Packages that have open unimportant issues

This page lists packages that are affected by issues that are considered unimportant from a security perspective. These issues are thought to be unexploitable or uneffective in most situations (for example, browser denial-of-services).

PackageBugDescriptionReleases
389-adminCVE-2015-0233jessie
9baseCVE-2014-1935insecure use of /tmpjessie, sid, stretch, wheezy
aceCVE-2014-6311/tmp file vulnerability in generate_doxygen.plwheezy
activemqCVE-2016-6810jessie, wheezy
android-platform-frameworks-nativeCVE-2015-3875libutils in Android before 5.1.1 LMY48T allows remote attackers to ...jessie, sid, stretch
CVE-2015-6602libutils in Android through 5.1.1 LMY48M allows remote attackers to ...jessie, sid, stretch
CVE-2015-6609libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 ...jessie, sid, stretch
android-platform-system-coreCVE-2012-5564android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users ...jessie, sid, stretch
CVE-2016-0807The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x ...jessie
CVE-2016-3861LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...jessie, stretch
android-toolsCVE-2012-5564android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users ...jessie, sid
aolserver4CVE-2009-4494AOLserver 4.5.1 writes data to a log file without sanitizing ...jessie, sid, stretch, wheezy
apache2CVE-2001-1534mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...jessie, sid, stretch, wheezy
CVE-2003-1307** DISPUTED ** ...jessie, sid, stretch, wheezy
CVE-2003-1580The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...jessie, sid, stretch, wheezy
CVE-2003-1581The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...jessie, sid, stretch, wheezy
CVE-2007-0086** DISPUTED ** ...jessie, sid, stretch, wheezy
CVE-2007-1743suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...jessie, sid, stretch, wheezy
CVE-2007-3303Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...jessie, sid, stretch, wheezy
CVE-2008-0455Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...jessie, sid, stretch, wheezy
CVE-2008-0456CRLF injection vulnerability in the mod_negotiation module in the ...jessie, sid, stretch, wheezy
CVE-2011-4415The ap_pregsub function in server/util.c in the Apache HTTP Server ...wheezy
aptCVE-2011-3374apt-key insecure validationjessie, sid, stretch, wheezy
apt-setupCVE-2005-2214apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...jessie, sid, stretch, wheezy
aroraCVE-2011-3367Arora, possibly 0.11 and other versions, does not use a certain font ...jessie, sid, wheezy
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...jessie, sid, wheezy
auditCVE-2015-5186log terminal emulator escape sequences handlingjessie, wheezy
automake1.11TEMP-0827346-22ED59install-sh: insecure use of /tmpjessie, wheezy
awffullCVE-2007-0510Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) ...jessie, sid, stretch, wheezy
axisCVE-2007-2353Apache Axis 1.0 allows remote attackers to obtain sensitive ...jessie, sid, stretch, wheezy
bansheeCVE-2009-1175Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in ...jessie, sid, stretch, wheezy
base-passwdTEMP-0274229-6E02C2base-passwd: sets valid shells for system serviceswheezy
bashCVE-2016-0634bash prompt expanding return value from gethostname()wheezy
TEMP-0841856-B18BAFPrivilege escalation possible to other user than rootjessie, sid, stretch, wheezy
blenderCVE-2005-3151Buffer overflow in blenderplay in Blender Player 2.37a allows ...jessie, sid, stretch, wheezy
CVE-2009-3850Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to ...jessie, sid, stretch, wheezy
CVE-2010-5105The undo save quit routine in the kernel in Blender 2.5, 2.63a, and ...jessie, sid, stretch, wheezy
boaCVE-2009-4496Boa 0.94.14rc21 writes data to a log file without sanitizing ...wheezy
bochsCVE-2007-2894The emulated floppy disk controller in Bochs 2.3 allows local users of ...jessie, sid, stretch, wheezy
busyboxCVE-2016-6301The recv_and_process_client_pkt function in networking/ntpd.c in ...jessie, sid, stretch, wheezy
cableswigCVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...jessie, wheezy
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...jessie, wheezy
cactiCVE-2009-4112Cacti 0.8.7e and earlier allows remote authenticated administrators to ...jessie, sid, stretch, wheezy
cadaverCVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...jessie, sid, stretch, wheezy
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...jessie, sid, stretch, wheezy
capnprotoCVE-2017-7892Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a ...sid, stretch
chromium-browserCVE-2008-7246Google Chrome 0.2.149.29 and earlier allows remote attackers to cause ...jessie, sid, stretch, wheezy
CVE-2009-0374** DISPUTED ** ...jessie, sid, stretch, wheezy
CVE-2009-1598Google Chrome executes DOM calls in response to a javascript: URI in ...jessie, sid, stretch, wheezy
CVE-2010-1384Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...jessie, sid, stretch, wheezy
CVE-2010-1992Google Chrome 1.0.154.48 executes a mail application in situations ...jessie, sid, stretch, wheezy
CVE-2010-4037Unspecified vulnerability in Google Chrome before 7.0.517.41 allows ...jessie, sid, stretch, wheezy
CVE-2010-4482Unspecified vulnerability in Google Chrome before 8.0.552.215 allows ...jessie, sid, stretch, wheezy
CVE-2011-2599Google Chrome 11 does not block use of a cross-domain image as a WebGL ...jessie, sid, stretch, wheezy
CVE-2011-3640** DISPUTED ** Untrusted search path vulnerability in Mozilla Network ...jessie, sid, stretch, wheezy
CVE-2012-5851html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google ...jessie, sid, stretch, wheezy
cifs-utilsCVE-2014-2830Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils ...jessie, sid, stretch
coin3CVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...jessie, sid, stretch, wheezy
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...jessie, sid, stretch, wheezy
conkerorCVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...jessie, sid, stretch, wheezy
coreutilsCVE-2017-2616Sending SIGKILL to other processes with root privileges via suwheezy
courierCVE-2004-2313Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error ...jessie, sid, stretch, wheezy
CVE-2005-1308SqWebMail allows remote attackers to inject arbitrary web script or ...jessie, sid, stretch, wheezy
cryptsetupCVE-2016-4484The Debian initrd script for the cryptsetup package 2:1.7.3-2 and ...jessie, wheezy
ctnCVE-2008-5146add-accession-numbers in ctn 3.0.6 allows local users to overwrite ...jessie, sid, stretch
cupsCVE-2014-8166code execution via unescape ANSI escape sequencesjessie, sid, stretch, wheezy
cups-filtersTEMP-0000000-ACBC4Cbuffer overflows in init_cupsjessie, wheezy
curlCVE-2016-3739The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) ...jessie, wheezy
CVE-2017-7407The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow ...jessie
darktableCVE-2013-2126Multiple double free vulnerabilities in the LibRaw::unpack function in ...wheezy
db4oCVE-2012-6550Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 ...sid, stretch, wheezy
CVE-2013-1808Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ...sid, stretch, wheezy
CVE-2014-1869Multiple cross-site scripting (XSS) vulnerabilities in ...sid, stretch, wheezy
dcmtkCVE-2013-6825(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) ...jessie, sid, stretch, wheezy
dcrawCVE-2013-1438Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in ...jessie, sid, stretch, wheezy
dhcpcd5CVE-2014-7913The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...jessie, sid, stretch
dilloTEMP-0560108-565B70browser-based css info disclosurejessie, sid, stretch, wheezy
dirmngrCVE-2011-2207jessie, wheezy
distributeCVE-2013-1633easy_install in setuptools before 0.7 uses HTTP to retrieve packages ...wheezy
djvulibreTEMP-0775193-7F000Edjvudigital: insecure use of /tmpjessie, wheezy
dnspythonCVE-2008-1447The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...jessie, sid, stretch, wheezy
dogtag-pkiCVE-2015-0234sid
dokuwikiCVE-2012-3354doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain ...wheezy
dovecotCVE-2008-4870dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly ...jessie, sid, stretch, wheezy
dpkg-crossCVE-2008-4950** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to ...sid, stretch, wheezy
dropbearCVE-2016-7409The dbclient and server in Dropbear SSH before 2016.74, when compiled ...jessie, wheezy
drupal7CVE-2007-6752** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in ...jessie, sid, stretch, wheezy
CVE-2012-2922The request_path function in includes/bootstrap.inc in Drupal 7.14 and ...wheezy
dwbCVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...jessie, wheezy
edk2CVE-2014-4859jessie, sid, stretch
CVE-2014-4860jessie, sid, stretch
eglibcCVE-2010-3192Certain run-time memory protection mechanisms in the GNU C Library ...wheezy
CVE-2010-4051The regcomp implementation in the GNU C Library (aka glibc or libc6) ...wheezy
CVE-2010-4052Stack consumption vulnerability in the regcomp implementation in the ...wheezy
CVE-2010-4756The glob implementation in the GNU C Library (aka glibc or libc6) ...wheezy
emacs24CVE-2014-9483a left-click in Emacs sometimes modifies the PRIMARY selectionjessie
epiphany-browserCVE-2007-1084Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...jessie, sid, stretch, wheezy
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...jessie, sid, stretch, wheezy
TEMP-0560108-565B70browser-based css info disclosurejessie, sid, stretch, wheezy
erlangCVE-2009-0130** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not ...jessie, sid, stretch, wheezy
CVE-2016-1000107jessie, sid, stretch, wheezy
ettercapCVE-2010-3843jessie, sid, stretch
CVE-2010-3844jessie, sid, stretch
evolutionCVE-2007-1266Evolution 2.8.1 and earlier does not properly use the --status-fd ...jessie, sid, stretch, wheezy
CVE-2011-3201GNOME Evolution before 3.2.3 allows user-assisted remote attackers to ...jessie, sid, stretch, wheezy
CVE-2013-4166problem in GPG key selection when encrypting mailjessie, sid, stretch, wheezy
expatCVE-2013-0340expat 2.1.0 and earlier does not properly handle entities expansion ...jessie, sid, stretch, wheezy
eyed3CVE-2014-1934tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for ...jessie, wheezy
fetchmailCVE-2011-1947fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time ...wheezy
firefoxCVE-2004-1639Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...sid
CVE-2005-2395Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...sid
CVE-2005-4685Firefox and Mozilla can associate a cookie with multiple domains when ...sid
CVE-2017-5437sid, jessie, stretch
fireholCVE-2008-4953** DISPUTED ** ...jessie, sid, stretch, wheezy
flashromTEMP-0000000-C3CEDBfscanf format string security bug in flashrom layout codejessie, wheezy
foomatic-filtersCVE-2011-2923jessie, sid, stretch, wheezy
TEMP-0000000-ACBC4Cbuffer overflows in init_cupsjessie, sid, stretch, wheezy
freebsd-sendprCVE-2008-5142sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local ...wheezy
freeipaCVE-2014-7850Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x ...sid
freeradiusCVE-2007-0080** DISPUTED ** ...jessie, sid, stretch, wheezy
freerdpCVE-2014-0250Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP ...wheezy
CVE-2014-0791Integer overflow in the license_read_scope_list function in ...jessie, sid, stretch, wheezy
freetypeTEMP-0773084-4AB1FBfreetype: out of bounds writejessie
freevoCVE-2008-4955freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary ...jessie, sid, wheezy
galleryCVE-2008-3600Directory traversal vulnerability in contrib/phpBB2/modules.php in ...wheezy
gangliaCVE-2015-6816Ganglia-web auth bypasswheezy
ganglia-webCVE-2013-6395Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web ...jessie, sid, stretch
CVE-2015-6816Ganglia-web auth bypassjessie, sid, stretch
gcc-mingw-w64CVE-2016-4973jessie, sid, stretch, wheezy
gdbCVE-2006-4146Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 ...jessie, sid, stretch, wheezy
CVE-2011-4355GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is ...jessie, sid, stretch, wheezy
CVE-2014-8501The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU ...jessie, sid, stretch, wheezy
CVE-2014-9939ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow ...jessie, wheezy
gdk-pixbufCVE-2017-6311gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent ...sid, stretch
ghostscriptCVE-2017-7948Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 ...sid, stretch
giflibCVE-2016-3177Multiple use-after-free and double-free vulnerabilities in gifcolor.c ...jessie, sid, stretch, wheezy
gimpCVE-2007-3126Gimp 2.3.14 allows context-dependent attackers to cause a denial of ...jessie, sid, stretch, wheezy
CVE-2012-4245The scriptfu network server in GIMP 2.6 does not require ...jessie, sid, stretch, wheezy
git-repairTEMP-0807341-84E914uses non-random tempdir /tmp/tmprepo.0/.git/jessie
glanceCVE-2013-4354The API before 2.1 in OpenStack Image Registry and Delivery Service ...jessie, sid, stretch, wheezy
CVE-2015-8234The image signature algorithm in OpenStack Glance 11.0.0 allows remote ...jessie, sid, stretch, wheezy
CVE-2016-8611Glance Image service v1 and v2 api image-create vulnerabilityjessie, sid, stretch, wheezy
glib2.0CVE-2012-0039** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function ...jessie, sid, stretch, wheezy
glibcCVE-2010-4051The regcomp implementation in the GNU C Library (aka glibc or libc6) ...jessie, sid, stretch
CVE-2010-4052Stack consumption vulnerability in the regcomp implementation in the ...jessie, sid, stretch
CVE-2010-4756The glob implementation in the GNU C Library (aka glibc or libc6) ...jessie, sid, stretch
CVE-2015-8985The pop_fail_stack function in the GNU C Library (aka glibc or libc6) ...jessie, sid, stretch
glpiCVE-2010-1618Cross-site scripting (XSS) vulnerability in the phpCAS client library ...jessie, wheezy
CVE-2010-2795phpCAS before 1.1.2 allows remote authenticated users to hijack ...jessie, wheezy
CVE-2010-2796Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when ...jessie, wheezy
CVE-2010-3690Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before ...jessie, wheezy
CVE-2010-3691PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is ...jessie, wheezy
CVE-2010-3692Directory traversal vulnerability in the callback function in ...jessie, wheezy
CVE-2013-2225inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote ...wheezy
CVE-2013-2226Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow ...wheezy
CVE-2013-2227local file inclusionwheezy
CVE-2013-5696inc/central.class.php in GLPI before 0.84.2 does not attempt to make ...wheezy
CVE-2014-5032GLPI before 0.84.7 does not properly restrict access to cost ...jessie, wheezy
CVE-2014-8360Directory traversal vulnerability in inc/autoload.function.php in GLPI ...jessie, wheezy
CVE-2014-9258SQL injection vulnerability in ajax/getDropdownValue.php in GLPI ...jessie, wheezy
CVE-2015-7684Unrestricted file upload in GLPI before 0.85.3 allows remote ...jessie, wheezy
CVE-2015-7685GLPI before 0.85.3 allows remote authenticated users to create ...jessie, wheezy
glusterfsCVE-2012-5635The GlusterFS functionality in Red Hat Storage Management Console 2.0, ...jessie, sid, stretch, wheezy
gnome-orcaCVE-2013-4245Arbitrary code execution due to insecure CWD Python module loadjessie, sid, stretch, wheezy
gnome-shellCVE-2012-4427The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...jessie, sid, stretch, wheezy
gnuchessCVE-2015-8972Stack-based buffer overflow in the ValidateMove function in ...jessie, wheezy
gnumailCVE-2007-1269GNUMail 1.1.2 and earlier does not properly use the --status-fd ...sid, stretch
gnutls26CVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft ...wheezy, jessie, sid, stretch
gnutls28TEMP-0000000-1BAE4DGNUTLS-SA-2016-2: certificate verification issuejessie
golangCVE-2016-5386The net/http package in Go through 1.6 does not attempt to address RFC ...jessie, wheezy
gpwCVE-2011-4931jessie, sid, stretch, wheezy
graphicsmagickCVE-2014-1947Buffer overflow vulnerabilitywheezy
grubCVE-2008-3896Grub Legacy 0.97 and earlier stores pre-boot authentication passwords ...jessie, sid, stretch, wheezy
grub2CVE-2013-4577A certain Debian patch for GNU GRUB uses world-readable permissions ...wheezy
haskell-tlsCVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft ...jessie, sid, stretch, wheezy
hex-a-hopTEMP-0528250-2E3658hex-a-hop: buffer overflow in loading save gamesjessie, sid, stretch, wheezy
icecast2CVE-2005-0837IceCast 2.20 allows remote attackers to bypass the XSL parser and ...jessie, sid, stretch, wheezy
CVE-2005-0838Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...jessie, sid, stretch, wheezy
icedoveCVE-2006-5633Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...jessie, sid, stretch, wheezy
CVE-2008-5430Mozilla Thunderbird 2.0.14 does not properly handle (1) ...jessie, sid, stretch, wheezy
iceweaselCVE-2004-1639Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...wheezy
CVE-2005-2395Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...wheezy
CVE-2005-4685Firefox and Mozilla can associate a cookie with multiple domains when ...wheezy
CVE-2006-2723Unspecified versions of Mozilla Firefox allow remote attackers to ...wheezy
CVE-2006-5633Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...wheezy
CVE-2006-6954Flock beta 1 0.7 allows remote attackers to cause a denial of service ...wheezy
CVE-2007-1084Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...wheezy
CVE-2007-1256Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address ...wheezy
CVE-2007-1736Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or ...wheezy
CVE-2007-1970Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...wheezy
CVE-2007-2162(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...wheezy
CVE-2007-2671Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of ...wheezy
CVE-2007-4357Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof ...wheezy
CVE-2007-5415Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when ...wheezy
CVE-2007-5896Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of ...wheezy
CVE-2007-6715Mozilla Firefox allows remote attackers to cause a denial of service ...wheezy
CVE-2008-2014Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial ...wheezy
CVE-2008-3444The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows ...wheezy
CVE-2008-4324The user interface event dispatcher in Mozilla Firefox 3.0.3 on ...wheezy
CVE-2008-5715Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to ...wheezy
CVE-2009-0071Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is ...wheezy
CVE-2009-0821Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause ...wheezy
CVE-2009-3010Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...wheezy
CVE-2009-3014Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...wheezy
CVE-2011-0082The X.509 certificate validation functionality in Mozilla Firefox ...wheezy
CVE-2011-4688Mozilla Firefox 8.0.1 and earlier does not prevent capture of data ...wheezy
CVE-2013-6167Mozilla Firefox through 27 sends HTTP Cookie headers without first ...wheezy
imagemagickCVE-2005-0406A design flaw in image processing software that modifies JPEG images ...jessie, sid, stretch, wheezy
CVE-2008-3134Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 ...jessie, sid, stretch, wheezy
CVE-2016-8678The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ...jessie, sid, stretch, wheezy
CVE-2017-6502An issue was discovered in ImageMagick 6.9.7. A specially crafted webp ...jessie, sid, stretch, wheezy
CVE-2017-7275The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows ...jessie, sid, stretch, wheezy
initramfs-toolsCVE-2008-4996** DISPUTED ** ...jessie, sid, stretch, wheezy
iptablesCVE-2012-2663extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP ...jessie, sid, stretch, wheezy
irssiTEMP-0000000-E6792Firssi missing null terminatorjessie, wheezy
jasperCVE-2016-10248The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before ...jessie, wheezy
CVE-2016-8883The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 ...jessie
CVE-2016-8887The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer ...jessie
CVE-2016-9387Integer overflow in the jpc_dec_process_siz function in ...jessie, wheezy
CVE-2016-9388The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows ...jessie, wheezy
CVE-2016-9389The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before ...jessie, wheezy
CVE-2016-9390The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 ...jessie, wheezy
CVE-2016-9391The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 ...jessie, wheezy
CVE-2016-9392The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 ...jessie, wheezy
CVE-2016-9393The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 ...jessie, wheezy
CVE-2016-9394The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 ...jessie, wheezy
CVE-2016-9395The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 ...jessie, wheezy
CVE-2016-9396The JPC_NOMINALGAIN function in jpc_t1cod.c in JasPer before 1.900.12 ...jessie, wheezy
CVE-2016-9397The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows ...jessie, wheezy
CVE-2016-9398The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 ...jessie, wheezy
CVE-2016-9399The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows ...jessie, wheezy
CVE-2016-9583Out of bounds heap read in jpc_pi_nextpcrl()jessie, wheezy
CVE-2016-9600Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoderjessie, wheezy
CVE-2017-5498libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote ...jessie, wheezy
CVE-2017-5499Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows ...jessie, wheezy
CVE-2017-5500libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to ...jessie, wheezy
CVE-2017-5502libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to ...jessie, wheezy
CVE-2017-5504The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer ...jessie, wheezy
CVE-2017-5505The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows ...jessie, wheezy
CVE-2017-6850The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 ...jessie, wheezy
CVE-2017-6851The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows ...jessie, wheezy
jettyCVE-2009-3579Cross-site scripting (XSS) vulnerability in the CookieDump.java sample ...jessie, wheezy
jqueryCVE-2007-2379The jQuery framework exchanges data using JavaScript Object Notation ...jessie, sid, stretch, wheezy
json-glibTEMP-0772585-D41D8Cjessie, sid, stretch
kde-baseappsCVE-2012-4512jessie, sid, stretch, wheezy
CVE-2012-4513khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows ...jessie, sid, stretch, wheezy
CVE-2012-4514rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows ...jessie, sid, stretch, wheezy
CVE-2012-4515Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in ...jessie, sid, stretch, wheezy
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...jessie, sid, stretch, wheezy
kde-workspaceCVE-2013-4133memory leakwheezy
CVE-2014-8651The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and ...wheezy
kde4libsCVE-2009-1692WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, ...jessie, sid, stretch, wheezy
CVE-2009-1718WebKit in Apple Safari before 4.0 allows user-assisted remote ...jessie, sid, stretch, wheezy
CVE-2009-1724Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...jessie, sid, stretch, wheezy
CVE-2009-3015QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...jessie, sid, stretch, wheezy
CVE-2009-3272Stack consumption vulnerability in WebKit.dll in WebKit in Apple ...jessie, sid, stretch, wheezy
TEMP-0560108-565B70browser-based css info disclosurejessie, sid, stretch, wheezy
TEMP-0568486-B6FCB6browser javascript document.write denial-of-servicejessie, sid, stretch, wheezy
kdepimCVE-2006-7139Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, ...jessie, sid, stretch, wheezy
CVE-2007-1265KMail 1.9.5 and earlier does not properly use the --status-fd argument ...jessie, sid, stretch, wheezy
kfreebsd-10CVE-2011-2393The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...jessie, sid, stretch
CVE-2015-5675IRET privilege escalationjessie
CVE-2016-1879The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 ...jessie, sid, stretch
CVE-2016-1880The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and ...jessie
CVE-2016-1881The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause ...jessie
CVE-2016-1882FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow ...jessie
CVE-2016-1883The issetugid system call in the Linux compatibility layer in FreeBSD ...jessie
CVE-2016-1885Integer signedness error in the amd64_set_ldt function in ...jessie
CVE-2016-1886Integer signedness error in the genkbd_commonioctl function in ...jessie
CVE-2016-1887Integer signedness error in the sockargs function in ...jessie
kfreebsd-9CVE-2016-1883The issetugid system call in the Linux compatibility layer in FreeBSD ...wheezy
krb5CVE-2004-0971The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...jessie, sid, stretch, wheezy
latex2rtfCVE-2015-8106Format string vulnerability in the CmdKeywords function in funct1.c in ...jessie
lbreakout2TEMP-0608980-E8B8DFCrash with long HOME environment variablejessie, sid, stretch, wheezy
leptonlibTEMP-0830660-09AE85Insecure use of /tmpjessie, wheezy
lessCVE-2014-9488The is_utf8_well_formed function in GNU less before 475 allows remote ...jessie, sid, stretch, wheezy
lftpCVE-2007-2348mirror --script in lftp before 3.5.9 does not properly quote shell ...jessie, sid, stretch, wheezy
libapache-poi-javaCVE-2016-5000The XLSX2CSV example in Apache POI before 3.14 allows remote attackers ...jessie, sid, stretch, wheezy
libavCVE-2016-6881The zlib_refill function in libavformat/swfdec.c in FFmpeg before ...jessie, wheezy
CVE-2016-7477The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 ...jessie, wheezy
CVE-2016-7499The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote ...jessie, wheezy
CVE-2016-8675The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote ...jessie, wheezy
CVE-2016-8676The get_vlc2 function in get_bits.h in Libav 11.9 allows remote ...jessie, wheezy
CVE-2016-9819libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause ...jessie
CVE-2016-9820libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to ...jessie
CVE-2016-9825libswscale/utils.c in libav 11.8 allows remote attackers to cause a ...jessie, wheezy
CVE-2016-9826libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause ...jessie, wheezy
libcapsinetworkCVE-2015-0841off-by-one buffer overflow in Listener::checkActivity in libcapsinetwork/monopdwheezy
libcommons-collections4-javaCVE-2015-7501java unserialisation issuesjessie, sid, stretch
libcommons-fileupload-javaCVE-2013-0248The default configuration of javax.servlet.context.tempdir in Apache ...wheezy
CVE-2016-1000031Apache Commons FileUpload DiskFileItem File Manipulation Remote Code ...jessie, sid, stretch, wheezy
libcrypto++CVE-2016-7420Crypto++ (aka cryptopp) through 5.6.4 does not document the ...jessie, sid, stretch, wheezy
libdata-uuid-perlCVE-2013-4184symlink attacksjessie, sid, stretch
libemail-address-perlCVE-2015-7686Algorithmic complexity vulnerability in Address.pm in the ...jessie, sid, stretch, wheezy
libgaduCVE-2013-4488libgadu before 1.12.0 does not verify X.509 certificates from SSL ...jessie, sid, stretch, wheezy
libgnumail-javaCVE-2005-1105Directory traversal vulnerability in the MimeBodyPart.getFileName ...jessie, sid, stretch, wheezy
libjpeg6bCVE-2016-3616The cjpeg utility in libjpeg allows remote attackers to cause a denial ...sid, wheezy
libjs-handlebarsTEMP-0000000-345A3Bhandlebars: quoteless attributes in templates can lead to content injectionjessie, sid, stretch
libmp3-info-perlCVE-2013-6499loading a module relative to the cwdjessie, sid, stretch, wheezy
libnl3CVE-2017-0553An elevation of privilege vulnerability in libnl could enable a local ...jessie
libphp-adodbCVE-2006-4976The Date Library in John Lim ADOdb Library for PHP allows remote ...jessie, sid, stretch, wheezy
CVE-2011-3699John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain ...jessie, sid, stretch, wheezy
libreofficeCVE-2012-5639jessie, sid, stretch, wheezy
CVE-2013-4156Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to ...wheezy
libspring-javaCVE-2016-1000027jessie, wheezy
libstruts1.2-javaCVE-2012-1007Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...wheezy
libuvCVE-2014-9748jessie, sid
libv8CVE-2015-3910Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as ...wheezy
CVE-2015-5605The regular-expression implementation in Google V8, as used in Google ...wheezy
CVE-2015-7834Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as ...wheezy
CVE-2015-8478Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as ...wheezy
CVE-2016-1646The Array.prototype.concat implementation in builtins.cc in Google V8, ...wheezy
CVE-2016-1653The LoadBuffer implementation in Google V8, as used in Google Chrome ...wheezy
CVE-2016-1665The JSGenericLowering class in compiler/js-generic-lowering.cc in ...wheezy
CVE-2016-1669The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as ...wheezy
CVE-2016-1677uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before ...wheezy
CVE-2016-1678objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome ...wheezy
CVE-2016-1688The regexp (aka regular expression) implementation in Google V8 before ...wheezy
CVE-2016-2051Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, ...wheezy
CVE-2016-3679Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, ...wheezy
CVE-2016-5129Google V8 before 5.2.361.32, as used in Google Chrome before ...wheezy
CVE-2016-5198V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 ...wheezy
CVE-2016-5200V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 ...wheezy
CVE-2016-5213A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, ...wheezy
CVE-2016-5219A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for ...wheezy
CVE-2016-9651wheezy
CVE-2017-5012A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for ...wheezy
CVE-2017-5030wheezy
CVE-2017-5040wheezy
CVE-2017-5053wheezy
CVE-2017-5054wheezy
libv8-3.14CVE-2013-2632Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, ...jessie, sid, stretch
CVE-2013-2838Google V8, as used in Google Chrome before 27.0.1453.93, allows remote ...jessie, sid, stretch
CVE-2013-2882Google V8, as used in Google Chrome before 28.0.1500.95, allows remote ...jessie, sid, stretch
CVE-2013-2919Google V8, as used in Google Chrome before 30.0.1599.66, allows remote ...jessie, sid, stretch
CVE-2013-6638Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, ...jessie, sid, stretch
CVE-2013-6649Use-after-free vulnerability in the RenderSVGImage::paint function in ...jessie, sid, stretch
CVE-2013-6650The StoreBuffer::ExemptPopularPages function in store-buffer.cc in ...jessie, sid, stretch
CVE-2013-6668Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, ...jessie, sid, stretch
CVE-2014-1704Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, ...jessie, sid, stretch
CVE-2014-1705Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and ...jessie, sid, stretch
CVE-2014-1716Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype ...jessie, sid, stretch
CVE-2014-1717Google V8, as used in Google Chrome before 34.0.1847.116, does not ...jessie, sid, stretch
CVE-2014-1729Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, ...jessie, sid, stretch
CVE-2014-1730Google V8, as used in Google Chrome before 34.0.1847.131 on Windows ...jessie, sid, stretch
CVE-2014-1735Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, ...jessie, sid, stretch
CVE-2014-1736Integer overflow in api.cc in Google V8, as used in Google Chrome ...jessie, sid, stretch
CVE-2014-3152Integer underflow in the LCodeGen::PrepareKeyedOperand function in ...jessie, sid, stretch
CVE-2014-3188Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 ...jessie, sid, stretch
CVE-2014-3195Google V8, as used in Google Chrome before 38.0.2125.101, does not ...jessie, sid, stretch
CVE-2014-3199The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the ...jessie, sid, stretch
CVE-2014-7192Eval injection vulnerability in index.js in the syntax-error package ...jessie, sid, stretch
CVE-2014-7927The SimplifiedLowering::DoLoadBuffer function in ...jessie, sid, stretch
CVE-2014-7928hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, ...jessie, sid, stretch
CVE-2014-7931factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, ...jessie, sid, stretch
CVE-2014-7939Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 ...jessie, sid, stretch
CVE-2014-7967Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, ...jessie, sid, stretch
CVE-2015-1230The getHiddenProperty function in ...jessie, sid, stretch
CVE-2015-1304object-observe.js in Google V8, as used in Google Chrome before ...jessie, sid, stretch
CVE-2015-1346Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, ...jessie, sid, stretch
CVE-2015-2238Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as ...jessie, sid, stretch
CVE-2015-3333Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as ...jessie, sid, stretch
CVE-2015-3336Google Chrome before 42.0.2311.90 does not always ask the user before ...jessie, sid, stretch
CVE-2015-6764The BasicJsonStringifier::SerializeJSArray function in ...jessie, sid, stretch
CVE-2015-6771js/array.js in Google V8, as used in Google Chrome before ...jessie, sid, stretch
CVE-2015-6774Use-after-free vulnerability in the GetLoadTimes function in ...jessie, sid, stretch
libvirtCVE-2013-4311libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x ...wheezy
libvpxCVE-2015-1258Google Chrome before 43.0.2357.65 relies on libvpx code that was not ...jessie
CVE-2015-4506Buffer overflow in the vp9_init_context_buffers function in libvpx, as ...jessie
libwebpCVE-2016-9085Multiple integer overflows in libwebp allows attackers to have ...jessie, sid, stretch
libwmfCVE-2007-3476Array index error in gd_gif_in.c in the GD Graphics Library (libgd) ...jessie, sid, stretch, wheezy
CVE-2007-3477The (a) imagearc and (b) imagefilledarc functions in GD Graphics ...jessie, sid, stretch, wheezy
CVE-2007-3996Multiple integer overflows in libgd in PHP before 5.2.4 allow remote ...jessie, sid, stretch, wheezy
CVE-2009-3546The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before ...jessie, sid, stretch, wheezy
TEMP-0601525-BEBB65libgd2: gdImageColorTransparent can write outside bufferjessie, sid, stretch, wheezy
libxerces2-javaCVE-2012-0881xerces-j2 hash table collisions CPU usage DoSjessie, sid, stretch, wheezy
liloCVE-2008-3895LILO 22.6.1 and earlier stores pre-boot authentication passwords in ...jessie, sid, stretch, wheezy
lintianCVE-2013-1429Lintian unsafe symlinkswheezy
linuxCVE-2004-0230TCP, when using a large Window Size, makes it easier for remote ...jessie, sid, stretch, wheezy
CVE-2005-3660Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...jessie, sid, stretch, wheezy
CVE-2007-3719The process scheduler in the Linux kernel 2.6.16 gives preference to ...jessie, sid, stretch, wheezy
CVE-2008-2544jessie, sid, stretch, wheezy
CVE-2008-4609The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...jessie, sid, stretch, wheezy
CVE-2010-4563The Linux kernel, when using IPv6, allows remote attackers to ...jessie, sid, stretch, wheezy
CVE-2010-5321v4l: videobuf: hotfix a bug on multiple calls to mmap()jessie, sid, stretch, wheezy
CVE-2011-4915jessie, sid, stretch, wheezy
CVE-2011-4917jessie, sid, stretch, wheezy
CVE-2012-4542block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly ...jessie, sid, stretch, wheezy
CVE-2012-5374The CRC32C feature in the Btrfs implementation in the Linux kernel ...wheezy
CVE-2012-5375The CRC32C feature in the Btrfs implementation in the Linux kernel ...wheezy
CVE-2013-4514Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in ...wheezy
CVE-2013-4515The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the ...wheezy
CVE-2014-9892The snd_compr_tstamp function in sound/core/compress_offload.c in the ...jessie, sid, stretch, wheezy
CVE-2014-9900The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel ...jessie, sid, stretch, wheezy
CVE-2015-2877** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel ...jessie, sid, stretch, wheezy
CVE-2015-4001Integer signedness error in the oz_hcd_get_desc_cnf function in ...jessie
CVE-2015-4002drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux ...jessie
CVE-2015-4003The oz_usb_handle_ep_data function in ...jessie
CVE-2015-4004The OZWPAN driver in the Linux kernel through 4.0.5 relies on an ...jessie
CVE-2015-7837jessie, wheezy
CVE-2015-7885The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in ...jessie
CVE-2015-8967arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local ...jessie, wheezy
CVE-2016-2085The evm_verify_hmac function in security/integrity/evm/evm_main.c in ...wheezy
CVE-2016-3707The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org ...wheezy
CVE-2016-3857The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices ...jessie
CVE-2016-9120Race condition in the ion_ioctl function in ...jessie
TEMP-0000000-F7A20FKernel: Unprivileged user can freeze journaldjessie, sid, stretch, wheezy
lxcCVE-2013-6441The lxc-sshd template (templates/lxc-sshd.in) in LXC before ...wheezy
m2cryptoCVE-2009-0127** DISPUTED ** M2Crypto does not properly check the return value from ...jessie, sid, stretch, wheezy
m4CVE-2008-1687The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before ...jessie, sid, stretch, wheezy
CVE-2008-1688Unspecified vulnerability in GNU m4 before 1.4.11 might allow ...jessie, sid, stretch, wheezy
magpierssCVE-2006-4735Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain ...jessie, sid, stretch, wheezy
maildirsyncCVE-2008-5150sample.sh in maildirsync 1.1 allows local users to append data to ...jessie, sid, stretch, wheezy
mailmanCVE-2006-2191** DISPUTED ** ...jessie, sid, stretch, wheezy
mantisCVE-2014-9279The print_test_result function in admin/upgrade_unattended.php in ...wheezy
matanzaCVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...jessie, sid, stretch, wheezy
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...jessie, sid, stretch, wheezy
mcollectiveCVE-2014-0175default password set at installjessie, sid, wheezy
mediaelementCVE-2016-4567Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as ...jessie, sid, stretch
mediawikiCVE-2007-0894MediaWiki before 1.9.2 allows remote attackers to obtain sensitive ...sid, stretch, wheezy
CVE-2014-1686sid, stretch, wheezy
CVE-2015-2941Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, ...wheezy
CVE-2015-2942MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before ...wheezy
mediawiki-extensionsCVE-2013-4305Cross-site scripting (XSS) vulnerability in contrib/example.php in the ...jessie, wheezy
mh-bookCVE-2008-5152inmail-show in mh-book 200605 allows local users to overwrite ...jessie, sid, stretch, wheezy
midoriCVE-2012-2132libsoup 2.32.2 and earlier does not validate certificates or clear the ...sid, stretch, wheezy
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...sid, stretch, wheezy
mini-httpdCVE-2009-4490mini_httpd 1.19 writes data to a log file without sanitizing ...sid, stretch, wheezy
moinCVE-2007-0902Unspecified vulnerability in the "Show debugging information" feature ...jessie, sid, stretch, wheezy
mojarraCVE-2010-2087Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application ...jessie, sid, stretch, wheezy
mongodbCVE-2015-2327PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and ...jessie, sid, stretch, wheezy
CVE-2015-2328PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related ...jessie, sid, stretch, wheezy
monitoring-pluginsCVE-2013-4215The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins ...jessie, sid, stretch
CVE-2014-4701The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local ...jessie, sid, stretch
CVE-2014-4702The check_icmp plugin in Nagios Plugins before 2.0.2 allows local ...jessie, sid, stretch
CVE-2014-4703lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain ...jessie, sid, stretch
monopdCVE-2015-0841off-by-one buffer overflow in Listener::checkActivity in libcapsinetwork/monopdjessie, sid, stretch, wheezy
moodleCVE-2006-4976The Date Library in John Lim ADOdb Library for PHP allows remote ...sid
CVE-2008-3327Moodle 1.6.5, when display_errors is enabled, allows remote attackers ...sid
CVE-2017-7298In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add ...sid
mp3spltCVE-2017-5665The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 ...jessie, sid, wheezy
CVE-2017-5851The free_options function in options_manager.c in mp3splt 2.6.2 allows ...jessie, sid, wheezy
mupdfCVE-2016-10246Buffer overflow in the main function in jstest_main.c in Mujstest in ...jessie, sid, stretch, wheezy
CVE-2016-10247Buffer overflow in the my_getline function in jstest_main.c in ...jessie, sid, stretch, wheezy
CVE-2017-6060Stack-based buffer overflow in jstest_main.c in mujstest in Artifex ...jessie, sid, stretch, wheezy
mustache.jsCVE-2015-8861The handlebars package before 4.0.0 for Node.js allows remote ...jessie, sid, stretch
CVE-2015-8862mustache package before 2.2.1 for Node.js allows remote attackers to ...jessie, sid, stretch
TEMP-0000000-137F0Aquoteless attributes in templates can lead to content injectionjessie, sid, stretch
muttCVE-2007-1268Mutt 1.5.13 and earlier does not properly use the --status-fd argument ...jessie, sid, stretch, wheezy
TEMP-0775199-D05A9Esmime_keys: insecure use of /tmpjessie, wheezy
mysql-5.5CVE-2012-5613** DISPUTED ** ...jessie, wheezy
CVE-2012-5627Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and ...jessie, wheezy
nagios-nrpeCVE-2014-2913** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios ...wheezy
nagios-pluginsCVE-2013-4215The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins ...wheezy
CVE-2014-4701The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local ...wheezy
CVE-2014-4702The check_icmp plugin in Nagios Plugins before 2.0.2 allows local ...wheezy
CVE-2014-4703lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain ...wheezy
nagios3CVE-2008-5027The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor ...jessie, wheezy
net-toolsCVE-2002-1976ifconfig, when used on the Linux kernel 2.2 and later, does not report ...jessie, sid, stretch, wheezy
netsurfCVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...jessie, sid, stretch, wheezy
network-manager-appletCVE-2017-6590An issue was discovered in network-manager-applet (aka ...jessie, sid, stretch, wheezy
nghttp2TEMP-0000000-A4EF31Null pointer access in inflatehd tooljessie, sid, stretch
nginxCVE-2009-4487nginx 0.7.64 writes data to a log file without sanitizing ...jessie, sid, stretch, wheezy
node-cliCVE-2016-1000021jessie, sid
node-cookie-signatureCVE-2016-1000236jessie, sid, stretch
node-expressCVE-2014-6393cross-site scripting via content-type headerjessie, sid, stretch
node-markedCVE-2015-1370Incomplete blacklist vulnerability in marked 0.3.2 and earlier for ...jessie, sid, stretch
CVE-2015-8854The marked package before 0.3.4 for Node.js allows attackers to cause ...jessie, sid, stretch
CVE-2016-1000013jessie, sid, stretch
node-minimatchCVE-2016-1000023jessie, sid, stretch
node-momentCVE-2016-4055The duration function in the moment package before 2.11.2 for Node.js ...sid, stretch
TEMP-0000000-750F16regular expression DoSsid, stretch
node-negotiatorCVE-2016-1000022jessie, sid, stretch
node-semverCVE-2015-8855The semver package before 4.3.2 for Node.js allows attackers to cause ...jessie, sid, stretch
node-sendCVE-2015-8859The send package before 0.11.1 for Node.js allows attackers to obtain ...jessie, sid, stretch
TEMP-0000000-FD1F92root path disclosurejessie, sid, stretch
node-serve-indexCVE-2015-8856Cross-site scripting (XSS) vulnerability in the serve-index package ...jessie, sid, stretch
node-tarCVE-2015-8860The tar package before 2.0.0 for Node.js allows remote attackers to ...jessie, sid, stretch
node-uuidCVE-2015-8851jessie, sid, stretch
node-wsCVE-2016-1000025jessie, sid, stretch
TEMP-0000000-BBB7D8remote memory disclosurejessie
nodejsCVE-2014-5256Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider ...jessie, sid, stretch
CVE-2014-9748jessie
CVE-2016-1669The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as ...jessie
CVE-2016-2086Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before ...jessie
CVE-2016-2216The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 ...jessie
CVE-2016-5325CRLF injection vulnerability in the ServerResponse#writeHead function ...jessie
CVE-2016-7099The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, ...jessie
novaCVE-2013-0326_base images permissions world readablejessie, sid, stretch, wheezy
CVE-2015-1850Host file disclosure through qcow2 backing filejessie, sid, stretch, wheezy
nsdCVE-2016-6173NSD before 4.1.11 allows remote DNS master servers to cause a denial ...jessie, sid, stretch
ntpCVE-2016-2517NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to ...jessie, wheezy
CVE-2017-6458Multiple buffer overflows in the ctl_put* functions in NTP before ...jessie, wheezy
CVE-2017-6462Buffer overflow in the legacy Datum Programmable Time Server (DPTS) ...jessie, wheezy
nviCVE-2015-2305Integer overflow in the regcomp implementation in the Henry Spencer ...jessie, wheezy
nvidia-cg-toolkitCVE-2008-5144nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...jessie, sid, stretch, wheezy
ocsinventory-serverCVE-2010-1733Multiple SQL injection vulnerabilities in OCS Inventory NG before ...jessie, sid, wheezy
CVE-2014-4722Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports ...jessie, sid, wheezy
openjdk-6CVE-2007-0012Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...wheezy
CVE-2007-5019Buffer overflow in the Sun Java Web Start ActiveX control in Java ...wheezy
CVE-2012-2739Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 ...wheezy, jessie, wheezy
openjpegCVE-2013-4289Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before ...jessie, wheezy
CVE-2013-4290Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote ...jessie, wheezy
openjpeg2CVE-2016-7445convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a ...jessie
CVE-2016-9113There is a NULL pointer dereference in function imagetobmp of ...jessie, sid, stretch
CVE-2016-9114There is a NULL Pointer Access in function imagetopnm of ...jessie, sid, stretch
CVE-2016-9115Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in ...jessie, sid, stretch
CVE-2016-9116NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in ...jessie, sid, stretch
CVE-2016-9117NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in ...jessie, sid, stretch
CVE-2016-9580integer overflow in tiftoimage resulting into heap buffer overflowjessie, sid, stretch
CVE-2016-9581infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1jessie, sid, stretch
openldapCVE-2015-3276The nss_parse_ciphers function in libraries/libldap/tls_m.c in ...jessie, sid, stretch, wheezy
openoffice.orgCVE-2005-4636OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, ...wheezy
CVE-2007-4251OpenOffice.org (OOo) 2.2 does not properly handle files with multiple ...wheezy
CVE-2013-4156Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to ...wheezy
openrptCVE-2015-2305Integer overflow in the regcomp implementation in the Henry Spencer ...jessie, sid, stretch
opensshCVE-2007-2243OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is ...jessie, sid, stretch, wheezy
CVE-2007-2768OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, ...jessie, sid, stretch, wheezy
CVE-2008-3234sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH ...jessie, sid, stretch, wheezy
CVE-2016-10010sshd in OpenSSH before 7.4, when privilege separation is not used, ...jessie, wheezy
opensslCVE-2007-6755The NIST SP 800-90A default statement of the Dual Elliptic Curve ...jessie, sid, stretch, wheezy
CVE-2010-0928OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx ...jessie, sid, stretch, wheezy
openvpnCVE-2006-2229OpenVPN 2.0.7 and earlier, when configured to use the --management ...jessie, sid, stretch, wheezy
CVE-2016-6329OpenVPN, when using a 64-bit block cipher, makes it easier for remote ...jessie, sid, stretch, wheezy
optipngCVE-2015-7802gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote ...jessie, wheezy
opus-toolsCVE-2014-9638oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial ...jessie, wheezy
os-proberCVE-2008-5135** DISPUTED ** ...jessie, sid, stretch, wheezy
oscCVE-2012-1095osc before 0.134 might allow remote OBS repository servers or package ...jessie, sid, stretch, wheezy
parallelCVE-2015-4155GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) ...jessie, wheezy
CVE-2015-4156GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) ...jessie, wheezy
patchCVE-2010-4651Directory traversal vulnerability in util.c in GNU patch 2.6.1 and ...jessie, sid, stretch, wheezy
pax-utilsTEMP-0856196-13C562scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)jessie, sid, stretch, wheezy
pcre3CVE-2015-2325heap buffer overflow in compile_branch()wheezy
CVE-2017-7245Stack-based buffer overflow in the pcre32_copy_substring function in ...jessie, sid, stretch
CVE-2017-7246Stack-based buffer overflow in the pcre32_copy_substring function in ...jessie, sid, stretch
percona-toolkitCVE-2015-1027MITM vulnerability via version checkjessie, jessie, sid
perlCVE-2010-4777The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, ...wheezy
CVE-2011-4116unsafe traversal of symlinksjessie, sid, stretch, wheezy
CVE-2012-3878Perl require Directive Path Subversion Arbitrary Module / File Loading Weaknessjessie, sid, stretch, wheezy
TEMP-0769606-4AA6CFa2p: buffer overflowjessie, wheezy
php-apcCVE-2010-3294Cross-site scripting (XSS) vulnerability in apc.php in the Alternative ...wheezy
php-font-libCVE-2014-2570Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP ...jessie, sid, stretch
php-gettextTEMP-0000000-07A77Dphp-gettext XSSjessie, sid, stretch, wheezy
php-openidCVE-2016-2049examples/consumer/common.php in JanRain PHP OpenID library (aka ...jessie, wheezy
php-pearCVE-2017-5630PECL in the download utility class in the Installer in PEAR Base System ...sid, stretch
php5CVE-2006-0931Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...jessie, wheezy
CVE-2006-4023The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...jessie, wheezy
CVE-2006-6383PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...jessie, wheezy
CVE-2006-7205The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...jessie, wheezy
CVE-2007-0448The fopen function in PHP 5.2.0 does not properly handle invalid URI ...jessie, wheezy
CVE-2007-1413Buffer overflow in the snmpget function in the snmp extension in PHP ...jessie, wheezy
CVE-2007-1581The resource system in PHP 5.0.0 through 5.2.1 allows ...jessie, wheezy
CVE-2007-1582The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...jessie, wheezy
CVE-2007-1710The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...jessie, wheezy
CVE-2007-1835PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...jessie, wheezy
CVE-2007-1883PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...jessie, wheezy
CVE-2007-1890Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...jessie, wheezy
CVE-2007-3205The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...jessie, wheezy
CVE-2007-3294Multiple buffer overflows in libtidy, as used in the Tidy extension ...jessie, wheezy
CVE-2007-4255Buffer overflow in the mSQL extension in PHP 5.2.3 allows ...jessie, wheezy
CVE-2007-4596The perl extension in PHP does not follow safe_mode restrictions, ...jessie, wheezy
CVE-2007-4889The MySQL extension in PHP 5.2.4 and earlier allows remote attackers ...jessie, wheezy
CVE-2007-5424The disable_functions feature in PHP 4 and 5 allows attackers to ...jessie, wheezy
CVE-2008-2666Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...jessie, wheezy
CVE-2008-4107The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...jessie, wheezy
CVE-2008-5625PHP 5 before 5.2.7 does not enforce the error_log safe_mode ...jessie, wheezy
CVE-2008-7002PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...jessie, wheezy
CVE-2009-3559** DISPUTED ** ...jessie, wheezy
CVE-2009-4418The unserialize function in PHP 5.3.0 and earlier allows ...jessie, wheezy
CVE-2010-1861The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...jessie, wheezy
CVE-2010-1862The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...jessie, wheezy
CVE-2010-1868The (1) sqlite_single_query and (2) sqlite_array_query functions in ...jessie, wheezy
CVE-2010-1914The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...jessie, wheezy
CVE-2010-1915The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ...jessie, wheezy
CVE-2010-2097The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...jessie, wheezy
CVE-2010-2100The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) ...jessie, wheezy
CVE-2010-2101The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) ...jessie, wheezy
CVE-2010-2190The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions ...jessie, wheezy
CVE-2010-3062mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through ...jessie, wheezy
CVE-2010-3063The php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...jessie, wheezy
CVE-2010-3064Stack-based buffer overflow in the php_mysqlnd_auth_write function in ...jessie, wheezy
CVE-2012-1171The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to ...jessie, wheezy
CVE-2012-3365The SQLite functionality in PHP before 5.3.15 allows remote attackers ...jessie, wheezy
CVE-2013-3735** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 ...jessie, wheezy
CVE-2013-4635Integer overflow in the SdnToJewish function in jewish.c in the ...wheezy
CVE-2013-6501The default soap.wsdl_cache_dir setting in (1) php.ini-production and ...jessie, wheezy
CVE-2013-7456gd_interpolation.c in the GD Graphics Library (aka libgd) before ...wheezy
CVE-2014-3622Posthandler Potential Illegal efree() vulnerabilitywheezy
CVE-2014-3981acinclude.m4, as used in the configure script in PHP 5.5.13 and ...wheezy
CVE-2014-4698Use-after-free vulnerability in ext/spl/spl_array.c in the SPL ...wheezy
CVE-2014-9425Double free vulnerability in the zend_ts_hash_graceful_destroy ...jessie, wheezy
CVE-2014-9709The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used ...wheezy
CVE-2015-4116Use-after-free vulnerability in the spl_ptr_heap_insert function in ...wheezy
CVE-2015-8874Stack consumption vulnerability in GD in PHP before 5.6.12 allows ...wheezy
CVE-2015-8877The gdImageScaleTwoPass function in gd_interpolation.c in the GD ...wheezy
CVE-2016-10167The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics ...wheezy
CVE-2016-10168Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) ...wheezy
CVE-2016-3074Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or ...wheezy
CVE-2016-5116gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used ...jessie, wheezy
CVE-2016-5766Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD ...wheezy
CVE-2016-5767Integer overflow in the gdImageCreate function in gd.c in the GD ...wheezy
CVE-2016-6207Integer overflow in the _gdContributionsAlloc function in ...wheezy
CVE-2016-7126The imagetruecolortopalette function in ext/gd/gd.c in PHP before ...wheezy
CVE-2016-7127The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and ...wheezy
CVE-2016-7568Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD ...wheezy
CVE-2016-9933Stack consumption vulnerability in the gdImageFillToBorder function in ...wheezy
CVE-2017-5630PECL in the download utility class in the Installer in PEAR Base System ...jessie, wheezy
phpmyadminCVE-2005-3622phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain ...jessie, sid, stretch, wheezy
CVE-2005-4349** DISPUTED ** ...jessie, sid, stretch, wheezy
CVE-2006-6373PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...jessie, sid, stretch, wheezy
CVE-2007-4306Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...jessie, sid, stretch, wheezy
CVE-2012-4219show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows ...wheezy
CVE-2013-4998phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote ...wheezy
CVE-2013-4999phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain ...wheezy
CVE-2013-5000phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain ...wheezy
CVE-2015-8669libraries/config/messages.inc.php in phpMyAdmin 4.0.x before ...jessie, wheezy
CVE-2015-8980Arbitrary code execution in select_string, ngettext and npgettext count parameterjessie, wheezy
CVE-2016-2038phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x ...jessie
CVE-2016-2042phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote ...jessie
CVE-2016-5730phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x ...jessie, wheezy
CVE-2016-9847An issue was discovered in phpMyAdmin. When the user does not specify ...jessie, wheezy
CVE-2016-9848An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP ...jessie, wheezy
CVE-2016-9852An issue was discovered in phpMyAdmin. By calling some scripts that ...jessie, wheezy
CVE-2016-9853An issue was discovered in phpMyAdmin. By calling some scripts that ...jessie, wheezy
CVE-2016-9854An issue was discovered in phpMyAdmin. By calling some scripts that ...jessie, wheezy
CVE-2016-9855An issue was discovered in phpMyAdmin. By calling some scripts that ...jessie, wheezy
CVE-2016-9856An XSS issue was discovered in phpMyAdmin because of an improper fix ...jessie, wheezy
CVE-2016-9857An issue was discovered in phpMyAdmin. XSS is possible because of a ...jessie, wheezy
CVE-2016-9858An issue was discovered in phpMyAdmin. With a crafted request ...jessie, wheezy
CVE-2016-9859An issue was discovered in phpMyAdmin. With a crafted request ...jessie, wheezy
CVE-2016-9860An issue was discovered in phpMyAdmin. An unauthenticated user can ...jessie, wheezy
CVE-2016-9866An issue was discovered in phpMyAdmin. When the arg_separator is ...jessie, wheezy
TEMP-0000000-0404C1phpMyAdmin PMASA-2017-1 - PMASA-2017-7jessie, wheezy
phppgadminCVE-2006-4976The Date Library in John Lim ADOdb Library for PHP allows remote ...jessie, sid, stretch, wheezy
phpsysinfoCVE-2006-3360Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 ...jessie, sid, wheezy
pidginCVE-2008-2956** DISPUTED ** ...jessie, sid, stretch, wheezy
CVE-2012-1257jessie, sid, stretch, wheezy
CVE-2016-1000030X.509 Certificates Improperly Importedwheezy
pillowCVE-2014-3606jessie, sid, stretch
CVE-2016-3076j2k integer overflow error on encodejessie, sid, stretch
pnp4nagiosCVE-2012-3457PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for ...wheezy
polarsslCVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft ...jessie, wheezy
popplerCVE-2012-2142Insufficient sanitization of escape sequences in the error messagewheezy
CVE-2013-4472The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 ...jessie, sid, stretch, wheezy
postfixCVE-2008-4977** DISPUTED ** ...jessie, sid, stretch, wheezy
powerpc-utilsCVE-2014-4040snap in powerpc-utils 1.2.20 produces an archive with fstab and ...jessie, wheezy
pppCVE-2008-5366The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local ...jessie, sid, stretch, wheezy
CVE-2008-5367ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to ...jessie, sid, stretch, wheezy
printfilters-ppdCVE-2008-5034** DISPUTED ** ...jessie, sid, wheezy
procmailCVE-2014-9681preserves TZ by defaultjessie, sid, stretch, wheezy
protobufCVE-2015-5237Integer overflow in protobuf serializationjessie, sid, stretch, wheezy
ptlibCVE-2015-2305Integer overflow in the regcomp implementation in the Henry Spencer ...jessie, sid, stretch, wheezy
pwgenCVE-2013-4440Password Generator (aka Pwgen) before 2.07 generates weak non-tty ...wheezy
CVE-2013-4441Phonemes mode has heavy bias and is enabled by defaultjessie, sid, stretch, wheezy
CVE-2013-4442Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated ...wheezy
pycode-browserCVE-2015-0849predictable temporary file vulnerabilityjessie
python-defaultsCVE-2008-4108Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) ...jessie, sid, stretch, wheezy
python-imagingCVE-2014-3606wheezy
CVE-2016-3076j2k integer overflow error on encodewheezy
python-pipCVE-2013-5123insecure mirroringwheezy
python-rplyCVE-2014-1938insecure use of /tmpjessie
python2.6CVE-2011-4940The list_directory function in Lib/SimpleHTTPServer.py in ...wheezy
CVE-2013-7040Python 2.7 before 3.4 only uses the last eight bits of the prefix to ...wheezy
CVE-2016-1000110wheezy
python2.7CVE-2010-3492The asyncore module in Python before 3.2 does not properly handle ...wheezy
CVE-2013-7040Python 2.7 before 3.4 only uses the last eight bits of the prefix to ...jessie, sid, stretch, wheezy
CVE-2016-1000110jessie, wheezy
python3.2CVE-2010-3492The asyncore module in Python before 3.2 does not properly handle ...wheezy
CVE-2013-7040Python 2.7 before 3.4 only uses the last eight bits of the prefix to ...wheezy
CVE-2016-1000110wheezy, jessie
qemuCVE-2014-9718The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in ...wheezy
CVE-2016-10028The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in ...sid, stretch
CVE-2017-5552Memory leak in the virgl_resource_attach_backing function in ...sid, stretch
CVE-2017-5578Memory leak in the virtio_gpu_resource_attach_backing function in ...sid, stretch
qemu-kvmCVE-2014-9718The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in ...wheezy
CVE-2015-8619The Human Monitor Interface support in QEMU allows remote attackers to ...wheezy
qt4-x11CVE-2009-3015QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...jessie, sid, stretch, wheezy
CVE-2009-3272Stack consumption vulnerability in WebKit.dll in WebKit in Apple ...jessie, sid, stretch, wheezy
TEMP-0560108-565B70browser-based css info disclosurejessie, sid, stretch, wheezy
TEMP-0568486-B6FCB6browser javascript document.write denial-of-servicejessie, sid, stretch, wheezy
qtwebkitCVE-2015-8079jessie, sid, stretch, wheezy
quaggaCVE-2012-5521jessie, sid, stretch, wheezy
railsCVE-2010-3299ruby on rails: padding oracle attackjessie, sid, stretch, wheezy
CVE-2011-3187The to_s method in ...jessie, sid, stretch, wheezy
rawstudioCVE-2013-1438Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in ...wheezy
rcCVE-2014-1936insecure use of /tmpwheezy
remindCVE-2015-5957Buffer overflow in the DumpSysVar function in var.c in Remind before ...jessie, wheezy
rhythmboxCVE-2008-7185GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of ...jessie, sid, stretch, wheezy
rieceTEMP-0601325-4C9A5Binsecure handling of /tmp files in debian/preinstjessie, wheezy
rpmCVE-2010-2198lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the ...jessie, sid, stretch, wheezy
CVE-2010-2199lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the ...jessie, sid, stretch, wheezy
rrdtoolCVE-2013-2131Format string vulnerability in the rrdtool module 1.4.7 for Python, as ...wheezy
rsyslogCVE-2015-3243some log files are created world-readablejessie, sid, stretch, wheezy
ruby-activerecord-3.2CVE-2013-3221The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and ...wheezy
ruby-handlebars-assetsTEMP-0000000-345A3Bhandlebars: quoteless attributes in templates can lead to content injectionjessie, sid, stretch
ruby1.8CVE-2014-3916The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 ...wheezy, wheezy, jessie
ruby2.1CVE-2016-2336Type confusion exists in two methods of Ruby's WIN32OLE class, ...jessie, sid, stretch
rubygemsCVE-2013-4287Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN ...wheezy
CVE-2013-4363Algorithmic complexity vulnerability in ...wheezy
s3dCVE-2013-6876wheezy
CVE-2014-1226jessie, wheezy
shadowCVE-2007-5686initscripts in rPath Linux 1 sets insecure permissions for the ...jessie, sid, stretch, wheezy
CVE-2013-4235TOCTOU race conditions by copying and removing directory treesjessie, sid, stretch, wheezy
TEMP-0628843-DBAD28more related to CVE-2005-4890jessie, sid, stretch, wheezy
sharutilsTEMP-0000000-95CBBFuudecode: stack out of bounds read accessjessie, sid, stretch, wheezy
simplesamlphpCVE-2016-3124The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote ...jessie, wheezy
sleuthkitCVE-2012-5619The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file ...wheezy
slimTEMP-0537604-F35BD7insecure tmp file vulnerability in slimjessie, sid, stretch, wheezy
smarty3TEMP-0000000-2C7EFDincorrect handling of {$smarty.template} and {$smarty.current_dir}jessie, sid, stretch, wheezy
smsclientCVE-2008-5155mail2sms.sh in smsclient 2.0.8z allows local users to overwrite ...jessie, wheezy
TEMP-0498901-F99C05unsafe use of tempfile in ssmclientjessie, wheezy
sosreportCVE-2014-0246SOSreport stores the md5 hash of the GRUB bootloader password in an ...jessie, sid, stretch
CVE-2015-7529Usage of predictable temporary files allows privilege escalationjessie
sql-ledgerCVE-2007-0667The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...jessie, sid, stretch, wheezy
CVE-2007-1329Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...jessie, sid, stretch, wheezy
CVE-2007-1923(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...jessie, sid, stretch, wheezy
CVE-2007-5372Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ...jessie, sid, stretch, wheezy
CVE-2008-4077The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) ...jessie, sid, stretch, wheezy
CVE-2008-4078SQL injection vulnerability in the AR/AP transaction report in (1) ...jessie, sid, stretch, wheezy
CVE-2009-3580Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ...jessie, sid, stretch, wheezy
CVE-2009-3581Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger ...jessie, sid, stretch, wheezy
CVE-2009-3582Multiple SQL injection vulnerabilities in the delete subroutine in ...jessie, sid, stretch, wheezy
CVE-2009-3583Directory traversal vulnerability in the Preferences menu item in ...jessie, sid, stretch, wheezy
CVE-2009-3584SQL-Ledger 2.8.24 does not set the secure flag for the session cookie ...jessie, sid, stretch, wheezy
CVE-2009-4402The default configuration of SQL-Ledger 2.8.24 allows remote attackers ...jessie, sid, stretch, wheezy
squidCVE-2009-0801Squid, when transparent interception mode is enabled, uses the HTTP ...wheezy
CVE-2014-6270Off-by-one error in the snmpHandleUdp function in snmp_core.cc in ...wheezy
CVE-2015-3455Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, ...wheezy
CVE-2016-2390The FwdState::connectedToPeer method in FwdState.cc in Squid before ...wheezy
squid3CVE-2009-0801Squid, when transparent interception mode is enabled, uses the HTTP ...wheezy
CVE-2014-0128Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is ...wheezy
CVE-2015-3455Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, ...jessie, wheezy
CVE-2016-2390The FwdState::connectedToPeer method in FwdState.cc in Squid before ...jessie, wheezy
squidguardCVE-2015-8936Cross-site scripting (XSS) vulnerability in squidGuard.cgi in ...jessie
ssmtpCVE-2004-0423The log_event function in ssmtp 2.50.6 and earlier allows local users ...jessie, sid, stretch, wheezy
CVE-2008-7258** DISPUTED ** ...jessie, sid, stretch, wheezy
stalinCVE-2015-8697Insecure use of temporary filesjessie, sid, stretch, wheezy
subversionCVE-2013-2088contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 ...wheezy
CVE-2013-4262svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile ...wheezy
CVE-2013-4505The is_this_legal function in mod_dontdothat for Apache Subversion ...wheezy
CVE-2013-7393The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local ...wheezy
CVE-2014-3522The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before ...wheezy
suckless-toolsCVE-2012-1620slock 0.9 does not properly handle the XRaiseWindow event when the ...wheezy
sudoCVE-2005-1119Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...jessie, sid, stretch, wheezy
surfCVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...jessie, sid, stretch, wheezy
sylpheedCVE-2007-1267Sylpheed 2.2.7 and earlier does not properly use the --status-fd ...jessie, sid, stretch, wheezy
syncevolutionCVE-2014-1639syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses ...wheezy
systemdCVE-2013-4392systemd, when updating file permissions, allows local users to change ...jessie, sid, stretch
sysvinitTEMP-0517018-A83CE6sysvinit: no-root option in expert installer exposes locally exploitable security flawjessie, sid, stretch, wheezy
tarCVE-2005-2541Tar 1.15.1 does not properly warn the user when extracting setuid or ...jessie, sid, stretch, wheezy
TEMP-0290435-0B57B5tar's rmt command may have undesired side effectsjessie, sid, stretch, wheezy
texlive-binCVE-2016-10243arbitrary code executionjessie, sid, stretch, wheezy
thunarTEMP-0517020-915121thunar: potential exploits via application launchersjessie, sid, stretch, wheezy
tiffCVE-2010-2596The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and ...jessie, wheezy
CVE-2014-8127out-of-bound readsjessie
CVE-2014-8130divide by zerojessie, sid, stretch, wheezy
CVE-2016-10268tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a ...jessie
CVE-2016-9539tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in ...jessie, wheezy
CVE-2017-5563LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in ...jessie, sid, stretch, wheezy
TEMP-0846838-9738BDtiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missingjessie, wheezy
tinymuxCVE-2007-1959Unspecified vulnerability in the process_cmdent function in ...jessie, sid, stretch, wheezy
tomcat7CVE-2012-5568Apache Tomcat through 7.0.x allows remote attackers to cause a denial ...jessie, sid, stretch, wheezy
CVE-2016-5388Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows ...jessie, wheezy, jessie
torCVE-2006-6893Tor allows remote attackers to discover the IP address of a hidden ...jessie, sid, stretch, wheezy
CVE-2007-1103Tor does not verify a node's uptime and bandwidth advertisements, ...jessie, sid, stretch, wheezy
CVE-2009-0654Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote ...jessie, sid, stretch, wheezy
twistedCVE-2016-1000111jessie, sid, stretch
uclibcCVE-2016-2224The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before ...jessie, sid, stretch
CVE-2016-2225The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng ...jessie, sid, stretch
CVE-2016-6264Integer signedness error in libc/string/arm/memset.S in uClibc and ...jessie, sid, stretch
uglifyjsCVE-2015-8857The uglify-js package before 2.4.24 for Node.js does not properly ...jessie, sid, stretch
CVE-2015-8858The uglify-js package before 2.6.0 for Node.js allows attackers to ...jessie, sid, stretch
unixodbcCVE-2012-2657** DISPUTED ** ...jessie, sid, stretch, wheezy
CVE-2012-2658** DISPUTED ** ...jessie, sid, stretch, wheezy
util-linuxCVE-2015-5218Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before ...jessie, wheezy
CVE-2015-5224login-utils: file name collision due to incorrect mkstemp usejessie, wheezy
CVE-2017-2616Sending SIGKILL to other processes with root privileges via sujessie, wheezy
TEMP-0786804-C23D2Bhwclock(8) SUID privilege escalationjessie, wheezy
uzblCVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...jessie, sid, stretch, wheezy
varnishCVE-2009-4488** DISPUTED ** Varnish 2.0.6 writes data to a log file without ...jessie, sid, stretch, wheezy
vimCVE-2008-4677autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ...jessie, sid, stretch, wheezy
vinoCVE-2011-1164Vino before 2.99.4 can connect external networks contrary to the ...jessie, sid, stretch, wheezy
CVE-2011-1165Vino, possibly before 3.2, does not properly document that it opens ...jessie, sid, stretch, wheezy
vlcCVE-2012-2396VideoLAN VLC media player 2.0.1 allows remote attackers to cause a ...jessie, sid, stretch, wheezy
CVE-2012-5855The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and ...jessie, sid, stretch, wheezy
CVE-2013-3245** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media ...jessie, sid, stretch, wheezy
CVE-2013-3565XSS in HTTP Interfacewheezy
CVE-2013-6283VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to ...wheezy
CVE-2013-7340VideoLAN VLC Media Player before 2.0.7 allows remote attackers to ...wheezy
CVE-2014-1684The ASF_ReadObject_file_properties function in ...wheezy
vnc4CVE-2014-0011ZRLE decoding bounds checking issuejessie, wheezy
CVE-2015-2305Integer overflow in the regcomp implementation in the Henry Spencer ...jessie, wheezy
vorbis-toolsCVE-2014-9638oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial ...wheezy
vsftpdCVE-2015-1419Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote ...wheezy
vteCVE-2005-0023gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to ...jessie, sid, stretch, wheezy
w3mTEMP-0532514-9137E0predictable random number generator used in web browsersjessie, sid, stretch, wheezy
web2pyCVE-2013-6837Cross-site scripting (XSS) vulnerability in the setTimeout function in ...jessie, sid, wheezy
webkitCVE-2010-1729WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, ...wheezy
CVE-2012-5851html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google ...wheezy
TEMP-0560108-565B70browser-based css info disclosurewheezy
TEMP-0568486-B6FCB6browser javascript document.write denial-of-servicewheezy
webkit2gtkCVE-2015-7096WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before ...jessie
CVE-2015-7098WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before ...jessie
CVE-2016-4590WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles ...jessie
CVE-2016-4591WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...jessie
CVE-2016-4622WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...jessie
CVE-2016-4624WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...jessie
CVE-2016-4692An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-4743An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7586An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7587An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7589An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7592An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7598An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7599An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7610An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7611An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7623An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7632An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7635An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7639An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7640An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7641An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7642An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7645An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7646An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7648An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7649An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7652An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7654An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2016-7656An issue was discovered in certain Apple products. iOS before 10.2 is ...jessie
CVE-2017-2350An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2354An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2355An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2356An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2362An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2363An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2364An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2365An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2366An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2369An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2371An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2373An issue was discovered in certain Apple products. iOS before 10.2.1 ...jessie
CVE-2017-2376An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie, sid, stretch
CVE-2017-2377An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2386An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie, sid, stretch
CVE-2017-2392An issue was discovered in certain Apple products. Safari before 10.1 ...jessie
CVE-2017-2394An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2395An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie, sid, stretch
CVE-2017-2397An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie, sid, stretch
CVE-2017-2405An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie, sid, stretch
CVE-2017-2415An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2419An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2433An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie, sid, stretch
CVE-2017-2442An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2445An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie, sid, stretch
CVE-2017-2446An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2447An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie, sid, stretch
CVE-2017-2454An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2455An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie, sid, stretch
CVE-2017-2457An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie, sid, stretch
CVE-2017-2459An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2460An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2464An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie, sid, stretch
CVE-2017-2465An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2466An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2468An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2469An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie, sid, stretch
CVE-2017-2470An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2471An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2475An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2476An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
CVE-2017-2481An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie
webkitgtkCVE-2016-10222runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in ...jessie, sid, stretch
CVE-2016-10226JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...jessie, sid, stretch
CVE-2016-1856WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...jessie, sid, stretch
CVE-2016-1857WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...jessie, sid, stretch
CVE-2016-4657WebKit in Apple iOS before 9.3.5 allows remote attackers to execute ...jessie, sid, stretch
CVE-2016-9642JavaScriptCore in WebKit allows attackers to cause a denial of service ...jessie, sid, stretch
CVE-2016-9643The regex code in Webkit 2.4.11 allows remote attackers to cause a ...jessie, sid, stretch
CVE-2017-2367An issue was discovered in certain Apple products. iOS before 10.3 is ...jessie, sid, stretch
CVE-2017-5949JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...jessie, sid, stretch
webkitkdeCVE-2014-8600Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime ...wheezy
wineTEMP-0816034-9C45DCunsafe use of /tmpjessie, sid, stretch, wheezy, jessie, sid, stretch
wine-gecko-1.4CVE-2013-0800Integer signedness error in the pixman_fill_sse2 function in ...wheezy
wordpressCVE-2006-0733** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress ...jessie, sid, stretch, wheezy
CVE-2008-0191WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...jessie, sid, stretch, wheezy
CVE-2011-4898** DISPUTED ** wp-admin/setup-config.php in the installation component ...jessie, sid, stretch, wheezy
CVE-2011-4899** DISPUTED ** wp-admin/setup-config.php in the installation component ...jessie, sid, stretch, wheezy
CVE-2012-0782** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...jessie, sid, stretch, wheezy
CVE-2012-0937** DISPUTED ** wp-admin/setup-config.php in the installation component ...jessie, sid, stretch, wheezy
CVE-2012-5868WordPress 3.4.2 does not invalidate a wordpress_sec session cookie ...jessie, sid, stretch, wheezy
CVE-2013-7233Cross-site request forgery (CSRF) vulnerability in the retrospam ...jessie, sid, stretch, wheezy
TEMP-0500295-A176F7possible script injection via /etc/wordpress/wp-config.phpjessie, sid, stretch, wheezy
xbindkeys-configCVE-2014-9513insecure use of temporary filesjessie, sid, stretch, wheezy
xbmcCVE-2013-1438Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in ...jessie, wheezy
xcfaCVE-2014-5254Symlink following issuesjessie, wheezy
CVE-2014-5255Insecure use of temporary file related to the /tmp/get_infos_dvd.shjessie, wheezy
xchatCVE-2011-5129Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote ...jessie, wheezy
xenCVE-2013-2212The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling ...wheezy
CVE-2013-3495The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x ...wheezy
xerces-cCVE-2012-0880xerces-c hash table collisions CPU usage DoSjessie, sid, stretch, wheezy
xerces-c2CVE-2008-4482The XML parser in Xerces-C++ before 3.0.0 allows context-dependent ...wheezy
xfigCVE-2009-4228Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and ...jessie, sid, stretch, wheezy
xine-libCVE-2008-5247The real_parse_audio_specific_data function in demux_real.c in ...wheezy
xloadimageCVE-2006-4484Buffer overflow in the LWZReadByte_ function in ...jessie, sid, stretch, wheezy
xpdfCVE-2010-0206xpdf: Invalid pointer dereference by processing JBIG2 PDF stream objectsjessie, sid, stretch, wheezy
CVE-2010-0207xpdf: XRef table parsing infinite loopjessie, sid, stretch, wheezy
CVE-2013-4472The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 ...jessie, sid, stretch, wheezy
xtermCVE-2006-4447X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, ...jessie, sid, stretch, wheezy
xulrunnerCVE-2005-4685Firefox and Mozilla can associate a cookie with multiple domains when ...wheezy
CVE-2006-0496Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...wheezy
CVE-2006-2723Unspecified versions of Mozilla Firefox allow remote attackers to ...wheezy
CVE-2006-5633Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...wheezy
CVE-2008-5822Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other ...wheezy
CVE-2008-7244Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a ...wheezy
CVE-2009-1232Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote ...wheezy
CVE-2009-1827The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to ...wheezy
CVE-2009-1828Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of ...wheezy
CVE-2009-2043nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows ...wheezy
CVE-2009-2953Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote ...wheezy
CVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...wheezy
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...wheezy
CVE-2010-0220The nsObserverList::FillObserverArray function in ...wheezy
CVE-2010-1585The nsIScriptableUnescapeHTML.parseFragment method in the ...wheezy
CVE-2010-1986Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...wheezy
CVE-2010-1987Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...wheezy
CVE-2010-1988Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...wheezy
CVE-2010-1990Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, ...wheezy
CVE-2010-2117Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to ...wheezy
CVE-2010-2760Use-after-free vulnerability in the nsTreeSelection function in ...wheezy
CVE-2010-2763The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...wheezy
CVE-2010-2764Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...wheezy
CVE-2010-2765Integer overflow in the FRAMESET element implementation in Mozilla ...wheezy
CVE-2010-2766The normalizeDocument function in Mozilla Firefox before 3.5.12 and ...wheezy
CVE-2010-2767The navigator.plugins implementation in Mozilla Firefox before 3.5.12 ...wheezy
CVE-2010-2768Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...wheezy
CVE-2010-2769Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...wheezy
CVE-2010-3166Heap-based buffer overflow in the nsTextFrameUtils::TransformText ...wheezy
CVE-2010-3167The nsTreeContentView function in Mozilla Firefox before 3.5.12 and ...wheezy
CVE-2010-3168Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...wheezy
CVE-2010-3169Multiple unspecified vulnerabilities in the browser engine in Mozilla ...wheezy
CVE-2010-3174Unspecified vulnerability in the browser engine in Mozilla Firefox ...wheezy
CVE-2010-3176Multiple unspecified vulnerabilities in the browser engine in Mozilla ...wheezy
CVE-2010-3177Multiple cross-site scripting (XSS) vulnerabilities in the Gopher ...wheezy
CVE-2010-3178Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird ...wheezy
CVE-2010-3179Stack-based buffer overflow in the text-rendering functionality in ...wheezy
CVE-2010-3180Use-after-free vulnerability in the nsBarProp function in Mozilla ...wheezy
CVE-2010-3183The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox ...wheezy
CVE-2010-3765Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, ...wheezy
CVE-2010-3766Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and ...wheezy
CVE-2010-3767Integer overflow in the NewIdArray function in Mozilla Firefox before ...wheezy
CVE-2010-3768Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird ...wheezy
CVE-2010-3769The line-breaking implementation in Mozilla Firefox before 3.5.16 and ...wheezy
CVE-2010-3770Multiple cross-site scripting (XSS) vulnerabilities in the rendering ...wheezy
CVE-2010-3771Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...wheezy
CVE-2010-3772Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...wheezy
CVE-2010-3773Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...wheezy
CVE-2010-3774The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h ...wheezy
CVE-2010-3775Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...wheezy
CVE-2010-3776Multiple unspecified vulnerabilities in the browser engine in Mozilla ...wheezy
CVE-2010-3778Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, ...wheezy
CVE-2011-0051Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey ...wheezy
CVE-2011-0053Multiple unspecified vulnerabilities in the browser engine in Mozilla ...wheezy
CVE-2011-0056Buffer overflow in the JavaScript engine in Mozilla Firefox before ...wheezy
CVE-2011-0059Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox ...wheezy
CVE-2011-0065Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and ...wheezy
CVE-2011-0066Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and ...wheezy
CVE-2011-0067Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey ...wheezy
CVE-2011-0070Unspecified vulnerability in the browser engine in Mozilla Firefox ...wheezy
CVE-2011-0071Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and ...wheezy
CVE-2011-0072Unspecified vulnerability in the browser engine in Mozilla Firefox ...wheezy
CVE-2011-0073Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey ...wheezy
CVE-2011-0074Unspecified vulnerability in the browser engine in Mozilla Firefox ...wheezy
CVE-2011-0075Unspecified vulnerability in the browser engine in Mozilla Firefox ...wheezy
CVE-2011-0077Unspecified vulnerability in the browser engine in Mozilla Firefox ...wheezy
CVE-2011-0078Unspecified vulnerability in the browser engine in Mozilla Firefox ...wheezy
CVE-2011-0080Multiple unspecified vulnerabilities in the browser engine in Mozilla ...wheezy
CVE-2011-0082The X.509 certificate validation functionality in Mozilla Firefox ...wheezy
CVE-2011-0083Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem ...wheezy
CVE-2011-0085Use-after-free vulnerability in the nsXULCommandDispatcher function in ...wheezy
CVE-2011-1202The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 ...wheezy
CVE-2011-2362Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and ...wheezy
CVE-2011-2363Use-after-free vulnerability in the nsSVGPointList::AppendElement ...wheezy
CVE-2011-2371Integer overflow in the Array.reduceRight method in Mozilla Firefox ...wheezy
CVE-2011-2372Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before ...wheezy
CVE-2011-2373Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x ...wheezy
CVE-2011-2374Multiple unspecified vulnerabilities in the browser engine in Mozilla ...wheezy
CVE-2011-2376Multiple unspecified vulnerabilities in the browser engine in Mozilla ...wheezy
CVE-2011-2378The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird ...wheezy
CVE-2011-2605CRLF injection vulnerability in the ...wheezy
CVE-2011-2981The event-management implementation in Mozilla Firefox before 3.6.20, ...wheezy
CVE-2011-2982Multiple unspecified vulnerabilities in the browser engine in Mozilla ...wheezy
CVE-2011-2983Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, ...wheezy
CVE-2011-2984Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before ...wheezy
CVE-2011-2995Multiple unspecified vulnerabilities in the browser engine in Mozilla ...wheezy
CVE-2011-2998Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote ...wheezy
CVE-2011-2999Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before ...wheezy
CVE-2011-3000Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before ...wheezy
CVE-2011-3647The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird ...wheezy
CVE-2011-3648Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...wheezy
CVE-2011-3650Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird ...wheezy
CVE-2011-3670Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before ...wheezy
CVE-2012-0442Multiple unspecified vulnerabilities in the browser engine in Mozilla ...wheezy
CVE-2012-0449Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before ...wheezy
TEMP-0560108-565B70browser-based css info disclosurewheezy
TEMP-0568486-B6FCB6browser javascript document.write denial-of-servicewheezy
yawsCVE-2009-4495Yaws 1.85 writes data to a log file without sanitizing non-printable ...jessie, sid, stretch, wheezy
yuiCVE-2007-2385The Yahoo! UI framework exchanges data using JavaScript Object ...wheezy
CVE-2010-4710Cross-site scripting (XSS) vulnerability in the addItem method in the ...wheezy
yumCVE-2013-1910Not removing bad metadata and using it in next runjessie, sid, stretch, wheezy
zabbixCVE-2016-9140RCEjessie
zookeeperCVE-2014-0085Apache Zookeeper logs cleartext admin passwords, which allows local ...jessie, sid, stretch, wheezy
zope2.12CVE-2012-5487The sandbox whitelisting function (allowmodule.py) in Plone before ...wheezy
zophCVE-2014-9235Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes ...sid
zophCVE-2014-9236Cross-site scripting (XSS) vulnerability in php/edit_photos.php in ...sid

Search for package or bug name: Reporting problems