1854 matches found
jre7-openjdk-headless: multiple issues
CVE-2016-3458 sandbox restriction bypass It was discovered that the CORBA component of OpenJDK did not sufficiently restrict the use of custom ValueHandler when performing object deserialization. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox...
drupal: pre-auth sql injection
Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the...
[ASA-202210-2] linux: multiple issues
Arch Linux Security Advisory ASA-202210-2 ========================================= Severity: Critical Date : 2022-10-14 CVE-ID : CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 Package : linux Type : multiple issues Remote : Yes Link :...
[ASA-202204-9] python-django: sql injection
Arch Linux Security Advisory ASA-202204-9 ========================================= Severity: High Date : 2022-04-12 CVE-ID : CVE-2022-28346 CVE-2022-28347 Package : python-django Type : sql injection Remote : Yes Link : https://security.archlinux.org/AVG-2667 Summary ======= The package...
[ASA-202010-4] linux-lts: multiple issues
Arch Linux Security Advisory ASA-202010-4 ========================================= Severity: High Date : 2020-10-18 CVE-ID : CVE-2020-12351 CVE-2020-12352 CVE-2020-24490 Package : linux-lts Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1250 Summary ======= The...
[ASA-201906-2] python-django: cross-site scripting
Arch Linux Security Advisory ASA-201906-2 ========================================= Severity: Medium Date : 2019-06-04 CVE-ID : CVE-2019-11358 CVE-2019-12308 Package : python-django Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-969 Summary ======= The package...
[ASA-201901-14] apache: multiple issues
Arch Linux Security Advisory ASA-201901-14 ========================================== Severity: High Date : 2019-01-24 CVE-ID : CVE-2018-17189 CVE-2018-17199 CVE-2019-0190 Package : apache Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-857 Summary ======= The packag...
[ASA-201701-39] firefox: multiple issues
Arch Linux Security Advisory ASA-201701-39 ========================================== Severity: Critical Date : 2017-01-29 CVE-ID : CVE-2017-5373 CVE-2017-5374 CVE-2017-5375 CVE-2017-5376 CVE-2017-5377 CVE-2017-5378 CVE-2017-5379 CVE-2017-5380 CVE-2017-5381 CVE-2017-5382 CVE-2017-5383 CVE-2017-53...
libxml2: multiple issues
CVE-2015-1819 denial of service A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory...
lldpd: denial of service
CVE-2015-5714 denial of service A buffer overflow has been discovered when handling management address TLV. When a remote device was advertising a too large management address while still respecting TLV boundaries, lldpd would crash due to a buffer overflow. - CVE-2015-5715 denial of service A...
clamav: multiple issues
CVE-2015-2170 denial of service A flaw has been found in the UPX decoder with crafted files. During unpacking there are two range checks which are implemented "manually". Those checks lack the detection of overflows which are considered by the CLIISCONTAINED macro. - CVE-2015-2221 denial of...
glibc: arbitrary code execution
CVE-2012-3406 arbitrary code execution The vfprintf function in stdio-common/vfprintf.c in GNU C Library does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection...
python2: multiple issues
CVE-2013-1752 denial of service Multiple unbound readline flaws in python stdlib were found, which can lead to excessive memory usage if a malicious or broken server sends excessively long lines without any line breaks. - CVE-2013-1753 denial of service The XMLRPC library is vulnerable to...
[ASA-202006-10] intel-ucode: information disclosure
Arch Linux Security Advisory ASA-202006-10 ========================================== Severity: High Date : 2020-06-13 CVE-ID : CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 Package : intel-ucode Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-1187 Summary =======...
[ASA-201908-17] libnghttp2: denial of service
Arch Linux Security Advisory ASA-201908-17 ========================================== Severity: Medium Date : 2019-08-27 CVE-ID : CVE-2019-9511 CVE-2019-9513 Package : libnghttp2 Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1024 Summary ======= The package...
[ASA-201710-22] wpa_supplicant: man-in-the-middle
Arch Linux Security Advisory ASA-201710-22 ========================================== Severity: High Date : 2017-10-16 CVE-ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13087 CVE-2017-13088 Package : wpasupplicant Type : man-in-the-middle...
[ASA-201706-27] openvpn: multiple issues
Arch Linux Security Advisory ASA-201706-27 ========================================== Severity: Critical Date : 2017-06-22 CVE-ID : CVE-2017-7508 CVE-2017-7512 CVE-2017-7520 CVE-2017-7521 Package : openvpn Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-318 Summary...
[ASA-201609-23] openssl: multiple issues
Arch Linux Security Advisory ASA-201609-23 ========================================== Severity: High Date : 2016-09-26 CVE-ID : CVE-2016-6304 CVE-2016-2178 CVE-2016-2177 CVE-2016-2183 CVE-2016-2182 CVE-2016-6303 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-6302 CVE-2016-6306 Package : opens...
nginx: denial of service
CVE-2016-0742 denial of service Invalid pointer dereference might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause segmentation fault in a worker process. - CVE-2016-0746 denial of...
libpng: buffer overflow
It was discovered that the pnggetPLTE and pngsetPLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer...
ntp: multiple issues
Keys explicitly generated by "ntp-keygen -M" should be regenerated. - CVE-2014-9293 weak key generation ntpd generated a weak key for its internal use, with full administrative privileges. Attackers could use this key to reconfigure ntpd or to exploit other vulnerabilities. - CVE-2014-9294 weak k...
[ASA-202210-1] linux-hardened: multiple issues
Arch Linux Security Advisory ASA-202210-1 ========================================= Severity: Critical Date : 2022-10-14 CVE-ID : CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 Package : linux-hardened Type : multiple issues Remote : Yes Link :...
[ASA-202204-13] gvim: arbitrary code execution
Arch Linux Security Advisory ASA-202204-13 ========================================== Severity: High Date : 2022-04-15 CVE-ID : CVE-2022-1154 CVE-2022-1160 Package : gvim Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-2662 Summary ======= The package gvim...
[ASA-202009-17] samba: access restriction bypass
Arch Linux Security Advisory ASA-202009-17 ========================================== Severity: Medium Date : 2020-09-29 CVE-ID : CVE-2020-1472 Package : samba Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-1236 Summary ======= The package samba before...
[ASA-202005-6] qemu: multiple issues
Arch Linux Security Advisory ASA-202005-6 ========================================= Severity: High Date : 2020-05-07 CVE-ID : CVE-2019-20382 CVE-2020-1711 CVE-2020-7039 Package : qemu Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1110 Summary ======= The package qe...
[ASA-201811-6] libcurl-gnutls: arbitrary code execution
Arch Linux Security Advisory ASA-201811-6 ========================================= Severity: High Date : 2018-11-06 CVE-ID : CVE-2018-16840 Package : libcurl-gnutls Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-799 Summary ======= The package libcurl-gnut...
[ASA-201801-1] linux: multiple issues
Arch Linux Security Advisory ASA-201801-1 ========================================= Severity: High Date : 2018-01-05 CVE-ID : CVE-2017-16995 CVE-2017-16996 CVE-2017-17449 CVE-2017-17558 CVE-2017-17712 CVE-2017-17805 CVE-2017-17806 CVE-2017-17852 CVE-2017-17853 CVE-2017-17854 CVE-2017-17855...
[ASA-201709-12] linux-zen: arbitrary code execution
Arch Linux Security Advisory ASA-201709-12 ========================================== Severity: High Date : 2017-09-18 CVE-ID : CVE-2017-1000251 Package : linux-zen Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-394 Summary ======= The package linux-zen...
[ASA-201706-34] apache: multiple issues
Arch Linux Security Advisory ASA-201706-34 ========================================== Severity: High Date : 2017-06-28 CVE-ID : CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 Package : apache Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-316...
[ASA-201705-16] openvpn: denial of service
Arch Linux Security Advisory ASA-201705-16 ========================================== Severity: High Date : 2017-05-13 CVE-ID : CVE-2017-7478 CVE-2017-7479 Package : openvpn Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-271 Summary ======= The package openvpn...
[ASA-201703-7] linux-grsec: privilege escalation
Arch Linux Security Advisory ASA-201703-7 ========================================= Severity: Low Date : 2017-03-13 CVE-ID : CVE-2017-2636 Package : linux-grsec Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-201 Summary ======= The package linux-grsec before...
linux: information disclosure
A security issue has been found in the Linux kernel's implementation of challenge ACKs as specified in RFC 5961. An attacker which knows a connection's client IP, server IP and server port can abuse the challenge ACK mechanism to determine the accuracy of a normally 'blind' attack on the client o...
jdk7-openjdk: multiple issues
CVE-2016-3458 sandbox restriction bypass It was discovered that the CORBA component of OpenJDK did not sufficiently restrict the use of custom ValueHandler when performing object deserialization. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox...
jre8-openjdk-headless: sandbox escape
It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...
jdk7-openjdk: multiple issues
CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...
chromium: multiple issues
CVE-2015-1270: Uninitialized memory read in ICU. - CVE-2015-1271: Heap overflow in pdfium. - CVE-2015-1272, CVE-2015-1273, CVE-2015-1279: Use-after-free related to unexpected GPU process termination. - CVE-2015-1274: Settings allowed executable files to run immediately after download. -...
glibc: arbitrary code execution
A buffer overflow in gethostbynamer and related functions performing DNS requests has been fixed. If the NSS functions were called with a misaligned buffer, the buffer length change due to pointer alignment was not taken into account. This could result in application crashes or potentially...
[ASA-202011-8] sddm: privilege escalation
Arch Linux Security Advisory ASA-202011-8 ========================================= Severity: Medium Date : 2020-11-10 CVE-ID : CVE-2020-28049 Package : sddm Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1266 Summary ======= The package sddm before version...
[ASA-201910-14] php: arbitrary code execution
Arch Linux Security Advisory ASA-201910-14 ========================================== Severity: Critical Date : 2019-10-25 CVE-ID : CVE-2019-11043 Package : php Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1052 Summary ======= The package php before versi...
[ASA-201906-9] gvim: arbitrary code execution
Arch Linux Security Advisory ASA-201906-9 ========================================= Severity: High Date : 2019-06-11 CVE-ID : CVE-2019-12735 Package : gvim Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-976 Summary ======= The package gvim before version...
[ASA-201902-10] libcurl-gnutls: arbitrary code execution
Arch Linux Security Advisory ASA-201902-10 ========================================== Severity: High Date : 2019-02-12 CVE-ID : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Package : libcurl-gnutls Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-877 Summary...
[ASA-201801-3] linux-zen: multiple issues
Arch Linux Security Advisory ASA-201801-3 ========================================= Severity: High Date : 2018-01-05 CVE-ID : CVE-2017-16995 CVE-2017-16996 CVE-2017-17449 CVE-2017-17558 CVE-2017-17712 CVE-2017-17805 CVE-2017-17806 CVE-2017-17852 CVE-2017-17853 CVE-2017-17854 CVE-2017-17855...
[ASA-201707-12] nginx-mainline: information disclosure
Arch Linux Security Advisory ASA-201707-12 ========================================== Severity: High Date : 2017-07-12 CVE-ID : CVE-2017-7529 Package : nginx-mainline Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-346 Summary ======= The package nginx-mainlin...
jdk7-openjdk: sandbox escape
It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...
linux-lts: privilege escalation
It was reported that possible use-after-free vulnerability in keyring facility, possibly leading to local privilege escalation, was found. Function joinsessionkeyring in security/keys/processkeys.c holds a reference to the requested keyring, but if that keyring is the same as the one being...
mbedtls: man-in-the-middle
mbedTLS before 2.2.1 is vulnerable to the SLOTH attack, breaking MD5 signatures potentially used during TLS 1.2 handshakes to impersonate a TLS server...
[ASA-202111-2] firefox: multiple issues
Arch Linux Security Advisory ASA-202111-2 ========================================= Severity: High Date : 2021-11-05 CVE-ID : CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 Package : firefox Type : multiple issues Remote : Yes Link :...
[ASA-201808-6] linux-zen: denial of service
Arch Linux Security Advisory ASA-201808-6 ========================================= Severity: High Date : 2018-08-08 CVE-ID : CVE-2018-5390 Package : linux-zen Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-749 Summary ======= The package linux-zen before version...
[ASA-201711-33] curl: information disclosure
Arch Linux Security Advisory ASA-201711-33 ========================================== Severity: Medium Date : 2017-11-30 CVE-ID : CVE-2017-8817 Package : curl Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-524 Summary ======= The package curl before version...
[ASA-201704-3] mediawiki: multiple issues
Arch Linux Security Advisory ASA-201704-3 ========================================= Severity: High Date : 2017-04-07 CVE-ID : CVE-2017-0361 CVE-2017-0362 CVE-2017-0363 CVE-2017-0364 CVE-2017-0365 CVE-2017-0366 CVE-2017-0367 CVE-2017-0368 CVE-2017-0369 CVE-2017-0370 CVE-2017-0372 Package : mediawi...