Some issues have not been assigned CVE names, but are still tracked by this database. In this case, the system automatically assigns a unique name. These names are not stable and can change when the database is updated, so they should not be used in external references.
The automatically generated names come in two flavors:
the first kind starts with the string "TEMP-000000-
". This means that no Debian bug has been assigned to this
issue (or a bug has been created and is not recorded in this database).
In the second kind of names, there is a Debian bug for the issue, and the "000000
"part of the name is replaced with the
Debian bug number.
Bug | Description |
---|---|
TEMP-0000000-0477AA | get_groups does not always returns the group of the action |
TEMP-0000000-07A77D | php-gettext XSS |
TEMP-0000000-0EB5E1 | node-d3-color redos |
TEMP-0000000-11FDF8 | RUSTSEC-2023-0074 |
TEMP-0000000-137F0A | quoteless attributes in templates can lead to content injection |
TEMP-0000000-1BAE4D | GNUTLS-SA-2016-2: certificate verification issue |
TEMP-0000000-1C4729 | net/http: broken trailers don't close a server connection |
TEMP-0000000-23C1BD | Sidekiq::Web lacks CSRF protection |
TEMP-0000000-345A3B | handlebars: quoteless attributes in templates can lead to content injection |
TEMP-0000000-3A226A | RUSTSEC-2023-0018 |
TEMP-0000000-3E4AC3 | first_boot: Use session to verify first boot welcome step |
TEMP-0000000-4677DE | spip: XSS alowing priviledge escalation |
TEMP-0000000-4DAA44 | out of bounds reads in ASF demuxer |
TEMP-0000000-4F0A4A | Access to records of report are not checked |
TEMP-0000000-556BB5 | tor TROVE-2023-006 |
TEMP-0000000-561D64 | RUSTSEC-2022-0019 |
TEMP-0000000-66FC9C | RUSTSEC-2024-0332: Degradation of service in h2 servers with CONTINUATION Flood |
TEMP-0000000-7CC552 | tor TROVE-2023-004 |
TEMP-0000000-803658 | several security fixes: PHP injections, XSS and secrets stored in session file |
TEMP-0000000-95CBBF | uudecode: stack out of bounds read access |
TEMP-0000000-96AFF4 | spip: Use a dedicated function to clean author data when preparing a session |
TEMP-0000000-96B2E9 | hardening for RSA-CRT leak |
TEMP-0000000-9B1564 | tryton zipbomb DoS |
TEMP-0000000-9BB4B1 | tryton-server lack of record validation |
TEMP-0000000-A4EF31 | Null pointer access in inflatehd tool |
TEMP-0000000-ACBC4C | buffer overflows in init_cups |
TEMP-0000000-BBB7D8 | remote memory disclosure |
TEMP-0000000-BCCC32 | vlc issues fixed in 3.0.13 |
TEMP-0000000-BD209F | XSS via queue name in Sidekiq::Web |
TEMP-0000000-BD3902 | sogo SOGoForbidUnknownDomainsAuth issue |
TEMP-0000000-C1FFDC | RUSTSEC-2023-0038: Out-of-bounds array access leads to panic |
TEMP-0000000-C3CEDB | fscanf format string security bug in flashrom layout code |
TEMP-0000000-C6840A | RUSTSEC-2022-0020 |
TEMP-0000000-D7B410 | RUSTSEC-2022-0021 |
TEMP-0000000-D87CDB | validate a server certificate in a TLS-based server-server connection |
TEMP-0000000-DD0D8E | RUSTSEC-2023-0015 |
TEMP-0000000-DD1424 | RUSTSEC-2023-0041 |
TEMP-0000000-E6792F | irssi missing null terminator |
TEMP-0000000-EA9109 | RUSTSEC-2024-0006 |
TEMP-0000000-ED74C7 | RUSTSEC-2023-0045 |
TEMP-0000000-ED76D0 | Sanitizing and other XSS protections |
TEMP-0000000-F090BB | directory traversal in servefile |
TEMP-0000000-F41FA7 | DoS |
TEMP-0000000-F7A20F | Kernel: Unprivileged user can freeze journald |
TEMP-0000000-F9A459 | XSS via job arguments display class in Sidekiq::Web |
TEMP-0000000-FD1F92 | root path disclosure |
TEMP-0000000-FDAB26 | Transaction cache overrides the current user |
TEMP-0290435-0B57B5 | tar's rmt command may have undesired side effects |
TEMP-0498901-F99C05 | unsafe use of tempfile in ssmclient |
TEMP-0517018-A83CE6 | sysvinit: no-root option in expert installer exposes locally exploitable security flaw |
TEMP-0517020-915121 | thunar: potential exploits via application launchers |
TEMP-0528250-2E3658 | hex-a-hop: buffer overflow in loading save games |
TEMP-0532514-9137E0 | predictable random number generator used in web browsers |
TEMP-0537604-F35BD7 | insecure tmp file vulnerability in slim |
TEMP-0560108-565B70 | browser-based css info disclosure |
TEMP-0568486-B6FCB6 | browser javascript document.write denial-of-service |
TEMP-0601325-4C9A5B | insecure handling of /tmp files in debian/preinst |
TEMP-0601525-BEBB65 | libgd2: gdImageColorTransparent can write outside buffer |
TEMP-0608980-E8B8DF | Crash with long HOME environment variable |
TEMP-0628843-DBAD28 | more related to CVE-2005-4890 |
TEMP-0672435-7C494C | Option -localhost seems to fail to restrict ipv6 access |
TEMP-0769606-4AA6CF | a2p: buffer overflow |
TEMP-0772585-D41D8C | |
TEMP-0773308-EE1012 | crashes on crafted ELF |
TEMP-0774453-CA58EE | Zoo directory traversal |
TEMP-0775193-7F000E | djvudigital: insecure use of /tmp |
TEMP-0775199-D05A9E | smime_keys: insecure use of /tmp |
TEMP-0780817-7C5137 | Insufficient escaping in user manager allows XSS attack |
TEMP-0786423-948688 | rsync collision attack |
TEMP-0786804-C23D2B | hwclock(8) SUID privilege escalation |
TEMP-0797470-1AE9BA | val_dane_check: usage DANE-TA(2) may bypass cert validation entirely |
TEMP-0800564-79703B | trivial hash complexity DoS attack |
TEMP-0807341-84E914 | uses non-random tempdir /tmp/tmprepo.0/.git/ |
TEMP-0816034-9C45DC | unsafe use of /tmp |
TEMP-0820594-BC6826 | out of bound read and write issues |
TEMP-0825151-E80EFA | CSRF protection for POST requests |
TEMP-0827346-22ED59 | install-sh: insecure use of /tmp |
TEMP-0827564-93E4E3 | Stack corruption from crafted pattern |
TEMP-0830660-09AE85 | Insecure use of /tmp |
TEMP-0832283-698CF7 | cakephp: XML class SSRF vulnerability |
TEMP-0841856-B18BAF | Privilege escalation possible to other user than root |
TEMP-0846838-9738BD | tiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing |
TEMP-0856196-13C562 | scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c) |
TEMP-0857546-8B0EB6 | Server certificates are not verified |
TEMP-0868134-294030 | out-of-bounds read in eexec_line() |
TEMP-0869722-31618B | memory leak in quantize |
TEMP-0870233-1DD19E | executes javascript code downloaded from insecure URL |
TEMP-0906138-C38804 | libykneomgr memory corruption |
TEMP-0913136-041770 | DSA verification crashes OpenSSL on invalid combinations of key content |
TEMP-0913137-22A98C | VirtualBox E1000 Guest-to-Host Escape |
TEMP-0921565-C5FF8E | netmask: buffer overflow vulnerability |
TEMP-0922080-E6D428 | fuse mount exposes backup to unauthorized users |
TEMP-0925959-45DD25 | insecure handling of /tmp/VMwareDnD |
TEMP-0950816-47D88A | mpv insecure lua loadpath |
TEMP-0962629-FA7B70 | Rainloop stores passwords in cleartext in logfile |
TEMP-0964568-93C065 | veyon-configurator tmp handling |
TEMP-0995562-06835D | RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist |
TEMP-0996913-660A41 | RUSTSEC-2020-0159: Potential segfault in localtime_r invocations |
TEMP-1009820-39878F | snort privilege escalation due to insecure use of logrotate |
TEMP-1022575-434581 | wordpress 6.0.3 |
TEMP-1031542-93CC2D | XSS Vulnerability in matrix.pl |
TEMP-1032088-3E13DF | RUSTSEC-2022-0078 |
TEMP-1036689-1CA7FB | Block themes parsing shortcodes in user-generated data |
TEMP-1037018-0CB39E | RUSTSEC-2023-0039 |
TEMP-1050298-39CD6D | RUSTSEC-2023-0053: rustls-webpki: CPU denial of service in certificate path building |
TEMP-1050299-7F4591 | RUSTSEC-2023-0052 webpki: CPU denial of service in certificate path building |
TEMP-1051808-528792 | RUSTSEC-2023-0059: Unaligned read of *const *const c_char pointer |
TEMP-1082053-F368BB | RUSTSEC-2023-0086 |
Bug | Description |
---|---|
TEMP-0000000-00657F | pure-ftpd-mysql: any problems with a home dir will allow rw to the entire filesystem |
TEMP-0000000-018938 | SQL Injection in host_templates.php |
TEMP-0000000-01E656 | Possible SQL injection in freeradius |
TEMP-0000000-02F7AB | file descriptor leak when a Compose file uses the "include" directive |
TEMP-0000000-0477AA | get_groups does not always returns the group of the action |
TEMP-0000000-050E10 | mailutils: sql injection vulnerability in sql authentication module |
TEMP-0000000-076325 | RUSTSEC-2023-0035: enumflags2: Adverserial use of make_bitflags! macro can cause undefined behavior |
TEMP-0000000-077068 | gitlab: Persistent XSS in Pipeline Tooltip |
TEMP-0000000-09234C | insecure usage of temporary files in flash-kernel |
TEMP-0000000-0999A8 | syslog-ng dos |
TEMP-0000000-099EAC | werkzeug hashes its secret instead of using hmac |
TEMP-0000000-0CA7E3 | XSS in press-this of wordpress |
TEMP-0000000-0D6EB6 | crash when parsing overly long links |
TEMP-0000000-0EB5E1 | node-d3-color redos |
TEMP-0000000-106DD8 | linux-ftpd: null ptr dereference |
TEMP-0000000-11FDF8 | RUSTSEC-2023-0074 |
TEMP-0000000-1541B5 | incorrect memory management in Gtk2::Gdk::Display::list_devices |
TEMP-0000000-15DB04 | RUSTSEC-2024-0359 |
TEMP-0000000-196897 | htmlpurifier various |
TEMP-0000000-19B927 | Partial SMAP bypass on 64-bit Linux kernels |
TEMP-0000000-1A4150 | archivemail insecure temporary file issues |
TEMP-0000000-1BAE4D | GNUTLS-SA-2016-2: certificate verification issue |
TEMP-0000000-1CC548 | Cross-site scripting (XSS) vulnerability in cgit's "txt2html" filter |
TEMP-0000000-1E2093 | Linux ASLR mmap weakness: Reducing entropy by half |
TEMP-0000000-1F321D | BUG/MAJOR: http: don't read past buffer's end in http_replace_value |
TEMP-0000000-2025B8 | Missing normalization |
TEMP-0000000-212AE3 | Unspeficied security issue in ipsec-tool's single DES support |
TEMP-0000000-23C1BD | Sidekiq::Web lacks CSRF protection |
TEMP-0000000-24F61A | Enforce use of HTTPS for MathJax in IPython |
TEMP-0000000-269968 | X launcher doesn't drop group privileges |
TEMP-0000000-271E1A | vpnc: config file path security hole |
TEMP-0000000-283B1A | Quassel: /var/lib/quassel/quasselCert.pem world-readable |
TEMP-0000000-28C30A | RUSTSEC-2023-0058: Exposes reference to non-Sync data to an arbitrary thread |
TEMP-0000000-29F04A | ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1 |
TEMP-0000000-2A36A7 | remote DoS when case of the characters of a nickname is modified |
TEMP-0000000-2C7EFD | incorrect handling of {$smarty.template} and {$smarty.current_dir} |
TEMP-0000000-2D36D7 | cyassl: RSA Padding check vulnerability |
TEMP-0000000-2D8F93 | isc-dhcp: omapi dos |
TEMP-0000000-3336BA | htdig: several unspecified security problems |
TEMP-0000000-375947 | RUSTSEC-2022-0092 |
TEMP-0000000-37DBC3 | use after free / double free |
TEMP-0000000-3815A2 | Avoid unbounded SFTP extended attribute key/values |
TEMP-0000000-3A226A | RUSTSEC-2023-0018 |
TEMP-0000000-3B586F | directory traversal |
TEMP-0000000-3C6C99 | Insufficient filename sanitising in darcsweb |
TEMP-0000000-3D1157 | information leak in event device handling |
TEMP-0000000-3D82DC | axel URL parser buffer overflow |
TEMP-0000000-3E4AC3 | first_boot: Use session to verify first boot welcome step |
TEMP-0000000-3EB501 | Possible problem with insecure usage of sscanf in obexftp client |
TEMP-0000000-3F0E00 | tor insufficient authentication on control port |
TEMP-0000000-404599 | Multiple security problems in lbreakout2 |
TEMP-0000000-42228B | spip DoS |
TEMP-0000000-425714 | argyll unsafe udev rules |
TEMP-0000000-43D999 | Insecure temp files in firehol |
TEMP-0000000-4677DE | spip: XSS alowing priviledge escalation |
TEMP-0000000-47717A | gunicorn fails to drop supplemental groups |
TEMP-0000000-47E1CE | crashes found with afl |
TEMP-0000000-481246 | libxslt segfault / DoS |
TEMP-0000000-4C54C0 | atftp DoS |
TEMP-0000000-4D04B7 | maradns: More frequent rekeying to mitigate possible AES attacks |
TEMP-0000000-4DA0A8 | dbus format string vulnerability |
TEMP-0000000-4DAA44 | out of bounds reads in ASF demuxer |
TEMP-0000000-4E21BA | xscreensaver: symlink attack enables local information disclosure |
TEMP-0000000-4F0A4A | Access to records of report are not checked |
TEMP-0000000-516A9E | NTFS driver for FUSE unspecified issue |
TEMP-0000000-523402 | auth bypass |
TEMP-0000000-52FF39 | dokuwiki ACL bypass |
TEMP-0000000-5337A6 | lhasa: several directory traversal vulnerabilities |
TEMP-0000000-54045E | more to CVE-2015-2059 |
TEMP-0000000-556BB5 | tor TROVE-2023-006 |
TEMP-0000000-561D64 | RUSTSEC-2022-0019 |
TEMP-0000000-56C871 | Fixes permission check in QueriesController |
TEMP-0000000-583651 | nspr, nss: unprotected environment variables |
TEMP-0000000-5865E4 | imms: Arbitrary command execution through inproper filename escaping |
TEMP-0000000-58BE54 | lintian disclosure of file presense |
TEMP-0000000-5909B0 | Use-after-free in WDDX Packet Deserialization |
TEMP-0000000-5AF47F | Remote DoS vulnerabilities in postgrey |
TEMP-0000000-604AC4 | crashes on crafted upack packed file |
TEMP-0000000-62CF51 | Buffer overflow in libotr |
TEMP-0000000-62D57E | apt-cacher arbitrary command execution |
TEMP-0000000-66FC9C | RUSTSEC-2024-0332: Degradation of service in h2 servers with CONTINUATION Flood |
TEMP-0000000-673AE0 | ikiwiki allows web user to edit images and other non-page format files in the wiki |
TEMP-0000000-687E4D | null pointer dereference |
TEMP-0000000-6B3154 | Various /tmp related security issues in cernlib |
TEMP-0000000-6D001C | smb4k security issue |
TEMP-0000000-6F6CD4 | Insecure mailbox generation in passwd's useradd |
TEMP-0000000-70147B | Memory corruption |
TEMP-0000000-70AB0A | gix-transport indirect code execution via malicious username |
TEMP-0000000-711222 | RUSTSEC-2023-0057: Fails to prohibit standard library access prior to initialization of Rust standard library runtime |
TEMP-0000000-71A9D4 | Unspecified buffer overflow in Convert::UUlib perl module |
TEMP-0000000-73A1D3 | RUSTSEC-2023-0005 |
TEMP-0000000-758242 | RUSTSEC-2022-0022 |
TEMP-0000000-75B37A | insufficient form variable escaping |
TEMP-0000000-760107 | rtkit: failure to drop supplemental groups |
TEMP-0000000-79CB2C | ampache DoS and CSRF |
TEMP-0000000-7C9547 | docker VMM breakout |
TEMP-0000000-7CC552 | tor TROVE-2023-004 |
TEMP-0000000-7D3048 | Logging bypassing through SIGHUP in syslog-ng |
TEMP-0000000-803658 | several security fixes: PHP injections, XSS and secrets stored in session file |
TEMP-0000000-80376F | integer overflow |
TEMP-0000000-80BA67 | Rorster vulnerability similar to CVE-2015-8688 |
TEMP-0000000-812BAC | phpbb 3.0.7 permissions bypass |
TEMP-0000000-835FB2 | rust-atty: Potential unaligned read |
TEMP-0000000-838979 | Escape href attribute in auto links |
TEMP-0000000-84AA65 | DoS against clamav through infinite loop in cli_rmdirs |
TEMP-0000000-8648E9 | moinmoin XSS |
TEMP-0000000-8B87A6 | mediawiki issues from 1.26.3, 1.25.6 and 1.23.14 |
TEMP-0000000-8F74CD | unsafe temporary file in lintian's objdump-info |
TEMP-0000000-9164B4 | unspecified steam cache vulnerability |
TEMP-0000000-94515F | xile buffer overrun in terminal code |
TEMP-0000000-964ED9 | AST-2016-005 |
TEMP-0000000-96AFF4 | spip: Use a dedicated function to clean author data when preparing a session |
TEMP-0000000-96B2E9 | hardening for RSA-CRT leak |
TEMP-0000000-970209 | Invalid read in ensure_filepath |
TEMP-0000000-9862C2 | RUSTSEC-2023-0078 |
TEMP-0000000-9A49E3 | XSS vulnerability discovered -plugin-globalsearch |
TEMP-0000000-9AC543 | mono xsp file disclosure |
TEMP-0000000-9B1564 | tryton zipbomb DoS |
TEMP-0000000-9B3182 | schroot may use outdated configuration information |
TEMP-0000000-9BB4B1 | tryton-server lack of record validation |
TEMP-0000000-9DA06E | openslp: insecure cert validation through openssl api misuse |
TEMP-0000000-9ED582 | Two DoS condition in ekg |
TEMP-0000000-A2D002 | prelude-manager: password world-readable |
TEMP-0000000-A2EB44 | Insecure tempfile in x-face-el |
TEMP-0000000-A4EF31 | Null pointer access in inflatehd tool |
TEMP-0000000-A4F3DE | Invalid read in create_output_name |
TEMP-0000000-A5538F | libpam-ssh: Inproper caching of pwd data with potential security implications |
TEMP-0000000-A9D025 | Crash on bad SOAP request |
TEMP-0000000-AA638E | SQL Injection in graph_templates.php |
TEMP-0000000-AB5257 | dojo can be used as a redirector |
TEMP-0000000-ACBC4C | buffer overflows in init_cups |
TEMP-0000000-AF79F8 | roundup: unspecified issue |
TEMP-0000000-B138FB | gstreamer ffmpeg missing checks of packet sizes, chunk sizes, and fragment positions |
TEMP-0000000-B2A20C | RUSTSEC-2024-0021 |
TEMP-0000000-B2D490 | moin: hierarchical ACLs security issue |
TEMP-0000000-B391CA | exec functions ignore length but look for NULL termination |
TEMP-0000000-B446CF | iodine: DoS against iodined triggerable by authenticated users |
TEMP-0000000-B4B71F | Fix file indirectory injection |
TEMP-0000000-B5C878 | backuppc: web frontend installed insecurely by default |
TEMP-0000000-B9CD89 | BUG/MAJOR: http: prevent risk of reading past end with balance url_param |
TEMP-0000000-BB4B08 | zend framework multiple issues |
TEMP-0000000-BBB7D8 | remote memory disclosure |
TEMP-0000000-BBBF43 | Crypto weakness in Tor's handshaking process |
TEMP-0000000-BC4C2F | nautilus: file preview html script execution |
TEMP-0000000-BCCC32 | vlc issues fixed in 3.0.13 |
TEMP-0000000-BD209F | XSS via queue name in Sidekiq::Web |
TEMP-0000000-BD20F7 | ZF2010-07 |
TEMP-0000000-BD3902 | sogo SOGoForbidUnknownDomainsAuth issue |
TEMP-0000000-BD69C5 | ZF2015-09: Potential Information Disclosure and Insufficient Entropy vulnerability in Zend/Captcha/Word |
TEMP-0000000-C04FE8 | dcerpc: exit()'s on malloc failure |
TEMP-0000000-C070DD | ntop: access.log permissions |
TEMP-0000000-C0C622 | gstreamer-ffmpeg unspecified issue related to sps and pps ids |
TEMP-0000000-C1FFDC | RUSTSEC-2023-0038: Out-of-bounds array access leads to panic |
TEMP-0000000-C3CEDB | fscanf format string security bug in flashrom layout code |
TEMP-0000000-C3D012 | multiple missing input sanity checks in KDE |
TEMP-0000000-C46FAD | pam usb wrongly allows authentication without password in ssh sessions |
TEMP-0000000-C6840A | RUSTSEC-2022-0020 |
TEMP-0000000-C6AAE1 | Catch overflows in AVC/HEVC NAL unit length calculations |
TEMP-0000000-CD327C | remctl ACL bypass vulnerability |
TEMP-0000000-CDF09E | TOCTOU race when expanding JAR files |
TEMP-0000000-CE3B44 | XSA-166: ioreq handling possibly susceptible to multiple read issue |
TEMP-0000000-CED930 | RUSTSEC-2024-0020 |
TEMP-0000000-CFFE57 | cakephp: local file inclusion |
TEMP-0000000-D0A7F0 | ircd-ratbox password disclosure during TLS handshake |
TEMP-0000000-D41D8C | |
TEMP-0000000-D591DC | Integer overflow in iptcembed() |
TEMP-0000000-D61692 | unace unspecified security issue related to uninitialized variable |
TEMP-0000000-D75F8B | RCE in gitlab-shell 2.6.6-2.6.7 |
TEMP-0000000-D7B410 | RUSTSEC-2022-0021 |
TEMP-0000000-D87CDB | validate a server certificate in a TLS-based server-server connection |
TEMP-0000000-D8C3F4 | stack corruption when handling files with more than 64 audio channels |
TEMP-0000000-D91305 | tcpdf code execution via tcpdf tag |
TEMP-0000000-DAA254 | fai tempfile vulnerability |
TEMP-0000000-DAE756 | clamav: DoS through multiple empty Content-Disposition header lines |
TEMP-0000000-DD0D8E | RUSTSEC-2023-0015 |
TEMP-0000000-DD73A0 | Unexpected database bindings via requests (follow-up) |
TEMP-0000000-DD8D83 | crash during algorithmic detection on crafted PE file |
TEMP-0000000-DE2DCD | gitlab: Missing CSRF in System Hooks |
TEMP-0000000-DEED53 | unrar: opens /tmp/debug_unrar.txt |
TEMP-0000000-E06059 | backup-manager: make sure password is not written to world-readable files |
TEMP-0000000-E10713 | Multiple buffer overflows in gtetrinet |
TEMP-0000000-E3DB33 | Several DoS possibilities of clients against the server in Freeciv |
TEMP-0000000-E43D47 | SQL Injection in cdef.php |
TEMP-0000000-E52D56 | Integer overflow in binutils' ELF parsing |
TEMP-0000000-E57E4E | Remotely triggerable buffer overflow in OpenSMTPD |
TEMP-0000000-E6792F | irssi missing null terminator |
TEMP-0000000-E9A545 | libetpan NULL deref |
TEMP-0000000-EA2D06 | Endlees loop issue |
TEMP-0000000-EA5272 | NULL Pointer Dereference in phar_tar_setupmetadata() |
TEMP-0000000-EA9109 | RUSTSEC-2024-0006 |
TEMP-0000000-ED74C7 | RUSTSEC-2023-0045 |
TEMP-0000000-ED76D0 | Sanitizing and other XSS protections |
TEMP-0000000-EFA573 | SQL Injection Vulnerability in data sources |
TEMP-0000000-F00632 | node-marked: multiple content injection vulnerabilities |
TEMP-0000000-F090BB | directory traversal in servefile |
TEMP-0000000-F1CA5F | Type Confusion Vulnerability in PHP_to_XMLRPC_worker() |
TEMP-0000000-F26C42 | Type confusion vulnerability in WDDX packet deserialization |
TEMP-0000000-F32736 | SQL Injection Vulnerability in graph items and graph template items |
TEMP-0000000-F41FA7 | DoS |
TEMP-0000000-F4C8D1 | ejabberd HTML code injection |
TEMP-0000000-F53EE4 | 0.1.1+dfsg-1 multiple issues |
TEMP-0000000-F56399 | webkit info leak |
TEMP-0000000-F6033C | SQL Injection in data_templates.php |
TEMP-0000000-F647EF | Missing safemode checks in PHP's _php_image_output functions |
TEMP-0000000-F707E4 | MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server value |
TEMP-0000000-F99584 | "slowloris" denial-of-service vulnerability in webservers |
TEMP-0000000-F9A459 | XSS via job arguments display class in Sidekiq::Web |
TEMP-0000000-FC713A | pythonpaste web root esacpe |
TEMP-0000000-FD1F92 | root path disclosure |
TEMP-0000000-FDAB26 | Transaction cache overrides the current user |
TEMP-0000000-FE3BD0 | Session WDDX Packet Deserialization Type Confusion Vulnerability |
TEMP-0046709-935F97 | Insecure access control on GNU Mach's IO ports |
TEMP-0105562-0FE13B | crypt++ passes passwords through the command line |
TEMP-0107374-DF37E7 | gnupg: inproper flagging of signatures as being local |
TEMP-0149799-ABFD7C | sanitizer bypassal through quoted file names |
TEMP-0169793-0E1404 | libnss-ldap: DoS through truncated DNS queries |
TEMP-0173238-677015 | Insecure temp files in lilo |
TEMP-0183047-CE70BA | fuzz: Insecure temp file usage |
TEMP-0216566-EA84C5 | Insecure bounds checking in mpack's content parser |
TEMP-0250106-DF1988 | Unspecified buffer overflow in libmng |
TEMP-0253838-2AD268 | Minor local DoS as libldap |
TEMP-0254101-876546 | Multiple buffer overflows in isoqlog |
TEMP-0259987-89C19C | bash-completion: does not properly quote characters |
TEMP-0264684-94ACC3 | Pavuk Digest Authentication Buffer Overflow |
TEMP-0269186-FFE79F | asciijump: /var/games/asciijump world writable |
TEMP-0274229-6E02C2 | base-passwd: sets valid shells for system services |
TEMP-0282583-19BE25 | microcode.ctl downloads microcode w/o user confirmation |
TEMP-0290047-4CE288 | Insecure temp files in linux-wlan-ng |
TEMP-0291452-29156B | gs-esp: Insecure usage of /tmp in source code |
TEMP-0291613-A6DD69 | xshisen follows symlinks for shared gid games files |
TEMP-0296112-517ED6 | libnet-ssleay-perl: /tmp/entropy insecure |
TEMP-0298114-36C546 | nvi: init.d recover file security bugs |
TEMP-0298929-838146 | Multiple security issues when using distcc without ssh auth |
TEMP-0300560-C9B661 | downloads.ini writable by group users, world-readable |
TEMP-0302454-1EA4A5 | trackballs: Follows symlinks as gid games |
TEMP-0302790-27DC0A | hdup inproperly preserves permissions on directories |
TEMP-0306076-4B7D89 | coreutils ignores umask when using -m in mkdir, mkfifo and mknod |
TEMP-0308737-BABD6A | Heap overflow in libosip URI parsing |
TEMP-0313081-3428D4 | DoS triggering endless loops in findutils -follow option |
TEMP-0319686-D21D67 | xgalaga score file segfault |
TEMP-0320150-40E143 | Integer overflow in ffmpeg's MPEG encoding |
TEMP-0321447-C22A86 | Insecure usage of temporary files in x11perfcomp and other security issues |
TEMP-0321470-3DB8C5 | wine: Unsafe use of temporary files in winelauncher |
TEMP-0321566-40512D | fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script |
TEMP-0324913-425151 | cplay - still unsafe temporary file handling vulnerable to symlink attacks |
TEMP-0325080-CF0752 | user password file created by gajim is world-readable |
TEMP-0327261-B6AE8F | wine-safe does not prompt the user/is registered in mailcap |
TEMP-0328134-B819BC | snort: DoS in verbose mode |
TEMP-0330627-887F38 | rkhunter: Insecure temporary file |
TEMP-0331720-9168FE | adduser's deluser creates backup files with world readable permissions |
TEMP-0334193-23D83A | xscreensaver does not maintain screen locks during upgrade |
TEMP-0335996-97467D | ntop format string vulnerability |
TEMP-0337492-CFA0CD | Insecure temp files in note |
TEMP-0340079-E5FD8C | Insecure tempfile in libjpeg6b's exifautotran |
TEMP-0340105-EE3BB8 | unsafe file permissions in vpnc |
TEMP-0349528-9E59D3 | Buffer overflow in elog's header buffer |
TEMP-0352723-F61961 | dpkg-sig: insecure temp file bug |
TEMP-0358139-D2A6EE | gauche-config rpath set to user home |
TEMP-0358142-0BC2FF | unixodbc rpath set to /home |
TEMP-0358157-34A070 | fftw rpath set to user home |
TEMP-0358166-12F63F | hamlib3-perl rpath set to user home |
TEMP-0359745-ECBE05 | webalizer: symlink vulnerability |
TEMP-0361653-A94AFD | librsvg2 crash on certain svg files |
TEMP-0361913-F8E45A | linphone insecure password leakage |
TEMP-0368804-259562 | ldap account manager sets trivial password instead of disabling it |
TEMP-0369014-6AE03E | 'Cache' shell injection vulnerability |
TEMP-0369542-32FFCA | ssmtp password leak |
TEMP-0370144-2CA0D8 | specialy crafted WAV turns mkvmerge into a malloc bomb |
TEMP-0375453-4F9189 | ldap account manager wrongly unlocks some passwords |
TEMP-0376577-38D215 | uqwk buffer overflow |
TEMP-0378411-57ACA8 | Buffer overflow in XML::Parser::Expat triggered by utf8 |
TEMP-0378412-67AD3D | Buffer overflow in XML::Parser::Expat triggered by deep nesting |
TEMP-0378571-06BD02 | courier-authdaemon: wrong socket permissions may lead to password disclosure |
TEMP-0379922-FA0DE2 | double-free vulnerability in the Real Media demuxer |
TEMP-0382132-C0E39C | diffmon information leakage |
TEMP-0388608-F17697 | logrotate race condition could lead to file disclosure |
TEMP-0391388-8371AD | zabbix buffer overflows |
TEMP-0391388-A7E978 | zabbix format string vulnerabilities |
TEMP-0393846-B78E90 | motion insecure tempfile creation |
TEMP-0397297-E6F2D0 | obexpushd arbitrary command execution |
TEMP-0399226-A0B8DF | yacas insecure rpath |
TEMP-0400624-86BB88 | dsniff urlsnarf missing output sanitization |
TEMP-0403141-57B365 | znc file access security hole |
TEMP-0406285-531EEA | bcfg2 password disclosure |
TEMP-0407003-DA457C | various crashes and infinite loops in ffmpeg |
TEMP-0407116-23D9EF | wordpress unregister_globals workaround from 2.0.7 |
TEMP-0407605-7D944E | netpbm heap corruption |
TEMP-0407607-240F77 | python-django flup/FastCGI/debugging issue |
TEMP-0409062-BD7B6D | kaya buffer overflow, cross-site scripting and data leak |
TEMP-0410557-009D67 | dokuwiki conf directory accessible by web users |
TEMP-0410588-2CACBB | amavids-new uses contrib/non-free packers without security support in default config |
TEMP-0412618-38583E | apg generates insecure passwords on 64-bit architectures |
TEMP-0414480-089D8A | low-entropy default passphrase in Debian's dtc-xen |
TEMP-0414482-5BA32C | file permission race conidition in Debian's dtc-xen |
TEMP-0417995-6A1CD7 | initramfs-tools creates /dev/root world-readable |
TEMP-0418662-DC1CF3 | buffer overflow in mixmaster importing type 2 messages |
TEMP-0425254-0F9CE1 | insecure tempfile in wdiff |
TEMP-0427715-C31B61 | webpy HTTP response splitting vulnerability |
TEMP-0434134-B27890 | dokuwiki XSS in spellchecker |
TEMP-0454297-EACDD7 | exempi buffer overflow in GIF ReadHeader() function |
TEMP-0464084-305C70 | greylistd bypass |
TEMP-0464778-7EAAA3 | tdiary XSS |
TEMP-0465561-A017B1 | minor cyrus sasl DoS |
TEMP-0482385-09F6D5 | resizing the monitor with xrandr can crash xscreensaver |
TEMP-0484639-8D3138 | missing sanity checks allow DoS via mis-formated timestamp |
TEMP-0495542-A51430 | phpCAS XSS in final_uri; PHPCAS-52 |
TEMP-0496462-B3176F | insecure temp file in nvi |
TEMP-0497005-8CD734 | Overwrite certain images without notice |
TEMP-0497005-A51CB0 | Overwrite symlink without check |
TEMP-0497452-F45308 | nfdump vulnerable to symlink attacks |
TEMP-0500295-A176F7 | possible script injection via /etc/wordpress/wp-config.php |
TEMP-0500611-22A0F0 | jumpnbump: insecure temp file |
TEMP-0503750-D75E0A | balazar3: insecure temp file handling |
TEMP-0504726-7A5872 | universalindentgui insecure usage of temp files |
TEMP-0506961-3C07AF | auctex insecure temp file |
TEMP-0507482-9415A7 | Insecure tmpdir creation |
TEMP-0508111-173336 | Insecure tempfile creation |
TEMP-0513611-D1D676 | glpi sql injection |
TEMP-0514151-B17364 | samba: Account locking out doesnt work with an LDAP backend |
TEMP-0515104-609AB4 | nautilus: potential exploits via application launchers |
TEMP-0523476-4CE9EF | pptp-linux: unrestrictive pptpsetup permissions |
TEMP-0525820-07BBE3 | More file buffer overflows |
TEMP-0526594-48E4C2 | moin: XSS in AttachFile.py via attachements |
TEMP-0528434-FDFF92 | cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked |
TEMP-0531735-61C2C9 | OCS Inventory NG SQL Injection Vulnerability |
TEMP-0532514-9137E0 | predictable random number generator used in web browsers |
TEMP-0532740-DB1B64 | libdkim: signature parsing is not thread-safe |
TEMP-0533670-BB9FF7 | pcsc-lite: creates world-writable directory |
TEMP-0533673-74CBB6 | moin: heirarchical ACL vulnerability |
TEMP-0535159-76AB98 | ser2net DoS |
TEMP-0535881-957F77 | clamav scanner bypass with archives |
TEMP-0535886-8B62DC | apache2: htaccess override |
TEMP-0535946-7636B8 | libio-socket-ssl-perl: partial hostname matching vulnerability |
TEMP-0539699-BC7A2B | xscreensaver: local screen lock bypassable via low resolution video devices |
TEMP-0540606-8877D9 | php5: 'open_basedir' bypass |
TEMP-0548909-2413C6 | xen-tools: world readable disk image files |
TEMP-0551907-963784 | mandos 0600 file being included in initrd |
TEMP-0552518-ADA4BA | eglibc: ldd arbitrary code execution |
TEMP-0555308-79E91C | xserver-xorg: inherits user's mask |
TEMP-0560087-F084E6 | xpat2: save game permissions issue |
TEMP-0560895-39B4B0 | gnome-screensaver inhibitor not removed when connection is closed |
TEMP-0566326-9A899F | sqlite: info leak |
TEMP-0567175-3A30A9 | gmetad incorrect file permissions |
TEMP-0568925-CB8E83 | esmtp: world-readable config file |
TEMP-0569506-737DDE | irssi emote leak |
TEMP-0570011-670DB5 | phpbb3 weak captcha |
TEMP-0570713-FED4BB | ffmpeg potentially remaining vulnerabilities after DSA 2000 |
TEMP-0578928-72FBC5 | gnome-orca: shell access without logon |
TEMP-0579087-7F12A8 | prosody password world-readable |
TEMP-0581058-CF1E8D | numpy memory corruption |
TEMP-0582798-329FE7 | wicd changes permissions of resolv.conf |
TEMP-0592115-F98F5C | signature verification issue |
TEMP-0593829-E6A4BC | config file world readable |
TEMP-0597382-058DA8 | mingetty directory traversal |
TEMP-0601325-4C9A5B | insecure handling of /tmp files in debian/preinst |
TEMP-0601525-BEBB65 | libgd2: gdImageColorTransparent can write outside buffer |
TEMP-0601585-D41D8C | |
TEMP-0603436-5CA466 | pam_pgsql overflow |
TEMP-0605160-28DAD2 | insecure python path handling |
TEMP-0607494-376E2E | XSS in ftpls |
TEMP-0608822-E0260C | calibre XSS |
TEMP-0608822-EF2F16 | calibre file disclosure |
TEMP-0608979-E8B8DF | Crash with long HOME environment variable |
TEMP-0609212-CA8607 | multiple spip issues |
TEMP-0612034-33CBAD | aptitude tempfile |
TEMP-0612668-CE1EF5 | evince segfault |
TEMP-0625868-9433A0 | fglrx-driver xauth cookie leak |
TEMP-0632260-7A1354 | stardict: minor information disclosure |
TEMP-0635836-4F6C5C | minissdpd multiple issues |
TEMP-0646758-12F1BD | spip path disclosure |
TEMP-0649113-5F7BC7 | spip privilege escalation |
TEMP-0649113-869F0D | spip XSS |
TEMP-0672435-7C494C | Option -localhost seems to fail to restrict ipv6 access |
TEMP-0672961-92221C | two XSS |
TEMP-0678189-8A5546 | packagekit insecure temp file |
TEMP-0678512-2E167C | remotely triggerable crash |
TEMP-0682869-4EFB12 | insecure default configuration / authentication bypass |
TEMP-0683667-E2E855 | base name disclosure |
TEMP-0684143-02E960 | redeclipse code execution through map files |
TEMP-0698189-BE9FC4 | buffer overflow in commandline parsing |
TEMP-0706095-6DFA71 | autopostgresqlbackup code injection |
TEMP-0706099-FAF305 | automysqlbackup code injection |
TEMP-0729276-2DADFA | staden-io-lib buffer overflow |
TEMP-0736821-BCABA8 | no input validation for search function |
TEMP-0740268-4CE61C | buffer overflow |
TEMP-0745112-59B02C | data leak during restore |
TEMP-0745580-D90EF4 | Insecure default permissions for ~/.virtualenvs and scripts |
TEMP-0752092-218B4D | softhsm-keyconv creates security-sensibe file world-readable |
TEMP-0764645-2E1644 | iptables-persistent minor local info leak |
TEMP-0764814-3B6657 | freecad downloads and executes code |
TEMP-0769606-4AA6CF | a2p: buffer overflow |
TEMP-0769937-FD49EE | formail: memory corruption |
TEMP-0770647-53FAC2 | libclamunrar: double-free error libclamunrar_iface/unrar_iface.c |
TEMP-0773308-EE1012 | crashes on crafted ELF |
TEMP-0773751-AD275E | race condition between fur and fex_cleanup may create internal instead of external user |
TEMP-0774171-B2A845 | symlink directory traversal |
TEMP-0774555-E962AD | insecure LUA default load path |
TEMP-0774769-57BAAA | saves unknown host's fingerprint in known_hosts without any prompt |
TEMP-0774838-C2ABDA | insecure keyring handling |
TEMP-0774897-BC9A31 | denial of service with specific packets |
TEMP-0774898-681A65 | fails to detect silent driver failure to change MAC |
TEMP-0775193-7F000E | djvudigital: insecure use of /tmp |
TEMP-0775199-D05A9E | smime_keys: insecure use of /tmp |
TEMP-0775479-AC2272 | insecure configuration permissions |
TEMP-0775662-9BBEA1 | Insufficient validation of USB device descriptors |
TEMP-0776271-06C3A9 | Infinite loop in patch |
TEMP-0777522-650525 | denial of service under memory stress |
TEMP-0777706-EB0F2E | insecure storage of password in the NUT-monitor app |
TEMP-0778511-AAAFE7 | more to CVE-2014-6585 |
TEMP-0779573-6C7D15 | heap buffer overflow |
TEMP-0780100-E2856F | tcllib XSS |
TEMP-0780178-BE09AB | several security vulnerabilities and network packets can terminate the connection |
TEMP-0780503-1359A5 | Incomplete fix for CVE-2014-7940 |
TEMP-0780712-D0DD02 | permissive file access allowed from nasal |
TEMP-0780716-B04986 | nasal scripts can ready any file |
TEMP-0780817-7C5137 | Insufficient escaping in user manager allows XSS attack |
TEMP-0781595-E39EEE | xdeb: disables apt's signature checks |
TEMP-0781608-198474 | caja automounts USB flash drives and CD/DVD drives while session is locked |
TEMP-0781640-F16931 | Signature Bypass in several JSON Web Token Libraries |
TEMP-0783007-4C0B51 | http uri parsing issue |
TEMP-0783347-555527 | files with invalid or unsafe names could be uploaded |
TEMP-0783347-AEABE2 | Some plugins were vulnerable to an SQL injection vulnerability |
TEMP-0784712-056A32 | incorrect parsing of from header when assigning pgp keys |
TEMP-0784712-E83200 | incorrect substring matching when assigning pgp keys |
TEMP-0784888-F51195 | didjvu: insecure use of /tmp when executing c44 |
TEMP-0784889-495CCA | pdf2djvu: insecure use of /tmp when executing c44 |
TEMP-0785364-25992B | XSS in group administration |
TEMP-0786423-948688 | rsync collision attack |
TEMP-0786804-C23D2B | hwclock(8) SUID privilege escalation |
TEMP-0795062-DA89AB | publicfile-installer: insecure use of /tmp |
TEMP-0805638-5AC56F | Insecure permissions for backup directory |
TEMP-0805657-81BB13 | Missing bounds checking and verification of data type causes segfault |
TEMP-0807341-84E914 | uses non-random tempdir /tmp/tmprepo.0/.git/ |
TEMP-0811308-B63DA1 | Multiple minor security issues |
TEMP-0816034-9C45DC | unsafe use of /tmp |
TEMP-0820594-BC6826 | out of bound read and write issues |
TEMP-0825151-E80EFA | CSRF protection for POST requests |
TEMP-0826101-4D75EC | doesn't remove metadata in embedded images in PDFs |
TEMP-0827346-22ED59 | install-sh: insecure use of /tmp |
TEMP-0827564-93E4E3 | Stack corruption from crafted pattern |
TEMP-0830660-09AE85 | Insecure use of /tmp |
TEMP-0832169-0F9220 | insecure default PATH |
TEMP-0832283-698CF7 | cakephp: XML class SSRF vulnerability |
TEMP-0833087-C5410D | bruteforcable challenge responses in unprotected logfile |
TEMP-0840685-CEF76B | TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory |
TEMP-0841257-B7CD60 | sendmail: Privilege escalation from group smmsp to root |
TEMP-0846838-9738BD | tiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing |
TEMP-0850432-8BD66F | multiple new security issues |
TEMP-0853951-A77B7B | iio-sensor-proxy: insecure dbus policy |
TEMP-0855108-573218 | irssi memory leak |
TEMP-0856196-13C562 | scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c) |
TEMP-0856648-2BC2C9 | dns: out of bound memory read |
TEMP-0857546-8B0EB6 | Server certificates are not verified |
TEMP-0860565-9E8C4B | XSA-206: xenstore denial of service via repeated update |
TEMP-0868134-294030 | out-of-bounds read in eexec_line() |
TEMP-0869722-31618B | memory leak in quantize |
TEMP-0870233-1DD19E | executes javascript code downloaded from insecure URL |
TEMP-0876540-D98160 | pcb code injection by malicious layout file |
TEMP-0887330-0F8779 | Multiple vulnerabilities in CiviCRM |
TEMP-0894867-E5064B | Confidential issue comments in Slack, Mattermost, and webhook integrations |
TEMP-0900522-27F98D | gitlab: Persistent XSS - Selecting users as allowed merge request approvers |
TEMP-0900522-298D01 | gitlab: Persistent XSS - Multiple locations of user selection drop downs |
TEMP-0900522-3AD97C | gitlab: Permissions issue in Merge Requests Create Service |
TEMP-0900522-4405E2 | gitlab: Removing public deploy keys regression |
TEMP-0900522-7DE480 | gitlab: Arbitrary assignment of project fields using Import project |
TEMP-0900522-A18AAE | gitlab: include directive in .gitlab-ci.yml allows SSRF requests |
TEMP-0902726-3BBE24 | gitlab: Activity feed publicly displaying internal project names |
TEMP-0902726-51ACFE | gitlab: Content injection via username |
TEMP-0904191-9063D5 | Incomplete fix for CVE-2018-10886 |
TEMP-0905332-CB57BF | Default KeyInfo resolver doesn't check for empty element content. |
TEMP-0906879-C6E80C | security issue with the PASS command and duplicate server instances |
TEMP-0911336-06ADE0 | External URL injection through URL aliases |
TEMP-0911337-06D812 | Injection in DefaultMailSystem::mail() |
TEMP-0913136-041770 | DSA verification crashes OpenSSL on invalid combinations of key content |
TEMP-0913137-22A98C | VirtualBox E1000 Guest-to-Host Escape |
TEMP-0921565-C5FF8E | netmask: buffer overflow vulnerability |
TEMP-0922080-E6D428 | fuse mount exposes backup to unauthorized users |
TEMP-0923926-B85BA9 | high memory usage with some long running sessions |
TEMP-0925959-45DD25 | insecure handling of /tmp/VMwareDnD |
TEMP-0930387-988530 | security issues fixed in 1.8.5 |
TEMP-0933674-646BF3 | Buffer overflow during processing of large server replies |
TEMP-0950121-6A81FC | opensmtpd DoS via opportunistic TLS downgrade |
TEMP-0950816-47D88A | mpv insecure lua loadpath |
TEMP-0964568-93C065 | veyon-configurator tmp handling |
TEMP-0987831-866E01 | SQL Server LIMIT / OFFSET SQL Injection |
TEMP-0993866-37A39B | jwe cbc tag computation error |
TEMP-0993866-50C165 | jws alg:none signature verification issue |
TEMP-0995562-06835D | RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist |
TEMP-0996913-660A41 | RUSTSEC-2020-0159: Potential segfault in localtime_r invocations |
TEMP-1007145-ABA7D9 | wordpress 5.9.2 |
TEMP-1022575-434581 | wordpress 6.0.3 |
TEMP-1027282-04F215 | RUSTSEC-2022-0074 |
TEMP-1031542-93CC2D | XSS Vulnerability in matrix.pl |
TEMP-1032088-3E13DF | RUSTSEC-2022-0078 |
TEMP-1034374-6E2515 | https://rustsec.org/advisories/RUSTSEC-2023-0031.html |
TEMP-1036689-1CA7FB | Block themes parsing shortcodes in user-generated data |
TEMP-1037018-0CB39E | RUSTSEC-2023-0039 |
TEMP-1050299-7F4591 | RUSTSEC-2023-0052 webpki: CPU denial of service in certificate path building |
TEMP-1052200-1C589C | receiving with Lightning: partial MPP might be accepted |
TEMP-1053115-9454E3 | code execution via malformed XTGETTCAP |
TEMP-1055895-2C681F | RUSTSEC-2023-0070: Insufficient covariance check makes self_cell unsound |
TEMP-1059234-46A2BA | RUSTSEC-2023-0075 |
TEMP-1062663-AD972F | GHSA-7g9j-g5jg-3vv3: Unauthenticated Nonce Increment in snow |
TEMP-1074351-F7BBA7 | RUSTSEC-2024-0344 |
TEMP-1074352-DEF3AE | RUSTSEC-2024-0345 |
TEMP-1079517-4BBE9B | RUSTSEC-2024-0363: Binary Protocol Misinterpretation caused by Truncat ... |