Automatically generated issue names

Some issues have not been assigned CVE names, but are still tracked by this database. In this case, the system automatically assigns a unique name. These names are not stable and can change when the database is updated, so they should not be used in external references.

The automatically generated names come in two flavors: the first kind starts with the string "TEMP-000000-". This means that no Debian bug has been assigned to this issue (or a bug has been created and is not recorded in this database). In the second kind of names, there is a Debian bug for the issue, and the "000000"part of the name is replaced with the Debian bug number.

With unfixed issues

BugDescription
TEMP-0000000-0477AAget_groups does not always returns the group of the action
TEMP-0000000-07A77Dphp-gettext XSS
TEMP-0000000-0EB5E1node-d3-color redos
TEMP-0000000-11FDF8RUSTSEC-2023-0074
TEMP-0000000-137F0Aquoteless attributes in templates can lead to content injection
TEMP-0000000-1BAE4DGNUTLS-SA-2016-2: certificate verification issue
TEMP-0000000-1C4729net/http: broken trailers don't close a server connection
TEMP-0000000-23C1BDSidekiq::Web lacks CSRF protection
TEMP-0000000-345A3Bhandlebars: quoteless attributes in templates can lead to content injection
TEMP-0000000-3A226ARUSTSEC-2023-0018
TEMP-0000000-3E4AC3first_boot: Use session to verify first boot welcome step
TEMP-0000000-4677DEspip: XSS alowing priviledge escalation
TEMP-0000000-4DAA44out of bounds reads in ASF demuxer
TEMP-0000000-4F0A4AAccess to records of report are not checked
TEMP-0000000-556BB5tor TROVE-2023-006
TEMP-0000000-561D64RUSTSEC-2022-0019
TEMP-0000000-66FC9CRUSTSEC-2024-0332: Degradation of service in h2 servers with CONTINUATION Flood
TEMP-0000000-7CC552tor TROVE-2023-004
TEMP-0000000-803658several security fixes: PHP injections, XSS and secrets stored in session file
TEMP-0000000-95CBBFuudecode: stack out of bounds read access
TEMP-0000000-96AFF4spip: Use a dedicated function to clean author data when preparing a session
TEMP-0000000-96B2E9hardening for RSA-CRT leak
TEMP-0000000-9B1564tryton zipbomb DoS
TEMP-0000000-9BB4B1tryton-server lack of record validation
TEMP-0000000-A4EF31Null pointer access in inflatehd tool
TEMP-0000000-ACBC4Cbuffer overflows in init_cups
TEMP-0000000-BBB7D8remote memory disclosure
TEMP-0000000-BCCC32vlc issues fixed in 3.0.13
TEMP-0000000-BD209FXSS via queue name in Sidekiq::Web
TEMP-0000000-BD3902sogo SOGoForbidUnknownDomainsAuth issue
TEMP-0000000-C1FFDCRUSTSEC-2023-0038: Out-of-bounds array access leads to panic
TEMP-0000000-C3CEDBfscanf format string security bug in flashrom layout code
TEMP-0000000-C6840ARUSTSEC-2022-0020
TEMP-0000000-D7B410RUSTSEC-2022-0021
TEMP-0000000-D87CDBvalidate a server certificate in a TLS-based server-server connection
TEMP-0000000-DD0D8ERUSTSEC-2023-0015
TEMP-0000000-DD1424RUSTSEC-2023-0041
TEMP-0000000-E6792Firssi missing null terminator
TEMP-0000000-EA9109RUSTSEC-2024-0006
TEMP-0000000-ED74C7RUSTSEC-2023-0045
TEMP-0000000-ED76D0Sanitizing and other XSS protections
TEMP-0000000-F090BBdirectory traversal in servefile
TEMP-0000000-F41FA7DoS
TEMP-0000000-F7A20FKernel: Unprivileged user can freeze journald
TEMP-0000000-F9A459XSS via job arguments display class in Sidekiq::Web
TEMP-0000000-FD1F92root path disclosure
TEMP-0000000-FDAB26Transaction cache overrides the current user
TEMP-0290435-0B57B5tar's rmt command may have undesired side effects
TEMP-0498901-F99C05unsafe use of tempfile in ssmclient
TEMP-0517018-A83CE6sysvinit: no-root option in expert installer exposes locally exploitable security flaw
TEMP-0517020-915121thunar: potential exploits via application launchers
TEMP-0528250-2E3658hex-a-hop: buffer overflow in loading save games
TEMP-0532514-9137E0predictable random number generator used in web browsers
TEMP-0537604-F35BD7insecure tmp file vulnerability in slim
TEMP-0560108-565B70browser-based css info disclosure
TEMP-0568486-B6FCB6browser javascript document.write denial-of-service
TEMP-0601325-4C9A5Binsecure handling of /tmp files in debian/preinst
TEMP-0601525-BEBB65libgd2: gdImageColorTransparent can write outside buffer
TEMP-0608980-E8B8DFCrash with long HOME environment variable
TEMP-0628843-DBAD28more related to CVE-2005-4890
TEMP-0672435-7C494COption -localhost seems to fail to restrict ipv6 access
TEMP-0769606-4AA6CFa2p: buffer overflow
TEMP-0772585-D41D8C
TEMP-0773308-EE1012crashes on crafted ELF
TEMP-0774453-CA58EEZoo directory traversal
TEMP-0775193-7F000Edjvudigital: insecure use of /tmp
TEMP-0775199-D05A9Esmime_keys: insecure use of /tmp
TEMP-0780817-7C5137Insufficient escaping in user manager allows XSS attack
TEMP-0786423-948688rsync collision attack
TEMP-0786804-C23D2Bhwclock(8) SUID privilege escalation
TEMP-0797470-1AE9BAval_dane_check: usage DANE-TA(2) may bypass cert validation entirely
TEMP-0800564-79703Btrivial hash complexity DoS attack
TEMP-0807341-84E914uses non-random tempdir /tmp/tmprepo.0/.git/
TEMP-0816034-9C45DCunsafe use of /tmp
TEMP-0820594-BC6826out of bound read and write issues
TEMP-0825151-E80EFACSRF protection for POST requests
TEMP-0827346-22ED59install-sh: insecure use of /tmp
TEMP-0827564-93E4E3Stack corruption from crafted pattern
TEMP-0830660-09AE85Insecure use of /tmp
TEMP-0832283-698CF7cakephp: XML class SSRF vulnerability
TEMP-0841856-B18BAFPrivilege escalation possible to other user than root
TEMP-0846838-9738BDtiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing
TEMP-0856196-13C562scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)
TEMP-0857546-8B0EB6Server certificates are not verified
TEMP-0868134-294030out-of-bounds read in eexec_line()
TEMP-0869722-31618Bmemory leak in quantize
TEMP-0870233-1DD19Eexecutes javascript code downloaded from insecure URL
TEMP-0906138-C38804libykneomgr memory corruption
TEMP-0913136-041770DSA verification crashes OpenSSL on invalid combinations of key content
TEMP-0913137-22A98CVirtualBox E1000 Guest-to-Host Escape
TEMP-0921565-C5FF8Enetmask: buffer overflow vulnerability
TEMP-0922080-E6D428fuse mount exposes backup to unauthorized users
TEMP-0925959-45DD25insecure handling of /tmp/VMwareDnD
TEMP-0950816-47D88Ampv insecure lua loadpath
TEMP-0962629-FA7B70Rainloop stores passwords in cleartext in logfile
TEMP-0964568-93C065veyon-configurator tmp handling
TEMP-0995562-06835DRUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist
TEMP-0996913-660A41RUSTSEC-2020-0159: Potential segfault in localtime_r invocations
TEMP-1009820-39878Fsnort privilege escalation due to insecure use of logrotate
TEMP-1022575-434581wordpress 6.0.3
TEMP-1031542-93CC2DXSS Vulnerability in matrix.pl
TEMP-1032088-3E13DFRUSTSEC-2022-0078
TEMP-1036689-1CA7FBBlock themes parsing shortcodes in user-generated data
TEMP-1037018-0CB39ERUSTSEC-2023-0039
TEMP-1050298-39CD6DRUSTSEC-2023-0053: rustls-webpki: CPU denial of service in certificate path building
TEMP-1050299-7F4591RUSTSEC-2023-0052 webpki: CPU denial of service in certificate path building
TEMP-1051808-528792RUSTSEC-2023-0059: Unaligned read of *const *const c_char pointer
TEMP-1082053-F368BBRUSTSEC-2023-0086

The rest

BugDescription
TEMP-0000000-00657Fpure-ftpd-mysql: any problems with a home dir will allow rw to the entire filesystem
TEMP-0000000-018938SQL Injection in host_templates.php
TEMP-0000000-01E656Possible SQL injection in freeradius
TEMP-0000000-02F7ABfile descriptor leak when a Compose file uses the "include" directive
TEMP-0000000-0477AAget_groups does not always returns the group of the action
TEMP-0000000-050E10mailutils: sql injection vulnerability in sql authentication module
TEMP-0000000-076325RUSTSEC-2023-0035: enumflags2: Adverserial use of make_bitflags! macro can cause undefined behavior
TEMP-0000000-077068gitlab: Persistent XSS in Pipeline Tooltip
TEMP-0000000-09234Cinsecure usage of temporary files in flash-kernel
TEMP-0000000-0999A8syslog-ng dos
TEMP-0000000-099EACwerkzeug hashes its secret instead of using hmac
TEMP-0000000-0CA7E3XSS in press-this of wordpress
TEMP-0000000-0D6EB6crash when parsing overly long links
TEMP-0000000-0EB5E1node-d3-color redos
TEMP-0000000-106DD8linux-ftpd: null ptr dereference
TEMP-0000000-11FDF8RUSTSEC-2023-0074
TEMP-0000000-1541B5incorrect memory management in Gtk2::Gdk::Display::list_devices
TEMP-0000000-15DB04RUSTSEC-2024-0359
TEMP-0000000-196897htmlpurifier various
TEMP-0000000-19B927Partial SMAP bypass on 64-bit Linux kernels
TEMP-0000000-1A4150archivemail insecure temporary file issues
TEMP-0000000-1BAE4DGNUTLS-SA-2016-2: certificate verification issue
TEMP-0000000-1CC548Cross-site scripting (XSS) vulnerability in cgit's "txt2html" filter
TEMP-0000000-1E2093Linux ASLR mmap weakness: Reducing entropy by half
TEMP-0000000-1F321DBUG/MAJOR: http: don't read past buffer's end in http_replace_value
TEMP-0000000-2025B8Missing normalization
TEMP-0000000-212AE3Unspeficied security issue in ipsec-tool's single DES support
TEMP-0000000-23C1BDSidekiq::Web lacks CSRF protection
TEMP-0000000-24F61AEnforce use of HTTPS for MathJax in IPython
TEMP-0000000-269968X launcher doesn't drop group privileges
TEMP-0000000-271E1Avpnc: config file path security hole
TEMP-0000000-283B1AQuassel: /var/lib/quassel/quasselCert.pem world-readable
TEMP-0000000-28C30ARUSTSEC-2023-0058: Exposes reference to non-Sync data to an arbitrary thread
TEMP-0000000-29F04AZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1
TEMP-0000000-2A36A7remote DoS when case of the characters of a nickname is modified
TEMP-0000000-2C7EFDincorrect handling of {$smarty.template} and {$smarty.current_dir}
TEMP-0000000-2D36D7cyassl: RSA Padding check vulnerability
TEMP-0000000-2D8F93isc-dhcp: omapi dos
TEMP-0000000-3336BAhtdig: several unspecified security problems
TEMP-0000000-375947RUSTSEC-2022-0092
TEMP-0000000-37DBC3use after free / double free
TEMP-0000000-3815A2Avoid unbounded SFTP extended attribute key/values
TEMP-0000000-3A226ARUSTSEC-2023-0018
TEMP-0000000-3B586Fdirectory traversal
TEMP-0000000-3C6C99Insufficient filename sanitising in darcsweb
TEMP-0000000-3D1157information leak in event device handling
TEMP-0000000-3D82DCaxel URL parser buffer overflow
TEMP-0000000-3E4AC3first_boot: Use session to verify first boot welcome step
TEMP-0000000-3EB501Possible problem with insecure usage of sscanf in obexftp client
TEMP-0000000-3F0E00tor insufficient authentication on control port
TEMP-0000000-404599Multiple security problems in lbreakout2
TEMP-0000000-42228Bspip DoS
TEMP-0000000-425714argyll unsafe udev rules
TEMP-0000000-43D999Insecure temp files in firehol
TEMP-0000000-4677DEspip: XSS alowing priviledge escalation
TEMP-0000000-47717Agunicorn fails to drop supplemental groups
TEMP-0000000-47E1CEcrashes found with afl
TEMP-0000000-481246libxslt segfault / DoS
TEMP-0000000-4C54C0atftp DoS
TEMP-0000000-4D04B7maradns: More frequent rekeying to mitigate possible AES attacks
TEMP-0000000-4DA0A8dbus format string vulnerability
TEMP-0000000-4DAA44out of bounds reads in ASF demuxer
TEMP-0000000-4E21BAxscreensaver: symlink attack enables local information disclosure
TEMP-0000000-4F0A4AAccess to records of report are not checked
TEMP-0000000-516A9ENTFS driver for FUSE unspecified issue
TEMP-0000000-523402auth bypass
TEMP-0000000-52FF39dokuwiki ACL bypass
TEMP-0000000-5337A6lhasa: several directory traversal vulnerabilities
TEMP-0000000-54045Emore to CVE-2015-2059
TEMP-0000000-556BB5tor TROVE-2023-006
TEMP-0000000-561D64RUSTSEC-2022-0019
TEMP-0000000-56C871Fixes permission check in QueriesController
TEMP-0000000-583651nspr, nss: unprotected environment variables
TEMP-0000000-5865E4imms: Arbitrary command execution through inproper filename escaping
TEMP-0000000-58BE54lintian disclosure of file presense
TEMP-0000000-5909B0Use-after-free in WDDX Packet Deserialization
TEMP-0000000-5AF47FRemote DoS vulnerabilities in postgrey
TEMP-0000000-604AC4crashes on crafted upack packed file
TEMP-0000000-62CF51Buffer overflow in libotr
TEMP-0000000-62D57Eapt-cacher arbitrary command execution
TEMP-0000000-66FC9CRUSTSEC-2024-0332: Degradation of service in h2 servers with CONTINUATION Flood
TEMP-0000000-673AE0ikiwiki allows web user to edit images and other non-page format files in the wiki
TEMP-0000000-687E4Dnull pointer dereference
TEMP-0000000-6B3154Various /tmp related security issues in cernlib
TEMP-0000000-6D001Csmb4k security issue
TEMP-0000000-6F6CD4Insecure mailbox generation in passwd's useradd
TEMP-0000000-70147BMemory corruption
TEMP-0000000-70AB0Agix-transport indirect code execution via malicious username
TEMP-0000000-711222RUSTSEC-2023-0057: Fails to prohibit standard library access prior to initialization of Rust standard library runtime
TEMP-0000000-71A9D4Unspecified buffer overflow in Convert::UUlib perl module
TEMP-0000000-73A1D3RUSTSEC-2023-0005
TEMP-0000000-758242RUSTSEC-2022-0022
TEMP-0000000-75B37Ainsufficient form variable escaping
TEMP-0000000-760107rtkit: failure to drop supplemental groups
TEMP-0000000-79CB2Campache DoS and CSRF
TEMP-0000000-7C9547docker VMM breakout
TEMP-0000000-7CC552tor TROVE-2023-004
TEMP-0000000-7D3048Logging bypassing through SIGHUP in syslog-ng
TEMP-0000000-803658several security fixes: PHP injections, XSS and secrets stored in session file
TEMP-0000000-80376Finteger overflow
TEMP-0000000-80BA67Rorster vulnerability similar to CVE-2015-8688
TEMP-0000000-812BACphpbb 3.0.7 permissions bypass
TEMP-0000000-835FB2rust-atty: Potential unaligned read
TEMP-0000000-838979Escape href attribute in auto links
TEMP-0000000-84AA65DoS against clamav through infinite loop in cli_rmdirs
TEMP-0000000-8648E9moinmoin XSS
TEMP-0000000-8B87A6mediawiki issues from 1.26.3, 1.25.6 and 1.23.14
TEMP-0000000-8F74CDunsafe temporary file in lintian's objdump-info
TEMP-0000000-9164B4unspecified steam cache vulnerability
TEMP-0000000-94515Fxile buffer overrun in terminal code
TEMP-0000000-964ED9AST-2016-005
TEMP-0000000-96AFF4spip: Use a dedicated function to clean author data when preparing a session
TEMP-0000000-96B2E9hardening for RSA-CRT leak
TEMP-0000000-970209Invalid read in ensure_filepath
TEMP-0000000-9862C2RUSTSEC-2023-0078
TEMP-0000000-9A49E3XSS vulnerability discovered -plugin-globalsearch
TEMP-0000000-9AC543mono xsp file disclosure
TEMP-0000000-9B1564tryton zipbomb DoS
TEMP-0000000-9B3182schroot may use outdated configuration information
TEMP-0000000-9BB4B1tryton-server lack of record validation
TEMP-0000000-9DA06Eopenslp: insecure cert validation through openssl api misuse
TEMP-0000000-9ED582Two DoS condition in ekg
TEMP-0000000-A2D002prelude-manager: password world-readable
TEMP-0000000-A2EB44Insecure tempfile in x-face-el
TEMP-0000000-A4EF31Null pointer access in inflatehd tool
TEMP-0000000-A4F3DEInvalid read in create_output_name
TEMP-0000000-A5538Flibpam-ssh: Inproper caching of pwd data with potential security implications
TEMP-0000000-A9D025Crash on bad SOAP request
TEMP-0000000-AA638ESQL Injection in graph_templates.php
TEMP-0000000-AB5257dojo can be used as a redirector
TEMP-0000000-ACBC4Cbuffer overflows in init_cups
TEMP-0000000-AF79F8roundup: unspecified issue
TEMP-0000000-B138FBgstreamer ffmpeg missing checks of packet sizes, chunk sizes, and fragment positions
TEMP-0000000-B2A20CRUSTSEC-2024-0021
TEMP-0000000-B2D490moin: hierarchical ACLs security issue
TEMP-0000000-B391CAexec functions ignore length but look for NULL termination
TEMP-0000000-B446CFiodine: DoS against iodined triggerable by authenticated users
TEMP-0000000-B4B71FFix file indirectory injection
TEMP-0000000-B5C878backuppc: web frontend installed insecurely by default
TEMP-0000000-B9CD89BUG/MAJOR: http: prevent risk of reading past end with balance url_param
TEMP-0000000-BB4B08zend framework multiple issues
TEMP-0000000-BBB7D8remote memory disclosure
TEMP-0000000-BBBF43Crypto weakness in Tor's handshaking process
TEMP-0000000-BC4C2Fnautilus: file preview html script execution
TEMP-0000000-BCCC32vlc issues fixed in 3.0.13
TEMP-0000000-BD209FXSS via queue name in Sidekiq::Web
TEMP-0000000-BD20F7ZF2010-07
TEMP-0000000-BD3902sogo SOGoForbidUnknownDomainsAuth issue
TEMP-0000000-BD69C5ZF2015-09: Potential Information Disclosure and Insufficient Entropy vulnerability in Zend/Captcha/Word
TEMP-0000000-C04FE8dcerpc: exit()'s on malloc failure
TEMP-0000000-C070DDntop: access.log permissions
TEMP-0000000-C0C622gstreamer-ffmpeg unspecified issue related to sps and pps ids
TEMP-0000000-C1FFDCRUSTSEC-2023-0038: Out-of-bounds array access leads to panic
TEMP-0000000-C3CEDBfscanf format string security bug in flashrom layout code
TEMP-0000000-C3D012multiple missing input sanity checks in KDE
TEMP-0000000-C46FADpam usb wrongly allows authentication without password in ssh sessions
TEMP-0000000-C6840ARUSTSEC-2022-0020
TEMP-0000000-C6AAE1Catch overflows in AVC/HEVC NAL unit length calculations
TEMP-0000000-CD327Cremctl ACL bypass vulnerability
TEMP-0000000-CDF09ETOCTOU race when expanding JAR files
TEMP-0000000-CE3B44XSA-166: ioreq handling possibly susceptible to multiple read issue
TEMP-0000000-CED930RUSTSEC-2024-0020
TEMP-0000000-CFFE57cakephp: local file inclusion
TEMP-0000000-D0A7F0ircd-ratbox password disclosure during TLS handshake
TEMP-0000000-D41D8C
TEMP-0000000-D591DCInteger overflow in iptcembed()
TEMP-0000000-D61692unace unspecified security issue related to uninitialized variable
TEMP-0000000-D75F8BRCE in gitlab-shell 2.6.6-2.6.7
TEMP-0000000-D7B410RUSTSEC-2022-0021
TEMP-0000000-D87CDBvalidate a server certificate in a TLS-based server-server connection
TEMP-0000000-D8C3F4stack corruption when handling files with more than 64 audio channels
TEMP-0000000-D91305tcpdf code execution via tcpdf tag
TEMP-0000000-DAA254fai tempfile vulnerability
TEMP-0000000-DAE756clamav: DoS through multiple empty Content-Disposition header lines
TEMP-0000000-DD0D8ERUSTSEC-2023-0015
TEMP-0000000-DD73A0Unexpected database bindings via requests (follow-up)
TEMP-0000000-DD8D83crash during algorithmic detection on crafted PE file
TEMP-0000000-DE2DCDgitlab: Missing CSRF in System Hooks
TEMP-0000000-DEED53unrar: opens /tmp/debug_unrar.txt
TEMP-0000000-E06059backup-manager: make sure password is not written to world-readable files
TEMP-0000000-E10713Multiple buffer overflows in gtetrinet
TEMP-0000000-E3DB33Several DoS possibilities of clients against the server in Freeciv
TEMP-0000000-E43D47SQL Injection in cdef.php
TEMP-0000000-E52D56Integer overflow in binutils' ELF parsing
TEMP-0000000-E57E4ERemotely triggerable buffer overflow in OpenSMTPD
TEMP-0000000-E6792Firssi missing null terminator
TEMP-0000000-E9A545libetpan NULL deref
TEMP-0000000-EA2D06Endlees loop issue
TEMP-0000000-EA5272NULL Pointer Dereference in phar_tar_setupmetadata()
TEMP-0000000-EA9109RUSTSEC-2024-0006
TEMP-0000000-ED74C7RUSTSEC-2023-0045
TEMP-0000000-ED76D0Sanitizing and other XSS protections
TEMP-0000000-EFA573SQL Injection Vulnerability in data sources
TEMP-0000000-F00632node-marked: multiple content injection vulnerabilities
TEMP-0000000-F090BBdirectory traversal in servefile
TEMP-0000000-F1CA5FType Confusion Vulnerability in PHP_to_XMLRPC_worker()
TEMP-0000000-F26C42Type confusion vulnerability in WDDX packet deserialization
TEMP-0000000-F32736SQL Injection Vulnerability in graph items and graph template items
TEMP-0000000-F41FA7DoS
TEMP-0000000-F4C8D1ejabberd HTML code injection
TEMP-0000000-F53EE40.1.1+dfsg-1 multiple issues
TEMP-0000000-F56399webkit info leak
TEMP-0000000-F6033CSQL Injection in data_templates.php
TEMP-0000000-F647EFMissing safemode checks in PHP's _php_image_output functions
TEMP-0000000-F707E4MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server value
TEMP-0000000-F99584"slowloris" denial-of-service vulnerability in webservers
TEMP-0000000-F9A459XSS via job arguments display class in Sidekiq::Web
TEMP-0000000-FC713Apythonpaste web root esacpe
TEMP-0000000-FD1F92root path disclosure
TEMP-0000000-FDAB26Transaction cache overrides the current user
TEMP-0000000-FE3BD0Session WDDX Packet Deserialization Type Confusion Vulnerability
TEMP-0046709-935F97Insecure access control on GNU Mach's IO ports
TEMP-0105562-0FE13Bcrypt++ passes passwords through the command line
TEMP-0107374-DF37E7gnupg: inproper flagging of signatures as being local
TEMP-0149799-ABFD7Csanitizer bypassal through quoted file names
TEMP-0169793-0E1404libnss-ldap: DoS through truncated DNS queries
TEMP-0173238-677015Insecure temp files in lilo
TEMP-0183047-CE70BAfuzz: Insecure temp file usage
TEMP-0216566-EA84C5Insecure bounds checking in mpack's content parser
TEMP-0250106-DF1988Unspecified buffer overflow in libmng
TEMP-0253838-2AD268Minor local DoS as libldap
TEMP-0254101-876546Multiple buffer overflows in isoqlog
TEMP-0259987-89C19Cbash-completion: does not properly quote characters
TEMP-0264684-94ACC3Pavuk Digest Authentication Buffer Overflow
TEMP-0269186-FFE79Fasciijump: /var/games/asciijump world writable
TEMP-0274229-6E02C2base-passwd: sets valid shells for system services
TEMP-0282583-19BE25microcode.ctl downloads microcode w/o user confirmation
TEMP-0290047-4CE288Insecure temp files in linux-wlan-ng
TEMP-0291452-29156Bgs-esp: Insecure usage of /tmp in source code
TEMP-0291613-A6DD69xshisen follows symlinks for shared gid games files
TEMP-0296112-517ED6libnet-ssleay-perl: /tmp/entropy insecure
TEMP-0298114-36C546nvi: init.d recover file security bugs
TEMP-0298929-838146Multiple security issues when using distcc without ssh auth
TEMP-0300560-C9B661downloads.ini writable by group users, world-readable
TEMP-0302454-1EA4A5trackballs: Follows symlinks as gid games
TEMP-0302790-27DC0Ahdup inproperly preserves permissions on directories
TEMP-0306076-4B7D89coreutils ignores umask when using -m in mkdir, mkfifo and mknod
TEMP-0308737-BABD6AHeap overflow in libosip URI parsing
TEMP-0313081-3428D4DoS triggering endless loops in findutils -follow option
TEMP-0319686-D21D67xgalaga score file segfault
TEMP-0320150-40E143Integer overflow in ffmpeg's MPEG encoding
TEMP-0321447-C22A86Insecure usage of temporary files in x11perfcomp and other security issues
TEMP-0321470-3DB8C5wine: Unsafe use of temporary files in winelauncher
TEMP-0321566-40512Dfftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script
TEMP-0324913-425151cplay - still unsafe temporary file handling vulnerable to symlink attacks
TEMP-0325080-CF0752user password file created by gajim is world-readable
TEMP-0327261-B6AE8Fwine-safe does not prompt the user/is registered in mailcap
TEMP-0328134-B819BCsnort: DoS in verbose mode
TEMP-0330627-887F38rkhunter: Insecure temporary file
TEMP-0331720-9168FEadduser's deluser creates backup files with world readable permissions
TEMP-0334193-23D83Axscreensaver does not maintain screen locks during upgrade
TEMP-0335996-97467Dntop format string vulnerability
TEMP-0337492-CFA0CDInsecure temp files in note
TEMP-0340079-E5FD8CInsecure tempfile in libjpeg6b's exifautotran
TEMP-0340105-EE3BB8unsafe file permissions in vpnc
TEMP-0349528-9E59D3Buffer overflow in elog's header buffer
TEMP-0352723-F61961dpkg-sig: insecure temp file bug
TEMP-0358139-D2A6EEgauche-config rpath set to user home
TEMP-0358142-0BC2FFunixodbc rpath set to /home
TEMP-0358157-34A070fftw rpath set to user home
TEMP-0358166-12F63Fhamlib3-perl rpath set to user home
TEMP-0359745-ECBE05webalizer: symlink vulnerability
TEMP-0361653-A94AFDlibrsvg2 crash on certain svg files
TEMP-0361913-F8E45Alinphone insecure password leakage
TEMP-0368804-259562ldap account manager sets trivial password instead of disabling it
TEMP-0369014-6AE03E'Cache' shell injection vulnerability
TEMP-0369542-32FFCAssmtp password leak
TEMP-0370144-2CA0D8specialy crafted WAV turns mkvmerge into a malloc bomb
TEMP-0375453-4F9189ldap account manager wrongly unlocks some passwords
TEMP-0376577-38D215uqwk buffer overflow
TEMP-0378411-57ACA8Buffer overflow in XML::Parser::Expat triggered by utf8
TEMP-0378412-67AD3DBuffer overflow in XML::Parser::Expat triggered by deep nesting
TEMP-0378571-06BD02courier-authdaemon: wrong socket permissions may lead to password disclosure
TEMP-0379922-FA0DE2double-free vulnerability in the Real Media demuxer
TEMP-0382132-C0E39Cdiffmon information leakage
TEMP-0388608-F17697logrotate race condition could lead to file disclosure
TEMP-0391388-8371ADzabbix buffer overflows
TEMP-0391388-A7E978zabbix format string vulnerabilities
TEMP-0393846-B78E90motion insecure tempfile creation
TEMP-0397297-E6F2D0obexpushd arbitrary command execution
TEMP-0399226-A0B8DFyacas insecure rpath
TEMP-0400624-86BB88dsniff urlsnarf missing output sanitization
TEMP-0403141-57B365znc file access security hole
TEMP-0406285-531EEAbcfg2 password disclosure
TEMP-0407003-DA457Cvarious crashes and infinite loops in ffmpeg
TEMP-0407116-23D9EFwordpress unregister_globals workaround from 2.0.7
TEMP-0407605-7D944Enetpbm heap corruption
TEMP-0407607-240F77python-django flup/FastCGI/debugging issue
TEMP-0409062-BD7B6Dkaya buffer overflow, cross-site scripting and data leak
TEMP-0410557-009D67dokuwiki conf directory accessible by web users
TEMP-0410588-2CACBBamavids-new uses contrib/non-free packers without security support in default config
TEMP-0412618-38583Eapg generates insecure passwords on 64-bit architectures
TEMP-0414480-089D8Alow-entropy default passphrase in Debian's dtc-xen
TEMP-0414482-5BA32Cfile permission race conidition in Debian's dtc-xen
TEMP-0417995-6A1CD7initramfs-tools creates /dev/root world-readable
TEMP-0418662-DC1CF3buffer overflow in mixmaster importing type 2 messages
TEMP-0425254-0F9CE1insecure tempfile in wdiff
TEMP-0427715-C31B61webpy HTTP response splitting vulnerability
TEMP-0434134-B27890dokuwiki XSS in spellchecker
TEMP-0454297-EACDD7exempi buffer overflow in GIF ReadHeader() function
TEMP-0464084-305C70greylistd bypass
TEMP-0464778-7EAAA3tdiary XSS
TEMP-0465561-A017B1minor cyrus sasl DoS
TEMP-0482385-09F6D5resizing the monitor with xrandr can crash xscreensaver
TEMP-0484639-8D3138missing sanity checks allow DoS via mis-formated timestamp
TEMP-0495542-A51430phpCAS XSS in final_uri; PHPCAS-52
TEMP-0496462-B3176Finsecure temp file in nvi
TEMP-0497005-8CD734Overwrite certain images without notice
TEMP-0497005-A51CB0Overwrite symlink without check
TEMP-0497452-F45308nfdump vulnerable to symlink attacks
TEMP-0500295-A176F7possible script injection via /etc/wordpress/wp-config.php
TEMP-0500611-22A0F0jumpnbump: insecure temp file
TEMP-0503750-D75E0Abalazar3: insecure temp file handling
TEMP-0504726-7A5872universalindentgui insecure usage of temp files
TEMP-0506961-3C07AFauctex insecure temp file
TEMP-0507482-9415A7Insecure tmpdir creation
TEMP-0508111-173336Insecure tempfile creation
TEMP-0513611-D1D676glpi sql injection
TEMP-0514151-B17364samba: Account locking out doesnt work with an LDAP backend
TEMP-0515104-609AB4nautilus: potential exploits via application launchers
TEMP-0523476-4CE9EFpptp-linux: unrestrictive pptpsetup permissions
TEMP-0525820-07BBE3More file buffer overflows
TEMP-0526594-48E4C2moin: XSS in AttachFile.py via attachements
TEMP-0528434-FDFF92cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
TEMP-0531735-61C2C9OCS Inventory NG SQL Injection Vulnerability
TEMP-0532514-9137E0predictable random number generator used in web browsers
TEMP-0532740-DB1B64libdkim: signature parsing is not thread-safe
TEMP-0533670-BB9FF7pcsc-lite: creates world-writable directory
TEMP-0533673-74CBB6moin: heirarchical ACL vulnerability
TEMP-0535159-76AB98ser2net DoS
TEMP-0535881-957F77clamav scanner bypass with archives
TEMP-0535886-8B62DCapache2: htaccess override
TEMP-0535946-7636B8libio-socket-ssl-perl: partial hostname matching vulnerability
TEMP-0539699-BC7A2Bxscreensaver: local screen lock bypassable via low resolution video devices
TEMP-0540606-8877D9php5: 'open_basedir' bypass
TEMP-0548909-2413C6xen-tools: world readable disk image files
TEMP-0551907-963784mandos 0600 file being included in initrd
TEMP-0552518-ADA4BAeglibc: ldd arbitrary code execution
TEMP-0555308-79E91Cxserver-xorg: inherits user's mask
TEMP-0560087-F084E6xpat2: save game permissions issue
TEMP-0560895-39B4B0gnome-screensaver inhibitor not removed when connection is closed
TEMP-0566326-9A899Fsqlite: info leak
TEMP-0567175-3A30A9gmetad incorrect file permissions
TEMP-0568925-CB8E83esmtp: world-readable config file
TEMP-0569506-737DDEirssi emote leak
TEMP-0570011-670DB5phpbb3 weak captcha
TEMP-0570713-FED4BBffmpeg potentially remaining vulnerabilities after DSA 2000
TEMP-0578928-72FBC5gnome-orca: shell access without logon
TEMP-0579087-7F12A8prosody password world-readable
TEMP-0581058-CF1E8Dnumpy memory corruption
TEMP-0582798-329FE7wicd changes permissions of resolv.conf
TEMP-0592115-F98F5Csignature verification issue
TEMP-0593829-E6A4BCconfig file world readable
TEMP-0597382-058DA8mingetty directory traversal
TEMP-0601325-4C9A5Binsecure handling of /tmp files in debian/preinst
TEMP-0601525-BEBB65libgd2: gdImageColorTransparent can write outside buffer
TEMP-0601585-D41D8C
TEMP-0603436-5CA466pam_pgsql overflow
TEMP-0605160-28DAD2insecure python path handling
TEMP-0607494-376E2EXSS in ftpls
TEMP-0608822-E0260Ccalibre XSS
TEMP-0608822-EF2F16calibre file disclosure
TEMP-0608979-E8B8DFCrash with long HOME environment variable
TEMP-0609212-CA8607multiple spip issues
TEMP-0612034-33CBADaptitude tempfile
TEMP-0612668-CE1EF5evince segfault
TEMP-0625868-9433A0fglrx-driver xauth cookie leak
TEMP-0632260-7A1354stardict: minor information disclosure
TEMP-0635836-4F6C5Cminissdpd multiple issues
TEMP-0646758-12F1BDspip path disclosure
TEMP-0649113-5F7BC7spip privilege escalation
TEMP-0649113-869F0Dspip XSS
TEMP-0672435-7C494COption -localhost seems to fail to restrict ipv6 access
TEMP-0672961-92221Ctwo XSS
TEMP-0678189-8A5546packagekit insecure temp file
TEMP-0678512-2E167Cremotely triggerable crash
TEMP-0682869-4EFB12insecure default configuration / authentication bypass
TEMP-0683667-E2E855base name disclosure
TEMP-0684143-02E960redeclipse code execution through map files
TEMP-0698189-BE9FC4buffer overflow in commandline parsing
TEMP-0706095-6DFA71autopostgresqlbackup code injection
TEMP-0706099-FAF305automysqlbackup code injection
TEMP-0729276-2DADFAstaden-io-lib buffer overflow
TEMP-0736821-BCABA8no input validation for search function
TEMP-0740268-4CE61Cbuffer overflow
TEMP-0745112-59B02Cdata leak during restore
TEMP-0745580-D90EF4Insecure default permissions for ~/.virtualenvs and scripts
TEMP-0752092-218B4Dsofthsm-keyconv creates security-sensibe file world-readable
TEMP-0764645-2E1644iptables-persistent minor local info leak
TEMP-0764814-3B6657freecad downloads and executes code
TEMP-0769606-4AA6CFa2p: buffer overflow
TEMP-0769937-FD49EEformail: memory corruption
TEMP-0770647-53FAC2libclamunrar: double-free error libclamunrar_iface/unrar_iface.c
TEMP-0773308-EE1012crashes on crafted ELF
TEMP-0773751-AD275Erace condition between fur and fex_cleanup may create internal instead of external user
TEMP-0774171-B2A845symlink directory traversal
TEMP-0774555-E962ADinsecure LUA default load path
TEMP-0774769-57BAAAsaves unknown host's fingerprint in known_hosts without any prompt
TEMP-0774838-C2ABDAinsecure keyring handling
TEMP-0774897-BC9A31denial of service with specific packets
TEMP-0774898-681A65fails to detect silent driver failure to change MAC
TEMP-0775193-7F000Edjvudigital: insecure use of /tmp
TEMP-0775199-D05A9Esmime_keys: insecure use of /tmp
TEMP-0775479-AC2272insecure configuration permissions
TEMP-0775662-9BBEA1Insufficient validation of USB device descriptors
TEMP-0776271-06C3A9Infinite loop in patch
TEMP-0777522-650525denial of service under memory stress
TEMP-0777706-EB0F2Einsecure storage of password in the NUT-monitor app
TEMP-0778511-AAAFE7more to CVE-2014-6585
TEMP-0779573-6C7D15heap buffer overflow
TEMP-0780100-E2856Ftcllib XSS
TEMP-0780178-BE09ABseveral security vulnerabilities and network packets can terminate the connection
TEMP-0780503-1359A5Incomplete fix for CVE-2014-7940
TEMP-0780712-D0DD02permissive file access allowed from nasal
TEMP-0780716-B04986nasal scripts can ready any file
TEMP-0780817-7C5137Insufficient escaping in user manager allows XSS attack
TEMP-0781595-E39EEExdeb: disables apt's signature checks
TEMP-0781608-198474caja automounts USB flash drives and CD/DVD drives while session is locked
TEMP-0781640-F16931Signature Bypass in several JSON Web Token Libraries
TEMP-0783007-4C0B51http uri parsing issue
TEMP-0783347-555527files with invalid or unsafe names could be uploaded
TEMP-0783347-AEABE2Some plugins were vulnerable to an SQL injection vulnerability
TEMP-0784712-056A32incorrect parsing of from header when assigning pgp keys
TEMP-0784712-E83200incorrect substring matching when assigning pgp keys
TEMP-0784888-F51195didjvu: insecure use of /tmp when executing c44
TEMP-0784889-495CCApdf2djvu: insecure use of /tmp when executing c44
TEMP-0785364-25992BXSS in group administration
TEMP-0786423-948688rsync collision attack
TEMP-0786804-C23D2Bhwclock(8) SUID privilege escalation
TEMP-0795062-DA89ABpublicfile-installer: insecure use of /tmp
TEMP-0805638-5AC56FInsecure permissions for backup directory
TEMP-0805657-81BB13Missing bounds checking and verification of data type causes segfault
TEMP-0807341-84E914uses non-random tempdir /tmp/tmprepo.0/.git/
TEMP-0811308-B63DA1Multiple minor security issues
TEMP-0816034-9C45DCunsafe use of /tmp
TEMP-0820594-BC6826out of bound read and write issues
TEMP-0825151-E80EFACSRF protection for POST requests
TEMP-0826101-4D75ECdoesn't remove metadata in embedded images in PDFs
TEMP-0827346-22ED59install-sh: insecure use of /tmp
TEMP-0827564-93E4E3Stack corruption from crafted pattern
TEMP-0830660-09AE85Insecure use of /tmp
TEMP-0832169-0F9220insecure default PATH
TEMP-0832283-698CF7cakephp: XML class SSRF vulnerability
TEMP-0833087-C5410Dbruteforcable challenge responses in unprotected logfile
TEMP-0840685-CEF76BTOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory
TEMP-0841257-B7CD60sendmail: Privilege escalation from group smmsp to root
TEMP-0846838-9738BDtiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing
TEMP-0850432-8BD66Fmultiple new security issues
TEMP-0853951-A77B7Biio-sensor-proxy: insecure dbus policy
TEMP-0855108-573218irssi memory leak
TEMP-0856196-13C562scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)
TEMP-0856648-2BC2C9dns: out of bound memory read
TEMP-0857546-8B0EB6Server certificates are not verified
TEMP-0860565-9E8C4BXSA-206: xenstore denial of service via repeated update
TEMP-0868134-294030out-of-bounds read in eexec_line()
TEMP-0869722-31618Bmemory leak in quantize
TEMP-0870233-1DD19Eexecutes javascript code downloaded from insecure URL
TEMP-0876540-D98160pcb code injection by malicious layout file
TEMP-0887330-0F8779Multiple vulnerabilities in CiviCRM
TEMP-0894867-E5064BConfidential issue comments in Slack, Mattermost, and webhook integrations
TEMP-0900522-27F98Dgitlab: Persistent XSS - Selecting users as allowed merge request approvers
TEMP-0900522-298D01gitlab: Persistent XSS - Multiple locations of user selection drop downs
TEMP-0900522-3AD97Cgitlab: Permissions issue in Merge Requests Create Service
TEMP-0900522-4405E2gitlab: Removing public deploy keys regression
TEMP-0900522-7DE480gitlab: Arbitrary assignment of project fields using Import project
TEMP-0900522-A18AAEgitlab: include directive in .gitlab-ci.yml allows SSRF requests
TEMP-0902726-3BBE24gitlab: Activity feed publicly displaying internal project names
TEMP-0902726-51ACFEgitlab: Content injection via username
TEMP-0904191-9063D5Incomplete fix for CVE-2018-10886
TEMP-0905332-CB57BFDefault KeyInfo resolver doesn't check for empty element content.
TEMP-0906879-C6E80Csecurity issue with the PASS command and duplicate server instances
TEMP-0911336-06ADE0External URL injection through URL aliases
TEMP-0911337-06D812Injection in DefaultMailSystem::mail()
TEMP-0913136-041770DSA verification crashes OpenSSL on invalid combinations of key content
TEMP-0913137-22A98CVirtualBox E1000 Guest-to-Host Escape
TEMP-0921565-C5FF8Enetmask: buffer overflow vulnerability
TEMP-0922080-E6D428fuse mount exposes backup to unauthorized users
TEMP-0923926-B85BA9high memory usage with some long running sessions
TEMP-0925959-45DD25insecure handling of /tmp/VMwareDnD
TEMP-0930387-988530security issues fixed in 1.8.5
TEMP-0933674-646BF3Buffer overflow during processing of large server replies
TEMP-0950121-6A81FCopensmtpd DoS via opportunistic TLS downgrade
TEMP-0950816-47D88Ampv insecure lua loadpath
TEMP-0964568-93C065veyon-configurator tmp handling
TEMP-0987831-866E01SQL Server LIMIT / OFFSET SQL Injection
TEMP-0993866-37A39Bjwe cbc tag computation error
TEMP-0993866-50C165jws alg:none signature verification issue
TEMP-0995562-06835DRUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist
TEMP-0996913-660A41RUSTSEC-2020-0159: Potential segfault in localtime_r invocations
TEMP-1007145-ABA7D9wordpress 5.9.2
TEMP-1022575-434581wordpress 6.0.3
TEMP-1027282-04F215RUSTSEC-2022-0074
TEMP-1031542-93CC2DXSS Vulnerability in matrix.pl
TEMP-1032088-3E13DFRUSTSEC-2022-0078
TEMP-1034374-6E2515https://rustsec.org/advisories/RUSTSEC-2023-0031.html
TEMP-1036689-1CA7FBBlock themes parsing shortcodes in user-generated data
TEMP-1037018-0CB39ERUSTSEC-2023-0039
TEMP-1050299-7F4591RUSTSEC-2023-0052 webpki: CPU denial of service in certificate path building
TEMP-1052200-1C589Creceiving with Lightning: partial MPP might be accepted
TEMP-1053115-9454E3code execution via malformed XTGETTCAP
TEMP-1055895-2C681FRUSTSEC-2023-0070: Insufficient covariance check makes self_cell unsound
TEMP-1059234-46A2BARUSTSEC-2023-0075
TEMP-1062663-AD972FGHSA-7g9j-g5jg-3vv3: Unauthenticated Nonce Increment in snow
TEMP-1074351-F7BBA7RUSTSEC-2024-0344
TEMP-1074352-DEF3AERUSTSEC-2024-0345
TEMP-1079517-4BBE9BRUSTSEC-2024-0363: Binary Protocol Misinterpretation caused by Truncat ...

Search for package or bug name: Reporting problems