Packages that have open unimportant issues

This page lists packages that are affected by issues that are considered unimportant from a security perspective. These issues are thought to be unexploitable or uneffective in most situations (for example, browser denial-of-services).

Package	Bug	Description	Releases
389-admin	CVE-2015-0233	Multiple insecure Temporary File vulnerabilities in 389 Administration ...	jessie
9base	CVE-2014-1935	9base 1:6-6 and 1:6-7 insecurely creates temporary files which results ...	bullseye, buster, jessie, sid, stretch
abcm2ps	CVE-2018-10753	Stack-based buffer overflow in the delayed_output function in music.c ...	jessie, stretch
	CVE-2018-10771	Stack-based buffer overflow in the get_key function in parse.c in abcm ...	jessie, stretch
	CVE-2019-1010069	moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The ...	jessie, stretch
abiword	CVE-2017-17529	af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings ...	buster, jessie, sid, stretch
acpica-unix	CVE-2017-13693	The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils. ...	jessie, stretch
	CVE-2017-13694	The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobje ...	jessie, stretch
	CVE-2017-13695	The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the ...	jessie, stretch
activemq	CVE-2016-0782	The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5 ...	jessie
	CVE-2016-6810	In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scri ...	jessie
	CVE-2018-8006	An instance of a cross-site scripting vulnerability was identified to ...	bullseye, buster, jessie, sid, stretch
afflib	CVE-2018-8050	The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFL ...	jessie, stretch
amanda	CVE-2016-10729	An issue was discovered in Amanda 3.3.1. A user with backup privileges ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-10730	An issue was discovered in Amanda 3.3.1. A user with backup privileges ...	bullseye, buster, jessie, sid, stretch
android-framework-23	CVE-2017-0752	A elevation of privilege vulnerability in the Android framework (windo ...	bullseye, buster, sid, stretch
	CVE-2017-0822	An elevation of privilege vulnerability in the Android system (camera) ...	bullseye, buster, sid, stretch
android-platform-frameworks-native	CVE-2015-3875	libutils in Android before 5.1.1 LMY48T allows remote attackers to exe ...	bullseye, buster, jessie, sid, stretch
	CVE-2015-6602	libutils in Android through 5.1.1 LMY48M allows remote attackers to ex ...	bullseye, buster, jessie, sid, stretch
	CVE-2015-6609	libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allo ...	bullseye, buster, jessie, sid, stretch
android-platform-system-core	CVE-2012-5564	android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users t ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-0807	The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x ...	jessie
	CVE-2016-3861	LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...	jessie
	CVE-2017-0647	An information disclosure vulnerability in libziparchive could enable ...	stretch
	CVE-2017-0841	A remote code execution vulnerability in the Android system (libutils) ...	bullseye, buster, jessie, sid, stretch
android-tools	CVE-2012-5564	android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users t ...	buster, jessie
ansible	CVE-2017-7550	A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x bef ...	jessie, stretch
aolserver4	CVE-2009-4494	AOLserver 4.5.1 writes data to a log file without sanitizing non-print ...	jessie, stretch
apache2	CVE-2001-1534	mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's u ...	bullseye, buster, jessie, sid, stretch
	CVE-2003-1307		bullseye, buster, jessie, sid, stretch
	CVE-2003-1580	The Apache HTTP Server 2.0.44, when DNS resolution is enabled for clie ...	bullseye, buster, jessie, sid, stretch
	CVE-2003-1581	The Apache HTTP Server 2.0.44, when DNS resolution is enabled for clie ...	bullseye, buster, jessie, sid, stretch
	CVE-2007-0086		bullseye, buster, jessie, sid, stretch
	CVE-2007-1743	suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combination ...	bullseye, buster, jessie, sid, stretch
	CVE-2007-3303	Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows loc ...	bullseye, buster, jessie, sid, stretch
	CVE-2008-0455	Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...	bullseye, buster, jessie, sid, stretch
	CVE-2008-0456	CRLF injection vulnerability in the mod_negotiation module in the Apac ...	bullseye, buster, jessie, sid, stretch
apt	CVE-2011-3374	It was found that apt-key in apt, all versions, do not correctly valid ...	bullseye, buster, jessie, sid, stretch
apt-setup	CVE-2005-2214	apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...	bullseye, buster, jessie, sid, stretch
arora	CVE-2011-3367	Arora, possibly 0.11 and other versions, does not use a certain font w ...	jessie, sid
	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...	jessie, sid
asn1c	CVE-2017-12966	The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1 ...	bullseye, buster, jessie, sid, stretch
atril	CVE-2019-11459	The tiff_document_render() and tiff_document_get_thumbnail() functions ...	stretch
audacity	CVE-2016-2540	Audacity before 2.1.2 allows remote attackers to cause a denial of ser ...	jessie
audit	CVE-2015-5186	Audit before 2.4.4 in Linux does not sanitize escape characters in fil ...	jessie
automake1.11	TEMP-0827346-22ED59	install-sh: insecure use of /tmp	jessie
avahi	CVE-2017-6519	avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to ...	buster, jessie, stretch
awffull	CVE-2007-0510	Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) prese ...	bullseye, buster, jessie, sid, stretch
awstats	CVE-2018-10245	A Full Path Disclosure vulnerability in AWStats through 7.6 allows rem ...	bullseye, buster, jessie, sid, stretch
axis	CVE-2007-2353	Apache Axis 1.0 allows remote attackers to obtain sensitive informatio ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-0227	A Server Side Request Forgery (SSRF) vulnerability affected the Apache ...	bullseye, buster, jessie, sid, stretch
banshee	CVE-2009-1175	Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in th ...	jessie, stretch
bash	TEMP-0841856-B18BAF	Privilege escalation possible to other user than root	bullseye, buster, jessie, sid, stretch
bash-completion	CVE-2018-7738	In util-linux before 2.32-rc1, bash-completion/umount allows local use ...	bullseye, buster, jessie, sid, stretch
bibutils	CVE-2018-10773	NULL pointer deference in the addsn function in serialno.c in libbibco ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-10774	Read access violation in the isiin_keyword function in isiin.c in libb ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-10775	NULL pointer dereference in the _fields_add function in fields.c in li ...	bullseye, buster, jessie, sid, stretch
binaryen	CVE-2019-15758	An issue was discovered in Binaryen 1.38.32. Missing validation rules ...	buster
	CVE-2019-15759	An issue was discovered in Binaryen 1.38.32. Two visitors in ir/Expres ...	buster
bind9	CVE-2016-6170	ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x throug ...	jessie, stretch
	CVE-2018-5741	To provide fine-grained controls over the ability to use Dynamic DNS ( ...	jessie, stretch
binutils	CVE-2017-13716	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distr ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-1000876	binutils version 2.32 and earlier contains a Integer Overflow vulnerab ...	buster, jessie, stretch
	CVE-2018-12697	A NULL pointer dereference (aka SEGV on unknown address 0x000000000000 ...	buster, jessie, stretch
	CVE-2018-12698	demangle_template in cplus-dem.c in GNU libiberty, as distributed in G ...	buster, jessie, stretch
	CVE-2018-12699	finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause ...	buster, jessie, stretch
	CVE-2018-12700	A Stack Exhaustion issue was discovered in debug_write_type in debug.c ...	buster, jessie, stretch
	CVE-2018-12934	remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-13033	The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...	jessie, stretch
	CVE-2018-17358	An issue was discovered in the Binary File Descriptor (BFD) library (a ...	buster, jessie, stretch
	CVE-2018-17359	An issue was discovered in the Binary File Descriptor (BFD) library (a ...	buster, jessie, stretch
	CVE-2018-17360	An issue was discovered in the Binary File Descriptor (BFD) library (a ...	buster, jessie, stretch
	CVE-2018-17794	An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ...	buster, jessie, stretch
	CVE-2018-17985	An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...	buster, jessie, stretch
	CVE-2018-18309	An issue was discovered in the Binary File Descriptor (BFD) library (a ...	buster, jessie, stretch
	CVE-2018-18483	The get_count function in cplus-dem.c in GNU libiberty, as distributed ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-18484	An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...	buster, jessie, stretch
	CVE-2018-18605	A heap-based buffer over-read issue was discovered in the function sec ...	buster, jessie, stretch
	CVE-2018-18606	An issue was discovered in the merge_strings function in merge.c in th ...	buster, jessie, stretch
	CVE-2018-18607	An issue was discovered in elf_link_input_bfd in elflink.c in the Bina ...	buster, jessie, stretch
	CVE-2018-18700	An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...	buster, jessie, stretch
	CVE-2018-18701	An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...	buster, jessie, stretch
	CVE-2018-19931	An issue was discovered in the Binary File Descriptor (BFD) library (a ...	buster, jessie, stretch
	CVE-2018-19932	An issue was discovered in the Binary File Descriptor (BFD) library (a ...	buster, jessie, stretch
	CVE-2018-20002	The _bfd_generic_read_minisymbols function in syms.c in the Binary Fil ...	buster, jessie, stretch
	CVE-2018-20623	In GNU Binutils 2.31.1, there is a use-after-free in the error functio ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-20651	A NULL pointer dereference was discovered in elf_link_add_object_symbo ...	buster, jessie, stretch
	CVE-2018-20671	load_specific_debug_section in objdump.c in GNU Binutils through 2.31. ...	buster, jessie, stretch
	CVE-2018-20673	The demangle_template function in cplus-dem.c in GNU libiberty, as dis ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-20712	A heap-based buffer over-read exists in the function d_expression_1 in ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-9138	An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ...	buster, jessie, stretch
	CVE-2018-9996	An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-1010180	GNU gdb All versions is affected by: Buffer Overflow - Out of bound me ...	buster, jessie, stretch
	CVE-2019-1010204	GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is aff ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-12972	An issue was discovered in the Binary File Descriptor (BFD) library (a ...	buster, jessie, stretch
	CVE-2019-14250	An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...	buster, jessie, stretch
	CVE-2019-14444	apply_relocations in readelf.c in GNU Binutils 2.32 contains an intege ...	buster, jessie, stretch
	CVE-2019-17450	find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-17451	An issue was discovered in the Binary File Descriptor (BFD) library (a ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-9070	An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...	buster, jessie, stretch
	CVE-2019-9071	An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...	buster, jessie, stretch
	CVE-2019-9073	An issue was discovered in the Binary File Descriptor (BFD) library (a ...	buster, jessie, stretch
	CVE-2019-9074	An issue was discovered in the Binary File Descriptor (BFD) library (a ...	buster, jessie, stretch
	CVE-2019-9075	An issue was discovered in the Binary File Descriptor (BFD) library (a ...	buster, jessie, stretch
	CVE-2019-9077	An issue was discovered in GNU Binutils 2.32. It is a heap-based buffe ...	buster, jessie, stretch
blender	CVE-2005-3151	Buffer overflow in blenderplay in Blender Player 2.37a allows attacker ...	bullseye, buster, jessie, sid, stretch
	CVE-2009-3850	Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execut ...	bullseye, buster, jessie, sid, stretch
	CVE-2010-5105	The undo save quit routine in the kernel in Blender 2.5, 2.63a, and ea ...	bullseye, buster, jessie, sid, stretch
bluez	CVE-2016-9797	In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" functio ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-9798	In BlueZ 5.42, a use-after-free was identified in "conf_opt" function ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-9799	In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" funct ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-9800	In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-9801	In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" functi ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-9802	In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" fun ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-9803	In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-9804	In BlueZ 5.42, a buffer overflow was observed in "commands_dump" funct ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-9917	In BlueZ 5.42, a buffer overflow was observed in "read_n" function in ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-9918	In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump ...	bullseye, buster, jessie, sid, stretch
bochs	CVE-2007-2894	The emulated floppy disk controller in Bochs 2.3 allows local users of ...	bullseye, buster, jessie, sid, stretch
brandy	CVE-2019-14662	Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in f ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-14663	Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fi ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-14665	Brandy 1.20.1 has a heap-based buffer overflow in define_array in vari ...	bullseye, buster, jessie, sid, stretch
bubblewrap	CVE-2019-12439	bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories ...	stretch
busybox	CVE-2016-6301	The recv_and_process_client_pkt function in networking/ntpd.c in busyb ...	jessie, stretch
	CVE-2018-1000500	Busybox contains a Missing SSL certificate validation vulnerability in ...	bullseye, buster, jessie, sid, stretch
bwa	CVE-2019-11371	BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow vi ...	bullseye, buster, jessie, sid, stretch
byobu	CVE-2019-7306	Apport hook may expose sensitive information	bullseye, buster, jessie, sid, stretch
byzanz	CVE-2015-2785	The GIF encoder in Byzanz allows remote attackers to cause a denial of ...	bullseye, buster, jessie, sid, stretch
cableswig	CVE-2009-3560	The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, a ...	jessie
	CVE-2009-3720	The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...	jessie
cacti	CVE-2009-4112	Cacti 0.8.7e and earlier allows remote authenticated administrators to ...	jessie, stretch
	CVE-2020-7058	DISPUTED data_input.php in Cacti 1.2.8 allows remote code execut ...	bullseye, buster, jessie, sid, stretch
cadaver	CVE-2009-3560	The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, a ...	bullseye, buster, jessie, sid, stretch
	CVE-2009-3720	The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...	bullseye, buster, jessie, sid, stretch
calamares	CVE-2019-13178	modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2. ...	buster
cantata	CVE-2018-12559	An issue was discovered in the cantata-mounter D-Bus service in Cantat ...	jessie, stretch
	CVE-2018-12560	An issue was discovered in the cantata-mounter D-Bus service in Cantat ...	jessie, stretch
	CVE-2018-12561	An issue was discovered in the cantata-mounter D-Bus service in Cantat ...	jessie, stretch
	CVE-2018-12562	An issue was discovered in the cantata-mounter D-Bus service in Cantat ...	jessie, stretch
capnproto	CVE-2017-7892	Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to ...	stretch
catdoc	CVE-2018-20451	The process_file function in reader.c in libdoc through 2017-10-23 has ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-20453	The getlong function in numutils.c in libdoc through 2017-10-23 has a ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-7156	In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows divi ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-7233	In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer ...	bullseye, buster, jessie, sid, stretch
cflow	CVE-2019-16165	GNU cflow through 1.6 has a use-after-free in the reference function i ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-16166	GNU cflow through 1.6 has a heap-based buffer over-read in the nexttok ...	bullseye, buster, jessie, sid, stretch
chromium	CVE-2019-15903	In libexpat before 2.2.8, crafted XML input could fool the parser into ...	bullseye, buster, sid
chromium-browser	CVE-2008-7246	Google Chrome 0.2.149.29 and earlier allows remote attackers to cause ...	jessie, stretch
	CVE-2009-0374		jessie, stretch
	CVE-2009-1598	Google Chrome executes DOM calls in response to a javascript: URI in t ...	jessie, stretch
	CVE-2010-1384	Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...	jessie, stretch
	CVE-2010-1992	Google Chrome 1.0.154.48 executes a mail application in situations whe ...	jessie, stretch
	CVE-2010-4037	Unspecified vulnerability in Google Chrome before 7.0.517.41 allows re ...	jessie, stretch
	CVE-2010-4482	Unspecified vulnerability in Google Chrome before 8.0.552.215 allows r ...	jessie, stretch
	CVE-2011-2599	Google Chrome 11 does not block use of a cross-domain image as a WebGL ...	jessie, stretch
	CVE-2011-3640	DISPUTED Untrusted search path vulnerability in Mozilla Network ...	jessie, stretch
	CVE-2012-5851	html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chr ...	jessie, stretch
	CVE-2017-5130	An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in ...	jessie
	CVE-2018-6406	The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libw ...	jessie, stretch
	CVE-2018-6548	A use-after-free issue was discovered in libwebm through 2018-02-02. I ...	jessie, stretch
cifs-utils	CVE-2014-2830	Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils ...	bullseye, buster, jessie, sid, stretch
clementine	CVE-2018-14332	An issue was discovered in Clementine Music Player 1.3.1. Clementine.e ...	buster, jessie, sid, stretch
coin3	CVE-2009-3560	The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, a ...	bullseye, buster, jessie, sid, stretch
	CVE-2009-3720	The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...	bullseye, buster, jessie, sid, stretch
confuse	CVE-2018-19760	cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. ...	bullseye, buster, jessie, sid, stretch
conkeror	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...	jessie, stretch
context	CVE-2017-17513	TeX Live through 20170524 does not validate strings before launching t ...	bullseye, buster, jessie, sid, stretch
coreutils	CVE-2017-18018	In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does no ...	bullseye, buster, jessie, sid, stretch
courier	CVE-2004-2313	Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error message ...	buster, jessie, sid, stretch
	CVE-2005-1308	SqWebMail allows remote attackers to inject arbitrary web script or HT ...	buster, jessie, sid, stretch
crossroads	CVE-2018-18654	Crossroads 2.81 does not properly handle the /tmp directory during a b ...	jessie, stretch
cryptsetup	CVE-2016-4484	The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earl ...	jessie
ctn	CVE-2008-5146	add-accession-numbers in ctn 3.0.6 allows local users to overwrite arb ...	bullseye, buster, jessie, sid, stretch
cups	CVE-2014-8166	The browsing feature in the server in CUPS does not filter ANSI escape ...	bullseye, buster, jessie, sid, stretch
cups-filters	TEMP-0000000-ACBC4C	buffer overflows in init_cups	jessie
curl	CVE-2016-3739	The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) pola ...	jessie
	CVE-2017-7407	The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow ...	jessie
db4o	CVE-2012-6550	Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 ...	bullseye, buster, sid, stretch
	CVE-2013-1808	Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and Zero ...	bullseye, buster, sid, stretch
	CVE-2014-1869	Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.s ...	bullseye, buster, sid, stretch
dcmtk	CVE-2013-6825	(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/ ...	bullseye, buster, jessie, sid, stretch
dcraw	CVE-2013-1438	Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in lib ...	jessie, stretch
	CVE-2018-19565	A buffer over-read in crop_masked_pixels in dcraw through 9.28 could b ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-19566	A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-19567	A floating point exception in parse_tiff_ifd in dcraw through 9.28 cou ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-19568	A floating point exception in kodak_radc_load_raw in dcraw through 9.2 ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-19655	A stack-based buffer overflow in the find_green() function of dcraw th ...	jessie, stretch
dhcpcd5	CVE-2014-7913	The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...	jessie, stretch
dia	CVE-2019-19451	When GNOME Dia before 2019-11-27 is launched with a filename argument ...	bullseye, buster, jessie, sid, stretch
dillo	TEMP-0560108-565B70	browser-based css info disclosure	bullseye, buster, jessie, sid, stretch
dirmngr	CVE-2011-2207	dirmngr before 2.1.0 improperly handles certain system calls, which al ...	jessie
djvulibre	TEMP-0775193-7F000E	djvudigital: insecure use of /tmp	jessie
dnspython	CVE-2008-1447	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...	bullseye, buster, jessie, sid, stretch
dnstracer	CVE-2017-9430	Stack-based buffer overflow in dnstracer through 1.9 allows attackers ...	bullseye, buster, jessie, sid, stretch
dogtag-pki	CVE-2015-0234	Multiple temporary file creation vulnerabilities in pki-core 10.2.0. ...	sid
dojo	CVE-2018-1000665	Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contai ...	jessie
dokuwiki	CVE-2016-7965	DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the ...	bullseye, buster, jessie, sid
dovecot	CVE-2008-4870	dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedor ...	bullseye, buster, jessie, sid, stretch
dpkg	CVE-2017-8283	dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU pat ...	jessie
dpkg-cross	CVE-2008-4950	DISPUTED gccross in dpkg-cross 2.3.0 allows local users to overw ...	bullseye, buster, sid, stretch
dropbear	CVE-2016-7409	The dbclient and server in Dropbear SSH before 2016.74, when compiled ...	jessie
drupal7	CVE-2007-6752	DISPUTED Cross-site request forgery (CSRF) vulnerability in Drup ...	jessie, stretch
dwb	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...	jessie
edk2	CVE-2014-4859	Integer overflow in the Drive Execution Environment (DXE) phase in the ...	bullseye, buster, jessie, sid, stretch
	CVE-2014-4860	Multiple integer overflows in the Pre-EFI Initialization (PEI) boot ph ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-12179	Improper configuration in system firmware for EDK II may allow unauthe ...	buster, jessie, stretch
	CVE-2018-12182	Insufficient memory write check in SMM service for EDK II may allow an ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-14553	invalid server certificate accepted in HTTPS-over-IPv6 boot	buster, jessie, stretch
electrum	CVE-2018-6353	The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 sup ...	bullseye, sid
elfutils	CVE-2019-7148	DISPUTED An attempted excessive memory allocation was discovered i ...	jessie, stretch
emacs24	CVE-2014-9483	Emacs 24.4 allows remote attackers to bypass security restrictions. ...	jessie
epiphany-browser	CVE-2007-1084	Mozilla Firefox 2.0.0.1 and earlier does not prompt users before savin ...	bullseye, buster, jessie, sid, stretch
	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-1000025	GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 befo ...	jessie
	CVE-2018-11396	ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3 ...	jessie, stretch
	CVE-2018-12016	libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows rem ...	jessie, stretch
	TEMP-0560108-565B70	browser-based css info disclosure	bullseye, buster, jessie, sid, stretch
erlang	CVE-2009-0130	DISPUTED lib/crypto/c_src/crypto_drv.c in erlang does not proper ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-1000107	inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1 ...	bullseye, buster, jessie, sid, stretch
evolution	CVE-2007-1266	Evolution 2.8.1 and earlier does not properly use the --status-fd argu ...	bullseye, buster, jessie, sid, stretch
	CVE-2011-3201	GNOME Evolution before 3.2.3 allows user-assisted remote attackers to ...	bullseye, buster, jessie, sid, stretch
	CVE-2013-4166	The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNO ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-17689	The S/MIME specification allows a Cipher Block Chaining (CBC) malleabi ...	bullseye, buster, jessie, sid, stretch
evolution-data-server	CVE-2018-12422	DISPUTED addressbook/backends/ldap/e-book-backend-ldap.c in Evol ...	jessie, stretch
exiv2	CVE-2017-11683	There is a reachable assertion in the Internal::TiffReader::visitDirec ...	buster, jessie, stretch
	CVE-2018-14338	samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realp ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-13113	Exiv2 through 0.27.1 allows an attacker to cause a denial of service ( ...	buster, jessie, stretch
expat	CVE-2013-0340	expat 2.1.0 and earlier does not properly handle entities expansion un ...	bullseye, buster, jessie, sid, stretch
eyed3	CVE-2014-1934	tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Pyth ...	jessie
faac	CVE-2018-19886	An invalid memory address dereference was discovered in the huffcode f ...	buster, jessie, stretch
	CVE-2018-19887	An invalid memory address dereference was discovered in the huffcode f ...	buster, jessie, stretch
	CVE-2018-19888	An invalid memory address dereference was discovered in the huffcode f ...	buster, jessie, stretch
	CVE-2018-19889	An invalid memory address dereference was discovered in the huffcode f ...	buster, jessie, stretch
	CVE-2018-19890	An invalid memory address dereference was discovered in the huffcode f ...	buster, jessie, stretch
	CVE-2018-19891	An invalid memory address dereference was discovered in the huffcode f ...	buster, jessie, stretch
fig2dev	CVE-2018-16140	A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3. ...	stretch
	CVE-2019-19746	make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fau ...	stretch
firefox	CVE-2004-1639	Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows re ...	sid
	CVE-2005-2395	Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...	sid
	CVE-2005-4685	Firefox and Mozilla can associate a cookie with multiple domains when ...	sid
	CVE-2019-12383	Tor Browser before 8.0.1 has an information exposure vulnerability. It ...	sid
firefox-esr	CVE-2017-16541	Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...	jessie
	CVE-2018-12379	When the Mozilla Updater opens a MAR format file which contains a very ...	jessie
	CVE-2019-11719	When importing a curve25519 private key in PKCS#8format with leading 0 ...	jessie
	CVE-2019-11729	Empty or malformed p256-ECDH public keys may trigger a segmentation fa ...	jessie
	CVE-2019-12383	Tor Browser before 8.0.1 has an information exposure vulnerability. It ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-13075	Tor Browser through 8.5.3 has an information exposure vulnerability. I ...	jessie
firehol	CVE-2008-4953		bullseye, buster, jessie, sid, stretch
flashrom	TEMP-0000000-C3CEDB	fscanf format string security bug in flashrom layout code	jessie
fontforge	CVE-2017-11570	FontForge 20161012 is vulnerable to a buffer over-read in umodenc (par ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-11573	FontForge 20161012 is vulnerable to a buffer over-read in ValidatePost ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-17521	uiutil.c in FontForge through 20170731 does not validate strings befor ...	bullseye, buster, jessie, sid, stretch
foomatic-filters	CVE-2011-2923	foomatic-rip filter, all versions, used insecurely creates temporary f ...	bullseye, buster, jessie, sid, stretch
	TEMP-0000000-ACBC4C	buffer overflows in init_cups	bullseye, buster, jessie, sid, stretch
freeipa	CVE-2015-5179	FreeIPA might display user data improperly via vectors involving non-p ...	buster, sid
	CVE-2017-12169	It was found that FreeIPA 4.2.0 and later could disclose password hash ...	buster, sid
freeradius	CVE-2007-0080		bullseye, buster, jessie, sid, stretch
	CVE-2019-10143	DISPUTED It was discovered freeradius up to and including versio ...	bullseye, buster, jessie, sid, stretch
freerdp	CVE-2014-0791	Integer overflow in the license_read_scope_list function in libfreerdp ...	jessie, stretch
freevo	CVE-2008-4955	freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary ...	jessie
ganglia-web	CVE-2013-6395	Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web ...	bullseye, buster, jessie, sid, stretch
	CVE-2015-6816	ganglia-web before 3.7.1 allows remote attackers to bypass authenticat ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-20378	ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via th ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-20379	ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via th ...	bullseye, buster, jessie, sid, stretch
gcc-mingw-w64	CVE-2016-4973	Binaries compiled against targets that use the libssp library in GCC f ...	bullseye, buster, jessie, sid, stretch
gdal	CVE-2019-17546	tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0. ...	bullseye, buster, jessie, sid, stretch
gdb	CVE-2014-8501	The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutil ...	bullseye, buster, jessie, sid, stretch
	CVE-2014-9939	ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow wh ...	jessie
	CVE-2017-9778	GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length f ...	buster, jessie, stretch
gdk-pixbuf	CVE-2017-2870	An exploitable integer overflow vulnerability exists in the tiff_image ...	stretch
	CVE-2017-6311	gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attack ...	stretch
gdnsd	CVE-2019-13952	The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and ...	bullseye, buster, jessie, sid, stretch
gedit	CVE-2017-14108	libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to ca ...	bullseye, buster, jessie, sid, stretch
geomview	CVE-2017-17530	common/help.c in Geomview 1.9.5 does not validate strings before launc ...	bullseye, buster, jessie, sid, stretch
gettext	CVE-2018-18751	An issue was discovered in GNU gettext 0.19.8. There is a double free ...	jessie, stretch
giac	CVE-2017-17526	Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings be ...	bullseye, buster, sid
gif2png	CVE-2019-17371	libpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_ ...	jessie, stretch
gifsicle	CVE-2017-18120	A double-free bug in the read_gif function in gifread.c in gifsicle 1. ...	jessie, stretch
gimp	CVE-2007-3126	Gimp before 2.8.22 allows context-dependent attackers to cause a denia ...	jessie, stretch
	CVE-2012-4245	The scriptfu network server in GIMP 2.6 does not require authenticatio ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-12713	GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary f ...	bullseye, buster, jessie, sid, stretch
git	CVE-2017-15298	Git through 2.14.2 mishandles layers of tree objects, which allows rem ...	jessie, stretch
	CVE-2018-1000021	GIT version 2.15.1 and earlier contains a Input Validation Error vulne ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-1350	A remote code execution vulnerability exists when Git for Visual Studi ...	jessie, stretch
	CVE-2019-1351	A tampering vulnerability exists when Git for Visual Studio improperly ...	jessie, stretch
	CVE-2019-1354	A remote code execution vulnerability exists when Git for Visual Studi ...	jessie, stretch
git-repair	TEMP-0807341-84E914	uses non-random tempdir /tmp/tmprepo.0/.git/	jessie
gjots2	CVE-2017-17535	lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before ...	buster, jessie, sid, stretch
glance	CVE-2013-4354	The API before 2.1 in OpenStack Image Registry and Delivery Service (G ...	bullseye, buster, jessie, sid, stretch
	CVE-2015-8234	The image signature algorithm in OpenStack Glance 11.0.0 allows remote ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-4383	The glance-manage db in all versions of HPE Helion Openstack Glance al ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-8611	A vulnerability was found in Openstack Glance. No limits are enforced ...	bullseye, buster, jessie, sid, stretch
glib2.0	CVE-2012-0039	DISPUTED GLib 2.31.8 and earlier, when the g_str_hash function i ...	bullseye, buster, jessie, sid, stretch
glibc	CVE-2010-4051	The regcomp implementation in the GNU C Library (aka glibc or libc6) t ...	bullseye, buster, jessie, sid, stretch
	CVE-2010-4052	Stack consumption vulnerability in the regcomp implementation in the G ...	bullseye, buster, jessie, sid, stretch
	CVE-2010-4756	The glob implementation in the GNU C Library (aka glibc or libc6) allo ...	bullseye, buster, jessie, sid, stretch
	CVE-2015-8985	The pop_fail_stack function in the GNU C Library (aka glibc or libc6) ...	jessie, stretch
	CVE-2018-20796	In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limi ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-1010022	GNU Libc current is affected by: Mitigation bypass. The impact is: Att ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-1010023	GNU Libc current is affected by: Re-mapping current loaded libray with ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-1010024	GNU Libc current is affected by: Mitigation bypass. The impact is: Att ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-1010025	DISPUTED GNU Libc current is affected by: Mitigation bypass. The ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-6488	The string component in the GNU C Library (aka glibc or libc6) through ...	jessie, stretch
	CVE-2019-7309	In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp fun ...	jessie, stretch
	CVE-2019-9192	DISPUTED In the GNU C Library (aka glibc or libc6) through 2.29, ...	bullseye, buster, jessie, sid, stretch
global	CVE-2017-17531	gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launchi ...	jessie
glpi	CVE-2010-1618	Cross-site scripting (XSS) vulnerability in the phpCAS client library ...	jessie
	CVE-2010-2795	phpCAS before 1.1.2 allows remote authenticated users to hijack sessio ...	jessie
	CVE-2010-2796	Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when ...	jessie
	CVE-2010-3690	Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1 ...	jessie
	CVE-2010-3691	PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is ena ...	jessie
	CVE-2010-3692	Directory traversal vulnerability in the callback function in client.p ...	jessie
	CVE-2014-5032	GLPI before 0.84.7 does not properly restrict access to cost informati ...	jessie
	CVE-2014-8360	Directory traversal vulnerability in inc/autoload.function.php in GLPI ...	jessie
	CVE-2014-9258	SQL injection vulnerability in ajax/getDropdownValue.php in GLPI befor ...	jessie
	CVE-2015-7684	Unrestricted file upload in GLPI before 0.85.3 allows remote authentic ...	jessie
	CVE-2015-7685	GLPI before 0.85.3 allows remote authenticated users to create super-a ...	jessie
	CVE-2016-7507	Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows ...	jessie
	CVE-2016-7508	Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authent ...	jessie
	CVE-2016-7509	Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote ...	jessie
	CVE-2017-11183	front/backup.php in GLPI before 9.1.5 allows remote authenticated admi ...	jessie
	CVE-2017-11184	SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 ...	jessie
	CVE-2017-11329	GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.ph ...	jessie
	CVE-2017-11474	GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/com ...	jessie
	CVE-2017-11475	GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exp ...	jessie
	CVE-2018-13049	The constructSQL function in inc/search.class.php in GLPI 9.2.x throug ...	jessie
	CVE-2018-7562	A remote code execution issue was discovered in GLPI through 9.2.1. Th ...	jessie
	CVE-2018-7563	An issue was discovered in GLPI through 9.2.1. The application is affe ...	jessie
	CVE-2019-1010307	GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). Th ...	jessie
	CVE-2019-1010310	GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection ...	jessie
	CVE-2019-10231	Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerab ...	jessie
	CVE-2019-10232	Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter ...	jessie
	CVE-2019-10233	Teclib GLPI before 9.4.1.1 is affected by a timing attack associated w ...	jessie
	CVE-2019-13239	inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. ...	jessie
	CVE-2019-13240	An issue was discovered in GLPI before 9.4.1. After a successful passw ...	jessie
	CVE-2019-14666	GLPI through 9.4.3 is prone to account takeover by abusing the ajax/au ...	jessie
gnome-font-viewer	CVE-2019-19308	In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, ...	bullseye, buster, jessie, sid, stretch
gnome-keyring	CVE-2018-19358	GNOME Keyring through 3.28.2 allows local users to retrieve login cred ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-20781	In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's pas ...	jessie, stretch
gnome-orca	CVE-2013-4245	Orca has arbitrary code execution due to insecure Python module load ...	jessie, stretch
gnome-shell	CVE-2012-4427	The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...	bullseye, buster, jessie, sid, stretch
gnome-sushi	CVE-2019-19308	In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, ...	bullseye, buster, jessie, sid, stretch
gnuchess	CVE-2015-8972	Stack-based buffer overflow in the ValidateMove function in frontend/m ...	jessie
	CVE-2019-15767	In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_ ...	bullseye, buster, jessie, sid, stretch
gnumail	CVE-2007-1269	GNUMail 1.1.2 and earlier does not properly use the --status-fd argume ...	bullseye, buster, sid, stretch
gnupg	CVE-2018-6829	cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt mess ...	jessie, bullseye, buster, sid, stretch
gnuplot	CVE-2018-19490	An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue all ...	bullseye, buster, sid, stretch
	CVE-2018-19491	An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allow ...	bullseye, buster, sid, stretch
	CVE-2018-19492	An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allo ...	bullseye, buster, sid, stretch
gnutls28	CVE-2011-3389	The SSL protocol, as used in certain configurations in Microsoft Windo ...	bullseye, buster, jessie, sid, stretch
	TEMP-0000000-1BAE4D	GNUTLS-SA-2016-2: certificate verification issue	jessie
golang	CVE-2016-5386	The net/http package in Go through 1.6 does not attempt to address RFC ...	jessie
google-perftools	CVE-2018-13420	DISPUTED Google gperftools 2.7 has a memory leak in malloc_exten ...	bullseye, buster, jessie, sid, stretch
gpp	CVE-2018-17076	GPP through 2.25 will try to use more memory space than is available o ...	bullseye, buster, jessie, sid, stretch
gpw	CVE-2011-4931	gpw generates shorter passwords than required ...	bullseye, buster, jessie, sid, stretch
graphicsmagick	CVE-2017-13066	GraphicsMagick 1.3.26 has a memory leak vulnerability in the function ...	jessie
	CVE-2017-13147	In GraphicsMagick 1.3.26, an allocation failure vulnerability was foun ...	jessie
	CVE-2017-13648	In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the ...	jessie
	CVE-2017-13736	There are lots of memory leaks in the GMCommand function in magick/com ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-14042	A memory allocation failure was discovered in the ReadPNMImage functio ...	jessie
	CVE-2017-14165	The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...	jessie
	CVE-2017-14649	ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does ...	jessie
	CVE-2018-18544	There is a memory leak in the function WriteMSLImage of coders/msl.c i ...	jessie, stretch
	CVE-2019-16709	ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrate ...	buster, jessie, stretch
	CVE-2019-7397	In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, seve ...	jessie, stretch
graphviz	CVE-2019-11023	The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39. ...	bullseye, buster, jessie, sid, stretch
grub	CVE-2008-3896	Grub Legacy 0.97 and earlier stores pre-boot authentication passwords ...	bullseye, buster, jessie, sid, stretch
haskell-tls	CVE-2011-3389	The SSL protocol, as used in certain configurations in Microsoft Windo ...	bullseye, buster, jessie, sid, stretch
hex-a-hop	TEMP-0528250-2E3658	hex-a-hop: buffer overflow in loading save games	bullseye, buster, jessie, sid, stretch
htslib	CVE-2018-14329	In HTSlib 1.8, a race condition in cram/cram_io.c might allow local us ...	bullseye, buster, jessie, sid, stretch
hunspell	CVE-2019-16707	Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommon ...	bullseye, buster, jessie, sid, stretch
icecast2	CVE-2005-0837	IceCast 2.20 allows remote attackers to bypass the XSL parser and obta ...	bullseye, buster, jessie, sid, stretch
	CVE-2005-0838	Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...	bullseye, buster, jessie, sid, stretch
icedove	CVE-2006-5633	Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers t ...	jessie
	CVE-2008-5430	Mozilla Thunderbird 2.0.14 does not properly handle (1) multipart/mixe ...	jessie
imagemagick	CVE-2005-0406	A design flaw in image processing software that modifies JPEG images m ...	bullseye, buster, jessie, sid, stretch
	CVE-2008-3134	Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 al ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-8678	The IsPixelMonochrome function in MagickCore/pixel-accessor.h in Image ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-11166	The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a ...	jessie
	CVE-2017-11531	When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...	jessie, stretch
	CVE-2017-11532	When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...	jessie, stretch
	CVE-2017-11534	When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...	jessie, stretch
	CVE-2017-11536	When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...	jessie, stretch
	CVE-2017-11539	When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...	jessie, stretch
	CVE-2017-11644	When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...	jessie, stretch
	CVE-2017-11724	The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9 ...	jessie, stretch
	CVE-2017-11751	The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ...	jessie, stretch
	CVE-2017-11752	The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 ...	jessie, stretch
	CVE-2017-11754	The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-11755	The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-12418	ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM ...	jessie, stretch
	CVE-2017-12427	The ProcessMSLScript function in coders/msl.c in ImageMagick before 6. ...	jessie, stretch
	CVE-2017-12428	In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the f ...	jessie
	CVE-2017-12433	In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the f ...	jessie, stretch
	CVE-2017-12564	In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the f ...	jessie, stretch
	CVE-2017-12565	In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the f ...	jessie, stretch
	CVE-2017-12566	In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the f ...	jessie, stretch
	CVE-2017-12641	ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage ...	jessie, stretch
	CVE-2017-12642	ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in ...	jessie, stretch
	CVE-2017-12644	ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in ...	jessie, stretch
	CVE-2017-12654	The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 all ...	jessie, stretch
	CVE-2017-12662	ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage i ...	jessie, stretch
	CVE-2017-12663	ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage i ...	jessie, stretch
	CVE-2017-12664	ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage ...	jessie, stretch
	CVE-2017-12665	ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage ...	jessie, stretch
	CVE-2017-12666	ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImag ...	stretch
	CVE-2017-12667	ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in ...	jessie, stretch
	CVE-2017-12668	ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage i ...	jessie, stretch
	CVE-2017-12669	ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage ...	jessie, stretch
	CVE-2017-12671	In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/ ...	jessie
	CVE-2017-12672	In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...	jessie, stretch
	CVE-2017-12673	In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...	jessie, stretch
	CVE-2017-12675	In ImageMagick 7.0.6-3, a missing check for multidimensional data was ...	jessie, stretch
	CVE-2017-12676	In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...	jessie, stretch
	CVE-2017-13058	In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the f ...	jessie, stretch
	CVE-2017-13059	In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the f ...	jessie, stretch
	CVE-2017-13060	In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the f ...	jessie, stretch
	CVE-2017-13062	In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the f ...	jessie, stretch
	CVE-2017-13131	In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the f ...	jessie, stretch
	CVE-2017-13141	In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file c ...	jessie
	CVE-2017-13146	In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memor ...	jessie, stretch
	CVE-2017-14137	ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue whe ...	jessie, stretch
	CVE-2017-14138	ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage i ...	jessie, stretch
	CVE-2017-14139	ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage i ...	jessie, stretch
	CVE-2017-14324	In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...	jessie, stretch
	CVE-2017-14325	In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...	jessie, stretch
	CVE-2017-14326	In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...	jessie, stretch
	CVE-2017-14342	ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGIm ...	jessie, stretch
	CVE-2017-14343	ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in ...	jessie, stretch
	CVE-2017-14531	ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in c ...	jessie, stretch
	CVE-2017-14533	ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. ...	jessie, stretch
	CVE-2017-14684	In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in t ...	jessie, stretch
	CVE-2017-15016	ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...	jessie, stretch
	CVE-2017-15032	ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage i ...	jessie, stretch
	CVE-2017-15033	ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in ...	jessie, stretch
	CVE-2017-15217	ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. ...	jessie, stretch
	CVE-2017-15218	ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png ...	jessie, stretch
	CVE-2017-17680	In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...	jessie, stretch
	CVE-2017-17880	In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based ...	jessie, stretch
	CVE-2017-17881	In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...	jessie, stretch
	CVE-2017-17882	In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...	jessie, stretch
	CVE-2017-17883	In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...	jessie, stretch
	CVE-2017-17884	In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...	jessie, stretch
	CVE-2017-17885	In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...	jessie, stretch
	CVE-2017-17886	In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...	jessie, stretch
	CVE-2017-17887	In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...	jessie, stretch
	CVE-2017-17934	ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, rela ...	jessie, stretch
	CVE-2017-18008	In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in ...	jessie, stretch
	CVE-2017-18022	In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCom ...	jessie, stretch
	CVE-2017-18027	In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...	jessie, stretch
	CVE-2017-18028	In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was foun ...	jessie, stretch
	CVE-2017-18029	In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in ...	jessie, stretch
	CVE-2017-18251	An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerabil ...	jessie, stretch
	CVE-2017-18254	An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerabil ...	jessie, stretch
	CVE-2017-6502	An issue was discovered in ImageMagick 6.9.7. A specially crafted webp ...	jessie, stretch
	CVE-2017-7275	The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allow ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-10804	ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage ...	jessie, stretch
	CVE-2018-10805	ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage ...	jessie, stretch
	CVE-2018-11655	In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was fo ...	jessie, stretch
	CVE-2018-11656	In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was fo ...	jessie, stretch
	CVE-2018-13153	In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand f ...	jessie, stretch
	CVE-2018-14434	ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage ...	jessie, stretch
	CVE-2018-14435	ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. ...	jessie, stretch
	CVE-2018-14436	ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff. ...	jessie, stretch
	CVE-2018-14437	ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. ...	jessie, stretch
	CVE-2018-15607	In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x3 ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-16640	ImageMagick 7.0.8-5 has a memory leak vulnerability in the function Re ...	jessie, stretch
	CVE-2018-16750	In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfr ...	jessie, stretch
	CVE-2018-17965	ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage ...	jessie, stretch
	CVE-2018-17966	ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage ...	jessie, stretch
	CVE-2018-17967	ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage i ...	jessie, stretch
	CVE-2018-18016	ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage ...	jessie, stretch
	CVE-2018-18544	There is a memory leak in the function WriteMSLImage of coders/msl.c i ...	jessie, stretch
	CVE-2018-5246	In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImag ...	jessie, stretch
	CVE-2018-5247	In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in ...	jessie, stretch
	CVE-2018-5357	ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function ...	jessie, stretch
	CVE-2018-5358	ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...	jessie, stretch
	CVE-2018-6405	In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0 ...	jessie, stretch
	CVE-2018-7470	An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLo ...	jessie, stretch
	CVE-2018-9135	In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in ...	jessie, stretch
	CVE-2019-10649	In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SV ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-12975	ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXIm ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-12976	ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-13137	ImageMagick before 7.0.8-50 has a memory leak vulnerability in the fun ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-13301	ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory becau ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-13309	ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-13310	ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-13311	ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-16708	ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-16709	ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrate ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-16710	ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrate ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-16711	ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in code ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-16712	ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in code ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-16713	ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrate ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-7175	In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-7395	In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChanne ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-7396	In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-7397	In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, seve ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-7398	In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage ...	bullseye, buster, jessie, sid, stretch
	TEMP-0869722-31618B	memory leak in quantize	jessie, stretch
initramfs-tools	CVE-2008-4996		bullseye, buster, jessie, sid, stretch
ioquake3	CVE-2019-1010043	Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: P ...	bullseye, buster, jessie, sid, stretch
ipsec-tools	CVE-2018-5389	The Internet Key Exchange v1 main mode is vulnerable to offline dictio ...	jessie, stretch
iptables	CVE-2012-2663	extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP S ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-11360	A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allo ...	buster, jessie, stretch
irssi	TEMP-0000000-E6792F	irssi missing null terminator	jessie
isakmpd	CVE-2018-5389	The Internet Key Exchange v1 main mode is vulnerable to offline dictio ...	bullseye, buster, sid, stretch
italc	CVE-2019-15680	TightVNC code version 1.3.10 contains null pointer dereference in Hand ...	jessie, stretch
jasper	CVE-2016-10248	The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900. ...	jessie
	CVE-2016-8883	The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 ...	jessie
	CVE-2016-8887	The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer bef ...	jessie
	CVE-2016-9387	Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/ ...	jessie
	CVE-2016-9388	The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows ...	jessie
	CVE-2016-9389	The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.90 ...	jessie
	CVE-2016-9390	The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 a ...	jessie
	CVE-2016-9391	The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 ...	jessie
	CVE-2016-9392	The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allo ...	jessie
	CVE-2016-9393	The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 ...	jessie
	CVE-2016-9394	The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 a ...	jessie
	CVE-2016-9395	The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 a ...	jessie
	CVE-2016-9396	The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0. ...	jessie
	CVE-2016-9397	The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows rem ...	jessie
	CVE-2016-9398	The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 all ...	jessie
	CVE-2016-9399	The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remo ...	jessie
	CVE-2016-9583	An out-of-bounds heap read vulnerability was found in the jpc_pi_nextp ...	jessie
	CVE-2016-9600	JasPer before version 2.0.10 is vulnerable to a null pointer dereferen ...	jessie
	CVE-2017-1000050	JasPer 2.0.12 is vulnerable to a NULL pointer exception in the functio ...	jessie
	CVE-2017-13745	There is a reachable assertion abort in the function jpc_dec_process_s ...	jessie
	CVE-2017-13746	There is a reachable assertion abort in the function jpc_dec_process_s ...	jessie
	CVE-2017-13747	There is a reachable assertion abort in the function jpc_floorlog2() i ...	jessie
	CVE-2017-13749	There is a reachable assertion abort in the function jpc_pi_nextrpcl() ...	jessie
	CVE-2017-13750	There is a reachable assertion abort in the function jpc_dec_process_s ...	jessie
	CVE-2017-13751	There is a reachable assertion abort in the function calcstepsizes() i ...	jessie
	CVE-2017-13752	There is a reachable assertion abort in the function jpc_dequantize() ...	jessie
	CVE-2017-5498	libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote a ...	jessie
	CVE-2017-5499	Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows ...	jessie
	CVE-2017-5500	libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to ...	jessie
	CVE-2017-5501	Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows ...	jessie
	CVE-2017-5502	libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to ...	jessie
	CVE-2017-5504	The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.2 ...	jessie
	CVE-2017-5505	The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows rem ...	jessie
	CVE-2017-6850	The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 all ...	jessie
	CVE-2017-6851	The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows r ...	jessie
	CVE-2018-9055	JasPer 2.0.14 allows denial of service via a reachable assertion in th ...	jessie
	CVE-2018-9154	There is a reachable abort in the function jpc_dec_process_sot in libj ...	jessie
	CVE-2018-9252	JasPer 2.0.14 allows denial of service via a reachable assertion in th ...	jessie
jbigkit	CVE-2017-9937	In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A cr ...	bullseye, buster, jessie, sid, stretch
jetty	CVE-2009-3579	Cross-site scripting (XSS) vulnerability in the CookieDump.java sample ...	jessie
jhead	CVE-2018-6612	An integer underflow bug in the process_EXIF function of the exif.c fi ...	jessie, stretch
	CVE-2019-1010301	jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of s ...	buster, stretch
	CVE-2019-1010302	jhead 3.03 is affected by: Incorrect Access Control. The impact is: De ...	buster, stretch
	CVE-2019-19035	jhead 3.03 is affected by: heap-based buffer over-read. The impact is: ...	buster, jessie, stretch
	CVE-2020-6624	jhead through 3.04 has a heap-based buffer over-read in process_DQT in ...	bullseye, buster, jessie, sid, stretch
	CVE-2020-6625	jhead through 3.04 has a heap-based buffer over-read in Get32s when ca ...	bullseye, buster, jessie, sid, stretch
jinja2	CVE-2019-8341	DISPUTED An issue was discovered in Jinja2 2.10. The from_string ...	bullseye, buster, jessie, sid, stretch
jquery	CVE-2007-2379	The jQuery framework exchanges data using JavaScript Object Notation ( ...	bullseye, buster, jessie, sid, stretch
json-glib	TEMP-0772585-D41D8C		bullseye, buster, jessie, sid, stretch
jython	CVE-2017-17522	DISPUTED Lib/webbrowser.py in Python through 3.6.3 does not vali ...	bullseye, buster, jessie, sid, stretch
kde-baseapps	CVE-2012-4512	The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 all ...	jessie, stretch
	CVE-2012-4513	khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remot ...	jessie, stretch
	CVE-2012-4514	rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows ...	jessie, stretch
	CVE-2012-4515	Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in ...	jessie, stretch
	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...	jessie, stretch
kde4libs	CVE-2009-1692	WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iP ...	buster, jessie, stretch
	CVE-2009-1718	WebKit in Apple Safari before 4.0 allows user-assisted remote attacker ...	buster, jessie, stretch
	CVE-2009-1724	Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...	buster, jessie, stretch
	CVE-2009-3015	QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and d ...	buster, jessie, stretch
	CVE-2009-3272	Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safar ...	buster, jessie, stretch
	TEMP-0560108-565B70	browser-based css info disclosure	buster, jessie, stretch
	TEMP-0568486-B6FCB6	browser javascript document.write denial-of-service	buster, jessie, stretch
kdepim	CVE-2006-7139	Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, al ...	jessie, stretch
	CVE-2007-1265	KMail 1.9.5 and earlier does not properly use the --status-fd argument ...	jessie, stretch
keepalived	CVE-2018-19044	keepalived 2.0.8 didn't check for pathnames with symlinks when writing ...	jessie, stretch
	CVE-2018-19045	keepalived 2.0.8 used mode 0666 when creating new temporary files upon ...	jessie, stretch
	CVE-2018-19046	keepalived 2.0.8 didn't check for existing plain files when writing da ...	jessie, stretch
keepass2	CVE-2019-20184	KeePass 2.4.1 allows CSV injection in the title field of a CSV export. ...	bullseye, buster, jessie, sid, stretch
kfreebsd-10	CVE-2011-2393	The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...	bullseye, buster, jessie, sid, stretch
	CVE-2015-1417	The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2 ...	jessie
	CVE-2015-5675	The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allow ...	jessie
	CVE-2016-1879	The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-1880	The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and ...	jessie
	CVE-2016-1881	The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause ...	jessie
	CVE-2016-1882	FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remo ...	jessie
	CVE-2016-1883	The issetugid system call in the Linux compatibility layer in FreeBSD ...	jessie
	CVE-2016-1885	Integer signedness error in the amd64_set_ldt function in sys/amd64/am ...	jessie
	CVE-2016-1886	Integer signedness error in the genkbd_commonioctl function in sys/dev ...	jessie
	CVE-2016-1887	Integer signedness error in the sockargs function in sys/kern/uipc_sys ...	jessie
	CVE-2017-1081	In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3 ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-1082	In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-1083	In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-1084	In FreeBSD before 11.2-RELEASE, multiple issues with the implementatio ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-1085	In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-1086	In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4 ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-1087	In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE- ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-1088	In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4 ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-15037	In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_s ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-17154	In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELE ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-17155	In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE- ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-17156	In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to inc ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-6916	In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELE ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-6917	In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELE ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-6918	In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELE ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-6919	In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELE ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-6920	In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE( ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-6921	In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to in ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-6922	One of the data structures that holds TCP segments in all versions of ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-6923	In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip f ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-6924	In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4 ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-6925	In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE- ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-5595	In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-5596	In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE b ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-5597	In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEAS ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-5598	In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-5601	In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEAS ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-5602	In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEAS ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-5603	In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEAS ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-5605	In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEAS ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-5606	In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEAS ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-5609	In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEAS ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-5611	In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEAS ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-5612	In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEAS ...	bullseye, buster, jessie, sid, stretch
kiwi	CVE-2017-17532	examples/framework/news/news3.py in Kiwi 1.9.22 does not validate stri ...	buster, jessie, stretch
kopano-webapp-plugin-files	CVE-2019-16774	In phpfastcache before 5.1.3, there is a possible object injection vul ...	buster
krb5	CVE-2004-0971	The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Sec ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-15088	plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka ...	jessie, stretch
	CVE-2018-5709	An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...	bullseye, buster, jessie, sid, stretch
latex2rtf	CVE-2015-8106	Format string vulnerability in the CmdKeywords function in funct1.c in ...	jessie
lbreakout2	TEMP-0608980-E8B8DF	Crash with long HOME environment variable	bullseye, buster, jessie, sid, stretch
leptonlib	CVE-2018-7247	An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Lepto ...	jessie, stretch
	CVE-2018-7441	Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might al ...	jessie, stretch
	TEMP-0830660-09AE85	Insecure use of /tmp	jessie
less	CVE-2014-9488	The is_utf8_well_formed function in GNU less before 475 allows remote ...	jessie
libao	CVE-2017-11548	The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 a ...	bullseye, buster, jessie, sid, stretch
libapache-poi-java	CVE-2016-5000	The XLSX2CSV example in Apache POI before 3.14 allows remote attackers ...	bullseye, buster, jessie, sid, stretch
libav	CVE-2016-7477	The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 al ...	jessie
	CVE-2016-7499	The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote ...	jessie
	CVE-2016-8676	The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attack ...	jessie
	CVE-2016-9825	libswscale/utils.c in libav 11.8 allows remote attackers to cause a de ...	jessie
	CVE-2016-9826	libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause ...	jessie
	CVE-2019-9717	In Libav 12.3, a denial of service in the subtitle decoder allows atta ...	jessie
	CVE-2019-9719	DISPUTED A stack-based buffer overflow in the subtitle decoder i ...	jessie
	CVE-2019-9720	A stack-based buffer overflow in the subtitle decoder in Libav 12.3 al ...	jessie
libcaca	CVE-2018-20545	There is an illegal WRITE memory access at common-image.c (function lo ...	jessie
	CVE-2018-20548	There is an illegal WRITE memory access at common-image.c (function lo ...	jessie
libcommons-collections4-java	CVE-2015-7501	Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data G ...	bullseye, buster, jessie, sid, stretch
libcommons-fileupload-java	CVE-2016-1000031	Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation ...	bullseye, buster, jessie, sid, stretch
libcrypto++	CVE-2016-7420	Crypto++ (aka cryptopp) through 5.6.4 does not document the requiremen ...	bullseye, buster, jessie, sid, stretch
libdata-uuid-perl	CVE-2013-4184	Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink a ...	bullseye, buster, jessie, sid, stretch
libemail-address-perl	CVE-2015-7686	Algorithmic complexity vulnerability in Address.pm in the Email-Addres ...	jessie
	CVE-2018-12558	The parse() method in the Email::Address module through 1.909 for Perl ...	jessie
libesmtp	CVE-2019-19977	libESMTP through 1.0.6 mishandles domain copying into a fixed-size buf ...	bullseye, buster, jessie, sid, stretch
libfsntfs	CVE-2018-11727	DISPUTED The libfsntfs_attribute_read_from_mft function in libfs ...	stretch
	CVE-2018-11728	DISPUTED The libfsntfs_reparse_point_values_read_data function i ...	stretch
	CVE-2018-11729	DISPUTED The libfsntfs_mft_entry_read_header function in libfsnt ...	stretch
	CVE-2018-11730	DISPUTED The libfsntfs_security_descriptor_values_free function ...	stretch
	CVE-2018-11731	DISPUTED The libfsntfs_mft_entry_read_attributes function in lib ...	stretch
libfwsi	CVE-2019-17263	DISPUTED In libyal libfwsi before 20191006, libfwsi_extension_bl ...	bullseye, buster, sid, stretch
libgadu	CVE-2013-4488	libgadu before 1.12.0 does not verify X.509 certificates from SSL serv ...	bullseye, buster, jessie, sid, stretch
libgcrypt20	CVE-2018-6829	cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt mess ...	bullseye, buster, jessie, sid, stretch
libgnumail-java	CVE-2005-1105	Directory traversal vulnerability in the MimeBodyPart.getFileName meth ...	jessie, stretch
libjpeg-turbo	CVE-2017-15232	libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and j ...	bullseye, buster, jessie, sid, stretch
libjpeg6b	CVE-2016-3616	The cjpeg utility in libjpeg allows remote attackers to cause a denial ...	sid
libjs-handlebars	TEMP-0000000-345A3B	handlebars: quoteless attributes in templates can lead to content injection	jessie, stretch
libjs-i18next	CVE-2017-16010	i18next is a language translation framework. When using the .init meth ...	buster, stretch
liblivemedia	CVE-2019-7732	In Live555 0.95, a setup packet can cause a memory leak leading to DoS ...	bullseye, buster, jessie, sid, stretch
liblnk	CVE-2018-12096	DISPUTED The liblnk_data_string_get_utf8_string_size function in ...	bullseye, buster, sid, stretch
	CVE-2018-12097	DISPUTED The liblnk_location_information_read_data function in l ...	bullseye, buster, sid, stretch
	CVE-2018-12098	DISPUTED The liblnk_data_block_read function in liblnk_data_bloc ...	stretch
	CVE-2019-17263	DISPUTED In libyal libfwsi before 20191006, libfwsi_extension_bl ...	bullseye, buster, sid, stretch
	CVE-2019-17264	DISPUTED In libyal liblnk before 20191006, liblnk_location_infor ...	bullseye, buster, sid, stretch
	CVE-2019-17401	DISPUTED libyal liblnk 20191006 has a heap-based buffer over-rea ...	bullseye, buster, sid, stretch
libmspack	CVE-2018-18586	DISPUTED chmextract.c in the chmextract sample program, as distr ...	jessie, stretch
libnl3	CVE-2017-0553	An elevation of privilege vulnerability in libnl could enable a local ...	jessie
libokhttp-java	CVE-2018-20200	DISPUTED CertificatePinner.java in OkHttp 3.x through 3.12.0 all ...	bullseye, buster, sid
libopenmpt	CVE-2019-14382	DSM in libopenmpt before 0.4.2 allows an assertion failure during file ...	stretch
	CVE-2019-14383	J2B in libopenmpt before 0.4.2 allows an assertion failure during file ...	stretch
libphp-adodb	CVE-2006-4976	The Date Library in John Lim ADOdb Library for PHP allows remote attac ...	bullseye, buster, jessie, sid, stretch
	CVE-2011-3699	John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain ...	bullseye, buster, jessie, sid, stretch
libphp-phpmailer	CVE-2017-11503	PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Add ...	bullseye, buster, jessie, sid, stretch
libpng	CVE-2018-14048	An issue has been found in libpng 1.6.34. It is a SEGV in the function ...	jessie
	CVE-2018-14550	An issue has been found in third-party PNM decoding associated with li ...	jessie
	CVE-2019-6129	DISPUTED png_create_info_struct in png.c in libpng 1.6.36 has a ...	jessie
libpng1.6	CVE-2018-14048	An issue has been found in libpng 1.6.34. It is a SEGV in the function ...	buster, stretch
	CVE-2018-14550	An issue has been found in third-party PNM decoding associated with li ...	buster, stretch
	CVE-2019-6129	DISPUTED png_create_info_struct in png.c in libpng 1.6.36 has a ...	bullseye, buster, sid, stretch
libqb	CVE-2019-12779	libqb before 1.0.5 allows local users to overwrite arbitrary files via ...	stretch
libquicktime	CVE-2017-12143	In libquicktime 1.2.4, an allocation failure was found in the function ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-12145	In libquicktime 1.2.4, an allocation failure was found in the function ...	bullseye, buster, jessie, sid, stretch
libreoffice	CVE-2012-5639	LibreOffice and OpenOffice automatically open embedded content ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-10583	An information disclosure vulnerability occurs when LibreOffice 6.0.3 ...	bullseye, buster, jessie, sid, stretch
libreswan	CVE-2018-5389	The Internet Key Exchange v1 main mode is vulnerable to offline dictio ...	bullseye, buster, sid
libseccomp	CVE-2019-9893	libseccomp before 2.4.0 did not correctly generate 64-bit syscall argu ...	buster, jessie, stretch
libsixel	CVE-2019-11024	The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has ...	bullseye, buster, jessie, sid, stretch
libslf4j-java	CVE-2018-8088	org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before ...	jessie, stretch
libslirp	CVE-2020-7211	tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ ...	bullseye, sid
libsndfile	CVE-2018-13139	A stack-based buffer overflow in psf_memset in common.c in libsndfile ...	stretch
	CVE-2018-19432	An issue was discovered in libsndfile 1.0.28. There is a NULL pointer ...	stretch
libsolv	CVE-2018-20534	DISPUTED There is an illegal address access at ext/testcase.c in ...	buster, jessie, stretch
libspiro	CVE-2019-19847	Libspiro through 20190731 has a stack-based buffer overflow in the spi ...	bullseye, buster, sid, stretch
libspring-java	CVE-2016-1000027	Pivotal Spring Framework 4.1.4 suffers from a potential remote code ex ...	jessie
libtasn1-6	CVE-2018-1000654	GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 c ...	buster, jessie, stretch
libuv	CVE-2014-9748	The uv_rwlock_t fallback implementation for Windows XP and Server 2003 ...	jessie
libv8-3.14	CVE-2013-2632	Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, ...	jessie, stretch
	CVE-2013-2838	Google V8, as used in Google Chrome before 27.0.1453.93, allows remote ...	jessie, stretch
	CVE-2013-2882	Google V8, as used in Google Chrome before 28.0.1500.95, allows remote ...	jessie, stretch
	CVE-2013-2919	Google V8, as used in Google Chrome before 30.0.1599.66, allows remote ...	jessie, stretch
	CVE-2013-6638	Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, ...	jessie, stretch
	CVE-2013-6649	Use-after-free vulnerability in the RenderSVGImage::paint function in ...	jessie, stretch
	CVE-2013-6650	The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Goo ...	jessie, stretch
	CVE-2013-6668	Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, a ...	jessie, stretch
	CVE-2014-1704	Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, a ...	jessie, stretch
	CVE-2014-1705	Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and L ...	jessie, stretch
	CVE-2014-1716	Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype f ...	jessie, stretch
	CVE-2014-1717	Google V8, as used in Google Chrome before 34.0.1847.116, does not pro ...	jessie, stretch
	CVE-2014-1729	Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, a ...	jessie, stretch
	CVE-2014-1730	Google V8, as used in Google Chrome before 34.0.1847.131 on Windows an ...	jessie, stretch
	CVE-2014-1735	Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, a ...	jessie, stretch
	CVE-2014-1736	Integer overflow in api.cc in Google V8, as used in Google Chrome befo ...	jessie, stretch
	CVE-2014-3152	Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm ...	jessie, stretch
	CVE-2014-3188	Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 ...	jessie, stretch
	CVE-2014-3195	Google V8, as used in Google Chrome before 38.0.2125.101, does not pro ...	jessie, stretch
	CVE-2014-3199	The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the ...	jessie, stretch
	CVE-2014-7192	Eval injection vulnerability in index.js in the syntax-error package b ...	jessie, stretch
	CVE-2014-7927	The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-l ...	jessie, stretch
	CVE-2014-7928	hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, d ...	jessie, stretch
	CVE-2014-7931	factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, ...	jessie, stretch
	CVE-2014-7939	Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 ...	jessie, stretch
	CVE-2014-7967	Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, a ...	jessie, stretch
	CVE-2015-1230	The getHiddenProperty function in bindings/core/v8/V8EventListenerList ...	jessie, stretch
	CVE-2015-1290	The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and ...	jessie, stretch
	CVE-2015-1304	object-observe.js in Google V8, as used in Google Chrome before 45.0.2 ...	jessie, stretch
	CVE-2015-1346	Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, a ...	jessie, stretch
	CVE-2015-2238	Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as ...	jessie, stretch
	CVE-2015-3333	Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as ...	jessie, stretch
	CVE-2015-3336	Google Chrome before 42.0.2311.90 does not always ask the user before ...	jessie, stretch
	CVE-2015-6764	The BasicJsonStringifier::SerializeJSArray function in json-stringifie ...	jessie, stretch
	CVE-2015-6771	js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73 ...	jessie, stretch
	CVE-2015-6774	Use-after-free vulnerability in the GetLoadTimes function in renderer/ ...	jessie, stretch
libvncserver	CVE-2019-15680	TightVNC code version 1.3.10 contains null pointer dereference in Hand ...	bullseye, buster, jessie, sid, stretch
libvpx	CVE-2015-1258	Google Chrome before 43.0.2357.65 relies on libvpx code that was not b ...	jessie
	CVE-2015-4506	Buffer overflow in the vp9_init_context_buffers function in libvpx, as ...	jessie
	CVE-2017-0641	A remote denial of service vulnerability in libvpx in Mediaserver coul ...	bullseye, buster, jessie, sid, stretch
libvterm	CVE-2018-20786	libvterm through 0+bzr726, as used in Vim and other products, mishandl ...	bullseye, buster, sid, stretch
libwebp	CVE-2016-9085	Multiple integer overflows in libwebp allows attackers to have unspeci ...	bullseye, buster, jessie, sid, stretch
libwmf	CVE-2007-3476	Array index error in gd_gif_in.c in the GD Graphics Library (libgd) be ...	bullseye, buster, jessie, sid, stretch
	CVE-2007-3477	The (a) imagearc and (b) imagefilledarc functions in GD Graphics Libra ...	bullseye, buster, jessie, sid, stretch
	CVE-2007-3996	Multiple integer overflows in libgd in PHP before 5.2.4 allow remote a ...	bullseye, buster, jessie, sid, stretch
	CVE-2009-3546	The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5. ...	bullseye, buster, jessie, sid, stretch
	TEMP-0601525-BEBB65	libgd2: gdImageColorTransparent can write outside buffer	bullseye, buster, jessie, sid, stretch
libxerces2-java	CVE-2012-0881	Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to ca ...	bullseye, buster, jessie, sid, stretch
libxfont1	CVE-2017-13720	In the PatternMatch function in fontfile/fontdir.c in libXfont through ...	stretch
	CVE-2017-13722	In the pcfGetProperties function in bitmap/pcfread.c in libXfont throu ...	stretch
	CVE-2017-16611	In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker ...	stretch
libxslt	CVE-2015-9019	In libxslt 1.1.29 and earlier, the EXSLT math.random function was not ...	bullseye, buster, jessie, sid, stretch
lilo	CVE-2008-3895	LILO 22.6.1 and earlier stores pre-boot authentication passwords in th ...	bullseye, buster, jessie, sid, stretch
links2	CVE-2017-11114	The put_chars function in html_r.c in Twibright Links 2.14 allows remo ...	jessie, stretch
linux	CVE-2004-0230	TCP, when using a large Window Size, makes it easier for remote attack ...	bullseye, buster, jessie, sid, stretch
	CVE-2005-3660	Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...	bullseye, buster, jessie, sid, stretch
	CVE-2007-3719	The process scheduler in the Linux kernel 2.6.16 gives preference to " ...	bullseye, buster, jessie, sid, stretch
	CVE-2008-2544		bullseye, buster, jessie, sid, stretch
	CVE-2008-4609	The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...	bullseye, buster, jessie, sid, stretch
	CVE-2010-4563	The Linux kernel, when using IPv6, allows remote attackers to determin ...	bullseye, buster, jessie, sid, stretch
	CVE-2010-5321	Memory leak in drivers/media/video/videobuf-core.c in the videobuf sub ...	bullseye, buster, jessie, sid, stretch
	CVE-2011-4915		bullseye, buster, jessie, sid, stretch
	CVE-2011-4917		bullseye, buster, jessie, sid, stretch
	CVE-2012-4542	block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly c ...	bullseye, buster, jessie, sid, stretch
	CVE-2014-3180	DISPUTED In kernel/compat.c in the Linux kernel before 3.17, as ...	jessie
	CVE-2014-9892	The snd_compr_tstamp function in sound/core/compress_offload.c in the ...	bullseye, buster, jessie, sid, stretch
	CVE-2014-9900	The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel ...	bullseye, buster, jessie, sid, stretch
	CVE-2015-2877	DISPUTED Kernel Samepage Merging (KSM) in the Linux kernel 2.6.3 ...	bullseye, buster, jessie, sid, stretch
	CVE-2015-4001	Integer signedness error in the oz_hcd_get_desc_cnf function in driver ...	jessie
	CVE-2015-4002	drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux k ...	jessie
	CVE-2015-4003	The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1 ...	jessie
	CVE-2015-4004	The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untru ...	jessie
	CVE-2015-7837	The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, an ...	jessie
	CVE-2015-7885	The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in th ...	jessie
	CVE-2015-8967	arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local us ...	jessie
	CVE-2016-3857	The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allo ...	jessie
	CVE-2016-9120	Race condition in the ion_ioctl function in drivers/staging/android/io ...	jessie
	CVE-2017-11472	The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in t ...	jessie, stretch
	CVE-2017-12762	In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied in ...	jessie, stretch
	CVE-2017-13693	The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils. ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-13694	The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobje ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-13695	The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the ...	jessie, stretch
	CVE-2017-18255	The perf_cpu_time_max_percent_handler function in kernel/events/core.c ...	jessie
	CVE-2017-9984	The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in t ...	jessie
	CVE-2017-9985	The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in ...	jessie
	CVE-2017-9986	The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel thr ...	jessie, stretch
	CVE-2018-1121	procps-ng, procps is vulnerable to a process hiding through race condi ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-20669	An issue where a provided address with access_ok() is not checked was ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-8043	The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in ...	bullseye, buster, sid, stretch
	CVE-2018-9465	In task_get_unused_fd_flags of binder.c, there is a possible memory co ...	jessie
	CVE-2019-11191	DISPUTED The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT i ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-12378	DISPUTED An issue was discovered in ip6_ra_control in net/ipv6/i ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-12379	DISPUTED An issue was discovered in con_insert_unipair in driver ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-12380	DISPUTED An issue was discovered in the efi subsystem in the Linux ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-12381	DISPUTED An issue was discovered in ip_ra_control in net/ipv4/ip ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-12382	DISPUTED An issue was discovered in drm_load_edid_firmware in dr ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-12455	DISPUTED An issue was discovered in sunxi_divs_clk_setup in driv ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-12456	DISPUTED An issue was discovered in the MPT3COMMAND case in _ctl ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-12614	An issue was discovered in dlpar_parse_cc_property in arch/powerpc/pla ...	jessie
	CVE-2019-12615	An issue was discovered in get_vdev_port_node_info in arch/sparc/kerne ...	buster, jessie, stretch
	CVE-2019-16229	DISPUTED drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-16230	drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 doe ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-16231	drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-16232	drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5. ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-16233	drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not chec ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-16234	drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5. ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-18808	A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-19046	DISPUTED A memory leak in the __ipmi_bmc_register() function in ...	buster, jessie, stretch
	CVE-2019-19049	DISPUTED A memory leak in the unittest_data_add() function in dr ...	jessie
	CVE-2019-19054	A memory leak in the cx23888_ir_probe() function in drivers/media/pci/ ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-19060	A memory leak in the adis_update_scan_mode() function in drivers/iio/i ...	jessie, stretch
	CVE-2019-19061	A memory leak in the adis_update_scan_mode_burst() function in drivers ...	buster, jessie, stretch
	CVE-2019-19063	Two memory leaks in the rtl_usb_probe() function in drivers/net/wirele ...	jessie
	CVE-2019-19064	DISPUTED A memory leak in the fsl_lpspi_probe() function in driv ...	buster, jessie, stretch
	CVE-2019-19067	DISPUTED Four memory leaks in the acp_hw_init() function in driv ...	buster, jessie, stretch
	CVE-2019-19070	DISPUTED A memory leak in the spi_gpio_probe() function in drive ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-19075	A memory leak in the ca8210_probe() function in drivers/net/ieee802154 ...	jessie, stretch
	CVE-2019-19083	Memory leaks in *clock_source_create() functions under drivers/gpu/drm ...	buster
	TEMP-0000000-F7A20F	Kernel: Unprivileged user can freeze journald	bullseye, buster, jessie, sid, stretch
lldpad	CVE-2018-10932	lldptool version 1.0.1 and older can print a raw, unsanitized attacker ...	stretch
lrzip	CVE-2017-8842	The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrz ...	jessie, stretch
	CVE-2017-8843	The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 al ...	jessie, stretch
	CVE-2017-8845	The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lr ...	jessie, stretch
	CVE-2017-8847	The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrz ...	jessie, stretch
	CVE-2018-9058	In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the ...	jessie, stretch
	CVE-2019-10654	The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in ...	bullseye, buster, jessie, sid, stretch
luajit	CVE-2019-19391	DISPUTED In LuaJIT through 2.0.5, as used in Moonjit before 2.1. ...	bullseye, buster, jessie, sid, stretch
lucene-solr	CVE-2017-3164	Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (in ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-17558	Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code ...	bullseye, buster, jessie, sid, stretch
lxc	CVE-2019-5736	runc through 1.0-rc6, as used in Docker before 18.09.2 and other produ ...	jessie, stretch
lynis	CVE-2017-8108	Unspecified tests in Lynis before 2.5.0 allow local users to write to ...	jessie, stretch
m2crypto	CVE-2009-0127	DISPUTED M2Crypto does not properly check the return value from ...	bullseye, buster, jessie, sid, stretch
m4	CVE-2008-1687	The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1. ...	bullseye, buster, jessie, sid, stretch
	CVE-2008-1688	Unspecified vulnerability in GNU m4 before 1.4.11 might allow context- ...	bullseye, buster, jessie, sid, stretch
magpierss	CVE-2006-4735	Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sens ...	bullseye, buster, jessie, sid, stretch
maildirsync	CVE-2008-5150	sample.sh in maildirsync 1.1 allows local users to append data to arbi ...	bullseye, buster, jessie, sid, stretch
mailutils	CVE-2019-18862	maidag in GNU Mailutils before 3.8 is installed setuid and allows loca ...	bullseye, buster, jessie, sid, stretch
matanza	CVE-2009-3560	The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, a ...	bullseye, buster, jessie, sid, stretch
	CVE-2009-3720	The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...	bullseye, buster, jessie, sid, stretch
mbedtls	CVE-2018-1000520	ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows In ...	bullseye, buster, sid, stretch
mcollective	CVE-2014-0175	mcollective has a default password set at install ...	bullseye, buster, jessie, sid
mdadm	CVE-2014-5220	The mdcheck script of the mdadm package for openSUSE 13.2 prior to ver ...	jessie
mediaelement	CVE-2016-4567	Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as ...	bullseye, buster, jessie, sid, stretch
mediawiki	CVE-2007-0894	MediaWiki before 1.9.2 allows remote attackers to obtain sensitive inf ...	bullseye, buster, sid, stretch
	CVE-2014-1686	MediaWiki 1.18.0 allows remote attackers to obtain the installation pa ...	bullseye, buster, sid, stretch
mediawiki-extensions	CVE-2013-4305	Cross-site scripting (XSS) vulnerability in contrib/example.php in the ...	jessie
mensis	CVE-2017-17534	uiutil.c in Mensis 0.0.080507 does not validate strings before launchi ...	jessie
mercurial	CVE-2018-17983	cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read du ...	stretch
metview	CVE-2017-17515	DISPUTED etc/ObjectList in Metview 4.7.3 does not validate strin ...	bullseye, buster, jessie, sid, stretch
mgetty	CVE-2018-16742	An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a ...	jessie, stretch
	CVE-2018-16743	An issue was discovered in mgetty before 1.2.1. In contrib/next-login/ ...	jessie, stretch
mh-book	CVE-2008-5152	inmail-show in mh-book 200605 allows local users to overwrite arbitrar ...	bullseye, buster, jessie, sid, stretch
midori	CVE-2012-2132	libsoup 2.32.2 and earlier does not validate certificates or clear the ...	buster, sid, stretch
	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...	buster, sid, stretch
mingw-w64	CVE-2018-5392	mingw-w64 version 5.0.4 by default produces executables that opt in to ...	bullseye, buster, jessie, sid, stretch
mini-httpd	CVE-2009-4490	mini_httpd 1.19 writes data to a log file without sanitizing non-print ...	bullseye, buster, sid, stretch
	CVE-2017-17663	The htpasswd implementation of mini_httpd before v1.28 and of thttpd b ...	bullseye, buster, sid, stretch
minidjvu	CVE-2017-12441	The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can ca ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-12442	The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can ca ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-12443	The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 c ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-12444	The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidj ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-12445	The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cp ...	bullseye, buster, jessie, sid, stretch
miniupnpc	CVE-2017-1000494	Uninitialized stack variable vulnerability in NameValueParserEndElt (u ...	jessie, stretch
modsecurity-crs	CVE-2019-11387	An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...	buster, jessie, stretch
	CVE-2019-11388	DISPUTED An issue was discovered in OWASP ModSecurity Core Rule ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-11389	DISPUTED An issue was discovered in OWASP ModSecurity Core Rule ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-11390	DISPUTED An issue was discovered in OWASP ModSecurity Core Rule ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-11391	DISPUTED An issue was discovered in OWASP ModSecurity Core Rule ...	bullseye, buster, jessie, sid, stretch
moin	CVE-2007-0902	Unspecified vulnerability in the "Show debugging information" feature ...	bullseye, buster, jessie, sid, stretch
mojarra	CVE-2010-2087	Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application ...	bullseye, buster, jessie, sid, stretch
mongodb	CVE-2015-2327	PCRE before 8.36 mishandles the /(((a\2)\|(a)\g<-1>))/ pattern ...	jessie, sid, stretch
	CVE-2015-2328	PCRE before 8.36 mishandles the /((?(R)a\|(?1)))+/ pattern and related ...	jessie, sid, stretch
mono-reference-assemblies	CVE-2018-1002208	SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...	sid, stretch
monopd	CVE-2015-0841	Off-by-one error in the readBuf function in listener.cpp in libcapsine ...	bullseye, buster, jessie, sid, stretch
mozilla-noscript	CVE-2018-16983	NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other ...	bullseye, buster, jessie, sid
mp3splt	CVE-2017-5665	The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allo ...	bullseye, buster, jessie, sid
	CVE-2017-5666	The free_options function in options_manager.c in mp3splt 2.6.2 allows ...	bullseye, buster, jessie, sid
	CVE-2017-5851	The free_options function in options_manager.c in mp3splt 2.6.2 allows ...	bullseye, buster, jessie, sid
mpg123	CVE-2017-11126	The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25 ...	jessie, stretch
mupdf	CVE-2016-10246	Buffer overflow in the main function in jstest_main.c in Mujstest in A ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-10247	Buffer overflow in the my_getline function in jstest_main.c in Mujstes ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-6060	Stack-based buffer overflow in jstest_main.c in mujstest in Artifex So ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-1000036	In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser a ...	jessie, stretch
	CVE-2018-10289	In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space functi ...	stretch
	CVE-2018-19777	In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg ...	buster, jessie, stretch
	CVE-2018-19881	In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to caus ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-19882	In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c a ...	bullseye, buster, jessie, sid, stretch
mustache.js	CVE-2015-8861	The handlebars package before 4.0.0 for Node.js allows remote attacker ...	bullseye, buster, jessie, sid, stretch
	CVE-2015-8862	mustache package before 2.2.1 for Node.js allows remote attackers to c ...	bullseye, buster, jessie, sid, stretch
	TEMP-0000000-137F0A	quoteless attributes in templates can lead to content injection	bullseye, buster, jessie, sid, stretch
mutt	CVE-2007-1268	Mutt 1.5.13 and earlier does not properly use the --status-fd argument ...	bullseye, buster, jessie, sid, stretch
	TEMP-0775199-D05A9E	smime_keys: insecure use of /tmp	jessie
mxml	CVE-2018-20005	An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after ...	bullseye, buster, jessie, sid, stretch
mysql-5.5	CVE-2012-5613		jessie
	CVE-2012-5627	Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and ...	jessie
nagios3	CVE-2008-5027	The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor befo ...	jessie
nasm	CVE-2017-14228	In Netwide Assembler (NASM) 2.14rc0, there is an illegal address acces ...	jessie, stretch
	CVE-2018-1000667	NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains ...	jessie, stretch
	CVE-2018-1000886	nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-10316	Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the asse ...	jessie, stretch
	CVE-2018-16382	Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regfla ...	jessie, stretch
	CVE-2018-16517	asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dere ...	jessie, stretch
	CVE-2018-16999	Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segment ...	jessie, stretch
	CVE-2018-19209	Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in th ...	jessie, stretch
	CVE-2018-19213	Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may le ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-19214	Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in ...	jessie, stretch
	CVE-2018-19215	Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...	jessie, stretch
	CVE-2018-19755	There is an illegal address access at asm/preproc.c (function: is_mmac ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-20535	There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-20538	There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-14248	In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-20334	In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-20352	In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occ ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-6290	An infinite recursion issue was discovered in eval.c in Netwide Assemb ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-6291	An issue was discovered in the function expr6 in eval.c in Netwide Ass ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-8343	In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in past ...	bullseye, buster, jessie, sid, stretch
net-tools	CVE-2002-1976	ifconfig, when used on the Linux kernel 2.2 and later, does not report ...	bullseye, buster, jessie, sid, stretch
netdata	CVE-2019-9834	DISPUTED The Netdata web application through 1.13.0 allows remot ...	bullseye, buster, sid
nethack	CVE-2019-19905	NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability ...	bullseye, buster, jessie, sid, stretch
	CVE-2020-5209	In NetHack before 3.6.5, unknown options starting with -de and -i can ...	bullseye, buster, jessie, sid, stretch
	CVE-2020-5210	In NetHack before 3.6.5, an invalid argument to the -w command line op ...	bullseye, buster, jessie, sid, stretch
	CVE-2020-5211	In NetHack before 3.6.5, an invalid extended command in value for the ...	bullseye, buster, jessie, sid, stretch
	CVE-2020-5212	In NetHack before 3.6.5, an extremely long value for the MENUCOLOR con ...	bullseye, buster, jessie, sid, stretch
	CVE-2020-5213	In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ...	bullseye, buster, jessie, sid, stretch
	CVE-2020-5214	In NetHack before 3.6.5, detecting an unknown configuration file optio ...	bullseye, buster, jessie, sid, stretch
netmask	TEMP-0921565-C5FF8E	netmask: buffer overflow vulnerability	stretch
netsurf	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...	jessie, sid, stretch
network-manager-applet	CVE-2017-6590	An issue was discovered in network-manager-applet (aka network-manager ...	bullseye, buster, jessie, sid, stretch
nghttp2	TEMP-0000000-A4EF31	Null pointer access in inflatehd tool	bullseye, buster, jessie, sid, stretch
nginx	CVE-2009-4487	nginx 0.7.64 writes data to a log file without sanitizing non-printabl ...	bullseye, buster, jessie, sid, stretch
nip2	CVE-2017-17514	DISPUTED boxes.c in nip2 8.4.0 does not validate strings before ...	bullseye, buster, jessie, sid, stretch
nmap	CVE-2017-18594	nse_libssh2.cc in Nmap 7.70 is subject to a denial of service conditio ...	buster, jessie, stretch
	CVE-2018-15173	Nmap through 7.70, when the -sV option is used, allows remote attacker ...	bullseye, buster, jessie, sid, stretch
node-cli	CVE-2016-10538	The package `node-cli` before 1.0.0 insecurely uses the lock_file and ...	jessie
node-cookie-signature	CVE-2016-1000236	Node-cookie-signature before 1.0.6 is affected by a timing attack due ...	jessie, stretch
node-debug	CVE-2017-16137	The debug module is vulnerable to regular expression denial of service ...	jessie, stretch
node-deep-extend	CVE-2018-3750	The utilities function in all versions <= 0.5.0 of the deep-extend ...	stretch
node-express	CVE-2014-6393	The Express web framework before 3.11 and 4.x before 4.5 for Node.js d ...	jessie, stretch
node-extend	CVE-2018-16491	A prototype pollution vulnerability was found in node.extend <1.1.7 ...	jessie, stretch
	CVE-2018-16492	A prototype pollution vulnerability was found in module extend <2.0 ...	jessie, stretch
node-growl	CVE-2017-16042	Growl adds growl notification support to nodejs. Growl before 1.10.2 d ...	jessie
node-knockout	CVE-2019-14862	There is a vulnerability in knockout before version 3.5.0-beta, where ...	bullseye, buster, sid
node-lodash	CVE-2018-16487	A prototype pollution vulnerability was found in lodash <4.17.11 wh ...	jessie, stretch
	CVE-2018-3721	lodash node module before 4.17.5 suffers from a Modification of Assume ...	jessie, stretch
	CVE-2019-1010266	lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource ...	jessie, stretch
node-marked	CVE-2015-1370	Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Nod ...	jessie
	CVE-2015-8854	The marked package before 0.3.4 for Node.js allows attackers to cause ...	jessie
	CVE-2016-10531	marked is an application that is meant to parse and compile markdown. ...	jessie
	CVE-2017-1000427	marked version 0.3.6 and earlier is vulnerable to an XSS attack in the ...	jessie, stretch
	CVE-2017-16114	The marked module is vulnerable to a regular expression denial of serv ...	jessie, stretch
node-mime	CVE-2017-16138	The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expr ...	jessie, stretch
node-minimatch	CVE-2016-10540	Minimatch is a minimal matching utility that works by converting glob ...	jessie
node-moment	CVE-2017-18214	The moment module before 2.19.3 for Node.js is prone to a regular expr ...	stretch
node-negotiator	CVE-2016-10539	negotiator is an HTTP content negotiator for Node.js and is used by ma ...	jessie, stretch
node-postgres	CVE-2017-16082	A remote code execution vulnerability was found within the pg module w ...	jessie
node-semver	CVE-2015-8855	The semver package before 4.3.2 for Node.js allows attackers to cause ...	jessie
node-send	CVE-2015-8859	The send package before 0.11.1 for Node.js allows attackers to obtain ...	jessie, stretch
	TEMP-0000000-FD1F92	root path disclosure	jessie, stretch
node-serve-index	CVE-2015-8856	Cross-site scripting (XSS) vulnerability in the serve-index package be ...	jessie, stretch
node-tar	CVE-2015-8860	The tar package before 2.0.0 for Node.js allows remote attackers to wr ...	jessie
node-uuid	CVE-2015-8851	node-uuid before 1.4.4 uses insufficiently random data to create a GUI ...	jessie, stretch
node-ws	CVE-2016-10518	A vulnerability was found in the ping functionality of the ws module b ...	jessie
	TEMP-0000000-BBB7D8	remote memory disclosure	jessie
nodejs	CVE-2014-5256	Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider th ...	jessie
	CVE-2014-9748	The uv_rwlock_t fallback implementation for Windows XP and Server 2003 ...	jessie
	CVE-2016-1669	The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as us ...	jessie
	CVE-2016-2086	Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0 ...	jessie
	CVE-2016-2216	The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 ...	jessie
	CVE-2016-5325	CRLF injection vulnerability in the ServerResponse#writeHead function ...	jessie
	CVE-2016-7099	The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, ...	jessie
	CVE-2017-11499	Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11. ...	jessie, stretch
	CVE-2018-12115	In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when use ...	jessie, stretch
	CVE-2018-12116	Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request ...	jessie, stretch
	CVE-2018-12120	Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 list ...	jessie, stretch
	CVE-2018-12121	Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...	jessie, stretch
	CVE-2018-12122	Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...	jessie, stretch
	CVE-2018-12123	Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...	jessie, stretch
	CVE-2018-7158	The `'path'` module in the Node.js 4.x release line contains a potenti ...	jessie, stretch
	CVE-2018-7159	The HTTP parser in all current versions of Node.js ignores spaces in t ...	jessie, stretch
	CVE-2018-7167	Calling Buffer.fill() or Buffer.alloc() with some parameters can lead ...	jessie, stretch
	CVE-2019-5737	In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before ...	jessie, stretch
	CVE-2019-5739	Keep-alive HTTP and HTTPS connections can remain open and inactive for ...	jessie, stretch
nova	CVE-2013-0326	OpenStack nova base images permissions are world readable ...	bullseye, buster, jessie, sid, stretch
nsd	CVE-2016-6173	NSD before 4.1.11 allows remote DNS master servers to cause a denial o ...	jessie
nss	CVE-2017-11695	Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/h ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-11696	Heap-based buffer overflow in the __hash_open function in lib/dbm/src/ ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-11697	The __hash_open function in hash.c:229 in Mozilla Network Security Ser ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-11698	Heap-based buffer overflow in the __get_page function in lib/dbm/src/h ...	bullseye, buster, jessie, sid, stretch
ntp	CVE-2016-2517	NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to ...	jessie
	CVE-2017-6458	Multiple buffer overflows in the ctl_put* functions in NTP before 4.2. ...	jessie
	CVE-2017-6462	Buffer overflow in the legacy Datum Programmable Time Server (DPTS) re ...	jessie
	CVE-2018-12327	Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 ...	bullseye, buster, jessie, sid, stretch
nvi	CVE-2015-2305	Integer overflow in the regcomp implementation in the Henry Spencer BS ...	jessie
nvidia-cg-toolkit	CVE-2008-5144	nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...	bullseye, buster, jessie, sid, stretch
ocaml-batteries	CVE-2017-17519	batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) ...	bullseye, buster, jessie, sid, stretch
ocsinventory-server	CVE-2010-1733	Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02 ...	bullseye, buster, jessie, sid
	CVE-2014-4722	Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports ...	bullseye, buster, jessie, sid
	CVE-2018-1000557	OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross ...	jessie
	CVE-2018-1000558	OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2 ...	jessie
	CVE-2018-12482	OCS Inventory 2.4.1 contains multiple SQL injections in the search eng ...	jessie
	CVE-2018-12483	OCS Inventory 2.4.1 is prone to a remote command-execution vulnerabili ...	jessie
	CVE-2018-14473	OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing ...	jessie
	CVE-2018-14857	Unrestricted file upload (with remote code execution) in require/mail/ ...	bullseye, buster, jessie, sid
	CVE-2018-15537	Unrestricted file upload (with remote code execution) in OCS Inventory ...	bullseye, buster, jessie, sid
onionshare	CVE-2018-19960	The debug_mode function in web/web.py in OnionShare through 1.3.1, whe ...	jessie
open-vm-tools	TEMP-0925959-45DD25	insecure handling of /tmp/VMwareDnD	jessie
openexr	CVE-2017-14988	DISPUTED Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2 ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-18443	OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/Ilm ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-18444	makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bound ...	bullseye, buster, jessie, sid, stretch
openjdk-7	CVE-2012-2739	Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 an ...	jessie
openjpeg	CVE-2013-4289	Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1 ...	jessie
	CVE-2013-4290	Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote att ...	jessie
openjpeg2	CVE-2016-10505	NULL pointer dereference vulnerabilities in the imagetopnm function in ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-10506	Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, op ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-7445	convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a ...	jessie
	CVE-2016-9113	There is a NULL pointer dereference in function imagetobmp of convertb ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-9114	There is a NULL Pointer Access in function imagetopnm of convert.c:194 ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-9115	Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-9116	NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in O ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-9117	NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in O ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-9580	An integer overflow vulnerability was found in tiftoimage function in ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-9581	An infinite loop vulnerability in tiftoimage that results in heap buff ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-12982	The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG ...	jessie, stretch
	CVE-2017-17479	In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-16375	An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_i ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-16376	An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflo ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-20845	Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_nex ...	buster, jessie, stretch
	CVE-2018-20846	Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-5727	In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the o ...	buster, jessie, stretch
	CVE-2018-7648	An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. Th ...	buster, jessie, stretch
openldap	CVE-2015-3276	The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDA ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-14159	slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-17740	contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when bot ...	bullseye, buster, jessie, sid, stretch
openrpt	CVE-2015-2305	Integer overflow in the regcomp implementation in the Henry Spencer BS ...	buster, jessie, stretch
opensc	CVE-2019-6502	sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory ...	buster, jessie, stretch
openssh	CVE-2007-2243	OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabl ...	bullseye, buster, jessie, sid, stretch
	CVE-2007-2768	OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, a ...	bullseye, buster, jessie, sid, stretch
	CVE-2008-3234	sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapsh ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-10010	sshd in OpenSSH before 7.4, when privilege separation is not used, cre ...	jessie
	CVE-2019-16905	OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an expe ...	buster
	CVE-2019-6110	In OpenSSH 7.9, due to accepting and displaying arbitrary stderr outpu ...	bullseye, buster, jessie, sid, stretch
openssl	CVE-2007-6755	The NIST SP 800-90A default statement of the Dual Elliptic Curve Deter ...	bullseye, buster, jessie, sid, stretch
	CVE-2010-0928	OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex- ...	bullseye, buster, jessie, sid, stretch
openstack-trove	CVE-2015-3156	The _write_config function in trove/guestagent/datastore/experimental/ ...	jessie, sid, stretch
openvpn	CVE-2006-2229	OpenVPN 2.0.7 and earlier, when configured to use the --management opt ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-6329	OpenVPN, when using a 64-bit block cipher, makes it easier for remote ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-7522	OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to deni ...	stretch
	CVE-2018-7544	DISPUTED A cross-protocol scripting issue was discovered in the ...	bullseye, buster, jessie, sid, stretch
openvswitch	CVE-2017-14970	In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multip ...	jessie, stretch
	CVE-2017-9263	In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status mes ...	stretch
	CVE-2017-9264	In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS ...	stretch
	CVE-2017-9265	In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsin ...	stretch
optipng	CVE-2015-7802	gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote a ...	jessie
opus-tools	CVE-2014-9638	oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial ...	jessie
os-prober	CVE-2008-5135		bullseye, buster, jessie, sid, stretch
osc	CVE-2012-1095	osc before 0.134 might allow remote OBS repository servers or package ...	bullseye, buster, jessie, sid, stretch
otrs2	CVE-2018-7567	DISPUTED In the Admin Package Manager in Open Ticket Request Sys ...	bullseye, buster, jessie, sid, stretch
parallel	CVE-2015-4155	GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) - ...	jessie
	CVE-2015-4156	GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fi ...	jessie
parso	CVE-2019-12760	DISPUTED A deserialization vulnerability exists in the way parso ...	buster
pasdoc	CVE-2017-17527	DISPUTED delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does n ...	jessie, stretch
passenger	CVE-2016-10345	In Phusion Passenger before 5.1.0, a known /tmp filename was used duri ...	bullseye, buster, sid, stretch
patch	CVE-2010-4651	Directory traversal vulnerability in util.c in GNU patch 2.6.1 and ear ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-10713	An issue was discovered in GNU patch before 2.7.6. Out-of-bounds acces ...	jessie, stretch
	CVE-2018-6951	An issue was discovered in GNU patch through 2.7.6. There is a segment ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-6952	A double free exists in the another_hunk function in pch.c in GNU patc ...	bullseye, buster, jessie, sid, stretch
pax-utils	TEMP-0856196-13C562	scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)	jessie, stretch
pcre2	CVE-2017-8786	pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial o ...	stretch
pcre3	CVE-2017-11164	In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exe ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-16231	DISPUTED In PCRE 8.41, after compiling, a pcretest load test PoC ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-7245	Stack-based buffer overflow in the pcre32_copy_substring function in p ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-7246	Stack-based buffer overflow in the pcre32_copy_substring function in p ...	bullseye, buster, jessie, sid, stretch
pdfresurrect	CVE-2019-14267	PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because ...	buster, jessie, stretch
percona-toolkit	CVE-2015-1027	The version checking subroutine in percona-toolkit before 2.2.13 and x ...	jessie, jessie
perl	CVE-2011-4116	_is_safe in the File::Temp module for Perl does not properly handle sy ...	bullseye, buster, jessie, sid, stretch
	TEMP-0769606-4AA6CF	a2p: buffer overflow	jessie
phabricator	CVE-2017-17536	Phabricator before 2017-11-10 does not block the --config and --debugg ...	bullseye, buster, sid, stretch
php-font-lib	CVE-2014-2570	Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP ...	bullseye, buster, jessie, sid, stretch
php-gettext	TEMP-0000000-07A77D	php-gettext XSS	buster, jessie, sid, stretch
php-openid	CVE-2016-2049	examples/consumer/common.php in JanRain PHP OpenID library (aka php-op ...	jessie
php-pear	CVE-2017-5630	PECL in the download utility class in the Installer in PEAR Base Syste ...	bullseye, buster, sid, stretch
php5	CVE-2006-0931	Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...	jessie
	CVE-2006-4023	The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...	jessie
	CVE-2006-6383	PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_base ...	jessie
	CVE-2006-7205	The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...	jessie
	CVE-2007-0448	The fopen function in PHP 5.2.0 does not properly handle invalid URI h ...	jessie
	CVE-2007-1413	Buffer overflow in the snmpget function in the snmp extension in PHP 5 ...	jessie
	CVE-2007-1581	The resource system in PHP 5.0.0 through 5.2.1 allows context-dependen ...	jessie
	CVE-2007-1582	The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...	jessie
	CVE-2007-1710	The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-de ...	jessie
	CVE-2007-1835	PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...	jessie
	CVE-2007-1883	PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-depende ...	jessie
	CVE-2007-1890	Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...	jessie
	CVE-2007-3205	The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, ...	jessie
	CVE-2007-3294	Multiple buffer overflows in libtidy, as used in the Tidy extension fo ...	jessie
	CVE-2007-4255	Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-depe ...	jessie
	CVE-2007-4596	The perl extension in PHP does not follow safe_mode restrictions, whic ...	jessie
	CVE-2007-4889	The MySQL extension in PHP 5.2.4 and earlier allows remote attackers t ...	jessie
	CVE-2007-5424	The disable_functions feature in PHP 4 and 5 allows attackers to bypas ...	jessie
	CVE-2008-2666	Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...	jessie
	CVE-2008-4107	The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cry ...	jessie
	CVE-2008-5625	PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictio ...	jessie
	CVE-2008-7002	PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...	jessie
	CVE-2009-3559		jessie
	CVE-2009-4418	The unserialize function in PHP 5.3.0 and earlier allows context-depen ...	jessie
	CVE-2010-1861	The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...	jessie
	CVE-2010-1862	The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3 ...	jessie
	CVE-2010-1868	The (1) sqlite_single_query and (2) sqlite_array_query functions in ex ...	jessie
	CVE-2010-1914	The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...	jessie
	CVE-2010-1915	The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3. ...	jessie
	CVE-2010-2097	The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...	jessie
	CVE-2010-2100	The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_b ...	jessie
	CVE-2010-2101	The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_w ...	jessie
	CVE-2010-2190	The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions i ...	jessie
	CVE-2010-3062	mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3 ...	jessie
	CVE-2010-3063	The php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...	jessie
	CVE-2010-3064	Stack-based buffer overflow in the php_mysqlnd_auth_write function in ...	jessie
	CVE-2012-1171	The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to by ...	jessie
	CVE-2012-3365	The SQLite functionality in PHP before 5.3.15 allows remote attackers ...	jessie
	CVE-2013-3735	DISPUTED The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 bef ...	jessie
	CVE-2013-6501	The default soap.wsdl_cache_dir setting in (1) php.ini-production and ...	jessie
	CVE-2014-5459	The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows lo ...	jessie
	CVE-2014-9425	Double free vulnerability in the zend_ts_hash_graceful_destroy functio ...	jessie
	CVE-2015-9253	An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before ...	jessie
	CVE-2016-5116	gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used ...	jessie
	CVE-2017-11362	In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/ms ...	jessie
	CVE-2017-5630	PECL in the download utility class in the Installer in PEAR Base Syste ...	jessie
	CVE-2017-7890	The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in th ...	jessie
	CVE-2017-9118	PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a c ...	jessie
	CVE-2017-9119	The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 all ...	jessie
	CVE-2019-11038	When using the gdImageCreateFromXbm() function in the GD Graphics Libr ...	jessie
	CVE-2019-6977	gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka ...	jessie
	CVE-2019-9675	DISPUTED An issue was discovered in PHP 7.x before 7.1.27 and 7. ...	jessie
php7.0	CVE-2015-9253	An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before ...	stretch
	CVE-2017-9118	PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a c ...	stretch
	CVE-2017-9119	The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 all ...	stretch
	CVE-2017-9120	PHP 7.x through 7.1.5 allows remote attackers to cause a denial of ser ...	stretch
	CVE-2019-6977	gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka ...	stretch
phpldapadmin	CVE-2018-12689	phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id param ...	bullseye, jessie, sid
phpmyadmin	CVE-2005-3622	phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain t ...	bullseye, jessie, sid, stretch
	CVE-2007-4306	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10 ...	bullseye, jessie, sid, stretch
	CVE-2015-8669	libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12 ...	jessie
	CVE-2015-8980	The plural form formula in ngettext family of calls in php-gettext bef ...	jessie
	CVE-2016-2038	phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x be ...	jessie
	CVE-2016-2042	phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote ...	jessie
	CVE-2016-5730	phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x be ...	jessie
	CVE-2016-6610	A full path disclosure vulnerability was discovered in phpMyAdmin wher ...	jessie
	CVE-2016-6625	An issue was discovered in phpMyAdmin. An attacker can determine wheth ...	jessie
	CVE-2016-6633	An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigg ...	jessie
	CVE-2016-9847	An issue was discovered in phpMyAdmin. When the user does not specify ...	jessie
	CVE-2016-9848	An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP ...	jessie
	CVE-2016-9852	An issue was discovered in phpMyAdmin. By calling some scripts that ar ...	jessie
	CVE-2016-9853	An issue was discovered in phpMyAdmin. By calling some scripts that ar ...	jessie
	CVE-2016-9854	An issue was discovered in phpMyAdmin. By calling some scripts that ar ...	jessie
	CVE-2016-9855	An issue was discovered in phpMyAdmin. By calling some scripts that ar ...	jessie
	CVE-2016-9856	An XSS issue was discovered in phpMyAdmin because of an improper fix f ...	jessie
	CVE-2016-9857	An issue was discovered in phpMyAdmin. XSS is possible because of a we ...	jessie
	CVE-2016-9858	An issue was discovered in phpMyAdmin. With a crafted request paramete ...	jessie
	CVE-2016-9859	An issue was discovered in phpMyAdmin. With a crafted request paramete ...	jessie
	CVE-2016-9860	An issue was discovered in phpMyAdmin. An unauthenticated user can exe ...	jessie
	CVE-2016-9866	An issue was discovered in phpMyAdmin. When the arg_separator is diffe ...	jessie
	CVE-2017-1000013	phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakne ...	jessie
	CVE-2017-1000014	phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the t ...	jessie
	CVE-2017-1000015	phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack ...	jessie
	CVE-2017-1000016	A weakness was discovered where an attacker can inject arbitrary value ...	jessie
	CVE-2017-1000017	phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user ...	jessie
	CVE-2017-1000018	phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the re ...	jessie
phppgadmin	CVE-2006-4976	The Date Library in John Lim ADOdb Library for PHP allows remote attac ...	jessie
phpsysinfo	CVE-2006-3360	Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 all ...	jessie, sid
pidgin	CVE-2008-2956		bullseye, buster, jessie, sid, stretch
	CVE-2012-1257	Pidgin 2.10.0 uses DBUS for certain cleartext communication, which all ...	bullseye, buster, jessie, sid, stretch
pillow	CVE-2016-3076	Heap-based buffer overflow in the j2k_encode_entry function in Pillow ...	bullseye, buster, jessie, sid, stretch
polarssl	CVE-2011-3389	The SSL protocol, as used in certain configurations in Microsoft Windo ...	jessie
	CVE-2018-1000520	ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows In ...	jessie
poppler	CVE-2013-4472	The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 a ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-2814	An exploitable heap overflow vulnerability exists in the image renderi ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-2818	An exploitable heap overflow vulnerability exists in the image renderi ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-2820	An exploitable integer overflow vulnerability exists in the JPEG 2000 ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-7511	poppler since version 0.17.3 has been vulnerable to NULL pointer deref ...	jessie, stretch
	CVE-2017-7515	poppler through version 0.55.0 is vulnerable to an uncontrolled recurs ...	jessie, stretch
	CVE-2017-9083	poppler 0.54.0, as used in Evince and other products, has a NULL point ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-19059	An issue was discovered in Poppler 0.71.0. There is a out-of-bounds re ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-19060	An issue was discovered in Poppler 0.71.0. There is a NULL pointer der ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-19149	Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attac ...	bullseye, buster, jessie, sid, stretch
postbooks	CVE-2017-17525	guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate st ...	buster, jessie, stretch
postgresql-11	CVE-2019-9193	DISPUTED In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGR ...	buster, sid, jessie, stretch
potrace	CVE-2017-12067	Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubi ...	jessie, stretch
powerpc-utils	CVE-2014-4040	snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot ...	jessie
ppp	CVE-2008-5366	The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local u ...	bullseye, buster, jessie, sid, stretch
	CVE-2008-5367	ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to o ...	bullseye, buster, jessie, sid, stretch
printfilters-ppd	CVE-2008-5034		jessie, sid
protobuf	CVE-2015-5237	protobuf allows remote authenticated attackers to cause a heap-based b ...	bullseye, buster, jessie, sid, stretch
pspp	CVE-2017-10791	There is an Integer overflow in the hash_int function of the libpspp l ...	jessie, stretch
	CVE-2017-10792	There is a NULL Pointer Dereference in the function ll_insert() of the ...	jessie, stretch
	CVE-2017-12958	There is an illegal address access in the function output_hex() in dat ...	jessie, stretch
	CVE-2017-12959	There is a reachable assertion abort in the function dict_add_mrset() ...	jessie, stretch
	CVE-2017-12960	There is a reachable assertion abort in the function dict_rename_var() ...	jessie, stretch
	CVE-2017-12961	There is an assertion abort in the function parse_attributes() in data ...	jessie, stretch
	CVE-2019-9211	There is a reachable assertion abort in the function write_long_string ...	buster, jessie, sid, stretch
ptlib	CVE-2015-2305	Integer overflow in the regcomp implementation in the Henry Spencer BS ...	jessie, stretch
puppet-module-puppetlabs-apache	CVE-2018-6508	Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remot ...	bullseye, buster, jessie, sid, stretch, bullseye, buster, jessie, sid, stretch, bullseye, buster, jessie, sid, stretch
putty	CVE-2019-17069	PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial o ...	buster, jessie, stretch
pwgen	CVE-2013-4441	The Phonemes mode in Pwgen 2.06 generates predictable passwords, which ...	bullseye, buster, jessie, sid, stretch
py-lmdb	CVE-2019-16224	An issue was discovered in py-lmdb 0.97. For certain values of md_flag ...	bullseye, sid, stretch
	CVE-2019-16225	An issue was discovered in py-lmdb 0.97. For certain values of mp_flag ...	bullseye, sid, stretch
	CVE-2019-16226	An issue was discovered in py-lmdb 0.97. mdb_node_del does not validat ...	bullseye, sid, stretch
	CVE-2019-16227	An issue was discovered in py-lmdb 0.97. For certain values of mn_flag ...	bullseye, sid, stretch
	CVE-2019-16228	An issue was discovered in py-lmdb 0.97. There is a divide-by-zero err ...	bullseye, sid, stretch
pycode-browser	CVE-2015-0849	predictable temporary file vulnerability	jessie
python-defaults	CVE-2008-4108	Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) i ...	bullseye, buster, jessie, sid, stretch
python-numpy	CVE-2017-12852	The numpy.pad function in Numpy 1.13.1 and older versions is missing i ...	bullseye, buster, jessie, sid, stretch
python-rply	CVE-2014-1938	python-rply before 0.7.4 insecurely creates temporary files. ...	jessie
python-scrapy	CVE-2017-14158	Scrapy 1.4 allows remote attackers to cause a denial of service (memor ...	bullseye, buster, jessie, sid, stretch
python2.7	CVE-2013-7040	Python 2.7 before 3.4 only uses the last eight bits of the prefix to r ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-1000110	The CGIHandler class in Python before 2.7.12 does not protect against ...	jessie
	CVE-2017-17522	DISPUTED Lib/webbrowser.py in Python through 3.6.3 does not vali ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-1000030	Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Hea ...	jessie, stretch
	CVE-2019-18348	An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-9674	Lib/zipfile.py in Python through 3.7.2 allows remote attackers to caus ...	bullseye, buster, jessie, sid, stretch
python3.4	CVE-2016-1000110	The CGIHandler class in Python before 2.7.12 does not protect against ...	jessie
	CVE-2017-17522	DISPUTED Lib/webbrowser.py in Python through 3.6.3 does not vali ...	jessie
	CVE-2019-18348	An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ...	jessie
	CVE-2019-9674	Lib/zipfile.py in Python through 3.7.2 allows remote attackers to caus ...	jessie
python3.5	CVE-2017-17522	DISPUTED Lib/webbrowser.py in Python through 3.6.3 does not vali ...	stretch
	CVE-2018-20406	Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a ...	stretch
	CVE-2019-18348	An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ...	stretch
	CVE-2019-9674	Lib/zipfile.py in Python through 3.7.2 allows remote attackers to caus ...	stretch
python3.7	CVE-2017-17522	DISPUTED Lib/webbrowser.py in Python through 3.6.3 does not vali ...	bullseye, buster, sid
	CVE-2019-18348	An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ...	bullseye, buster, sid
	CVE-2019-9674	Lib/zipfile.py in Python through 3.7.2 allows remote attackers to caus ...	bullseye, buster, sid
python3.8	CVE-2019-18348	An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ...	bullseye, sid
	CVE-2019-9674	Lib/zipfile.py in Python through 3.7.2 allows remote attackers to caus ...	bullseye, sid
pyyaml	CVE-2017-18342	In PyYAML before 5.1, the yaml.load() API could execute arbitrary code ...	buster, jessie, stretch
	CVE-2019-20477	PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and ...	bullseye, buster, jessie, sid, stretch
qemu	CVE-2016-10028	The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEM ...	stretch
	CVE-2017-5552	Memory leak in the virgl_resource_attach_backing function in hw/displa ...	stretch
	CVE-2017-5578	Memory leak in the virtio_gpu_resource_attach_backing function in hw/d ...	stretch
	CVE-2017-8284	DISPUTED The disas_insn function in target/i386/translate.c in Q ...	jessie, stretch
	CVE-2017-9060	Memory leak in the virtio_gpu_set_scanout function in hw/display/virti ...	stretch
	CVE-2018-20123	pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak ...	buster
	CVE-2018-20124	hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of ...	buster
	CVE-2018-20125	hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of ...	buster
	CVE-2018-20126	hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory ...	buster
	CVE-2018-20191	hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation ...	buster
	CVE-2018-20216	QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c becaus ...	buster
	CVE-2019-12247	DISPUTED QEMU 3.0.0 has an Integer Overflow because the qga/comm ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-12928	DISPUTED The QMP migrate command in QEMU version 4.0.0 and earli ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-12929	DISPUTED The QMP guest_exec command in QEMU 4.0.0 and earlier is ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-20175	DISPUTED An issue was discovered in ide_dma_cb() in hw/ide/core. ...	bullseye, buster, jessie, sid, stretch
qpid-proton	CVE-2018-17187	The Apache Qpid Proton-J transport includes an optional wrapper layer ...	jessie, stretch
qt4-x11	CVE-2009-3015	QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and d ...	buster, jessie, sid, stretch
	CVE-2009-3272	Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safar ...	buster, jessie, sid, stretch
	TEMP-0560108-565B70	browser-based css info disclosure	buster, jessie, sid, stretch
	TEMP-0568486-B6FCB6	browser javascript document.write denial-of-service	buster, jessie, sid, stretch
qtwebkit	CVE-2015-8079	qt5-qtwebkit before 5.4 records private browsing URLs to its favicon d ...	buster, jessie, stretch
quagga	CVE-2012-5521	quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon pe ...	bullseye, buster, jessie, sid, stretch
rails	CVE-2010-3299	The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to p ...	bullseye, buster, jessie, sid, stretch
	CVE-2011-3187	The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-17916	DISPUTED SQL injection vulnerability in the 'find_by' method in ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-17917	DISPUTED SQL injection vulnerability in the 'where' method in Ru ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-17919	DISPUTED SQL injection vulnerability in the 'order' method in Ru ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-17920	DISPUTED SQL injection vulnerability in the 'reorder' method in ...	bullseye, buster, jessie, sid, stretch
recutils	CVE-2019-11637	An issue was discovered in GNU recutils 1.8. There is a NULL pointer d ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-11638	An issue was discovered in GNU recutils 1.8. There is a NULL pointer d ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-11639	An issue was discovered in GNU recutils 1.8. There is a stack-based bu ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-11640	An issue was discovered in GNU recutils 1.8. There is a heap-based buf ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-6455	An issue was discovered in GNU Recutils 1.8. There is a double-free pr ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-6456	An issue was discovered in GNU Recutils 1.8. There is a NULL pointer d ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-6457	An issue was discovered in GNU Recutils 1.8. There is a memory leak in ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-6458	An issue was discovered in GNU Recutils 1.8. There is a memory leak in ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-6459	An issue was discovered in GNU Recutils 1.8. There is a memory leak in ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-6460	An issue was discovered in GNU Recutils 1.8. There is a NULL pointer d ...	bullseye, buster, jessie, sid, stretch
redis	CVE-2017-15047	The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows atta ...	stretch
remind	CVE-2015-5957	Buffer overflow in the DumpSysVar function in var.c in Remind before 3 ...	jessie
resiprocate	CVE-2017-9454	Buffer overflow in the ares_parse_a_reply function in the embedded are ...	jessie, stretch
rhn-client-tools	CVE-2015-1777	rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Re ...	jessie, stretch
rhythmbox	CVE-2008-7185	GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of se ...	bullseye, buster, jessie, sid, stretch
riece	TEMP-0601325-4C9A5B	insecure handling of /tmp files in debian/preinst	jessie
rpm	CVE-2010-2198	lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...	bullseye, buster, jessie, sid, stretch
	CVE-2010-2199	lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-7500	It was found that rpm did not properly handle RPM installations when a ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-7501	It was found that versions of rpm before 4.13.0.2 use temporary files ...	bullseye, buster, jessie, sid, stretch
rsyslog	CVE-2015-3243	rsyslog uses weak permissions for generating log files, which allows l ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-12588	The zmq3 input and output modules in rsyslog before 8.28.0 interpreted ...	jessie, stretch
rtpproxy	CVE-2017-14114	RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in ...	jessie, sid, stretch
rtv	CVE-2017-17516	scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 d ...	bullseye, buster, sid, stretch
ruby-handlebars-assets	TEMP-0000000-345A3B	handlebars: quoteless attributes in templates can lead to content injection	bullseye, buster, jessie, sid, stretch
ruby2.1	CVE-2014-3916	The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 all ...	jessie
s3d	CVE-2014-1226	The pipe_init_terminal function in main.c in s3dvt allows local users ...	jessie
samba	CVE-2019-3824	A flaw was found in the way an LDAP search expression could crash the ...	jessie, stretch
scala	CVE-2017-15288	The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, ...	jessie, stretch
scummvm	CVE-2017-17528	backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not valida ...	bullseye, buster, jessie, sid, stretch
seahorse	CVE-2008-7320	DISPUTED GNOME Seahorse through 3.30 allows physically proximate ...	bullseye, buster, jessie, sid, stretch
shadow	CVE-2007-5686	initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...	bullseye, buster, jessie, sid, stretch
	CVE-2013-4235	shadow: TOCTOU (time-of-check time-of-use) race condition when copying ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-19882	shadow 4.8, in certain circumstances affecting at least Gentoo, Arch L ...	bullseye, buster, jessie, sid, stretch
	TEMP-0628843-DBAD28	more related to CVE-2005-4890	bullseye, buster, jessie, sid, stretch
shadowsocks-libev	CVE-2019-5152	An exploitable information disclosure vulnerability exists in the netw ...	bullseye, buster, sid, stretch
shairport-sync	CVE-2017-12087	An exploitable heap overflow vulnerability exists in the tinysvcmdns l ...	stretch
sharutils	TEMP-0000000-95CBBF	uudecode: stack out of bounds read access	bullseye, buster, jessie, sid, stretch
shibboleth-sp	CVE-2019-19191	Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file ...	bullseye, buster, sid
shotwell	CVE-2017-1000024	Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable ...	jessie
simplesamlphp	CVE-2016-3124	The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote at ...	jessie
sipcrack	CVE-2017-11654	An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-11655	A memory leak was found in the way SIPcrack 0.2 handled processing of ...	bullseye, buster, jessie, sid, stretch
sleuthkit	CVE-2017-13755	In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image trigge ...	jessie, stretch
	CVE-2017-13756	In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers i ...	jessie, stretch
	CVE-2017-13760	In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in t ...	jessie, stretch
	CVE-2019-1010065	The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The ...	jessie, stretch
	CVE-2019-14531	An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-14532	An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off ...	bullseye, buster, jessie, sid, stretch
slim	TEMP-0537604-F35BD7	insecure tmp file vulnerability in slim	bullseye, buster, jessie, sid, stretch
slurm-llnl	CVE-2019-19727	SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd ...	bullseye, buster, jessie, stretch
smsclient	CVE-2008-5155	mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitr ...	jessie
	TEMP-0498901-F99C05	unsafe use of tempfile in ssmclient	jessie
sosreport	CVE-2014-0246	SOSreport stores the md5 hash of the GRUB bootloader password in an ar ...	bullseye, buster, jessie, sid, stretch
	CVE-2015-7529	sosreport in SoS 3.x allows local users to obtain sensitive informatio ...	jessie
sphinxsearch	CVE-2019-14511	Sphinx Technologies Sphinx 3.1.1 by default has no authentication and ...	bullseye, buster, sid, stretch
spice-gtk	CVE-2016-3066	The spice-gtk widget allows remote authenticated users to obtain infor ...	bullseye, buster, jessie, sid, stretch
sql-ledger	CVE-2007-0667	The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2 ...	bullseye, buster, jessie, sid, stretch
	CVE-2007-1329	Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...	bullseye, buster, jessie, sid, stretch
	CVE-2007-1923	(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...	bullseye, buster, jessie, sid, stretch
	CVE-2007-5372	Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ...	bullseye, buster, jessie, sid, stretch
	CVE-2008-4077	The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledg ...	bullseye, buster, jessie, sid, stretch
	CVE-2008-4078	SQL injection vulnerability in the AR/AP transaction report in (1) Led ...	bullseye, buster, jessie, sid, stretch
	CVE-2009-3580	Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ...	bullseye, buster, jessie, sid, stretch
	CVE-2009-3581	Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8. ...	bullseye, buster, jessie, sid, stretch
	CVE-2009-3582	Multiple SQL injection vulnerabilities in the delete subroutine in SQL ...	bullseye, buster, jessie, sid, stretch
	CVE-2009-3583	Directory traversal vulnerability in the Preferences menu item in SQL- ...	bullseye, buster, jessie, sid, stretch
	CVE-2009-3584	SQL-Ledger 2.8.24 does not set the secure flag for the session cookie ...	bullseye, buster, jessie, sid, stretch
	CVE-2009-4402	The default configuration of SQL-Ledger 2.8.24 allows remote attackers ...	bullseye, buster, jessie, sid, stretch
sqlite3	CVE-2017-13685	The dump_callback function in SQLite 3.20.0 allows remote attackers to ...	jessie, stretch
squid	CVE-2020-8517	An issue was discovered in Squid before 4.10. Due to incorrect input v ...	buster
squid3	CVE-2015-3455	Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, a ...	jessie
	CVE-2016-2390	The FwdState::connectedToPeer method in FwdState.cc in Squid before 3. ...	jessie
	CVE-2018-1172	This vulnerability allows remote attackers to deny service on vulnerab ...	jessie, stretch
	CVE-2018-19131	Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S ...	jessie, stretch
	CVE-2020-8517	An issue was discovered in Squid before 4.10. Due to incorrect input v ...	jessie, stretch
squidguard	CVE-2015-8936	Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGua ...	jessie
ssmtp	CVE-2004-0423	The log_event function in ssmtp 2.50.6 and earlier allows local users ...	bullseye, jessie, sid, stretch
	CVE-2008-7258		bullseye, jessie, sid, stretch
stalin	CVE-2015-8697	stalin 0.11-5 allows local users to write to arbitrary files. ...	bullseye, buster, jessie, sid, stretch
strongswan	CVE-2018-5389	The Internet Key Exchange v1 main mode is vulnerable to offline dictio ...	bullseye, buster, jessie, sid, stretch
sudo	CVE-2005-1119	Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-19232	DISPUTED In Sudo through 1.8.29, an attacker with access to a Ru ...	buster, jessie, stretch
	CVE-2019-19234	DISPUTED In Sudo through 1.8.29, the fact that a user has been b ...	buster, jessie, stretch
supervisor	CVE-2019-12105	DISPUTED In Supervisor through 4.0.2, an unauthenticated user ca ...	bullseye, buster, jessie, sid, stretch
surf	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...	bullseye, buster, jessie, sid, stretch
svgpp	CVE-2019-6245	An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...	bullseye, buster, sid
	CVE-2019-6247	An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...	bullseye, buster, sid
swftools	CVE-2017-1000174	In SWFTools, an address access exception was found in swfdump swf_GetB ...	jessie, stretch
	CVE-2017-1000182	In SWFTools, a memory leak was found in wav2swf. ...	jessie, stretch
	CVE-2017-1000186	In SWFTools, a stack overflow was found in pdf2swf. ...	jessie, stretch
	CVE-2017-1000187	In SWFTools, an address access exception was found in pdf2swf. FoFiTru ...	jessie, stretch
	CVE-2017-10976	When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead t ...	jessie, stretch
	CVE-2017-11096	When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lea ...	jessie, stretch
	CVE-2017-11097	When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a ...	jessie, stretch
	CVE-2017-11098	When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead t ...	jessie, stretch
	CVE-2017-11099	When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead t ...	jessie, stretch
	CVE-2017-11100	When SWFTools 0.9.2 processes a crafted file in swfextract, it can lea ...	jessie, stretch
	CVE-2017-11101	When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lea ...	jessie, stretch
	CVE-2017-16711	The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c ...	jessie, stretch
	CVE-2017-16794	The png_load function in lib/png.c in SWFTools 0.9.2 does not properly ...	jessie, stretch
	CVE-2017-16796	In SWFTools 0.9.2, the png_load function in lib/png.c does not check t ...	jessie, stretch
	CVE-2017-16868	In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not ...	jessie, stretch
	CVE-2017-16890	SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono func ...	jessie, stretch
	CVE-2017-8401	In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the ...	jessie, stretch
	CVE-2017-8420	SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address ...	jessie, stretch
	CVE-2017-9924	In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...	jessie, stretch
	CVE-2017-9925	In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...	jessie, stretch
	CVE-2017-9926	In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...	jessie, stretch
	CVE-2017-9927	In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...	jessie, stretch
swi-prolog	CVE-2017-17524	library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings b ...	bullseye, buster, jessie, sid, stretch
sylpheed	CVE-2007-1267	Sylpheed 2.2.7 and earlier does not properly use the --status-fd argum ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-17517	libsylph/utils.c in Sylpheed through 3.6 does not validate strings bef ...	bullseye, buster, jessie, sid, stretch
symfony	CVE-2017-18343	DISPUTED The debug handler in Symfony before v2.7.33, 2.8.x befo ...	jessie, stretch
	CVE-2018-12040	DISPUTED Reflected Cross-site scripting (XSS) vulnerability in t ...	jessie, stretch
sysstat	CVE-2019-19725	sysstat through 12.2.0 has a double free in check_file_actlst in sa_co ...	buster
systemd	CVE-2013-4392	systemd, when updating file permissions, allows local users to change ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-1000082	systemd v233 and earlier fails to safely parse usernames starting with ...	stretch
	CVE-2017-18078	systemd-tmpfiles in systemd before 237 attempts to support ownership/p ...	stretch
sysvinit	TEMP-0517018-A83CE6	sysvinit: no-root option in expert installer exposes locally exploitable security flaw	bullseye, buster, jessie, sid, stretch
t1utils	TEMP-0868134-294030	out-of-bounds read in eexec_line()	stretch
tar	CVE-2005-2541	Tar 1.15.1 does not properly warn the user when extracting setuid or s ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-9923	pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointe ...	bullseye, buster, jessie, sid, stretch
	TEMP-0290435-0B57B5	tar's rmt command may have undesired side effects	bullseye, buster, jessie, sid, stretch
tcc	CVE-2018-20374	An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-20375	An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-20376	An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...	bullseye, buster, jessie, sid, stretch
tcpdump	CVE-2017-16808	tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_ ...	jessie
	CVE-2018-19519	In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_p ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-1010220	tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. T ...	bullseye, buster, jessie, sid, stretch
tcpflow	CVE-2018-18409	A stack-based buffer over-read exists in setbit() at iptree.h of TCPFL ...	jessie, stretch
tcpreplay	CVE-2019-8376	An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference ...	buster, jessie, stretch
	CVE-2019-8377	An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference ...	buster, jessie, stretch
	CVE-2019-8381	An issue was discovered in Tcpreplay 4.3.1. An invalid memory access o ...	buster, jessie, stretch
telegram-desktop	CVE-2018-17231	DISPUTED Telegram Desktop (aka tdesktop) 1.3.14 might allow atta ...	bullseye, buster, sid
	CVE-2018-17613	Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enab ...	bullseye, buster, sid
texlive-base	CVE-2017-17513	TeX Live through 20170524 does not validate strings before launching t ...	bullseye, buster, jessie, sid, stretch
texlive-bin	CVE-2016-10243	TeX Live allows remote attackers to execute arbitrary commands by leve ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-17513	TeX Live through 20170524 does not validate strings before launching t ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-19601	OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of ...	bullseye, buster, jessie, sid, stretch
thrift-compiler	CVE-2016-5397	The Apache Thrift Go client library exposed the potential during code ...	jessie, stretch
thunar	CVE-2018-18398	Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey ...	bullseye, buster, jessie, sid, stretch
	TEMP-0517020-915121	thunar: potential exploits via application launchers	bullseye, buster, jessie, sid, stretch
thunderbird	CVE-2019-11719	When importing a curve25519 private key in PKCS#8format with leading 0 ...	jessie
	CVE-2019-11729	Empty or malformed p256-ECDH public keys may trigger a segmentation fa ...	jessie
tiff	CVE-2010-2596	The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2 ...	jessie
	CVE-2014-8127	LibTIFF 4.0.3 allows remote attackers to cause a denial of service (ou ...	jessie
	CVE-2014-8130	The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not rejec ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-10268	tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a den ...	jessie
	CVE-2016-9539	tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readCon ...	jessie
	CVE-2017-16232	DISPUTED LibTIFF 4.0.8 has multiple memory leak vulnerabilities, ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-17973	DISPUTED In LibTIFF 4.0.8, there is a heap-based use-after-free ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-5563	LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read i ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-9117	In LibTIFF 4.0.7, the program processes BMP images without verifying t ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-10126	LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 fu ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-18661	An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dere ...	stretch
	CVE-2019-6128	The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory l ...	stretch
	TEMP-0846838-9738BD	tiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing	jessie
timidity	CVE-2017-11546	The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allo ...	jessie, stretch
	CVE-2017-11547	The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows ...	jessie, stretch
	CVE-2017-11549	The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remot ...	bullseye, buster, jessie, sid, stretch
tin	CVE-2017-17520	DISPUTED tools/url_handler.pl in TIN 2.4.1 does not validate str ...	bullseye, buster, jessie, sid, stretch
tinymux	CVE-2007-1959	Unspecified vulnerability in the process_cmdent function in command.cp ...	bullseye, buster, jessie, sid, stretch
tinyxml2	CVE-2018-11210	DISPUTED TinyXML2 6.2.0 has a heap-based buffer over-read in the ...	bullseye, buster, jessie, sid, stretch
tomcat7	CVE-2012-5568	Apache Tomcat through 7.0.x allows remote attackers to cause a denial ...	jessie, stretch
tor	CVE-2006-6893	Tor allows remote attackers to discover the IP address of a hidden ser ...	bullseye, buster, jessie, sid, stretch
	CVE-2007-1103	Tor does not verify a node's uptime and bandwidth advertisements, whic ...	bullseye, buster, jessie, sid, stretch
	CVE-2009-0654	Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attacke ...	bullseye, buster, jessie, sid, stretch
	CVE-2020-8516	DISPUTED The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0 ...	bullseye, buster, jessie, sid, stretch
transfig	CVE-2019-19746	make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fau ...	jessie
triplea	CVE-2018-1000546	Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XX ...	bullseye, jessie, sid, stretch
twig	CVE-2018-13818	DISPUTED Twig before 2.4.4 allows Server-Side Template Injection ...	jessie, stretch
twisted	CVE-2016-1000111		bullseye, buster, jessie, sid, stretch
u-boot	CVE-2017-3225	Das U-Boot is a device bootloader that can read its configuration from ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-3226	Das U-Boot is a device bootloader that can read its configuration from ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-1000205	U-Boot contains a CWE-20: Improper Input Validation vulnerability in V ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-18439	DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer over ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-18440	DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overf ...	bullseye, buster, jessie, sid, stretch
uclibc	CVE-2016-2224	The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-2225	The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng bef ...	bullseye, buster, jessie, sid, stretch
	CVE-2016-6264	Integer signedness error in libc/string/arm/memset.S in uClibc and uCl ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-9728	In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp f ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-9729	In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) ...	bullseye, buster, jessie, sid, stretch
ufraw	CVE-2018-19655	A stack-based buffer overflow in the find_green() function of dcraw th ...	jessie, stretch
uglifyjs	CVE-2015-8857	The uglify-js package before 2.4.24 for Node.js does not properly acco ...	bullseye, buster, jessie, sid, stretch
	CVE-2015-8858	The uglify-js package before 2.6.0 for Node.js allows attackers to cau ...	jessie
unbound	CVE-2019-18934	Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec modul ...	bullseye, buster, sid
undertow	CVE-2019-19343		bullseye, sid
unixodbc	CVE-2012-2657		jessie, stretch
	CVE-2012-2658		jessie, stretch
unrar-free	CVE-2017-11189	unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-11190	unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-14121	The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free ...	jessie, stretch
	CVE-2017-14122	unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based b ...	jessie, stretch
upx-ucl	CVE-2017-15056	p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote a ...	jessie, stretch
	CVE-2017-16869	DISPUTED p_mach.cpp in UPX 3.94 allows remote attackers to cause ...	jessie, stretch
	CVE-2019-14295	An Integer overflow in the getElfSections function in p_vmlinx.cpp in ...	buster, jessie, stretch
	CVE-2019-14296	canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause ...	buster, jessie, stretch
	CVE-2019-20021	A heap-based buffer over-read was discovered in canUnpack in p_mach.cp ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-20051	A floating-point exception was discovered in PackLinuxElf::elf_hash in ...	bullseye, buster, jessie, sid, stretch
	CVE-2019-20053	An invalid memory address dereference was discovered in the canUnpack ...	bullseye, buster, jessie, sid, stretch
util-linux	CVE-2015-5218	Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before ...	jessie
	CVE-2015-5224	The mkostemp function in login-utils in util-linux when used incorrect ...	jessie
	CVE-2017-2616	A race condition was found in util-linux before 2.32.1 in the way su h ...	jessie
	TEMP-0786804-C23D2B	hwclock(8) SUID privilege escalation	jessie
uzbl	CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...	jessie, stretch
varnish	CVE-2009-4488	DISPUTED Varnish 2.0.6 writes data to a log file without sanitiz ...	bullseye, buster, jessie, sid, stretch
vim	CVE-2008-4677	autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-1000382	VIM version 8.0.1187 (and other versions most likely) ignores umask wh ...	bullseye, buster, jessie, sid, stretch
vino	CVE-2011-1164	Vino before 2.99.4 can connect external networks contrary to the state ...	bullseye, buster, jessie, sid, stretch
	CVE-2011-1165	Vino, possibly before 3.2, does not properly document that it opens po ...	bullseye, buster, jessie, sid, stretch
vnc4	CVE-2014-0011	Multiple heap-based buffer overflows in the ZRLE_DECODE function in co ...	jessie
	CVE-2015-2305	Integer overflow in the regcomp implementation in the Henry Spencer BS ...	jessie
vorbis-tools	CVE-2017-11331	The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ...	bullseye, buster, jessie, sid, stretch
vte	CVE-2005-0023	gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to sp ...	bullseye, buster, jessie, sid, stretch
w3m	CVE-2018-6198	w3m through 0.5.3 does not properly handle temporary files when the ~/ ...	jessie
	TEMP-0532514-9137E0	predictable random number generator used in web browsers	bullseye, buster, jessie, sid, stretch
web2py	CVE-2013-6837	Cross-site scripting (XSS) vulnerability in the setTimeout function in ...	jessie
webkit2gtk	CVE-2015-7096	WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9 ...	jessie
	CVE-2015-7098	WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9 ...	jessie
	CVE-2016-4590	WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles ab ...	jessie
	CVE-2016-4591	WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...	jessie
	CVE-2016-4622	WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...	jessie
	CVE-2016-4624	WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...	jessie
	CVE-2016-4692	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-4743	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7586	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7587	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7589	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7592	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7598	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7599	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7610	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7611	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7623	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7632	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7635	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7639	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7640	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7641	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7642	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7645	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7646	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7648	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7649	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7652	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7654	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2016-7656	An issue was discovered in certain Apple products. iOS before 10.2 is ...	jessie
	CVE-2017-1000121	The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, do ...	jessie
	CVE-2017-1000122	The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, do ...	jessie
	CVE-2017-13783	An issue was discovered in certain Apple products. iOS before 11.1 is ...	jessie
	CVE-2017-13784	An issue was discovered in certain Apple products. iOS before 11.1 is ...	jessie
	CVE-2017-13785	An issue was discovered in certain Apple products. iOS before 11.1 is ...	jessie
	CVE-2017-13788	An issue was discovered in certain Apple products. iOS before 11.1 is ...	jessie
	CVE-2017-13791	An issue was discovered in certain Apple products. iOS before 11.1 is ...	jessie
	CVE-2017-13792	An issue was discovered in certain Apple products. iOS before 11.1 is ...	jessie
	CVE-2017-13793	An issue was discovered in certain Apple products. iOS before 11.1 is ...	jessie
	CVE-2017-13794	An issue was discovered in certain Apple products. iOS before 11.1 is ...	jessie
	CVE-2017-13795	An issue was discovered in certain Apple products. iOS before 11.1 is ...	jessie
	CVE-2017-13796	An issue was discovered in certain Apple products. iOS before 11.1 is ...	jessie
	CVE-2017-13798	An issue was discovered in certain Apple products. iOS before 11.1 is ...	jessie
	CVE-2017-13802	An issue was discovered in certain Apple products. iOS before 11.1 is ...	jessie
	CVE-2017-13803	An issue was discovered in certain Apple products. iOS before 11.1 is ...	jessie
	CVE-2017-13856	An issue was discovered in certain Apple products. iOS before 11.2 is ...	jessie
	CVE-2017-13866	An issue was discovered in certain Apple products. iOS before 11.2 is ...	jessie
	CVE-2017-13870	An issue was discovered in certain Apple products. iOS before 11.2 is ...	jessie
	CVE-2017-13884	An issue was discovered in certain Apple products. iOS before 11.2 is ...	jessie
	CVE-2017-13885	An issue was discovered in certain Apple products. iOS before 11.2 is ...	jessie
	CVE-2017-17821	WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology ...	jessie, stretch
	CVE-2017-2350	An issue was discovered in certain Apple products. iOS before 10.2.1 i ...	jessie
	CVE-2017-2354	An issue was discovered in certain Apple products. iOS before 10.2.1 i ...	jessie
	CVE-2017-2355	An issue was discovered in certain Apple products. iOS before 10.2.1 i ...	jessie
	CVE-2017-2356	An issue was discovered in certain Apple products. iOS before 10.2.1 i ...	jessie
	CVE-2017-2362	An issue was discovered in certain Apple products. iOS before 10.2.1 i ...	jessie
	CVE-2017-2363	An issue was discovered in certain Apple products. iOS before 10.2.1 i ...	jessie
	CVE-2017-2364	An issue was discovered in certain Apple products. iOS before 10.2.1 i ...	jessie
	CVE-2017-2365	An issue was discovered in certain Apple products. iOS before 10.2.1 i ...	jessie
	CVE-2017-2366	An issue was discovered in certain Apple products. iOS before 10.2.1 i ...	jessie
	CVE-2017-2369	An issue was discovered in certain Apple products. iOS before 10.2.1 i ...	jessie
	CVE-2017-2371	An issue was discovered in certain Apple products. iOS before 10.2.1 i ...	jessie
	CVE-2017-2373	An issue was discovered in certain Apple products. iOS before 10.2.1 i ...	jessie
	CVE-2017-2376	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2377	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2386	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2392	An issue was discovered in certain Apple products. Safari before 10.1 ...	jessie
	CVE-2017-2394	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2395	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2396	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2405	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2415	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2419	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2424	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2433	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2442	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2445	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2446	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2447	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2454	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2455	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2457	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2459	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2460	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2464	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2465	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2466	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2468	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2469	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2470	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2471	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2475	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2476	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2481	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie
	CVE-2017-2496	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2504	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2505	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2506	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2508	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2510	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2514	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2515	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2521	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2525	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2526	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2528	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2530	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2531	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2536	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2538	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2539	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2544	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2547	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-2549	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-6980	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-6984	An issue was discovered in certain Apple products. iOS before 10.3.2 i ...	jessie
	CVE-2017-7006	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7011	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7012	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7018	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7019	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7020	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7030	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7034	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7037	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7038	A DOMParser XSS issue was discovered in certain Apple products. iOS be ...	jessie
	CVE-2017-7039	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7040	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7041	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7042	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7043	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7046	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7048	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7049	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7052	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7055	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7056	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7059	A DOMParser XSS issue was discovered in certain Apple products. iOS be ...	jessie
	CVE-2017-7061	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7064	An issue was discovered in certain Apple products. iOS before 10.3.3 i ...	jessie
	CVE-2017-7081	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7087	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7089	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7090	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7091	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7092	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7093	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7094	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7095	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7096	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7098	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7099	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7100	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7102	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7104	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7107	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7109	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7111	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7117	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7120	An issue was discovered in certain Apple products. iOS before 11 is af ...	jessie
	CVE-2017-7142	An issue was discovered in certain Apple products. Safari before 11 is ...	jessie
	CVE-2017-7153	An issue was discovered in certain Apple products. iOS before 11.2 is ...	jessie
	CVE-2017-7156	An issue was discovered in certain Apple products. iOS before 11.2 is ...	jessie
	CVE-2017-7157	An issue was discovered in certain Apple products. iOS before 11.2 is ...	jessie
	CVE-2017-7160	An issue was discovered in certain Apple products. iOS before 11.2 is ...	jessie
	CVE-2017-7161	An issue was discovered in certain Apple products. Safari before 11.0. ...	jessie
	CVE-2017-7165	An issue was discovered in certain Apple products. iOS before 11.2 is ...	jessie
	CVE-2018-11646	webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIco ...	jessie, stretch
	CVE-2018-11712	WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the li ...	jessie, stretch
	CVE-2018-11713	WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the li ...	jessie, stretch
	CVE-2018-12293	The getImageData function in the ImageBufferCairo class in WebCore/pla ...	jessie, stretch
	CVE-2018-12294	WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as ...	jessie, stretch
	CVE-2018-12911	WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bou ...	jessie, stretch
	CVE-2018-4088	An issue was discovered in certain Apple products. iOS before 11.2.5 i ...	jessie
	CVE-2018-4089	An issue was discovered in certain Apple products. iOS before 11.2.5 i ...	jessie
	CVE-2018-4096	An issue was discovered in certain Apple products. iOS before 11.2.5 i ...	jessie
	CVE-2018-4101	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4113	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4114	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4117	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4118	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4119	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4120	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4121	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4122	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4125	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4127	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4128	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4129	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4133	An issue was discovered in certain Apple products. Safari before 11.1 ...	jessie, stretch
	CVE-2018-4146	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4161	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4162	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4163	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4165	An issue was discovered in certain Apple products. iOS before 11.3 is ...	jessie, stretch
	CVE-2018-4190	An issue was discovered in certain Apple products. iOS before 11.4 is ...	jessie, stretch
	CVE-2018-4191	A memory corruption issue was addressed with improved validation. This ...	jessie, stretch
	CVE-2018-4192	An issue was discovered in certain Apple products. iOS before 11.4 is ...	jessie, stretch
	CVE-2018-4197	A use after free issue was addressed with improved memory management. ...	jessie, stretch
	CVE-2018-4199	An issue was discovered in certain Apple products. iOS before 11.4 is ...	jessie, stretch
	CVE-2018-4200	An issue was discovered in certain Apple products. iOS before 11.3.1 i ...	jessie, stretch
	CVE-2018-4201	An issue was discovered in certain Apple products. iOS before 11.4 is ...	jessie, stretch
	CVE-2018-4204	An issue was discovered in certain Apple products. iOS before 11.4 is ...	jessie, stretch
	CVE-2018-4207	In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...	jessie, stretch
	CVE-2018-4208	In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...	jessie, stretch
	CVE-2018-4209	In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...	jessie, stretch
	CVE-2018-4210	In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS befo ...	jessie, stretch
	CVE-2018-4212	In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...	jessie, stretch
	CVE-2018-4213	In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...	jessie, stretch
	CVE-2018-4214	An issue was discovered in certain Apple products. iOS before 11.4 is ...	jessie, stretch
	CVE-2018-4218	An issue was discovered in certain Apple products. iOS before 11.4 is ...	jessie, stretch
	CVE-2018-4222	An issue was discovered in certain Apple products. iOS before 11.4 is ...	jessie, stretch
	CVE-2018-4232	An issue was discovered in certain Apple products. iOS before 11.4 is ...	jessie, stretch
	CVE-2018-4233	An issue was discovered in certain Apple products. iOS before 11.4 is ...	jessie, stretch
	CVE-2018-4246	An issue was discovered in certain Apple products. iOS before 11.4 is ...	jessie, stretch
	CVE-2018-4261	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4262	In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11 ...	jessie, stretch
	CVE-2018-4263	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4264	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4265	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4266	A race condition was addressed with additional validation. This issue ...	jessie, stretch
	CVE-2018-4267	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4270	A memory corruption issue was addressed with improved memory handling. ...	jessie, stretch
	CVE-2018-4271	Multiple memory corruption issues were addressed with improved input v ...	jessie, stretch
	CVE-2018-4272	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4273	Multiple memory corruption issues were addressed with improved input v ...	jessie, stretch
	CVE-2018-4278	In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11 ...	jessie, stretch
	CVE-2018-4284	A type confusion issue was addressed with improved memory handling. Th ...	jessie, stretch
	CVE-2018-4299	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4306	A use after free issue was addressed with improved memory management. ...	jessie, stretch
	CVE-2018-4309	A cross-site scripting issue existed in Safari. This issue was address ...	jessie, stretch
	CVE-2018-4311	The issue was addressed by removing origin information. This issue aff ...	jessie, stretch
	CVE-2018-4312	A use after free issue was addressed with improved memory management. ...	jessie, stretch
	CVE-2018-4314	A use after free issue was addressed with improved memory management. ...	jessie, stretch
	CVE-2018-4315	A use after free issue was addressed with improved memory management. ...	jessie, stretch
	CVE-2018-4316	A memory corruption issue was addressed with improved state management ...	jessie, stretch
	CVE-2018-4317	A use after free issue was addressed with improved memory management. ...	jessie, stretch
	CVE-2018-4318	A use after free issue was addressed with improved memory management. ...	jessie, stretch
	CVE-2018-4319	A cross-origin issue existed with "iframe" elements. This was addresse ...	jessie, stretch
	CVE-2018-4323	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4328	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4345	A cross-site scripting issue existed in Safari. This issue was address ...	jessie, stretch
	CVE-2018-4358	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4359	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4361	A memory consumption issue was addressed with improved memory handling ...	jessie, stretch
	CVE-2018-4372	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4373	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4375	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4376	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4378	A memory corruption issue was addressed with improved validation. This ...	jessie, stretch
	CVE-2018-4382	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4386	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4392	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4416	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4437	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2018-4438	A logic issue existed resulting in memory corruption. This was address ...	jessie, stretch
	CVE-2018-4441	A memory corruption issue was addressed with improved memory handling. ...	jessie, stretch
	CVE-2018-4442	A memory corruption issue was addressed with improved memory handling. ...	jessie, stretch
	CVE-2018-4443	A memory corruption issue was addressed with improved memory handling. ...	jessie, stretch
	CVE-2018-4464	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2019-6212	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2019-6215	A type confusion issue was addressed with improved memory handling. Th ...	jessie, stretch
	CVE-2019-6216	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2019-6217	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2019-6226	Multiple memory corruption issues were addressed with improved memory ...	jessie, stretch
	CVE-2019-6227	A memory corruption issue was addressed with improved memory handling. ...	jessie, stretch
	CVE-2019-6229	A logic issue was addressed with improved validation. This issue is fi ...	jessie, stretch
	CVE-2019-6233	A memory corruption issue was addressed with improved memory handling. ...	jessie, stretch
	CVE-2019-6234	A memory corruption issue was addressed with improved memory handling. ...	jessie, stretch
	CVE-2019-8375	The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.9 ...	jessie, stretch
webkitgtk	CVE-2016-10222	runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in ...	jessie, stretch
	CVE-2016-10226	JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...	jessie, stretch
	CVE-2016-1856	WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tv ...	jessie, stretch
	CVE-2016-1857	WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tv ...	jessie, stretch
	CVE-2016-4657	WebKit in Apple iOS before 9.3.5 allows remote attackers to execute ar ...	jessie, stretch
	CVE-2016-4761	WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow rem ...	jessie, stretch
	CVE-2016-9642	JavaScriptCore in WebKit allows attackers to cause a denial of service ...	jessie, stretch
	CVE-2016-9643	The regex code in Webkit 2.4.11 allows remote attackers to cause a den ...	jessie, stretch
	CVE-2017-2367	An issue was discovered in certain Apple products. iOS before 10.3 is ...	jessie, stretch
	CVE-2017-5949	JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...	jessie, stretch
whitedune	CVE-2017-17518	DISPUTED swt/motif/browser.c in White_dune (aka whitedune) 0.30. ...	bullseye, buster, jessie, sid, stretch
wine	TEMP-0816034-9C45DC	unsafe use of /tmp	jessie, stretch, jessie, stretch
wordpress	CVE-2006-0733	DISPUTED Cross-site scripting (XSS) vulnerability in WordPress 2 ...	bullseye, buster, jessie, sid, stretch
	CVE-2008-0191	WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...	bullseye, buster, jessie, sid, stretch
	CVE-2011-4898	DISPUTED wp-admin/setup-config.php in the installation component ...	bullseye, buster, jessie, sid, stretch
	CVE-2011-4899	DISPUTED wp-admin/setup-config.php in the installation component ...	bullseye, buster, jessie, sid, stretch
	CVE-2012-0782	DISPUTED Multiple cross-site scripting (XSS) vulnerabilities in ...	bullseye, buster, jessie, sid, stretch
	CVE-2012-0937	DISPUTED wp-admin/setup-config.php in the installation component ...	bullseye, buster, jessie, sid, stretch
	CVE-2012-5868	WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upo ...	bullseye, buster, jessie, sid, stretch
	CVE-2013-7233	Cross-site request forgery (CSRF) vulnerability in the retrospam compo ...	bullseye, buster, jessie, sid, stretch
	CVE-2017-6514	WordPress 4.7.2 mishandles listings of post authors, which allows remo ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-6389	In WordPress through 4.9.2, unauthenticated attackers can cause a deni ...	bullseye, buster, jessie, sid, stretch
wpa	CVE-2016-10743	hostapd before 2.6 does not prevent use of the low-quality PRNG that i ...	stretch
	CVE-2017-13084	Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Sta ...	bullseye, buster, jessie, sid, stretch
xbindkeys-config	CVE-2014-9513	Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows rem ...	bullseye, buster, jessie, sid, stretch
xbmc	CVE-2013-1438	Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in lib ...	jessie
xcfa	CVE-2014-5254	xcfa before 5.0.1 creates temporary files insecurely which could allow ...	jessie
	CVE-2014-5255	xcfa before 5.0.1 creates temporary files insecurely which could allow ...	jessie
xchat	CVE-2011-5129	Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote at ...	bullseye, buster, jessie, sid
xdg-user-dirs	CVE-2017-15131	It was found that system umask policy is not being honored when creati ...	bullseye, buster, jessie, sid, stretch
xen	CVE-2014-9066	Xen 4.4.x and earlier, when using a large number of VCPUs, does not pr ...	bullseye, buster, jessie, sid, stretch
xerces-c	CVE-2012-0880	Apache Xerces-C++ allows remote attackers to cause a denial of service ...	bullseye, buster, jessie, sid, stretch
xfig	CVE-2009-4228	Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlie ...	bullseye, buster, jessie, sid, stretch
xloadimage	CVE-2006-4484	Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in ...	bullseye, buster, jessie, sid, stretch
xpdf	CVE-2010-0206	xpdf allows remote attackers to cause a denial of service (NULL pointe ...	bullseye, buster, jessie, sid, stretch
	CVE-2010-0207	In xpdf, the xref table contains an infinite loop which allows remote ...	bullseye, buster, jessie, sid, stretch
	CVE-2013-4472	The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 a ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-11033	The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-16368	SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-16369	XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-18454	CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote atta ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-18455	The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote a ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-18456	The function Object::isName() in Object.h (called from Gfx::opSetFillC ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-18457	The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remo ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-18458	The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows r ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-18459	The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remo ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-7173	A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-7174	An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref a ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-7175	An issue was discovered in xpdf 4.00. A NULL pointer dereference in re ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-7452	A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc i ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-7453	Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-7454	A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpd ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-7455	An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xp ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-8100	The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allo ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-8101	The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-8102	The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4 ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-8103	The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-8104	The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows atta ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-8105	The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allow ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-8106	The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-8107	The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows atta ...	bullseye, buster, jessie, sid, stretch
xterm	CVE-2006-4447	X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtran ...	bullseye, buster, jessie, sid, stretch
yabasic	CVE-2019-19720	Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() functio ...	bullseye, buster, sid, stretch
	CVE-2019-19796	Yabasic 2.86.2 has a heap-based buffer overflow in myformat in functio ...	bullseye, buster, sid, stretch
yaws	CVE-2009-4495	Yaws 1.85 writes data to a log file without sanitizing non-printable c ...	bullseye, buster, jessie, sid, stretch
yum	CVE-2013-1910	yum does not properly handle bad metadata, which allows an attacker to ...	buster, jessie, stretch
zip	CVE-2018-13410	DISPUTED Info-ZIP Zip 3.0, when the -T and -TT command-line opti ...	bullseye, buster, jessie, sid, stretch
zoph	CVE-2014-9235	Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Pho ...	bullseye, buster, sid
	CVE-2014-9236	Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zop ...	bullseye, buster, sid
zsh	CVE-2017-18205	In builtin.c in zsh before 5.4, when sh compatibility mode is used, th ...	jessie, stretch
	CVE-2018-7548	In subst.c in zsh through 5.4.2, there is a NULL pointer dereference w ...	jessie, stretch
	CVE-2018-7549	In params.c in zsh through 5.4.2, there is a crash during a copy of an ...	jessie, stretch
zziplib	CVE-2018-17828	Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers ...	bullseye, buster, jessie, sid, stretch
	CVE-2018-6542	In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trail ...	bullseye, buster, jessie, sid, stretch
zziplib	CVE-2018-7727	An issue was discovered in ZZIPlib 0.13.68. There is a memory leak tri ...	bullseye, buster, jessie, sid, stretch