Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2017-11750The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and ...check if patch simplifying patch applied in any suite
CVE-2017-18160AGPS session failure in GNSS module due to cyphersuites are hardcoded ...check
CVE-2017-18240The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ...check
CVE-2017-18331Improper access control on secure display buffers in snapdragon ...check
CVE-2017-18332Security keys are logged when any WCDMA call is configured or ...check
CVE-2017-8276Improper authorization involving a fuse in TrustZone in snapdragon ...check
CVE-2018-1000873Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper ...check, could affect any of the src-jackson* packages
CVE-2018-11279Lack of check of input size can make device memory get corrupted ...check
CVE-2018-11284Spoofed SMS can be used to send a large number of messages to the ...check
CVE-2018-11993Improper check while accessing the local memory stack on MQTT ...check
CVE-2018-11998While processing a packet decode request in MQTT, Race condition can ...check
CVE-2018-11999Improper input validation in trustzone can lead to denial of service ...check
CVE-2018-12466openSUSE openbuildservice before 9.2.4 allowed authenticated users to ...check if introducing commit is right and fix status
CVE-2018-12467Authorized users of the openbuildservice before 2.9.4 could delete ...check if introducing commit is right and fix status
CVE-2018-15518QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption ...check for completeness
CVE-2018-15784Dell Networking OS10 versions prior to 10.4.3.0 contain a ...check
CVE-2018-16329In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the ...check if though missing null checks are present as well in 6.x series
CVE-2018-16856Private keys written to world-readable log filescheck if Debian affected by the problem or Red Hat specific setup
CVE-2018-16873In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is ...check other versions
CVE-2018-16874In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is ...check other versions
CVE-2018-16875The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 ...check other versions
CVE-2018-16981stb stb_image.h 2.19, as used in catimg, Emscripten, and other ...further check, stb_image.h in older version is embedded in src:catimg
CVE-2018-18653The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI ...check, this should be very Ubuntu specific, but it is introduced with the out-of-tree patch from the Lockdown patchset https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/cosmic/commit/?id=03c7de9e956395f3b36f86f89b62780ad9501eef and so possibly affect our kernel as well in some way.
CVE-2018-19756There is a heap-based buffer over-read at stb_image.h (function: ...check
CVE-2018-19759There is a heap-based buffer over-read at stb_image_write.h (function: ...check
CVE-2018-19969phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a ...check, upstream explicitly fixed only the 4.7/4.8 branch but not entirely clear if only introduced in 4.7.0, and older versions are EOLed, and only on best-effort mentioned in affected versions informations.
CVE-2018-20096There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf ...check
CVE-2018-20097There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups ...check
CVE-2018-20098There is a heap-based buffer over-read in ...check
CVE-2018-20233The Upload add-on resource in Atlassian Universal Plugin Manager ...check
CVE-2018-20532There is a NULL pointer dereference at ext/testcase.c (function ...further check on affected versions
CVE-2018-20533There is a NULL pointer dereference at ext/testcase.c (function ...further check on affected versions
CVE-2018-20534There is an illegal address access at src/pool.h (function ...further check on affected versions
CVE-2018-3595Anti-rollback can be bypassed in replay scenario during app loading ...check
CVE-2018-5867Lack of checking input size can lead to buffer overflow In WideVine in ...check
CVE-2018-5868Lack of checking input size can lead to buffer overflow In WideVine in ...check
CVE-2018-5869Improper input validation in the QTEE keymaster app can lead to ...check
CVE-2018-5879Improper length check while processing an MQTT message can lead to ...check
CVE-2018-5880Improper data length check while processing an event report indication ...check
CVE-2018-5881Improper validation of buffer length checks in the lwm2m device ...check
CVE-2018-5915Exception in Modem IP stack while processing IPv6 packet in snapdragon ...check
CVE-2018-9246The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in ...check if set of commits complete
CVE-2019-3772Spring Integration (spring-integration-xml and spring-integration-ws ...check
CVE-2019-3773Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported ...check
CVE-2019-3774Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported ...check

Search for package or bug name: Reporting problems