affected by a Divide By Zero issue via img2txt, which allow ... | bookworm, bullseye, buster, sid |
| libcommons-collections4-java | CVE-2015-7501 | Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data G ... | bookworm, bullseye, buster, sid |
| libcommons-fileupload-java | CVE-2016-1000031 | Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation ... | bookworm, bullseye, buster, sid |
| libcrypto++ | CVE-2016-7420 | Crypto++ (aka cryptopp) through 5.6.4 does not document the requiremen ... | bookworm, bullseye, buster, sid |
| CVE-2021-43398 | ** DISPUTED ** Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a ti ... | bookworm, bullseye, buster, sid | |
| libdata-uuid-perl | CVE-2013-4184 | Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink a ... | bookworm, bullseye, buster, sid |
| libdata-validate-ip-perl | CVE-2021-29662 | The Data::Validate::IP module through 0.29 for Perl does not properly ... | buster |
| libesmtp | CVE-2019-19977 | libESMTP through 1.0.6 mishandles domain copying into a fixed-size buf ... | bookworm, bullseye, buster, sid |
| libfwsi | CVE-2019-17263 | ** DISPUTED ** In libyal libfwsi before 20191006, libfwsi_extension_bl ... | bookworm, bullseye, buster, sid |
| libgadu | CVE-2013-4488 | libgadu before 1.12.0 does not verify X.509 certificates from SSL serv ... | bookworm, bullseye, buster, sid |
| libgcrypt20 | CVE-2018-6829 | cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt mess ... | bookworm, bullseye, buster, sid |
| libgd2 | CVE-2021-40145 | ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (a ... | bullseye, buster |
| libgig | CVE-2018-14449 | An issue was discovered in libgig 4.1.0. There is an out of bounds rea ... | bookworm, bullseye, buster, sid |
| CVE-2018-14450 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ... | bookworm, bullseye, buster, sid | |
| CVE-2018-14451 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | bookworm, bullseye, buster, sid | |
| CVE-2018-14452 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ... | bookworm, bullseye, buster, sid | |
| CVE-2018-14453 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | bookworm, bullseye, buster, sid | |
| CVE-2018-14454 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ... | bookworm, bullseye, buster, sid | |
| CVE-2018-14455 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ... | bookworm, bullseye, buster, sid | |
| CVE-2018-14456 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ... | bookworm, bullseye, buster, sid | |
| CVE-2018-14457 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ... | bookworm, bullseye, buster, sid | |
| CVE-2018-14458 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | bookworm, bullseye, buster, sid | |
| CVE-2018-14459 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ... | bookworm, bullseye, buster, sid | |
| CVE-2018-18192 | An issue was discovered in libgig 4.1.0. There is a NULL pointer deref ... | bookworm, bullseye, buster, sid | |
| CVE-2018-18193 | An issue was discovered in libgig 4.1.0. There is operator new[] failu ... | bookworm, bullseye, buster, sid | |
| CVE-2018-18194 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | bookworm, bullseye, buster, sid | |
| CVE-2018-18195 | An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-ze ... | bookworm, bullseye, buster, sid | |
| CVE-2018-18196 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | bookworm, bullseye, buster, sid | |
| CVE-2018-18197 | An issue was discovered in libgig 4.1.0. There is an operator new[] fa ... | bookworm, bullseye, buster, sid | |
| libjpeg | CVE-2022-31620 | In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp h ... | bullseye |
| CVE-2022-31796 | libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRe ... | bullseye | |
| CVE-2022-32201 | In libjpeg 1.63, there is a NULL pointer dereference in Component::Sub ... | bullseye | |
| CVE-2022-32202 | In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::Fe ... | bullseye | |
| CVE-2022-32978 | There is an assertion failure in SingleComponentLSScan::ParseMCU in si ... | bullseye | |
| libjpeg-turbo | CVE-2017-15232 | libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and j ... | buster |
| CVE-2018-11813 | libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles ... | buster | |
| CVE-2020-17541 | Libjpeg-turbo all version have a stack-based buffer overflow in the "t ... | buster | |
| libjpeg6b | CVE-2016-3616 | The cjpeg utility in libjpeg allows remote attackers to cause a denial ... | sid |
| libjs-i18next | CVE-2017-16010 | i18next is a language translation framework. When using the .init meth ... | buster |
| liblivemedia | CVE-2019-7732 | In Live555 0.95, a setup packet can cause a memory leak leading to DoS ... | buster |
| liblnk | CVE-2019-17263 | ** DISPUTED ** In libyal libfwsi before 20191006, libfwsi_extension_bl ... | bookworm, bullseye, buster, sid |
| CVE-2019-17264 | ** DISPUTED ** In libyal liblnk before 20191006, liblnk_location_infor ... | bookworm, bullseye, buster, sid | |
| CVE-2019-17401 | ** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-rea ... | bookworm, bullseye, buster, sid | |
| libmatio | CVE-2019-20019 | An attempted excessive memory allocation was discovered in Mat_VarRead ... | bookworm, bullseye, buster, sid |
| libmetadata-extractor-java | CVE-2022-24613 | metadata-extractor up to 2.16.0 can throw various uncaught exceptions ... | bookworm, bullseye, buster, sid |
| CVE-2022-24614 | When reading a specially crafted JPEG file, metadata-extractor up to 2 ... | bookworm, bullseye, buster, sid | |
| libokhttp-java | CVE-2018-20200 | ** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12.0 all ... | bookworm, bullseye, buster, sid |
| libphp-adodb | CVE-2006-4976 | The Date Library in John Lim ADOdb Library for PHP allows remote attac ... | bookworm, bullseye, buster, sid |
| CVE-2011-3699 | John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain ... | bookworm, bullseye, buster, sid | |
| libpng1.6 | CVE-2018-14048 | An issue has been found in libpng 1.6.34. It is a SEGV in the function ... | buster |
| CVE-2018-14550 | An issue has been found in third-party PNM decoding associated with li ... | buster | |
| CVE-2019-6129 | ** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a ... | bookworm, bullseye, buster, sid | |
| CVE-2021-4214 | bookworm, bullseye, buster, sid | ||
| libpodofo | CVE-2018-20797 | An issue was discovered in PoDoFo 0.9.6. There is an attempted excessi ... | bookworm, bullseye, buster, sid |
| CVE-2020-18972 | Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v ... | bookworm, bullseye, buster, sid | |
| libquicktime | CVE-2017-12143 | In libquicktime 1.2.4, an allocation failure was found in the function ... | bookworm, bullseye, buster, sid |
| CVE-2017-12145 | In libquicktime 1.2.4, an allocation failure was found in the function ... | bookworm, bullseye, buster, sid | |
| libraw | CVE-2020-24890 | ** DISPUTED ** libraw 20.0 has a null pointer dereference vulnerabilit ... | bookworm, bullseye, buster, sid |
| librecad | CVE-2021-21897 | A code execution vulnerability exists in the DL_Dxf::handleLWPolylineD ... | bookworm, bullseye, buster, sid |
| libreoffice | CVE-2012-5639 | LibreOffice and OpenOffice automatically open embedded content ... | bookworm, bullseye, buster, sid |
| CVE-2018-10583 | An information disclosure vulnerability occurs when LibreOffice 6.0.3 ... | bookworm, bullseye, buster, sid | |
| libreswan | CVE-2018-5389 | The Internet Key Exchange v1 main mode is vulnerable to offline dictio ... | bookworm, bullseye, buster, sid |
| libsass | CVE-2019-18797 | LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sas ... | bookworm, bullseye, buster, sid |
| libseccomp | CVE-2019-9893 | libseccomp before 2.4.0 did not correctly generate 64-bit syscall argu ... | buster |
| libsixel | CVE-2019-11024 | The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has ... | buster |
| libslirp | CVE-2020-7211 | tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ ... | bookworm, bullseye, sid |
| libsolv | CVE-2018-20534 | ** DISPUTED ** There is an illegal address access at ext/testcase.c in ... | buster |
| CVE-2021-3200 | Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * t ... | buster | |
| CVE-2021-44568 | Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv th ... | buster | |
| libspiro | CVE-2019-19847 | Libspiro through 20190731 has a stack-based buffer overflow in the spi ... | buster |
| libstb | CVE-2020-6617 | stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ... | bookworm, bullseye, buster, sid |
| CVE-2020-6618 | stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ... | bookworm, bullseye, buster, sid | |
| CVE-2020-6619 | stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf ... | bookworm, bullseye, buster, sid | |
| CVE-2020-6620 | stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ... | bookworm, bullseye, buster, sid | |
| CVE-2020-6621 | stb stb_truetype.h through 1.22 has a heap-based buffer over-read in t ... | bookworm, bullseye, buster, sid | |
| CVE-2020-6622 | stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ... | bookworm, bullseye, buster, sid | |
| CVE-2020-6623 | stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ... | bookworm, bullseye, buster, sid | |
| CVE-2022-25514 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ... | bookworm, bullseye, buster, sid | |
| CVE-2022-25515 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ... | bookworm, bullseye, buster, sid | |
| CVE-2022-25516 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ... | bookworm, bullseye, buster, sid | |
| CVE-2022-27938 | stb_image.h (aka the stb image loader) 2.19, as used in libsixel and o ... | bookworm, bullseye, buster, sid | |
| CVE-2022-28048 | STB v2.27 was discovered to contain an integer shift of invalid size i ... | bookworm, bullseye, buster, sid | |
| libtasn1-6 | CVE-2018-1000654 | GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 c ... | buster |
| libuv1 | CVE-2020-8252 | The implementation of realpath in libuv < 10.22.1, < 12.18.4, an ... | buster |
| libvncserver | CVE-2019-15680 | TightVNC code version 1.3.10 contains null pointer dereference in Hand ... | bookworm, bullseye, buster, sid |
| libvpx | CVE-2017-0641 | A remote denial of service vulnerability in libvpx in Mediaserver coul ... | bookworm, bullseye, buster, sid |
| libvterm | CVE-2018-20786 | libvterm through 0+bzr726, as used in Vim and other products, mishandl ... | bookworm, bullseye, buster, sid |
| libwebp | CVE-2016-9085 | Multiple integer overflows in libwebp allows attackers to have unspeci ... | bookworm, bullseye, buster, sid |
| libwmf | CVE-2007-3476 | Array index error in gd_gif_in.c in the GD Graphics Library (libgd) be ... | bookworm, bullseye, buster, sid |
| CVE-2007-3477 | The (a) imagearc and (b) imagefilledarc functions in GD Graphics Libra ... | bookworm, bullseye, buster, sid | |
| CVE-2007-3996 | Multiple integer overflows in libgd in PHP before 5.2.4 allow remote a ... | bookworm, bullseye, buster, sid | |
| CVE-2009-3546 | The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5. ... | bookworm, bullseye, buster, sid | |
| TEMP-0601525-BEBB65 | libgd2: gdImageColorTransparent can write outside buffer | bookworm, bullseye, buster, sid | |
| libxerces2-java | CVE-2012-0881 | Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to ca ... | bookworm, bullseye, buster, sid |
| libxslt | CVE-2015-9019 | In libxslt 1.1.29 and earlier, the EXSLT math.random function was not ... | bookworm, bullseye, buster, sid |
| lilo | CVE-2008-3895 | LILO 22.6.1 and earlier stores pre-boot authentication passwords in th ... | buster, sid |
| linux | CVE-2004-0230 | TCP, when using a large Window Size, makes it easier for remote attack ... | bookworm, bullseye, buster, sid |
| CVE-2005-3660 | Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ... | bookworm, bullseye, buster, sid | |
| CVE-2007-3719 | The process scheduler in the Linux kernel 2.6.16 gives preference to " ... | bookworm, bullseye, buster, sid | |
| CVE-2008-2544 | Mounting /proc filesystem via chroot command silently mounts it in rea ... | bookworm, bullseye, buster, sid | |
| CVE-2008-4609 | The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ... | bookworm, bullseye, buster, sid | |
| CVE-2010-4563 | The Linux kernel, when using IPv6, allows remote attackers to determin ... | bookworm, bullseye, buster, sid | |
| CVE-2010-5321 | Memory leak in drivers/media/video/videobuf-core.c in the videobuf sub ... | bookworm, bullseye, buster, sid | |
| CVE-2011-4915 | fs/proc/base.c in the Linux kernel through 3.1 allows local users to o ... | bookworm, bullseye, buster, sid | |
| CVE-2011-4916 | Linux kernel through 3.1 allows local users to obtain sensitive keystr ... | bookworm, bullseye, buster, sid | |
| CVE-2011-4917 | In the Linux kernel through 3.1 there is an information disclosure iss ... | bookworm, bullseye, buster, sid | |
| CVE-2012-4542 | block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly c ... | bookworm, bullseye, buster, sid | |
| CVE-2014-9892 | The snd_compr_tstamp function in sound/core/compress_offload.c in the ... | bookworm, bullseye, buster, sid | |
| CVE-2014-9900 | The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel ... | bookworm, bullseye, buster, sid | |
| CVE-2015-2877 | ** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.3 ... | bookworm, bullseye, buster, sid | |
| CVE-2016-8660 | The XFS subsystem in the Linux kernel through 4.8.2 allows local users ... | bookworm, bullseye, buster, sid | |
| CVE-2016-10723 | ** DISPUTED ** An issue was discovered in the Linux kernel through 4.1 ... | bookworm, bullseye, buster, sid | |
| CVE-2017-0630 | An information disclosure vulnerability in the kernel trace subsystem ... | bookworm, bullseye, buster, sid | |
| CVE-2017-13693 | The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils. ... | bookworm, bullseye, buster, sid | |
| CVE-2017-13694 | The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobje ... | bookworm, bullseye, buster, sid | |
| CVE-2018-1121 | procps-ng, procps is vulnerable to a process hiding through race condi ... | bookworm, bullseye, buster, sid | |
| CVE-2018-17977 | The Linux kernel 4.14.67 mishandles certain interaction among XFRM Net ... | bookworm, bullseye, buster, sid | |
| CVE-2019-11191 | ** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT i ... | bookworm, bullseye, buster, sid | |
| CVE-2019-12378 | ** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/i ... | bookworm, bullseye, buster, sid | |
| CVE-2019-12379 | ** DISPUTED ** An issue was discovered in con_insert_unipair in driver ... | bookworm, bullseye, buster, sid | |
| CVE-2019-12380 | **DISPUTED** An issue was discovered in the efi subsystem in the Linux ... | bookworm, bullseye, buster, sid | |
| CVE-2019-12381 | ** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip ... | bookworm, bullseye, buster, sid | |
| CVE-2019-12382 | ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in dr ... | bookworm, bullseye, buster, sid | |
| CVE-2019-12455 | ** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in driv ... | bookworm, bullseye, buster, sid | |
| CVE-2019-12456 | ** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl ... | bookworm, bullseye, buster, sid | |
| CVE-2019-12615 | An issue was discovered in get_vdev_port_node_info in arch/sparc/kerne ... | buster | |
| CVE-2019-16229 | ** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux ... | bookworm, bullseye, buster, sid | |
| CVE-2019-16230 | ** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux ke ... | bookworm, bullseye, buster, sid | |
| CVE-2019-16231 | drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check ... | bookworm, bullseye, buster, sid | |
| CVE-2019-16232 | drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5. ... | bookworm, bullseye, buster, sid | |
| CVE-2019-16233 | drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not chec ... | bookworm, bullseye, buster, sid | |
| CVE-2019-16234 | drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5. ... | bookworm, bullseye, buster, sid | |
| CVE-2019-19064 | ** DISPUTED ** A memory leak in the fsl_lpspi_probe() function in driv ... | buster | |
| CVE-2019-19070 | ** DISPUTED ** A memory leak in the spi_gpio_probe() function in drive ... | bookworm, bullseye, buster, sid | |
| CVE-2019-19083 | Memory leaks in *clock_source_create() functions under drivers/gpu/drm ... | buster | |
| CVE-2020-11725 | ** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux k ... | bookworm, bullseye, buster, sid | |
| CVE-2020-27820 | A vulnerability was found in Linux kernel, where a use-after-frees in ... | buster | |
| CVE-2020-35501 | A flaw was found in the Linux kernels implementation of audit rules, w ... | bookworm, bullseye, buster, sid | |
| CVE-2021-0929 | In ion_dma_buf_end_cpu_access and related functions of ion.c, there is ... | buster | |
| CVE-2021-26934 | An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ... | bookworm, bullseye, buster, sid | |
| CVE-2021-32078 | An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/perso ... | bullseye, buster | |
| CVE-2022-25265 | In the Linux kernel through 5.16.10, certain binary files may have the ... | bookworm, bullseye, buster, sid | |
| TEMP-0000000-F7A20F | Kernel: Unprivileged user can freeze journald | bookworm, bullseye, buster, sid | |
| loguru | CVE-2022-0338 | Improper Privilege Management in Conda loguru prior to 0.5.3. ... | bookworm, sid |
| lrzip | CVE-2019-10654 | The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in ... | bookworm, bullseye, buster, sid |
| CVE-2021-33451 | An issue was discovered in lrzip version 0.641. There are memory leaks ... | bookworm, bullseye, buster, sid | |
| CVE-2021-33453 | An issue was discovered in lrzip version 0.641. There is a use-after-f ... | bookworm, bullseye, buster, sid | |
| CVE-2022-33067 | Lrzip v0.651 was discovered to contain multiple invalid arithmetic shi ... | bookworm, bullseye, buster, sid | |
| lua-cgi | CVE-2014-2875 | The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses wea ... | bookworm, bullseye, buster, sid |
| luajit | CVE-2019-19391 | ** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1. ... | bullseye, buster |
| CVE-2020-15890 | LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc hand ... | bullseye, buster | |
| CVE-2020-24372 | LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in ... | bookworm, bullseye, buster, sid | |
| lucene-solr | CVE-2017-3164 | Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (in ... | bookworm, bullseye, buster, sid |
| CVE-2019-17558 | Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code ... | bookworm, bullseye, buster, sid | |
| lynis | CVE-2019-13033 | In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by ... | buster |
| CVE-2020-13882 | CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TO ... | buster | |
| m2crypto | CVE-2009-0127 | ** DISPUTED ** M2Crypto does not properly check the return value from ... | bookworm, bullseye, buster, sid |
| m4 | CVE-2008-1687 | The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1. ... | bookworm, bullseye, buster, sid |
| CVE-2008-1688 | Unspecified vulnerability in GNU m4 before 1.4.11 might allow context- ... | bookworm, bullseye, buster, sid | |
| magpierss | CVE-2006-4735 | Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sens ... | buster |
| maildirsync | CVE-2008-5150 | sample.sh in maildirsync 1.1 allows local users to append data to arbi ... | bookworm, bullseye, buster, sid |
| mapcache | CVE-2019-20005 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ... | bookworm, bullseye, buster, sid |
| CVE-2019-20006 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ... | bookworm, bullseye, buster, sid | |
| CVE-2019-20007 | An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezx ... | bookworm, bullseye, buster, sid | |
| CVE-2019-20198 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ... | bookworm, bullseye, buster, sid | |
| CVE-2019-20199 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ... | bookworm, bullseye, buster, sid | |
| CVE-2019-20200 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ... | bookworm, bullseye, buster, sid | |
| CVE-2019-20201 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_ ... | bookworm, bullseye, buster, sid | |
| CVE-2019-20202 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ... | bookworm, bullseye, buster, sid | |
| CVE-2021-26220 | The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to O ... | bookworm, bullseye, buster, sid | |
| CVE-2021-26221 | The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ... | bookworm, bullseye, buster, sid | |
| CVE-2021-26222 | The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ... | bookworm, bullseye, buster, sid | |
| CVE-2021-30485 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ... | bookworm, bullseye, buster, sid | |
| CVE-2021-31229 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ... | bookworm, bullseye, buster, sid | |
| CVE-2021-31347 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ... | bookworm, bullseye, buster, sid | |
| CVE-2021-31348 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ... | bookworm, bullseye, buster, sid | |
| CVE-2021-31598 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ... | bookworm, bullseye, buster, sid | |
| CVE-2022-30045 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ... | bookworm, bullseye, buster, sid | |
| matanza | CVE-2009-3560 | The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, a ... | bookworm, bullseye, buster, sid |
| CVE-2009-3720 | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ... | bookworm, bullseye, buster, sid | |
| mbedtls | CVE-2018-1000520 | ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows In ... | bookworm, bullseye, buster, sid |
| mcollective | CVE-2014-0175 | mcollective has a default password set at install ... | bookworm, bullseye, buster, sid |
| mediaelement | CVE-2016-4567 | Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as ... | bookworm, bullseye, buster, sid |
| mediawiki | CVE-2007-0894 | MediaWiki before 1.9.2 allows remote attackers to obtain sensitive inf ... | bookworm, bullseye, buster, sid |
| CVE-2014-1686 | MediaWiki 1.18.0 allows remote attackers to obtain the installation pa ... | bookworm, bullseye, buster, sid | |
| metview | CVE-2017-17515 | ** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strin ... | bookworm, bullseye, buster, sid |
| mh-book | CVE-2008-5152 | inmail-show in mh-book 200605 allows local users to overwrite arbitrar ... | bookworm, bullseye, buster, sid |
| midori | CVE-2012-2132 | libsoup 2.32.2 and earlier does not validate certificates or clear the ... | bullseye, buster |
| CVE-2014-3566 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ... | bullseye, buster | |
| milkytracker | CVE-2022-34927 | MilkyTracker v1.03.00 was discovered to contain a stack overflow via t ... | bookworm, bullseye, buster, sid |
| mingw-w64 | CVE-2018-5392 | mingw-w64 version 5.0.4 by default produces executables that opt in to ... | bookworm, bullseye, buster, sid |
| mini-httpd | CVE-2009-4490 | mini_httpd 1.19 writes data to a log file without sanitizing non-print ... | bookworm, bullseye, buster, sid |
| CVE-2017-17663 | The htpasswd implementation of mini_httpd before v1.28 and of thttpd b ... | bookworm, bullseye, buster, sid | |
| minidjvu | CVE-2017-12441 | The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can ca ... | bookworm, bullseye, buster, sid |
| CVE-2017-12442 | The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can ca ... | bookworm, bullseye, buster, sid | |
| CVE-2017-12443 | The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 c ... | bookworm, bullseye, buster, sid | |
| CVE-2017-12444 | The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidj ... | bookworm, bullseye, buster, sid | |
| CVE-2017-12445 | The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cp ... | bookworm, bullseye, buster, sid | |
| modsecurity-crs | CVE-2019-11387 | An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ... | buster |
| CVE-2019-11388 | ** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule ... | bookworm, bullseye, buster, sid | |
| CVE-2019-11389 | ** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule ... | bookworm, bullseye, buster, sid | |
| CVE-2019-11390 | ** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule ... | bookworm, bullseye, buster, sid | |
| CVE-2019-11391 | ** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule ... | bookworm, bullseye, buster, sid | |
| moin | CVE-2007-0902 | Unspecified vulnerability in the "Show debugging information" feature ... | buster |
| mojarra | CVE-2010-2087 | Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application ... | bookworm, bullseye, buster, sid |
| monopd | CVE-2015-0841 | Off-by-one error in the readBuf function in listener.cpp in libcapsine ... | bookworm, bullseye, buster, sid |
| mozilla-noscript | CVE-2018-16983 | NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other ... | buster, sid |
| mp3splt | CVE-2017-5665 | The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allo ... | bookworm, bullseye, buster, sid |
| CVE-2017-5666 | The free_options function in options_manager.c in mp3splt 2.6.2 allows ... | bookworm, bullseye, buster, sid | |
| CVE-2017-5851 | The free_options function in options_manager.c in mp3splt 2.6.2 allows ... | bookworm, bullseye, buster, sid | |
| mupdf | CVE-2018-19777 | In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg ... | buster |
| mustache.js | CVE-2015-8861 | The handlebars package before 4.0.0 for Node.js allows remote attacker ... | bookworm, bullseye, buster, sid |
| CVE-2015-8862 | mustache package before 2.2.1 for Node.js allows remote attackers to c ... | bookworm, bullseye, buster, sid | |
| TEMP-0000000-137F0A | quoteless attributes in templates can lead to content injection | bookworm, bullseye, buster, sid | |
| mutt | CVE-2007-1268 | Mutt 1.5.13 and earlier does not properly use the --status-fd argument ... | bookworm, bullseye, buster, sid |
| mxml | CVE-2018-20005 | An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after ... | bookworm, bullseye, buster, sid |
| nacl | CVE-2015-0565 | NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks ... | bookworm, bullseye, buster, sid |
| nagios4 | CVE-2020-35269 | Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross ... | bookworm, bullseye, buster, sid |
| nasm | CVE-2018-19213 | Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may le ... | bookworm, bullseye, buster, sid |
| CVE-2018-19755 | There is an illegal address access at asm/preproc.c (function: is_mmac ... | buster | |
| CVE-2018-20535 | There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ... | buster | |
| CVE-2018-20538 | There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ... | bookworm, bullseye, buster, sid | |
| CVE-2018-1000886 | nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability ... | bookworm, bullseye, buster, sid | |
| CVE-2019-6290 | An infinite recursion issue was discovered in eval.c in Netwide Assemb ... | bookworm, bullseye, buster, sid | |
| CVE-2019-6291 | An issue was discovered in the function expr6 in eval.c in Netwide Ass ... | bookworm, bullseye, buster, sid | |
| CVE-2019-8343 | In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in past ... | bookworm, bullseye, buster, sid | |
| CVE-2019-14248 | In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows ... | buster | |
| CVE-2019-20334 | In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# ... | bookworm, bullseye, buster, sid | |
| CVE-2019-20352 | In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occ ... | buster | |
| CVE-2020-18974 | Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers ... | bookworm, bullseye, buster, sid | |
| CVE-2020-24241 | In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in ... | buster | |
| CVE-2020-24242 | In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_tex ... | buster | |
| CVE-2021-33450 | An issue was discovered in NASM version 2.16rc0. There are memory leak ... | bookworm, bullseye, buster, sid | |
| CVE-2021-33452 | An issue was discovered in NASM version 2.16rc0. There are memory leak ... | bookworm, bullseye, buster, sid | |
| CVE-2021-45256 | A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via a ... | bookworm, bullseye, buster, sid | |
| CVE-2021-45257 | An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_t ... | bookworm, bullseye, buster, sid | |
| ncurses | CVE-2021-39537 | An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in ca ... | bookworm, bullseye, buster, sid |
| neomutt | CVE-2020-14154 | Mutt before 1.14.3 proceeds with a connection even if, in response to ... | buster |
| net-tools | CVE-2002-1976 | ifconfig, when used on the Linux kernel 2.2 and later, does not report ... | bookworm, bullseye, buster, sid |
| netdata | CVE-2019-9834 | ** DISPUTED ** The Netdata web application through 1.13.0 allows remot ... | bookworm, bullseye, buster, sid |
| nethack | CVE-2019-19905 | NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability ... | buster |
| CVE-2020-5209 | In NetHack before 3.6.5, unknown options starting with -de and -i can ... | buster | |
| CVE-2020-5210 | In NetHack before 3.6.5, an invalid argument to the -w command line op ... | buster | |
| CVE-2020-5211 | In NetHack before 3.6.5, an invalid extended command in value for the ... | buster | |
| CVE-2020-5212 | In NetHack before 3.6.5, an extremely long value for the MENUCOLOR con ... | buster | |
| CVE-2020-5213 | In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ... | buster | |
| CVE-2020-5214 | In NetHack before 3.6.5, detecting an unknown configuration file optio ... | buster | |
| netty | CVE-2022-24823 | Netty is an open-source, asynchronous event-driven network application ... | bookworm, bullseye, buster, sid |
| network-manager | CVE-2020-10754 | It was found that nmcli, a command line interface to NetworkManager di ... | buster |
| network-manager-applet | CVE-2017-6590 | An issue was discovered in network-manager-applet (aka network-manager ... | bookworm, bullseye, buster, sid |
| networkd-dispatcher | CVE-2022-29799 | bullseye, buster, sid | |
| CVE-2022-29800 | bullseye, buster, sid | ||
| nghttp2 | TEMP-0000000-A4EF31 | Null pointer access in inflatehd tool | bookworm, bullseye, buster, sid |
| nginx | CVE-2009-4487 | nginx 0.7.64 writes data to a log file without sanitizing non-printabl ... | bookworm, bullseye, buster, sid |
| nip2 | CVE-2017-17514 | ** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before ... | bookworm, bullseye, buster, sid |
| nmap | CVE-2017-18594 | nse_libssh2.cc in Nmap 7.70 is subject to a denial of service conditio ... | buster |
| CVE-2018-15173 | Nmap through 7.70, when the -sV option is used, allows remote attacker ... | bookworm, bullseye, buster, sid | |
| node-formidable | CVE-2022-29622 | An arbitrary file upload vulnerability in formidable v3.1.4 allows att ... | bookworm, bullseye, buster, sid |
| nova | CVE-2013-0326 | OpenStack nova base images permissions are world readable ... | bookworm, bullseye, buster, sid |
| nss | CVE-2017-11695 | Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/h ... | bookworm, bullseye, buster, sid |
| CVE-2017-11696 | Heap-based buffer overflow in the __hash_open function in lib/dbm/src/ ... | bookworm, bullseye, buster, sid | |
| CVE-2017-11697 | The __hash_open function in hash.c:229 in Mozilla Network Security Ser ... | bookworm, bullseye, buster, sid | |
| CVE-2017-11698 | Heap-based buffer overflow in the __get_page function in lib/dbm/src/h ... | bookworm, bullseye, buster, sid | |
| ntp | CVE-2018-12327 | Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 ... | bullseye, buster |
| numpy | CVE-2021-34141 | An incomplete string comparison in the numpy.core component in NumPy b ... | bookworm, bullseye, sid |
| CVE-2021-41495 | ** DISPUTED ** Null Pointer Dereference vulnerability exists in numpy. ... | bookworm, bullseye, sid | |
| CVE-2021-41496 | ** DISPUTED ** Buffer overflow in the array_from_pyobj function of for ... | bookworm, bullseye, sid | |
| nvidia-cg-toolkit | CVE-2008-5144 | nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ... | bookworm, bullseye, buster, sid |
| ocaml-batteries | CVE-2017-17519 | batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) ... | bookworm, bullseye, buster, sid |
| ocsinventory-server | CVE-2010-1733 | Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02 ... | bookworm, bullseye, buster, sid |
| CVE-2014-4722 | Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports ... | bookworm, bullseye, buster, sid | |
| CVE-2018-14857 | Unrestricted file upload (with remote code execution) in require/mail/ ... | bookworm, bullseye, buster, sid | |
| CVE-2018-15537 | Unrestricted file upload (with remote code execution) in OCS Inventory ... | bookworm, bullseye, buster, sid | |
| CVE-2020-14947 | OCS Inventory NG 2.7 allows Remote Command Execution via shell metacha ... | bookworm, bullseye, buster, sid | |
| ompl | CVE-2021-41490 | Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavi ... | bookworm, bullseye, sid |
| CVE-2021-42218 | OMPL v1.5.2 contains a memory leak in VFRRT.cpp ... | bookworm, bullseye, sid | |
| openconnect | CVE-2020-12105 | OpenConnect through 8.08 mishandles negative return values from X509_c ... | bookworm, bullseye, buster, sid |
| CVE-2020-12823 | OpenConnect 8.09 has a buffer overflow, causing a denial of service (a ... | buster | |
| opendkim | CVE-2020-35766 | The test suite in libopendkim in OpenDKIM through 2.10.3 allows local ... | bookworm, bullseye, buster, sid |
| openexr | CVE-2017-14988 | ** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2 ... | bookworm, bullseye, buster, sid |
| CVE-2018-18443 | OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/Ilm ... | buster | |
| CVE-2021-20304 | Undefined-shift in Imf_2_5::hufDecode | buster | |
| CVE-2021-26945 | An integer overflow leading to a heap-buffer overflow was found in Ope ... | bookworm, bullseye, buster, sid | |
| openfortivpn | CVE-2020-7043 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL ... | buster |
| openjpeg2 | CVE-2016-9113 | There is a NULL pointer dereference in function imagetobmp of convertb ... | bookworm, bullseye, buster, sid |
| CVE-2016-9114 | There is a NULL Pointer Access in function imagetopnm of convert.c:194 ... | bookworm, bullseye, buster, sid | |
| CVE-2016-9115 | Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in ... | bookworm, bullseye, buster, sid | |
| CVE-2016-9116 | NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in O ... | bookworm, bullseye, buster, sid | |
| CVE-2016-9117 | NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in O ... | bookworm, bullseye, buster, sid | |
| CVE-2016-9580 | An integer overflow vulnerability was found in tiftoimage function in ... | bookworm, bullseye, buster, sid | |
| CVE-2016-9581 | An infinite loop vulnerability in tiftoimage that results in heap buff ... | bookworm, bullseye, buster, sid | |
| CVE-2016-10505 | NULL pointer dereference vulnerabilities in the imagetopnm function in ... | bookworm, bullseye, buster, sid | |
| CVE-2016-10506 | Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, op ... | bookworm, bullseye, buster, sid | |
| CVE-2017-17479 | In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ... | bookworm, bullseye, buster, sid | |
| CVE-2018-5727 | In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the o ... | buster | |
| CVE-2018-7648 | An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. Th ... | buster | |
| CVE-2018-16375 | An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_i ... | bookworm, bullseye, buster, sid | |
| CVE-2018-16376 | An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflo ... | bookworm, bullseye, buster, sid | |
| CVE-2018-20845 | Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_nex ... | buster | |
| CVE-2018-20846 | Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi ... | bookworm, bullseye, buster, sid | |
| openldap | CVE-2015-3276 | The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDA ... | bookworm, bullseye, buster, sid |
| CVE-2017-14159 | slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ... | bookworm, bullseye, buster, sid | |
| CVE-2017-17740 | contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when bot ... | bookworm, bullseye, buster, sid | |
| CVE-2020-15719 | libldap in certain third-party OpenLDAP packages has a certificate-val ... | bookworm, bullseye, buster, sid | |
| openrazer | CVE-2022-29021 | A buffer overflow in the razerkbd driver of OpenRazer v3.3.0 and below ... | bullseye, buster |
| CVE-2022-29022 | A buffer overflow in the razeraccessory driver of OpenRazer v3.3.0 and ... | bullseye, buster | |
| CVE-2022-29023 | A buffer overflow in the razermouse driver of OpenRazer v3.3.0 and bel ... | bullseye, buster | |
| openrpt | CVE-2015-2305 | Integer overflow in the regcomp implementation in the Henry Spencer BS ... | buster |
| opensc | CVE-2019-6502 | sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory ... | buster |
| openscad | CVE-2022-0496 | bullseye, buster | |
| CVE-2022-0497 | bullseye, buster | ||
| openssh | CVE-2007-2243 | OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabl ... | bookworm, bullseye, buster, sid |
| CVE-2007-2768 | OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, a ... | bookworm, bullseye, buster, sid | |
| CVE-2008-3234 | sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapsh ... | bookworm, bullseye, buster, sid | |
| CVE-2016-20012 | ** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a ... | bookworm, bullseye, buster, sid | |
| CVE-2018-15919 | Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 co ... | bookworm, bullseye, buster, sid | |
| CVE-2019-6110 | In OpenSSH 7.9, due to accepting and displaying arbitrary stderr outpu ... | bookworm, bullseye, buster, sid | |
| CVE-2019-16905 | OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an expe ... | buster | |
| CVE-2020-12062 | ** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplica ... | buster | |
| CVE-2020-14145 | The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepan ... | bookworm, bullseye, buster, sid | |
| CVE-2020-15778 | ** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection i ... | bookworm, bullseye, buster, sid | |
| CVE-2021-36368 | ** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a cli ... | bullseye, buster | |
| openssl | CVE-2007-6755 | The NIST SP 800-90A default statement of the Dual Elliptic Curve Deter ... | bookworm, bullseye, buster, sid |
| CVE-2010-0928 | OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex- ... | bookworm, bullseye, buster, sid | |
| openstack-trove | CVE-2015-3156 | The _write_config function in trove/guestagent/datastore/experimental/ ... | bookworm, sid |
| openvpn | CVE-2006-2229 | OpenVPN 2.0.7 and earlier, when configured to use the --management opt ... | bookworm, bullseye, buster, sid |
| CVE-2016-6329 | OpenVPN, when using a 64-bit block cipher, makes it easier for remote ... | bookworm, bullseye, buster, sid | |
| CVE-2018-7544 | ** DISPUTED ** A cross-protocol scripting issue was discovered in the ... | bookworm, bullseye, buster, sid | |
| os-prober | CVE-2008-5135 | bookworm, bullseye, buster, sid | |
| otrs2 | CVE-2018-7567 | ** DISPUTED ** In the Admin Package Manager in Open Ticket Request Sys ... | bullseye, buster |
| packagekit | CVE-2022-0987 | A flaw was found in PackageKit in the way some of the methods exposed ... | bookworm, bullseye, buster, sid |
| pandas | CVE-2020-13091 | ** DISPUTED ** pandas through 1.0.3 can unserialize and execute comman ... | bookworm, bullseye, buster, sid |
| parso | CVE-2019-12760 | ** DISPUTED ** A deserialization vulnerability exists in the way parso ... | buster |
| passenger | CVE-2016-10345 | In Phusion Passenger before 5.1.0, a known /tmp filename was used duri ... | bullseye, buster |
| password-store | CVE-2020-28086 | pass through 1.7.3 has a possibility of using a password for an uninte ... | bookworm, bullseye, buster, sid |
| patch | CVE-2010-4651 | Directory traversal vulnerability in util.c in GNU patch 2.6.1 and ear ... | bookworm, bullseye, buster, sid |
| CVE-2018-6951 | An issue was discovered in GNU patch through 2.7.6. There is a segment ... | bookworm, bullseye, buster, sid | |
| CVE-2018-6952 | A double free exists in the another_hunk function in pch.c in GNU patc ... | bookworm, bullseye, buster, sid | |
| CVE-2021-45261 | An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anoth ... | bookworm, bullseye, buster, sid | |
| pcf2bdf | CVE-2022-23318 | A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attac ... | bullseye, buster |
| CVE-2022-23319 | A segmentation fault during PCF file parsing in pcf2bdf versions >= ... | bullseye, buster | |
| pcre3 | CVE-2017-7245 | Stack-based buffer overflow in the pcre32_copy_substring function in p ... | bookworm, bullseye, buster, sid |
| CVE-2017-7246 | Stack-based buffer overflow in the pcre32_copy_substring function in p ... | bookworm, bullseye, buster, sid | |
| CVE-2017-11164 | In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exe ... | bookworm, bullseye, buster, sid | |
| CVE-2017-16231 | ** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC ... | bookworm, bullseye, buster, sid | |
| CVE-2019-20838 | libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT w ... | bookworm, bullseye, buster, sid | |
| pdfresurrect | CVE-2019-14267 | PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because ... | buster |
| CVE-2020-9549 | In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bou ... | buster | |
| CVE-2021-3508 | A flaw was found in PDFResurrect in version 0.22b. There is an infinit ... | bookworm, bullseye, buster, sid | |
| pdns | CVE-2020-24696 | An issue was discovered in PowerDNS Authoritative through 4.3.0 when - ... | bookworm, bullseye, buster, sid |
| CVE-2020-24697 | An issue was discovered in PowerDNS Authoritative through 4.3.0 when - ... | bookworm, bullseye, buster, sid | |
| CVE-2020-24698 | An issue was discovered in PowerDNS Authoritative through 4.3.0 when - ... | bookworm, bullseye, buster, sid | |
| pdns-recursor | CVE-2020-10030 | An issue has been found in PowerDNS Recursor 4.1.0 up to and including ... | buster |
| perl | CVE-2011-4116 | _is_safe in the File::Temp module for Perl does not properly handle sy ... | bookworm, bullseye, buster, sid |
| phabricator | CVE-2017-17536 | Phabricator before 2017-11-10 does not block the --config and --debugg ... | bookworm, bullseye, buster, sid |
| phantomjs | CVE-2019-17221 | PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as d ... | buster |
| php-font-lib | CVE-2014-2570 | Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP ... | bookworm, bullseye, buster, sid |
| php-getid3 | CVE-2021-40926 | Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in g ... | bullseye, buster |
| php-gettext | TEMP-0000000-07A77D | php-gettext XSS | bookworm, bullseye, buster, sid |
| php-horde | CVE-2019-12094 | Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin ... | bullseye, buster, sid |
| php-horde-trean | CVE-2019-12095 | Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 ... | bullseye, buster, sid |
| php-pear | CVE-2017-5630 | PECL in the download utility class in the Installer in PEAR Base Syste ... | bookworm, bullseye, buster, sid |
| phpldapadmin | CVE-2018-12689 | phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id param ... | bookworm, sid |
| phpmyadmin | CVE-2005-3622 | phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain t ... | bookworm, bullseye, sid |
| CVE-2007-4306 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10 ... | bookworm, bullseye, sid | |
| CVE-2020-11441 | ** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated ... | bookworm, bullseye, sid | |
| CVE-2022-0813 | PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially ... | bullseye | |
| CVE-2022-23807 | An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before ... | bullseye | |
| CVE-2022-23808 | An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker ca ... | bullseye | |
| phpsysinfo | CVE-2006-3360 | Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 all ... | bullseye, sid |
| picolibc | CVE-2019-14876 | In the __lshift function of the newlib libc library, all versions prio ... | bookworm, bullseye, sid |
| pidgin | CVE-2008-2956 | bookworm, bullseye, buster, sid | |
| CVE-2012-1257 | Pidgin 2.10.0 uses DBUS for certain cleartext communication, which all ... | bookworm, bullseye, buster, sid | |
| pillow | CVE-2020-10994 | In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multipl ... | buster |
| CVE-2021-25287 | An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ... | buster | |
| CVE-2021-25288 | An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ... | buster | |
| pluxml | CVE-2020-18184 | In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_ ... | buster |
| CVE-2020-18185 | class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrar ... | buster | |
| poppler | CVE-2013-4472 | The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 a ... | bookworm, bullseye, buster, sid |
| CVE-2017-2814 | An exploitable heap overflow vulnerability exists in the image renderi ... | bookworm, bullseye, buster, sid | |
| CVE-2017-2818 | An exploitable heap overflow vulnerability exists in the image renderi ... | bookworm, bullseye, buster, sid | |
| CVE-2017-2820 | An exploitable integer overflow vulnerability exists in the JPEG 2000 ... | bookworm, bullseye, buster, sid | |
| CVE-2017-9083 | poppler 0.54.0, as used in Evince and other products, has a NULL point ... | bookworm, bullseye, buster, sid | |
| CVE-2018-19059 | An issue was discovered in Poppler 0.71.0. There is a out-of-bounds re ... | buster | |
| CVE-2018-19060 | An issue was discovered in Poppler 0.71.0. There is a NULL pointer der ... | buster | |
| postbooks | CVE-2017-17525 | guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate st ... | buster |
| postgresql-11 | CVE-2019-9193 | ** DISPUTED ** In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGR ... | buster |
| ppp | CVE-2008-5366 | The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local u ... | bookworm, bullseye, buster, sid |
| CVE-2008-5367 | ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to o ... | bookworm, bullseye, buster, sid | |
| printfilters-ppd | CVE-2008-5034 | sid | |
| proftpd-dfsg | CVE-2020-9272 | ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap ... | buster |
| prometheus-blackbox-exporter | CVE-2020-16248 | ** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /pro ... | bookworm, bullseye, buster, sid |
| protobuf | CVE-2015-5237 | protobuf allows remote authenticated attackers to cause a heap-based b ... | bookworm, bullseye, buster, sid |
| pspp | CVE-2019-9211 | There is a reachable assertion abort in the function write_long_string ... | buster |
| puppet | CVE-2020-7942 | Previously, Puppet operated on a model that a node with a valid certif ... | bookworm, bullseye, buster, sid |
| puppet-module-puppetlabs-apache | CVE-2018-6508 | Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remot ... | bookworm, bullseye, buster, sid, bookworm, bullseye, buster, sid, bookworm, bullseye, buster, sid |
| putty | CVE-2019-17069 | PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial o ... | buster |
| pwgen | CVE-2013-4441 | The Phonemes mode in Pwgen 2.06 generates predictable passwords, which ... | bookworm, bullseye, buster, sid |
| py-lmdb | CVE-2019-16224 | An issue was discovered in py-lmdb 0.97. For certain values of md_flag ... | bookworm, bullseye, sid |
| CVE-2019-16225 | An issue was discovered in py-lmdb 0.97. For certain values of mp_flag ... | bookworm, bullseye, sid | |
| CVE-2019-16226 | An issue was discovered in py-lmdb 0.97. mdb_node_del does not validat ... | bookworm, bullseye, sid | |
| CVE-2019-16227 | An issue was discovered in py-lmdb 0.97. For certain values of mn_flag ... | bookworm, bullseye, sid | |
| CVE-2019-16228 | An issue was discovered in py-lmdb 0.97. There is a divide-by-zero err ... | bookworm, bullseye, sid | |
| pypy | CVE-2020-29651 | A denial of service via regular expression in the py.path.svnwc compon ... | bookworm, bullseye, buster, sid, bookworm, bullseye, buster, sid |
| python-defaults | CVE-2008-4108 | Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) i ... | bookworm, bullseye, buster, sid |
| python-django | CVE-2021-32052 | In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 ( ... | buster |
| python-django-celery-results | CVE-2020-17495 | django-celery-results through 1.2.1 stores task results in the databas ... | bookworm, bullseye, buster, sid |
| python-mkdocs | CVE-2021-40978 | ** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory t ... | bookworm, bullseye, buster, sid |
| python-pip | CVE-2018-20225 | ** DISPUTED ** An issue was discovered in pip (all versions) because i ... | bookworm, bullseye, buster, sid |
| python-scrapy | CVE-2017-14158 | Scrapy 1.4 allows remote attackers to cause a denial of service (memor ... | bookworm, bullseye, buster, sid |
| python2.7 | CVE-2013-7040 | Python 2.7 before 3.4 only uses the last eight bits of the prefix to r ... | bookworm, bullseye, buster, sid |
| CVE-2017-17522 | ** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not vali ... | bookworm, bullseye, buster, sid | |
| CVE-2019-9674 | Lib/zipfile.py in Python through 3.7.2 allows remote attackers to caus ... | bookworm, bullseye, buster, sid | |
| CVE-2019-18348 | An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ... | buster | |
| python3.7 | CVE-2017-17522 | ** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not vali ... | buster |
| CVE-2019-9674 | Lib/zipfile.py in Python through 3.7.2 allows remote attackers to caus ... | buster | |
| CVE-2019-18348 | An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ... | buster | |
| CVE-2020-27619 | In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK ... | buster, bullseye, sid | |
| pyyaml | CVE-2017-18342 | In PyYAML before 5.1, the yaml.load() API could execute arbitrary code ... | buster |
| qemu | CVE-2018-20123 | pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak ... | buster |
| CVE-2018-20124 | hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of ... | buster | |
| CVE-2018-20125 | hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of ... | buster | |
| CVE-2018-20126 | hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory ... | buster | |
| CVE-2018-20191 | hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation ... | buster | |
| CVE-2018-20216 | QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c becaus ... | buster | |
| CVE-2019-12247 | ** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qga/comm ... | bookworm, bullseye, buster, sid | |
| CVE-2019-12928 | ** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 and earli ... | bookworm, bullseye, buster, sid | |
| CVE-2019-12929 | ** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is ... | bookworm, bullseye, buster, sid | |
| CVE-2019-20175 | ** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core. ... | bookworm, bullseye, buster, sid | |
| CVE-2020-24352 | An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory ... | bookworm, bullseye, sid | |
| qpdf | CVE-2022-34503 | QPDF v8.4.2 was discovered to contain a heap buffer overflow via the f ... | buster |
| qt4-x11 | CVE-2009-3015 | QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and d ... | buster |
| CVE-2009-3272 | Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safar ... | buster | |
| TEMP-0560108-565B70 | browser-based css info disclosure | buster | |
| TEMP-0568486-B6FCB6 | browser javascript document.write denial-of-service | buster | |
| qtwebkit | CVE-2015-8079 | qt5-qtwebkit before 5.4 records private browsing URLs to its favicon d ... | buster |
| quagga | CVE-2012-5521 | quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon pe ... | buster |
| qutebrowser | CVE-2020-11054 | In qutebrowser versions less than 1.11.1, reloading a page with certif ... | buster |
| r-cran-readxl | CVE-2021-27836 | An issue was discoverered in in function xls_getWorkSheet in xls.c in ... | bookworm, bullseye, buster, sid |
| radsecproxy | CVE-2021-32642 | radsecproxy is a generic RADIUS proxy that supports both UDP and TLS ( ... | buster |
| rails | CVE-2010-3299 | The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to p ... | bookworm, bullseye, buster, sid |
| CVE-2011-3187 | The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip ... | bookworm, bullseye, buster, sid | |
| CVE-2017-17916 | ** DISPUTED ** SQL injection vulnerability in the 'find_by' method in ... | bookworm, bullseye, buster, sid | |
| CVE-2017-17917 | ** DISPUTED ** SQL injection vulnerability in the 'where' method in Ru ... | bookworm, bullseye, buster, sid | |
| CVE-2017-17919 | ** DISPUTED ** SQL injection vulnerability in the 'order' method in Ru ... | bookworm, bullseye, buster, sid | |
| CVE-2017-17920 | ** DISPUTED ** SQL injection vulnerability in the 'reorder' method in ... | bookworm, bullseye, buster, sid | |
| rbdoom3bfg | CVE-2020-15007 | A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tec ... | bookworm, bullseye, buster, sid |
| re2c | CVE-2018-21232 | re2c before 2.0 has uncontrolled recursion that causes stack consumpti ... | bookworm, bullseye, buster, sid |
| CVE-2022-23901 | A stack overflow re2c 2.2 exists due to infinite recursion issues in s ... | bullseye, buster | |
| recutils | CVE-2019-6455 | An issue was discovered in GNU Recutils 1.8. There is a double-free pr ... | bookworm, bullseye, buster, sid |
| CVE-2019-6456 | An issue was discovered in GNU Recutils 1.8. There is a NULL pointer d ... | bookworm, bullseye, buster, sid | |
| CVE-2019-6457 | An issue was discovered in GNU Recutils 1.8. There is a memory leak in ... | bookworm, bullseye, buster, sid | |
| CVE-2019-6458 | An issue was discovered in GNU Recutils 1.8. There is a memory leak in ... | bookworm, bullseye, buster, sid | |
| CVE-2019-6459 | An issue was discovered in GNU Recutils 1.8. There is a memory leak in ... | bookworm, bullseye, buster, sid | |
| CVE-2019-6460 | An issue was discovered in GNU Recutils 1.8. There is a NULL pointer d ... | bookworm, bullseye, buster, sid | |
| CVE-2019-11637 | An issue was discovered in GNU recutils 1.8. There is a NULL pointer d ... | bookworm, bullseye, buster, sid | |
| CVE-2019-11638 | An issue was discovered in GNU recutils 1.8. There is a NULL pointer d ... | bookworm, bullseye, buster, sid | |
| CVE-2019-11639 | An issue was discovered in GNU recutils 1.8. There is a stack-based bu ... | bookworm, bullseye, buster, sid | |
| CVE-2019-11640 | An issue was discovered in GNU recutils 1.8. There is a heap-based buf ... | bookworm, bullseye, buster, sid | |
| CVE-2021-46019 | An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GN ... | bookworm, bullseye, buster, sid | |
| CVE-2021-46021 | An Use-After-Free vulnerability in rec_record_destroy() at rec-record. ... | bookworm, bullseye, buster, sid | |
| CVE-2021-46022 | An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset ... | bookworm, bullseye, buster, sid | |
| redis | CVE-2020-21468 | ** DISPUTED ** A segmentation fault in the redis-server component of R ... | bookworm, bullseye, buster, sid |
| CVE-2021-3470 | A heap overflow issue was found in Redis in versions before 5.0.10, be ... | buster | |
| retroarch | CVE-2020-23914 | An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer ... | bullseye, buster, sid |
| CVE-2020-23915 | An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_es ... | bullseye, buster, sid | |
| rhythmbox | CVE-2008-7185 | GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of se ... | bookworm, bullseye, buster, sid |
| ring | CVE-2022-24786 | PJSIP is a free and open source multimedia communication library writt ... | bullseye, buster, sid |
| CVE-2022-24792 | PJSIP is a free and open source multimedia communication library writt ... | bullseye, buster, sid | |
| rpm | CVE-2010-2198 | lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ... | bookworm, bullseye, buster, sid |
| CVE-2010-2199 | lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ... | bookworm, bullseye, buster, sid | |
| CVE-2017-7500 | It was found that rpm did not properly handle RPM installations when a ... | bookworm, bullseye, buster, sid | |
| CVE-2017-7501 | It was found that versions of rpm before 4.13.0.2 use temporary files ... | bookworm, bullseye, buster, sid | |
| rsyslog | CVE-2015-3243 | rsyslog uses weak permissions for generating log files, which allows l ... | bookworm, bullseye, buster, sid |
| rtpproxy | CVE-2017-14114 | RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in ... | sid |
| rtv | CVE-2017-17516 | scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 d ... | bookworm, bullseye, buster, sid |
| ruamel.yaml | CVE-2019-20478 | In ruamel.yaml through 0.16.7, the load method allows remote code exec ... | bookworm, bullseye, buster, sid |
| ruby-handlebars-assets | TEMP-0000000-345A3B | handlebars: quoteless attributes in templates can lead to content injection | bullseye, buster, sid |
| ruby-nokogiri | CVE-2022-29181 | Nokogiri is an open source XML and HTML library for Ruby. Nokogiri pri ... | bookworm, bullseye, buster, sid |
| ruby-oauth | CVE-2016-11086 | lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby doe ... | bookworm, bullseye, buster, sid |
| rustc | CVE-2021-42574 | ** DISPUTED ** An issue was discovered in the Bidirectional Algorithm ... | bullseye, buster |
| salt | CVE-2021-22004 | An issue was discovered in SaltStack Salt before 3003.3. The salt mini ... | bullseye, buster |
| samba | CVE-2020-27840 | A flaw was found in samba. Spaces used in a string around a domain nam ... | bookworm, bullseye, buster, sid |
| CVE-2021-20277 | A flaw was found in Samba's libldb. Multiple, consecutive leading spac ... | bookworm, bullseye, buster, sid | |
| scikit-learn | CVE-2020-13092 | ** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unseriali ... | bullseye, buster, sid |
| scummvm | CVE-2017-17528 | backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not valida ... | bookworm, bullseye, buster, sid |
| seahorse | CVE-2008-7320 | ** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate ... | bookworm, bullseye, buster, sid |
| shadow | CVE-2007-5686 | initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... | bookworm, bullseye, buster, sid |
| CVE-2013-4235 | shadow: TOCTOU (time-of-check time-of-use) race condition when copying ... | bookworm, bullseye, buster, sid | |
| CVE-2019-19882 | shadow 4.8, in certain circumstances affecting at least Gentoo, Arch L ... | bookworm, bullseye, buster, sid | |
| TEMP-0628843-DBAD28 | more related to CVE-2005-4890 | bookworm, bullseye, buster, sid | |
| shadowsocks-libev | CVE-2019-5152 | An exploitable information disclosure vulnerability exists in the netw ... | bookworm, bullseye, buster, sid |
| sharutils | TEMP-0000000-95CBBF | uudecode: stack out of bounds read access | bookworm, bullseye, buster, sid |
| shibboleth-sp | CVE-2019-19191 | Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file ... | bookworm, bullseye, buster, sid |
| sipcrack | CVE-2017-11654 | An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 ... | bookworm, bullseye, buster, sid |
| CVE-2017-11655 | A memory leak was found in the way SIPcrack 0.2 handled processing of ... | bookworm, bullseye, buster, sid | |
| sleuthkit | CVE-2019-14531 | An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out ... | bookworm, bullseye, buster, sid |
| CVE-2019-14532 | An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off ... | bookworm, bullseye, buster, sid | |
| CVE-2020-10233 | In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap- ... | bookworm, bullseye, buster, sid | |
| slic3r | CVE-2020-28590 | An out-of-bounds read vulnerability exists in the Obj File TriangleMes ... | bookworm, bullseye, buster, sid |
| CVE-2020-28591 | An out-of-bounds read vulnerability exists in the AMF File AMFParserCo ... | buster | |
| CVE-2021-44961 | A memory leakage flaw exists in the class PerimeterGenerator of Slic3r ... | bookworm, bullseye, buster, sid | |
| CVE-2021-44962 | An out-of-bounds read vulnerability exists in the GCode::extrude() fun ... | bookworm, bullseye, buster, sid | |
| CVE-2021-45846 | A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker ... | bookworm, bullseye, buster, sid | |
| CVE-2021-45847 | Several missing input validations in the 3MF parser component of Slic3 ... | bookworm, bullseye, buster, sid | |
| slim | TEMP-0537604-F35BD7 | insecure tmp file vulnerability in slim | bookworm, bullseye, buster, sid |
| slurm-llnl | CVE-2019-19727 | SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd ... | buster |
| sosreport | CVE-2014-0246 | SOSreport stores the md5 hash of the GRUB bootloader password in an ar ... | bookworm, bullseye, buster, sid |
| sphinxsearch | CVE-2019-14511 | Sphinx Technologies Sphinx 3.1.1 by default has no authentication and ... | buster |
| spice-gtk | CVE-2016-3066 | The spice-gtk widget allows remote authenticated users to obtain infor ... | bookworm, bullseye, buster, sid |
| spotweb | CVE-2021-40968 | Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ... | buster |
| CVE-2021-40969 | Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ... | buster | |
| CVE-2021-40970 | Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ... | buster | |
| CVE-2021-40971 | Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ... | buster | |
| CVE-2021-40972 | Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ... | buster | |
| CVE-2021-40973 | Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ... | buster | |
| sql-ledger | CVE-2007-0667 | The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2 ... | bookworm, bullseye, buster, sid |
| CVE-2007-1329 | Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ... | bookworm, bullseye, buster, sid | |
| CVE-2007-1923 | (1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ... | bookworm, bullseye, buster, sid | |
| CVE-2007-5372 | Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ... | bookworm, bullseye, buster, sid | |
| CVE-2008-4077 | The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledg ... | bookworm, bullseye, buster, sid | |
| CVE-2008-4078 | SQL injection vulnerability in the AR/AP transaction report in (1) Led ... | bookworm, bullseye, buster, sid | |
| CVE-2009-3580 | Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ... | bookworm, bullseye, buster, sid | |
| CVE-2009-3581 | Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8. ... | bookworm, bullseye, buster, sid | |
| CVE-2009-3582 | Multiple SQL injection vulnerabilities in the delete subroutine in SQL ... | bookworm, bullseye, buster, sid | |
| CVE-2009-3583 | Directory traversal vulnerability in the Preferences menu item in SQL- ... | bookworm, bullseye, buster, sid | |
| CVE-2009-3584 | SQL-Ledger 2.8.24 does not set the secure flag for the session cookie ... | bookworm, bullseye, buster, sid | |
| CVE-2009-4402 | The default configuration of SQL-Ledger 2.8.24 allows remote attackers ... | bookworm, bullseye, buster, sid | |
| sqlite3 | CVE-2019-19244 | sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-sel ... | buster |
| CVE-2020-11656 | In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ... | buster | |
| CVE-2021-36690 | ** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ... | bullseye, buster | |
| CVE-2022-35737 | SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-b ... | bullseye, buster | |
| sqliteodbc | CVE-2020-12050 | SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.99 ... | bookworm, bullseye, buster, sid |
| squid | CVE-2019-12522 | An issue was discovered in Squid through 4.7. When Squid is run as roo ... | bookworm, bullseye, buster, sid |
| CVE-2020-8517 | An issue was discovered in Squid before 4.10. Due to incorrect input v ... | buster | |
| CVE-2020-14058 | An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due ... | buster | |
| ssmtp | CVE-2004-0423 | The log_event function in ssmtp 2.50.6 and earlier allows local users ... | bookworm, bullseye, sid |
| CVE-2008-7258 | bookworm, bullseye, sid | ||
| stalin | CVE-2015-8697 | stalin 0.11-5 allows local users to write to arbitrary files. ... | bookworm, bullseye, buster, sid |
| strongswan | CVE-2018-5389 | The Internet Key Exchange v1 main mode is vulnerable to offline dictio ... | bookworm, bullseye, buster, sid |
| sudo | CVE-2005-1119 | Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ... | bookworm, bullseye, buster, sid |
| CVE-2019-19232 | ** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Ru ... | buster | |
| CVE-2019-19234 | ** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been b ... | buster | |
| CVE-2021-23240 | selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a loc ... | buster | |
| supervisor | CVE-2019-12105 | ** DISPUTED ** In Supervisor through 4.0.2, an unauthenticated user ca ... | bookworm, bullseye, buster, sid |
| surf | CVE-2014-3566 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ... | bookworm, bullseye, buster, sid |
| svgpp | CVE-2019-6245 | An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ... | bookworm, bullseye, buster, sid |
| CVE-2019-6247 | An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ... | bookworm, bullseye, buster, sid | |
| swi-prolog | CVE-2017-17524 | library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings b ... | bookworm, bullseye, buster, sid |
| sylpheed | CVE-2007-1267 | Sylpheed 2.2.7 and earlier does not properly use the --status-fd argum ... | bookworm, bullseye, buster, sid |
| CVE-2017-17517 | libsylph/utils.c in Sylpheed through 3.6 does not validate strings bef ... | bookworm, bullseye, buster, sid | |
| sysstat | CVE-2019-19725 | sysstat through 12.2.0 has a double free in check_file_actlst in sa_co ... | buster |
| systemd | CVE-2013-4392 | systemd, when updating file permissions, allows local users to change ... | bookworm, bullseye, buster, sid |
| CVE-2019-20386 | An issue was discovered in button_open in login/logind-button.c in sys ... | buster | |
| CVE-2020-13529 | An exploitable denial-of-service vulnerability exists in Systemd 245. ... | bookworm, bullseye, buster, sid | |
| CVE-2020-13776 | systemd through v245 mishandles numerical usernames such as ones compo ... | buster | |
| sysvinit | TEMP-0517018-A83CE6 | sysvinit: no-root option in expert installer exposes locally exploitable security flaw | bookworm, bullseye, buster, sid |
| tar | CVE-2005-2541 | Tar 1.15.1 does not properly warn the user when extracting setuid or s ... | bookworm, bullseye, buster, sid |
| CVE-2019-9923 | pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointe ... | buster | |
| CVE-2021-20193 | A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw ... | buster | |
| TEMP-0290435-0B57B5 | tar's rmt command may have undesired side effects | bookworm, bullseye, buster, sid | |
| tcc | CVE-2018-20374 | An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ... | bookworm, bullseye, buster, sid |
| CVE-2018-20375 | An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ... | bookworm, bullseye, buster, sid | |
| CVE-2018-20376 | An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ... | bookworm, bullseye, buster, sid | |
| tcl8.6 | CVE-2021-35331 | ** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehl ... | bookworm, bullseye, buster, sid |
| tcpdump | CVE-2018-16301 | The command-line argument parser in tcpdump before 4.99.0 has a buffer ... | buster |
| CVE-2018-19519 | In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_p ... | bookworm, bullseye, buster, sid | |
| CVE-2019-1010220 | tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. T ... | bookworm, bullseye, buster, sid | |
| tcpreplay | CVE-2019-8376 | An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference ... | buster |
| CVE-2019-8377 | An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference ... | buster | |
| CVE-2019-8381 | An issue was discovered in Tcpreplay 4.3.1. An invalid memory access o ... | buster | |
| CVE-2020-12740 | tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-rea ... | buster | |
| CVE-2020-18976 | Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial ... | buster | |
| CVE-2020-23273 | Heap-buffer overflow in the randomize_iparp function in edit_packet.c. ... | buster | |
| CVE-2020-24265 | An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap b ... | bullseye, buster | |
| CVE-2020-24266 | An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap b ... | bullseye, buster | |
| CVE-2021-45386 | tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c ... | bullseye, buster | |
| CVE-2021-45387 | tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c ... | bullseye, buster | |
| CVE-2022-25484 | tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in pac ... | bookworm, bullseye, buster, sid | |
| CVE-2022-27416 | Tcpreplay v4.4.1 was discovered to contain a double-free via __interce ... | bullseye, buster | |
| CVE-2022-27418 | Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math ... | bullseye, buster | |
| CVE-2022-27939 | tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_ ... | bookworm, bullseye, buster, sid | |
| CVE-2022-27940 | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get ... | bookworm, bullseye, buster, sid | |
| CVE-2022-27941 | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get ... | bookworm, bullseye, buster, sid | |
| CVE-2022-27942 | tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_ ... | bookworm, bullseye, buster, sid | |
| CVE-2022-28487 | Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_che ... | bookworm, bullseye, buster, sid | |
| telegram-desktop | CVE-2018-17231 | ** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow atta ... | bookworm, bullseye, buster, sid |
| CVE-2018-17613 | Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enab ... | bookworm, bullseye, buster, sid | |
| texlive-base | CVE-2017-17513 | TeX Live through 20170524 does not validate strings before launching t ... | bookworm, bullseye, buster, sid |
| texlive-bin | CVE-2016-10243 | TeX Live allows remote attackers to execute arbitrary commands by leve ... | buster |
| CVE-2017-17513 | TeX Live through 20170524 does not validate strings before launching t ... | bookworm, bullseye, buster, sid | |
| CVE-2019-19601 | OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of ... | bookworm, bullseye, buster, sid | |
| thunar | CVE-2018-18398 | Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey ... | bookworm, bullseye, buster, sid |
| TEMP-0517020-915121 | thunar: potential exploits via application launchers | bookworm, bullseye, buster, sid | |
| tiff | CVE-2014-8130 | The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not rejec ... | bookworm, bullseye, buster, sid |
| CVE-2017-5563 | LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read i ... | bookworm, bullseye, buster, sid | |
| CVE-2017-9117 | In LibTIFF 4.0.7, the program processes BMP images without verifying t ... | bookworm, bullseye, buster, sid | |
| CVE-2017-16232 | ** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, ... | bookworm, bullseye, buster, sid | |
| CVE-2017-17973 | ** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free ... | bookworm, bullseye, buster, sid | |
| CVE-2018-10126 | LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 fu ... | bookworm, bullseye, buster, sid | |
| CVE-2020-35521 | A flaw was found in libtiff. Due to a memory allocation failure in tif ... | buster | |
| CVE-2020-35522 | In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A craf ... | buster | |
| CVE-2022-1056 | Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers ... | bookworm, bullseye, buster, sid | |
| CVE-2022-1210 | A vulnerability classified as problematic was found in LibTIFF 4.3.0. ... | bookworm, bullseye, buster, sid | |
| timidity | CVE-2017-11549 | The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remot ... | bookworm, bullseye, buster, sid |
| tin | CVE-2017-17520 | ** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate str ... | bookworm, bullseye, buster, sid |
| tinyexr | CVE-2018-12687 | tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h ... | bookworm, bullseye, sid |
| tinymux | CVE-2007-1959 | Unspecified vulnerability in the process_cmdent function in command.cp ... | bookworm, bullseye, buster, sid |
| tinyxml2 | CVE-2018-11210 | ** DISPUTED ** TinyXML2 6.2.0 has a heap-based buffer over-read in the ... | bookworm, bullseye, buster, sid |
| tomcat9 | CVE-2021-24122 | When serving resources from a network location using the NTFS file sys ... | buster |
| CVE-2022-34305 | In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 ... | bullseye, buster | |
| tor | CVE-2006-6893 | Tor allows remote attackers to discover the IP address of a hidden ser ... | bookworm, bullseye, buster, sid |
| CVE-2007-1103 | Tor does not verify a node's uptime and bandwidth advertisements, whic ... | bookworm, bullseye, buster, sid | |
| CVE-2009-0654 | Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attacke ... | bookworm, bullseye, buster, sid | |
| CVE-2020-8516 | ** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0 ... | bookworm, bullseye, buster, sid | |
| CVE-2020-15572 | Tor before 0.4.3.6 has an out-of-bounds memory access that allows a re ... | buster | |
| triplea | CVE-2018-1000546 | Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XX ... | bookworm, bullseye, sid |
| trousers | CVE-2020-24330 | An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ... | bullseye, buster |
| CVE-2020-24331 | An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ... | bullseye, buster | |
| CVE-2020-24332 | An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ... | bullseye, buster | |
| u-boot | CVE-2017-3225 | Das U-Boot is a device bootloader that can read its configuration from ... | bookworm, bullseye, buster, sid |
| CVE-2017-3226 | Das U-Boot is a device bootloader that can read its configuration from ... | bookworm, bullseye, buster, sid | |
| CVE-2018-18439 | DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer over ... | bookworm, bullseye, buster, sid | |
| CVE-2018-18440 | DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overf ... | bookworm, bullseye, buster, sid | |
| CVE-2018-1000205 | U-Boot contains a CWE-20: Improper Input Validation vulnerability in V ... | bookworm, bullseye, buster, sid | |
| uclibc | CVE-2017-9728 | In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp f ... | bookworm, bullseye, buster, sid |
| CVE-2017-9729 | In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) ... | bookworm, bullseye, buster, sid | |
| CVE-2021-27419 | uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-arou ... | bookworm, bullseye, buster, sid | |
| CVE-2021-43523 | In uClibc and uClibc-ng before 1.0.39, incorrect handling of special c ... | bookworm, bullseye, buster, sid | |
| CVE-2022-30295 | uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable D ... | bookworm, bullseye, buster, sid | |
| uglifyjs | CVE-2015-8857 | The uglify-js package before 2.4.24 for Node.js does not properly acco ... | bookworm, bullseye, buster, sid |
| unbound | CVE-2019-18934 | Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec modul ... | buster |
| CVE-2019-25031 | ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in ... | buster | |
| CVE-2019-25032 | ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the ... | buster | |
| CVE-2019-25033 | ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the ... | buster | |
| CVE-2019-25034 | ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldn ... | buster | |
| CVE-2019-25035 | ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in s ... | buster | |
| CVE-2019-25036 | ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and de ... | buster | |
| CVE-2019-25037 | ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and de ... | buster | |
| CVE-2019-25038 | ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a si ... | buster | |
| CVE-2019-25039 | ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a si ... | buster | |
| CVE-2019-25040 | ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a comp ... | buster | |
| CVE-2019-25041 | ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a ... | buster | |
| CVE-2019-25042 | ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via ... | buster | |
| unrar-free | CVE-2017-11190 | unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might ... | bullseye, buster |
| unzip | CVE-2021-4217 | Null pointer dereference in Unicode strings code | bookworm, bullseye, buster, sid |
| upx-ucl | CVE-2019-14295 | An Integer overflow in the getElfSections function in p_vmlinx.cpp in ... | buster |
| CVE-2019-14296 | canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause ... | buster | |
| CVE-2019-20021 | A heap-based buffer over-read was discovered in canUnpack in p_mach.cp ... | buster | |
| CVE-2019-20051 | A floating-point exception was discovered in PackLinuxElf::elf_hash in ... | buster | |
| CVE-2019-20053 | An invalid memory address dereference was discovered in the canUnpack ... | buster | |
| CVE-2019-20805 | p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacki ... | buster | |
| CVE-2020-24119 | A heap buffer overflow read was discovered in upx 4.0.0, because the c ... | bookworm, bullseye, buster, sid | |
| CVE-2021-20285 | A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw ... | bookworm, bullseye, buster, sid | |
| CVE-2021-30500 | Null pointer dereference was found in upx PackLinuxElf::canUnpack() in ... | bookworm, bullseye, buster, sid | |
| CVE-2021-30501 | An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in ... | bookworm, bullseye, buster, sid | |
| util-linux | CVE-2022-0563 | A flaw was found in the util-linux chfn and chsh utilities when compil ... | bookworm, bullseye, buster, sid |
| uwsgi | CVE-2020-11984 | Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure an ... | bookworm, bullseye, buster, sid |
| CVE-2021-36160 | A carefully crafted request uri-path can cause mod_proxy_uwsgi to read ... | bookworm, bullseye, buster, sid | |
| varnish | CVE-2009-4488 | ** DISPUTED ** Varnish 2.0.6 writes data to a log file without sanitiz ... | bookworm, bullseye, buster, sid |
| vim | CVE-2008-4677 | autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ... | bookworm, bullseye, buster, sid |
| CVE-2017-1000382 | VIM version 8.0.1187 (and other versions most likely) ignores umask wh ... | bookworm, bullseye, buster, sid | |
| CVE-2022-1620 | NULL Pointer Dereference in function vim_regexec_string at regexp.c:27 ... | bullseye, buster | |
| CVE-2022-1629 | Buffer Over-read in function find_next_quote in GitHub repository vim/ ... | bullseye, buster | |
| CVE-2022-1674 | NULL Pointer Dereference in function vim_regexec_string at regexp.c:27 ... | bullseye, buster | |
| CVE-2022-1725 | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.495 ... | bullseye, buster | |
| CVE-2022-1733 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4 ... | bullseye, buster | |
| CVE-2022-1735 | Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969 ... | bullseye, buster | |
| CVE-2022-1769 | Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. ... | bullseye, buster | |
| CVE-2022-1771 | Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. ... | bullseye, buster | |
| CVE-2022-1796 | Use After Free in GitHub repository vim/vim prior to 8.2.4979. ... | bullseye, buster | |
| CVE-2022-1886 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ... | bullseye, buster | |
| CVE-2022-1927 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. ... | bullseye, buster | |
| CVE-2022-2042 | Use After Free in GitHub repository vim/vim prior to 8.2. ... | bullseye, buster | |
| CVE-2022-2175 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. ... | bullseye, buster | |
| CVE-2022-2182 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ... | bullseye, buster | |
| CVE-2022-2183 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ... | bullseye, buster | |
| CVE-2022-2206 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ... | bullseye, buster | |
| CVE-2022-2208 | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.516 ... | bullseye, buster | |
| CVE-2022-2210 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ... | bullseye, buster | |
| CVE-2022-2231 | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. ... | bullseye, buster | |
| CVE-2022-2257 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. ... | bullseye, buster | |
| CVE-2022-2264 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ... | bullseye, buster | |
| CVE-2022-2284 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ... | bullseye, buster | |
| CVE-2022-2286 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. ... | bullseye, buster | |
| CVE-2022-2287 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. ... | bullseye, buster | |
| CVE-2022-2289 | Use After Free in GitHub repository vim/vim prior to 9.0. ... | bullseye, buster | |
| CVE-2022-2343 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ... | bullseye, buster | |
| CVE-2022-2344 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ... | bullseye, buster | |
| CVE-2022-2345 | Use After Free in GitHub repository vim/vim prior to 9.0.0046. ... | bullseye, buster | |
| CVE-2022-2581 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. ... | bullseye, buster | |
| vino | CVE-2011-1164 | Vino before 2.99.4 can connect external networks contrary to the state ... | bookworm, bullseye, buster, sid |
| CVE-2011-1165 | Vino, possibly before 3.2, does not properly document that it opens po ... | bookworm, bullseye, buster, sid | |
| vorbis-tools | CVE-2017-11331 | The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ... | bookworm, bullseye, buster, sid |
| vte | CVE-2005-0023 | gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to sp ... | bookworm, bullseye, buster, sid |
| w3m | TEMP-0532514-9137E0 | predictable random number generator used in web browsers | bookworm, bullseye, buster, sid |
| wavpack | CVE-2021-44269 | An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV f ... | bullseye, buster |
| whitedune | CVE-2017-17518 | ** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30. ... | bookworm, bullseye, buster, sid |
| wordpress | CVE-2006-0733 | ** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2 ... | bookworm, bullseye, buster, sid |
| CVE-2008-0191 | WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ... | bookworm, bullseye, buster, sid | |
| CVE-2011-4898 | ** DISPUTED ** wp-admin/setup-config.php in the installation component ... | bookworm, bullseye, buster, sid | |
| CVE-2011-4899 | ** DISPUTED ** wp-admin/setup-config.php in the installation component ... | bookworm, bullseye, buster, sid | |
| CVE-2012-0782 | ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ... | bookworm, bullseye, buster, sid | |
| CVE-2012-0937 | ** DISPUTED ** wp-admin/setup-config.php in the installation component ... | bookworm, bullseye, buster, sid | |
| CVE-2012-5868 | WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upo ... | bookworm, bullseye, buster, sid | |
| CVE-2013-7233 | Cross-site request forgery (CSRF) vulnerability in the retrospam compo ... | bookworm, bullseye, buster, sid | |
| CVE-2017-6514 | WordPress 4.7.2 mishandles listings of post authors, which allows remo ... | bookworm, bullseye, buster, sid | |
| CVE-2018-6389 | In WordPress through 4.9.2, unauthenticated attackers can cause a deni ... | bookworm, bullseye, buster, sid | |
| wpa | CVE-2017-13084 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Sta ... | bookworm, bullseye, buster, sid |
| CVE-2019-5061 | An exploitable denial-of-service vulnerability exists in the hostapd 2 ... | buster | |
| CVE-2019-5062 | An exploitable denial-of-service vulnerability exists in the 802.11w s ... | bookworm, bullseye, buster, sid | |
| CVE-2021-30004 | In wpa_supplicant and hostapd 2.9, forging attacks may occur because A ... | bookworm, bullseye, buster, sid | |
| xbindkeys-config | CVE-2014-9513 | Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows rem ... | bullseye, buster, sid |
| xchat | CVE-2011-5129 | Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote at ... | buster |
| xdg-user-dirs | CVE-2017-15131 | It was found that system umask policy is not being honored when creati ... | bookworm, bullseye, buster, sid |
| xen | CVE-2014-9066 | Xen 4.4.x and earlier, when using a large number of VCPUs, does not pr ... | bookworm, bullseye, buster, sid |
| CVE-2021-28689 | x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests ... | bookworm, bullseye, buster, sid | |
| xerces-c | CVE-2012-0880 | Apache Xerces-C++ allows remote attackers to cause a denial of service ... | bookworm, bullseye, buster, sid |
| xfig | CVE-2009-4228 | Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlie ... | bookworm, bullseye, buster, sid |
| xloadimage | CVE-2006-4484 | Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in ... | bookworm, bullseye, buster, sid |
| xpdf | CVE-2010-0206 | xpdf allows remote attackers to cause a denial of service (NULL pointe ... | bookworm, bullseye, buster, sid |
| CVE-2010-0207 | In xpdf, the xref table contains an infinite loop which allows remote ... | bookworm, bullseye, buster, sid | |
| CVE-2013-4472 | The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 a ... | bookworm, bullseye, buster, sid | |
| CVE-2018-7173 | A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an ... | bookworm, bullseye, buster, sid | |
| CVE-2018-7174 | An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref a ... | bookworm, bullseye, buster, sid | |
| CVE-2018-7175 | An issue was discovered in xpdf 4.00. A NULL pointer dereference in re ... | bookworm, bullseye, buster, sid | |
| CVE-2018-7452 | A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc i ... | bookworm, bullseye, buster, sid | |
| CVE-2018-7453 | Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 ... | bookworm, bullseye, buster, sid | |
| CVE-2018-7454 | A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpd ... | bookworm, bullseye, buster, sid | |
| CVE-2018-7455 | An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xp ... | bookworm, bullseye, buster, sid | |
| CVE-2018-8100 | The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allo ... | bookworm, bullseye, buster, sid | |
| CVE-2018-8101 | The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf ... | bookworm, bullseye, buster, sid | |
| CVE-2018-8102 | The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4 ... | bookworm, bullseye, buster, sid | |
| CVE-2018-8103 | The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf ... | bookworm, bullseye, buster, sid | |
| CVE-2018-8104 | The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows atta ... | bookworm, bullseye, buster, sid | |
| CVE-2018-8105 | The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allow ... | bookworm, bullseye, buster, sid | |
| CVE-2018-8106 | The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 ... | bookworm, bullseye, buster, sid | |
| CVE-2018-8107 | The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows atta ... | bookworm, bullseye, buster, sid | |
| CVE-2018-11033 | The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in ... | bookworm, bullseye, buster, sid | |
| CVE-2018-16368 | SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows ... | bookworm, bullseye, buster, sid | |
| CVE-2018-16369 | XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a ... | bookworm, bullseye, buster, sid | |
| CVE-2018-18454 | CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote atta ... | bookworm, bullseye, buster, sid | |
| CVE-2018-18455 | The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote a ... | bookworm, bullseye, buster, sid | |
| CVE-2018-18456 | The function Object::isName() in Object.h (called from Gfx::opSetFillC ... | bookworm, bullseye, buster, sid | |
| CVE-2018-18457 | The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remo ... | bookworm, bullseye, buster, sid | |
| CVE-2018-18458 | The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows r ... | bookworm, bullseye, buster, sid | |
| CVE-2018-18459 | The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remo ... | bookworm, bullseye, buster, sid | |
| xserver-xorg-video-nouveau | CVE-2018-3979 | A remote denial-of-service vulnerability exists in the way the Nouveau ... | bookworm, bullseye, buster, sid |
| xterm | CVE-2006-4447 | X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtran ... | bookworm, bullseye, buster, sid |
| yabasic | CVE-2019-19720 | Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() functio ... | bookworm, bullseye, buster, sid |
| CVE-2019-19796 | Yabasic 2.86.2 has a heap-based buffer overflow in myformat in functio ... | bookworm, bullseye, buster, sid | |
| yara | CVE-2019-19648 | In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, ... | bookworm, bullseye, buster, sid |
| yasm | CVE-2021-33454 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer ... | bookworm, bullseye, buster, sid |
| CVE-2021-33455 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer ... | bookworm, bullseye, buster, sid | |
| CVE-2021-33456 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer ... | bookworm, bullseye, buster, sid | |
| CVE-2021-33457 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer ... | bookworm, bullseye, buster, sid | |
| CVE-2021-33458 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer ... | bookworm, bullseye, buster, sid | |
| CVE-2021-33459 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer ... | bookworm, bullseye, buster, sid | |
| CVE-2021-33460 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer ... | bookworm, bullseye, buster, sid | |
| CVE-2021-33461 | An issue was discovered in yasm version 1.3.0. There is a use-after-fr ... | bookworm, bullseye, buster, sid | |
| CVE-2021-33462 | An issue was discovered in yasm version 1.3.0. There is a use-after-fr ... | bookworm, bullseye, buster, sid | |
| CVE-2021-33463 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer ... | bookworm, bullseye, buster, sid | |
| CVE-2021-33465 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer ... | bookworm, bullseye, buster, sid | |
| CVE-2021-33466 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer ... | bookworm, bullseye, buster, sid | |
| CVE-2021-33467 | An issue was discovered in yasm version 1.3.0. There is a use-after-fr ... | bookworm, bullseye, buster, sid | |
| CVE-2021-33468 | An issue was discovered in yasm version 1.3.0. There is a use-after-fr ... | bookworm, bullseye, buster, sid | |
| yaws | CVE-2009-4495 | Yaws 1.85 writes data to a log file without sanitizing non-printable c ... | bookworm, bullseye, buster, sid |
| yum | CVE-2013-1910 | yum does not properly handle bad metadata, which allows an attacker to ... | buster |
| zangband | CVE-2021-40589 | ZAngband zangband-data 2.7.5 is affected by an integer underflow vulne ... | bookworm, bullseye, buster, sid |
| zeek | CVE-2021-41732 | ** DISPUTED ** An issue was discovered in zeek version 4.1.0. There is ... | sid |
| zim | CVE-2020-10870 | Zim through 0.72.1 creates temporary directories with predictable name ... | buster |
| zip | CVE-2018-13410 | ** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line opti ... | bookworm, bullseye, buster, sid |
| zoneminder | CVE-2019-7350 | Session fixation exists in ZoneMinder through 1.32.3, as an attacker c ... | bookworm, bullseye, sid |
| CVE-2019-7351 | Log Injection exists in ZoneMinder through 1.32.3, as an attacker can ... | bookworm, bullseye, sid | |
| CVE-2019-8423 | ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/view ... | bookworm, bullseye, sid | |
| CVE-2019-8425 | includes/database.php in ZoneMinder before 1.32.3 has XSS in the const ... | bookworm, bullseye, sid | |
| CVE-2019-8427 | daemonControl in includes/functions.php in ZoneMinder before 1.32.3 al ... | bookworm, bullseye, sid | |
| CVE-2019-8429 | ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php fil ... | bookworm, bullseye, sid | |
| CVE-2022-1726 | Bootstrap Tables XSS vulnerability with Table Export plug-in when expo ... | bookworm, bullseye, sid | |
| CVE-2022-29806 | ZoneMinder before 1.36.13 allows remote code execution via an invalid ... | bullseye | |
| zoph | CVE-2014-9235 | Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Pho ... | bookworm, bullseye, buster, sid |
| CVE-2014-9236 | Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zop ... | bookworm, bullseye, buster, sid | |
| zziplib | CVE-2018-6542 | In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trail ... | bookworm, bullseye, buster, sid |
| CVE-2018-7727 | An issue was discovered in ZZIPlib 0.13.68. There is a memory leak tri ... | bookworm, bullseye, buster, sid | |
| zziplib | CVE-2018-17828 | Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers ... | bookworm, bullseye, buster, sid |