Packages that may be vulnerable but need to be checked (undetermined issues)

This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.

PackageBugDescriptionReleases
catimgCVE-2018-16981stb stb_image.h 2.19, as used in catimg, Emscripten, and other product ...buster, sid
exiv2CVE-2018-11037In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimag ...buster, sid, stretch, wheezy
hdf5CVE-2018-11205A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the ...buster, jessie, sid, stretch, wheezy
CVE-2018-13866An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ...buster, jessie, sid, stretch, wheezy
CVE-2018-13867An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...buster, jessie, sid, stretch, wheezy
CVE-2018-13868An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...buster, jessie, sid, stretch, wheezy
CVE-2018-13869An issue was discovered in the HDF HDF5 1.8.20 library. There is a mem ...buster, jessie, sid, stretch, wheezy
CVE-2018-13870An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...buster, jessie, sid, stretch, wheezy
CVE-2018-13871An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...buster, jessie, sid, stretch, wheezy
CVE-2018-13872An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...buster, jessie, sid, stretch, wheezy
CVE-2018-13873An issue was discovered in the HDF HDF5 1.8.20 library. There is a buf ...buster, jessie, sid, stretch, wheezy
CVE-2018-13874An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ...buster, jessie, sid, stretch, wheezy
CVE-2018-13875An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...buster, jessie, sid, stretch, wheezy
CVE-2018-13876An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ...buster, jessie, sid, stretch, wheezy
CVE-2018-14031An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...buster, jessie, sid, stretch, wheezy
CVE-2018-14033An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...buster, jessie, sid, stretch, wheezy
CVE-2018-14034An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...buster, jessie, sid, stretch, wheezy
CVE-2018-14035An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...buster, jessie, sid, stretch, wheezy
CVE-2018-14460An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...buster, jessie, sid, stretch, wheezy
CVE-2018-15671An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stac ...buster, jessie, sid, stretch, wheezy
CVE-2018-16438An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...buster, jessie, sid, stretch, wheezy
CVE-2018-17433A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ...buster, jessie, sid, stretch, wheezy
CVE-2018-17435A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ...buster, jessie, sid, stretch, wheezy
CVE-2018-17436ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allo ...buster, jessie, sid, stretch, wheezy
CVE-2018-17439An issue was discovered in the HDF HDF5 1.10.3 library. There is a sta ...buster, jessie, sid, stretch, wheezy
CVE-2019-8396A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 ...buster, jessie, sid, stretch, wheezy
CVE-2019-8398An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...buster, jessie, sid, stretch, wheezy
jasperreportsCVE-2017-14941Jaspersoft JasperReports 4.7 suffers from a saved credential disclosur ...jessie, sid, stretch
CVE-2017-5528Multiple JasperReports Server components contain vulnerabilities which ...jessie, sid, stretch
CVE-2017-5529JasperReports library components contain an information disclosure vul ...jessie, sid, stretch
CVE-2017-5532A vulnerability in the report renderer component of TIBCO JasperReport ...jessie, sid, stretch
CVE-2017-5533A vulnerability in the server content cache of TIBCO JasperReports Ser ...jessie, sid, stretch
CVE-2018-5429A vulnerability in the report scripting component of TIBCO Software In ...sid, stretch
CVE-2018-5430The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Serv ...sid, stretch
CVE-2018-5431The domain designer component of TIBCO Software Inc.'s TIBCO JasperRep ...sid, stretch
kfreebsd-10CVE-2014-7250The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ...buster, sid, stretch
kgb-botCVE-2015-1554kgb-bot 1.33-2 allows remote attackers to cause a denial of service (c ...buster, jessie, sid, stretch, wheezy
kubernetesCVE-2019-9946Cloud Native Computing Foundation (CNCF) CNI (Container Networking Int ...sid
libavCVE-2018-15822The flv_write_packet function in libavformat/flvenc.c in FFmpeg throug ...jessie, wheezy
CVE-2019-1000016FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array In ...jessie, wheezy
CVE-2019-11338libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate ...jessie, wheezy
CVE-2019-9718In FFmpeg 4.1, a denial of service in the subtitle decoder allows atta ...jessie, wheezy
CVE-2019-9721A denial of service in the subtitle decoder in FFmpeg 4.1 allows attac ...jessie, wheezy
libesedbCVE-2018-15158** DISPUTED ** The libesedb_page_read_values function in libesedb_page ...buster, sid, stretch
CVE-2018-15159** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c ...buster, sid, stretch
CVE-2018-15160** DISPUTED ** The libesedb_catalog_definition_read function in libese ...buster, sid, stretch
CVE-2018-15161** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c ...buster, sid, stretch
libgigCVE-2018-14449An issue was discovered in libgig 4.1.0. There is an out of bounds rea ...buster, jessie, sid, stretch, wheezy
CVE-2018-14450An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...buster, jessie, sid, stretch, wheezy
CVE-2018-14451An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...buster, jessie, sid, stretch, wheezy
CVE-2018-14452An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...buster, jessie, sid, stretch, wheezy
CVE-2018-14453An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...buster, jessie, sid, stretch, wheezy
CVE-2018-14454An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...buster, jessie, sid, stretch, wheezy
CVE-2018-14455An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...buster, jessie, sid, stretch, wheezy
CVE-2018-14456An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...buster, jessie, sid, stretch, wheezy
CVE-2018-14457An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...buster, jessie, sid, stretch, wheezy
CVE-2018-14458An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...buster, jessie, sid, stretch, wheezy
CVE-2018-14459An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...buster, jessie, sid, stretch, wheezy
CVE-2018-18192An issue was discovered in libgig 4.1.0. There is a NULL pointer deref ...buster, jessie, sid, stretch, wheezy
CVE-2018-18193An issue was discovered in libgig 4.1.0. There is operator new[] failu ...buster, jessie, sid, stretch, wheezy
CVE-2018-18194An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...buster, jessie, sid, stretch, wheezy
CVE-2018-18195An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-ze ...buster, jessie, sid, stretch, wheezy
CVE-2018-18196An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...buster, jessie, sid, stretch, wheezy
CVE-2018-18197An issue was discovered in libgig 4.1.0. There is an operator new[] fa ...buster, jessie, sid, stretch, wheezy
libsassCVE-2018-19218In LibSass 3.5-stable, there is an illegal address access at Sass::Par ...buster, sid, stretch
CVE-2018-19219In LibSass 3.5-stable, there is an illegal address access at Sass::Eva ...buster, sid, stretch
libsixelCVE-2018-19757There is a NULL pointer dereference at function sixel_helper_set_addit ...buster, jessie, sid, stretch
CVE-2018-19759There is a heap-based buffer over-read at stb_image_write.h (function: ...buster, jessie, sid, stretch
CVE-2018-19761There is an illegal address access at fromsixel.c (function: sixel_dec ...buster, jessie, sid, stretch
CVE-2018-19762There is a heap-based buffer overflow at fromsixel.c (function: image_ ...buster, jessie, sid, stretch
CVE-2018-19763There is a heap-based buffer over-read at writer.c (function: write_pn ...buster, jessie, sid, stretch
libxsltCVE-2016-4607libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch, wheezy
CVE-2016-4608libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch, wheezy
CVE-2016-4609libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch, wheezy
CVE-2016-4610libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch, wheezy
CVE-2017-2477An issue was discovered in certain Apple products. macOS before 10.12. ...buster, jessie, sid, stretch, wheezy
linuxCVE-2018-18653The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Se ...buster, jessie, sid, stretch, wheezy
CVE-2019-2054In the seccomp implementation prior to kernel version 4.8, there is a ...buster, jessie, sid, stretch, wheezy
lucene-solrCVE-2018-11802Rule-base Authorization plugin skips authorization if querying node does not have collection replicabuster, jessie, sid, stretch, wheezy
mariadb-10.0CVE-2017-15365sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...jessie, sid
netpbm-freeCVE-2017-2579An out-of-bounds read vulnerability was found in netpbm before 10.61. ...buster, jessie, sid, stretch, wheezy
CVE-2017-2580An out-of-bounds write vulnerability was found in netpbm before 10.61. ...buster, jessie, sid, stretch, wheezy
CVE-2017-2581An out-of-bounds write vulnerability was found in netpbm before 10.61. ...buster, jessie, sid, stretch, wheezy
nugetCVE-2019-0976A tampering vulnerability exists in the NuGet Package Manager for Linu ...buster, jessie, sid, stretch
openjdk-11CVE-2018-12438The Elliptic Curve Cryptography library (aka sunec or libsunec) allows ...buster, sid, stretch
percona-xtrabackupCVE-2017-15365sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...sid
resteasy3.0CVE-2016-6345RESTEasy allows remote authenticated users to obtain sensitive informa ...buster, sid
CVE-2016-6346RESTEasy enables GZIPInterceptor, which allows remote attackers to cau ...buster, sid
CVE-2016-6347Cross-site scripting (XSS) vulnerability in the default exception hand ...buster, sid
CVE-2016-6348JacksonJsonpInterceptor in RESTEasy might allow remote attackers to co ...buster, sid
wordpressCVE-2017-1000600WordPress version <4.9 contains a CWE-20 Input Validation vulnerabi ...buster, jessie, sid, stretch, wheezy
wordpressCVE-2018-1000773WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...buster, jessie, sid, stretch, wheezy

Search for package or bug name: Reporting problems