1854 matches found
python2: multiple issues
CVE-2013-1752 denial of service Multiple unbound readline flaws in python stdlib were found, which can lead to excessive memory usage if a malicious or broken server sends excessively long lines without any line breaks. - CVE-2013-1753 denial of service The XMLRPC library is vulnerable to...
[ASA-202010-4] linux-lts: multiple issues
Arch Linux Security Advisory ASA-202010-4 ========================================= Severity: High Date : 2020-10-18 CVE-ID : CVE-2020-12351 CVE-2020-12352 CVE-2020-24490 Package : linux-lts Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1250 Summary ======= The...
[ASA-201906-2] python-django: cross-site scripting
Arch Linux Security Advisory ASA-201906-2 ========================================= Severity: Medium Date : 2019-06-04 CVE-ID : CVE-2019-11358 CVE-2019-12308 Package : python-django Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-969 Summary ======= The package...
[ASA-201706-34] apache: multiple issues
Arch Linux Security Advisory ASA-201706-34 ========================================== Severity: High Date : 2017-06-28 CVE-ID : CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 Package : apache Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-316...
[ASA-201609-23] openssl: multiple issues
Arch Linux Security Advisory ASA-201609-23 ========================================== Severity: High Date : 2016-09-26 CVE-ID : CVE-2016-6304 CVE-2016-2178 CVE-2016-2177 CVE-2016-2183 CVE-2016-2182 CVE-2016-6303 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-6302 CVE-2016-6306 Package : opens...
nginx: denial of service
CVE-2016-0742 denial of service Invalid pointer dereference might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause segmentation fault in a worker process. - CVE-2016-0746 denial of...
libxml2: multiple issues
CVE-2015-1819 denial of service A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory...
lldpd: denial of service
CVE-2015-5714 denial of service A buffer overflow has been discovered when handling management address TLV. When a remote device was advertising a too large management address while still respecting TLV boundaries, lldpd would crash due to a buffer overflow. - CVE-2015-5715 denial of service A...
glibc: arbitrary code execution
CVE-2012-3406 arbitrary code execution The vfprintf function in stdio-common/vfprintf.c in GNU C Library does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection...
drupal: pre-auth sql injection
Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the...
[ASA-202009-17] samba: access restriction bypass
Arch Linux Security Advisory ASA-202009-17 ========================================== Severity: Medium Date : 2020-09-29 CVE-ID : CVE-2020-1472 Package : samba Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-1236 Summary ======= The package samba before...
[ASA-202006-10] intel-ucode: information disclosure
Arch Linux Security Advisory ASA-202006-10 ========================================== Severity: High Date : 2020-06-13 CVE-ID : CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 Package : intel-ucode Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-1187 Summary =======...
[ASA-201910-14] php: arbitrary code execution
Arch Linux Security Advisory ASA-201910-14 ========================================== Severity: Critical Date : 2019-10-25 CVE-ID : CVE-2019-11043 Package : php Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1052 Summary ======= The package php before versi...
[ASA-201908-17] libnghttp2: denial of service
Arch Linux Security Advisory ASA-201908-17 ========================================== Severity: Medium Date : 2019-08-27 CVE-ID : CVE-2019-9511 CVE-2019-9513 Package : libnghttp2 Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1024 Summary ======= The package...
[ASA-201906-9] gvim: arbitrary code execution
Arch Linux Security Advisory ASA-201906-9 ========================================= Severity: High Date : 2019-06-11 CVE-ID : CVE-2019-12735 Package : gvim Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-976 Summary ======= The package gvim before version...
[ASA-201801-2] linux-lts: multiple issues
Arch Linux Security Advisory ASA-201801-2 ========================================= Severity: High Date : 2018-01-05 CVE-ID : CVE-2017-16995 CVE-2017-17449 CVE-2017-17558 CVE-2017-17712 CVE-2017-17805 CVE-2017-17806 CVE-2017-17862 CVE-2017-17863 CVE-2017-17864 Package : linux-lts Type : multiple...
[ASA-201710-22] wpa_supplicant: man-in-the-middle
Arch Linux Security Advisory ASA-201710-22 ========================================== Severity: High Date : 2017-10-16 CVE-ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13087 CVE-2017-13088 Package : wpasupplicant Type : man-in-the-middle...
[ASA-201707-12] nginx-mainline: information disclosure
Arch Linux Security Advisory ASA-201707-12 ========================================== Severity: High Date : 2017-07-12 CVE-ID : CVE-2017-7529 Package : nginx-mainline Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-346 Summary ======= The package nginx-mainlin...
[ASA-201706-27] openvpn: multiple issues
Arch Linux Security Advisory ASA-201706-27 ========================================== Severity: Critical Date : 2017-06-22 CVE-ID : CVE-2017-7508 CVE-2017-7512 CVE-2017-7520 CVE-2017-7521 Package : openvpn Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-318 Summary...
linux-lts: privilege escalation
It was reported that possible use-after-free vulnerability in keyring facility, possibly leading to local privilege escalation, was found. Function joinsessionkeyring in security/keys/processkeys.c holds a reference to the requested keyring, but if that keyring is the same as the one being...
glibc: arbitrary code execution
A buffer overflow in gethostbynamer and related functions performing DNS requests has been fixed. If the NSS functions were called with a misaligned buffer, the buffer length change due to pointer alignment was not taken into account. This could result in application crashes or potentially...
ntp: multiple issues
Keys explicitly generated by "ntp-keygen -M" should be regenerated. - CVE-2014-9293 weak key generation ntpd generated a weak key for its internal use, with full administrative privileges. Attackers could use this key to reconfigure ntpd or to exploit other vulnerabilities. - CVE-2014-9294 weak k...
[ASA-201811-6] libcurl-gnutls: arbitrary code execution
Arch Linux Security Advisory ASA-201811-6 ========================================= Severity: High Date : 2018-11-06 CVE-ID : CVE-2018-16840 Package : libcurl-gnutls Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-799 Summary ======= The package libcurl-gnut...
[ASA-201701-39] firefox: multiple issues
Arch Linux Security Advisory ASA-201701-39 ========================================== Severity: Critical Date : 2017-01-29 CVE-ID : CVE-2017-5373 CVE-2017-5374 CVE-2017-5375 CVE-2017-5376 CVE-2017-5377 CVE-2017-5378 CVE-2017-5379 CVE-2017-5380 CVE-2017-5381 CVE-2017-5382 CVE-2017-5383 CVE-2017-53...
jdk7-openjdk: multiple issues
CVE-2016-3458 sandbox restriction bypass It was discovered that the CORBA component of OpenJDK did not sufficiently restrict the use of custom ValueHandler when performing object deserialization. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox...
jre8-openjdk-headless: sandbox escape
It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...
chromium: multiple issues
CVE-2015-1270: Uninitialized memory read in ICU. - CVE-2015-1271: Heap overflow in pdfium. - CVE-2015-1272, CVE-2015-1273, CVE-2015-1279: Use-after-free related to unexpected GPU process termination. - CVE-2015-1274: Settings allowed executable files to run immediately after download. -...
jdk7-openjdk: multiple issues
CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6585 out-of-bounds read Allows remote attackers to affect confidentiality via font parsing...
[ASA-202210-1] linux-hardened: multiple issues
Arch Linux Security Advisory ASA-202210-1 ========================================= Severity: Critical Date : 2022-10-14 CVE-ID : CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 Package : linux-hardened Type : multiple issues Remote : Yes Link :...
[ASA-202204-13] gvim: arbitrary code execution
Arch Linux Security Advisory ASA-202204-13 ========================================== Severity: High Date : 2022-04-15 CVE-ID : CVE-2022-1154 CVE-2022-1160 Package : gvim Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-2662 Summary ======= The package gvim...
[ASA-202111-2] firefox: multiple issues
Arch Linux Security Advisory ASA-202111-2 ========================================= Severity: High Date : 2021-11-05 CVE-ID : CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 Package : firefox Type : multiple issues Remote : Yes Link :...
[ASA-201902-10] libcurl-gnutls: arbitrary code execution
Arch Linux Security Advisory ASA-201902-10 ========================================== Severity: High Date : 2019-02-12 CVE-ID : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Package : libcurl-gnutls Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-877 Summary...
[ASA-201801-3] linux-zen: multiple issues
Arch Linux Security Advisory ASA-201801-3 ========================================= Severity: High Date : 2018-01-05 CVE-ID : CVE-2017-16995 CVE-2017-16996 CVE-2017-17449 CVE-2017-17558 CVE-2017-17712 CVE-2017-17805 CVE-2017-17806 CVE-2017-17852 CVE-2017-17853 CVE-2017-17854 CVE-2017-17855...
[ASA-201609-24] lib32-openssl: multiple issues
Arch Linux Security Advisory ASA-201609-24 ========================================== Severity: High Date : 2016-09-26 CVE-ID : CVE-2016-6304 CVE-2016-2178 CVE-2016-2177 CVE-2016-2183 CVE-2016-2182 CVE-2016-6303 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-6302 CVE-2016-6306 Package :...
linux: information disclosure
A security issue has been found in the Linux kernel's implementation of challenge ACKs as specified in RFC 5961. An attacker which knows a connection's client IP, server IP and server port can abuse the challenge ACK mechanism to determine the accuracy of a normally 'blind' attack on the client o...
jdk7-openjdk: sandbox escape
It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...
libpng: buffer overflow
It was discovered that the pnggetPLTE and pngsetPLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer...
jdk7-openjdk: multiple issues
CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...
[ASA-202204-9] python-django: sql injection
Arch Linux Security Advisory ASA-202204-9 ========================================= Severity: High Date : 2022-04-12 CVE-ID : CVE-2022-28346 CVE-2022-28347 Package : python-django Type : sql injection Remote : Yes Link : https://security.archlinux.org/AVG-2667 Summary ======= The package...
[ASA-202011-8] sddm: privilege escalation
Arch Linux Security Advisory ASA-202011-8 ========================================= Severity: Medium Date : 2020-11-10 CVE-ID : CVE-2020-28049 Package : sddm Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1266 Summary ======= The package sddm before version...
[ASA-202005-13] bind: denial of service
Arch Linux Security Advisory ASA-202005-13 ========================================== Severity: High Date : 2020-05-20 CVE-ID : CVE-2020-8616 CVE-2020-8617 Package : bind Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1165 Summary ======= The package bind before...
[ASA-201908-16] go-pie: multiple issues
Arch Linux Security Advisory ASA-201908-16 ========================================== Severity: Medium Date : 2019-08-24 CVE-ID : CVE-2019-9512 CVE-2019-9514 CVE-2019-14809 Package : go-pie Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1020 Summary ======= The...
[ASA-201711-33] curl: information disclosure
Arch Linux Security Advisory ASA-201711-33 ========================================== Severity: Medium Date : 2017-11-30 CVE-ID : CVE-2017-8817 Package : curl Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-524 Summary ======= The package curl before version...
[ASA-201705-16] openvpn: denial of service
Arch Linux Security Advisory ASA-201705-16 ========================================== Severity: High Date : 2017-05-13 CVE-ID : CVE-2017-7478 CVE-2017-7479 Package : openvpn Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-271 Summary ======= The package openvpn...
[ASA-201703-7] linux-grsec: privilege escalation
Arch Linux Security Advisory ASA-201703-7 ========================================= Severity: Low Date : 2017-03-13 CVE-ID : CVE-2017-2636 Package : linux-grsec Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-201 Summary ======= The package linux-grsec before...
mbedtls: man-in-the-middle
mbedTLS before 2.2.1 is vulnerable to the SLOTH attack, breaking MD5 signatures potentially used during TLS 1.2 handshakes to impersonate a TLS server...
java-batik: xml external entity injection
Batik offers several classes for SVG to PNG/JPG conversion, which suffer from a XML External Entity Injection due to the evaluation of external entities within the given SVG file. If an application offers the possibility to upload a SVG file an attacker can put in a malicious formed file and...
php: use after free
A use-after-free flaw was found in PHP unserialize. An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize...
[ASA-202210-3] linux-lts: multiple issues
Arch Linux Security Advisory ASA-202210-3 ========================================= Severity: Critical Date : 2022-10-14 CVE-ID : CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 Package : linux-lts Type : multiple issues Remote : Yes Link :...
[ASA-202112-8] firefox: multiple issues
Arch Linux Security Advisory ASA-202112-8 ========================================= Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43540 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 Package : firefox Typ...