Lucene search
K
ArchlinuxMost viewed

1854 matches found

ArchLinux
ArchLinux
•added 2018/08/08 12:0 a.m.•60 views

[ASA-201808-6] linux-zen: denial of service

Arch Linux Security Advisory ASA-201808-6 ========================================= Severity: High Date : 2018-08-08 CVE-ID : CVE-2018-5390 Package : linux-zen Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-749 Summary ======= The package linux-zen before version...

7.8CVSS0.2AI score0.7354EPSS
Exploits0References9
ArchLinux
ArchLinux
•added 2017/11/30 12:0 a.m.•60 views

[ASA-201711-33] curl: information disclosure

Arch Linux Security Advisory ASA-201711-33 ========================================== Severity: Medium Date : 2017-11-30 CVE-ID : CVE-2017-8817 Package : curl Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-524 Summary ======= The package curl before version...

9.8CVSS7.3AI score0.11175EPSS
Exploits0References5
ArchLinux
ArchLinux
•added 2017/10/16 12:0 a.m.•60 views

[ASA-201710-23] hostapd: man-in-the-middle

Arch Linux Security Advisory ASA-201710-23 ========================================== Severity: High Date : 2017-10-16 CVE-ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13087 CVE-2017-13088 Package : hostapd Type : man-in-the-middle Remote...

8.1CVSS0.3AI score0.04575EPSS
Exploits1References20
ArchLinux
ArchLinux
•added 2017/04/07 12:0 a.m.•60 views

[ASA-201704-3] mediawiki: multiple issues

Arch Linux Security Advisory ASA-201704-3 ========================================= Severity: High Date : 2017-04-07 CVE-ID : CVE-2017-0361 CVE-2017-0362 CVE-2017-0363 CVE-2017-0364 CVE-2017-0365 CVE-2017-0366 CVE-2017-0367 CVE-2017-0368 CVE-2017-0369 CVE-2017-0370 CVE-2017-0372 Package : mediawi...

9.8CVSS1AI score0.11653EPSS
Exploits6References24
ArchLinux
ArchLinux
•added 2016/03/07 12:0 a.m.•60 views

openssl: multiple issues

CVE-2016-0702 private key extraction A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing...

10CVSS5AI score0.82112EPSS
Exploits2References7
ArchLinux
ArchLinux
•added 2015/04/17 12:0 a.m.•60 views

jdk7-openjdk: multiple issues

CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...

10CVSS3.4AI score0.07224EPSS
Exploits1References7
ArchLinux
ArchLinux
•added 2014/12/19 12:0 a.m.•60 views

php: use after free

A use-after-free flaw was found in PHP unserialize. An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize...

7.5CVSS3.8AI score0.53166EPSS
Exploits8References3
ArchLinux
ArchLinux
•added 2021/12/11 12:0 a.m.•59 views

[ASA-202112-8] firefox: multiple issues

Arch Linux Security Advisory ASA-202112-8 ========================================= Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43540 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 Package : firefox Typ...

8.8CVSS0.6AI score0.0202EPSS
Exploits0References23
ArchLinux
ArchLinux
•added 2020/11/10 12:0 a.m.•59 views

[ASA-202011-6] firefox: arbitrary code execution

Arch Linux Security Advisory ASA-202011-6 ========================================= Severity: Critical Date : 2020-11-10 CVE-ID : CVE-2020-26950 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1265 Summary ======= The package firefox before...

9.3CVSS2.5AI score0.42327EPSS
Exploits4References5
ArchLinux
ArchLinux
•added 2020/02/12 12:0 a.m.•59 views

[ASA-202002-7] webkit2gtk: arbitrary code execution

Arch Linux Security Advisory ASA-202002-7 ========================================= Severity: Critical Date : 2020-02-12 CVE-ID : CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1098 Summary...

9.3CVSS1.4AI score0.02238EPSS
Exploits0References8
ArchLinux
ArchLinux
•added 2019/12/06 12:0 a.m.•59 views

[ASA-201912-2] thunderbird: arbitrary code execution

Arch Linux Security Advisory ASA-201912-2 ========================================= Severity: Critical Date : 2019-12-06 CVE-ID : CVE-2019-11745 CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 Package : thunderbird Type : arbitrary code execution Remote : Yes Link :...

8.8CVSS0.8AI score0.02994EPSS
Exploits3References20
ArchLinux
ArchLinux
•added 2019/08/24 12:0 a.m.•59 views

[ASA-201908-16] go-pie: multiple issues

Arch Linux Security Advisory ASA-201908-16 ========================================== Severity: Medium Date : 2019-08-24 CVE-ID : CVE-2019-9512 CVE-2019-9514 CVE-2019-14809 Package : go-pie Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1020 Summary ======= The...

9.8CVSS1.3AI score0.83433EPSS
Exploits2References7
ArchLinux
ArchLinux
•added 2018/11/06 12:0 a.m.•59 views

[ASA-201811-8] lib32-libcurl-compat: arbitrary code execution

Arch Linux Security Advisory ASA-201811-8 ========================================= Severity: High Date : 2018-11-06 CVE-ID : CVE-2018-16839 CVE-2018-16840 Package : lib32-libcurl-compat Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-797 Summary ======= The...

9.8CVSS1AI score0.05782EPSS
Exploits0References7
ArchLinux
ArchLinux
•added 2016/05/05 12:0 a.m.•59 views

imagemagick: arbitrary code execution

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...

10CVSS3.8AI score0.97485EPSS
Exploits11References4
ArchLinux
ArchLinux
•added 2016/04/17 12:0 a.m.•59 views

chromium: multiple issues

CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working with HP's Zero Day Initiative. - CVE-2016-1652: Universal XSS in extension bindings. Credit to anonymous. - CVE-2016-1653: Out-of-bounds write in V8. Credit to Choongwoo Han. - CVE-2016-1654: Uninitialized...

10CVSS1.4AI score0.02573EPSS
Exploits0References9
ArchLinux
ArchLinux
•added 2015/07/29 12:0 a.m.•59 views

bind: denial of service

A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named functioning as an authoritative DNS server or a DNS resolver exit unexpectedly with an assertion failure via a specially crafted DNS request packet leading to denia...

7.8CVSS2.4AI score0.91284EPSS
Exploits12References2
ArchLinux
ArchLinux
•added 2015/07/17 12:0 a.m.•59 views

apache: multiple issues

CVE-2015-0228 denial of service: modlua: A maliciously crafted websockets PING after a script calls r:wsupgrade can cause a child process crash. - CVE-2015-0253 denial of service: Fix a crash with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in...

5CVSS0.7AI score0.73327EPSS
Exploits0References6
ArchLinux
ArchLinux
•added 2015/04/04 12:0 a.m.•59 views

java-batik: xml external entity injection

Batik offers several classes for SVG to PNG/JPG conversion, which suffer from a XML External Entity Injection due to the evaluation of external entities within the given SVG file. If an application offers the possibility to upload a SVG file an attacker can put in a malicious formed file and...

6.4CVSS2.7AI score0.16564EPSS
Exploits1References3
ArchLinux
ArchLinux
•added 2022/04/07 12:0 a.m.•58 views

[ASA-202204-8] xz: arbitrary command execution

Arch Linux Security Advisory ASA-202204-8 ========================================= Severity: High Date : 2022-04-07 CVE-ID : CVE-2022-1271 Package : xz Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-2665 Summary ======= The package xz before version...

8.8CVSS9.4AI score0.04271EPSS
Exploits0References7
ArchLinux
ArchLinux
•added 2018/07/16 12:0 a.m.•58 views

[ASA-201807-7] lib32-libcurl-gnutls: arbitrary code execution

Arch Linux Security Advisory ASA-201807-7 ========================================= Severity: High Date : 2018-07-16 CVE-ID : CVE-2018-0500 Package : lib32-libcurl-gnutls Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-732 Summary ======= The package...

9.8CVSS2.1AI score0.06433EPSS
Exploits1References3
ArchLinux
ArchLinux
•added 2017/07/12 12:0 a.m.•58 views

[ASA-201707-11] nginx: information disclosure

Arch Linux Security Advisory ASA-201707-11 ========================================== Severity: High Date : 2017-07-12 CVE-ID : CVE-2017-7529 Package : nginx Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-345 Summary ======= The package nginx before version...

7.5CVSS0.3AI score0.62597EPSS
Exploits6References4
ArchLinux
ArchLinux
•added 2016/08/26 12:0 a.m.•58 views

mediawiki: multiple issues

CVE-2016-6331 permission bypass Check read permission when loading page content in ApiParse. Prevents leaking page contents for extensions that deny read rights to certain pages via a userCan hook, but still allow the user to have read rights in general. - CVE-2016-6332 permission bypass Make...

6.7AI score0.02133EPSS
Exploits0References8
ArchLinux
ArchLinux
•added 2016/08/05 12:0 a.m.•58 views

jre7-openjdk: multiple issues

CVE-2016-3458 sandbox restriction bypass It was discovered that the CORBA component of OpenJDK did not sufficiently restrict the use of custom ValueHandler when performing object deserialization. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox...

9.3CVSS1AI score0.0669EPSS
Exploits0References8
ArchLinux
ArchLinux
•added 2016/05/28 12:0 a.m.•58 views

chromium: multiple issues

CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski. - CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski. - CVE-2016-1675: Cross-origin bypass in Blink. Credit to...

6.8CVSS0.5AI score0.03094EPSS
Exploits6References25
ArchLinux
ArchLinux
•added 2016/04/23 12:0 a.m.•58 views

squid: multiple issues

CVE-2016-4051 denial of service Due to incorrect buffer management Squid cachemgr.cgi tool is vulnerable to a buffer overflow when processing remotely supplied inputs relayed to it from Squid. - CVE-2016-4052 denial of service Due to buffer overflow issues Squid is vulnerable to a denial of...

6.8CVSS4.5AI score0.77559EPSS
Exploits0References6
ArchLinux
ArchLinux
•added 2016/04/06 12:0 a.m.•58 views

mercurial: arbitrary code execution

CVE-2016-3068 arbitrary code execution It was reported that in mercurial, there is similar vulnerability as CVE-2015-7545 in git. Git's git-remote-ext remote helper provides an ext:: URL scheme that allows running arbitrary shell commands. Mercurial allows specifying git repositories as...

6.8CVSS5.7AI score0.20144EPSS
Exploits0References5
ArchLinux
ArchLinux
•added 2015/08/14 12:0 a.m.•58 views

freeradius: insufficient CRL validation

The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpire...

2.4AI score0.01791EPSS
Exploits0References3
ArchLinux
ArchLinux
•added 2015/04/10 12:0 a.m.•58 views

mediawiki: multiple issues

CVE-2015-2931 cross-side scripting It was discovered that MIME types were not properly restricted, allowing a way to circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in a SVG file. - CVE-2015-2932 cross-side scripting The SVG filter to prevent...

7.1CVSS0.8AI score0.02834EPSS
Exploits3References14
ArchLinux
ArchLinux
•added 2015/03/19 12:0 a.m.•58 views

lib32-openssl: multiple issues

CVE-2015-1787 denial of service If client auth is used then a server can segfault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. - CVE-2015-0207 denial of service The DTLSv1listen...

6.8CVSS1.6AI score0.33482EPSS
Exploits0References14
ArchLinux
ArchLinux
•added 2022/05/16 12:0 a.m.•57 views

[ASA-202205-1] python-httpx: access restriction bypass

Arch Linux Security Advisory ASA-202205-1 ========================================= Severity: Critical Date : 2022-05-16 CVE-ID : CVE-2021-41945 Package : python-httpx Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-2718 Summary ======= The package...

6.4CVSS0.3AI score0.02026EPSS
Exploits1References8
ArchLinux
ArchLinux
•added 2022/04/04 12:0 a.m.•57 views

[ASA-202204-2] polkit: multiple issues

Arch Linux Security Advisory ASA-202204-2 ========================================= Severity: High Date : 2022-04-04 CVE-ID : CVE-2021-4034 CVE-2021-4115 Package : polkit Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-2654 Summary ======= The package polkit before...

7.8CVSS2.7AI score0.94921EPSS
Exploits153References9
ArchLinux
ArchLinux
•added 2021/12/11 12:0 a.m.•57 views

[ASA-202112-7] vivaldi: multiple issues

Arch Linux Security Advisory ASA-202112-7 ========================================= Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064...

8.8CVSS1.6AI score0.02073EPSS
Exploits0References36
ArchLinux
ArchLinux
•added 2020/10/18 12:0 a.m.•57 views

[ASA-202010-2] linux: multiple issues

Arch Linux Security Advisory ASA-202010-2 ========================================= Severity: High Date : 2020-10-18 CVE-ID : CVE-2020-12351 CVE-2020-12352 CVE-2020-24490 Package : linux Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1248 Summary ======= The package...

8.8CVSS1.1AI score0.07693EPSS
Exploits6References11
ArchLinux
ArchLinux
•added 2018/12/08 12:0 a.m.•57 views

[ASA-201812-8] openssl-1.0: private key recovery

Arch Linux Security Advisory ASA-201812-8 ========================================= Severity: Low Date : 2018-12-08 CVE-ID : CVE-2018-0734 CVE-2018-5407 Package : openssl-1.0 Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-807 Summary ======= The package...

5.9CVSS1AI score0.12154EPSS
Exploits4References8
ArchLinux
ArchLinux
•added 2018/07/16 12:0 a.m.•57 views

[ASA-201807-10] curl: arbitrary code execution

Arch Linux Security Advisory ASA-201807-10 ========================================== Severity: High Date : 2018-07-16 CVE-ID : CVE-2018-0500 Package : curl Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-729 Summary ======= The package curl before version...

9.8CVSS1.9AI score0.06433EPSS
Exploits1References3
ArchLinux
ArchLinux
•added 2018/03/18 12:0 a.m.•57 views

[ASA-201803-13] firefox: arbitrary code execution

Arch Linux Security Advisory ASA-201803-13 ========================================== Severity: Critical Date : 2018-03-18 CVE-ID : CVE-2018-5146 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-657 Summary ======= The package firefox before...

8.8CVSS1.9AI score0.12054EPSS
Exploits0References6
ArchLinux
ArchLinux
•added 2017/11/30 12:0 a.m.•57 views

[ASA-201711-35] libcurl-compat: information disclosure

Arch Linux Security Advisory ASA-201711-35 ========================================== Severity: Medium Date : 2017-11-30 CVE-ID : CVE-2017-8817 Package : libcurl-compat Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-526 Summary ======= The package...

9.8CVSS7.3AI score0.11175EPSS
Exploits0References5
ArchLinux
ArchLinux
•added 2017/03/10 12:0 a.m.•57 views

[ASA-201703-2] thunderbird: multiple issues

Arch Linux Security Advisory ASA-201703-2 ========================================= Severity: Critical Date : 2017-03-10 CVE-ID : CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 Package : thunderbird Type : multiple...

10CVSS0.7AI score0.17484EPSS
Exploits8References29
ArchLinux
ArchLinux
•added 2016/10/21 12:0 a.m.•57 views

[ASA-201610-12] python2-django: cross-site request forgery

Arch Linux Security Advisory ASA-201610-12 ========================================== Severity: Medium Date : 2016-10-21 CVE-ID : CVE-2016-7401 Package : python2-django Type : cross-site request forgery Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...

7.5CVSS2.2AI score0.0613EPSS
Exploits1References3
ArchLinux
ArchLinux
•added 2016/06/25 12:0 a.m.•57 views

vlc: arbitrary code execution

A buffer overflow has been found in the DecodeAdpcmImaQT function of VLC's QuickTime IMA decoder...

7.5CVSS4.4AI score0.24748EPSS
Exploits1References2
ArchLinux
ArchLinux
•added 2016/06/01 12:0 a.m.•57 views

nginx: denial of service

A vulnerability was found in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while handling the client request body...

5CVSS1.7AI score0.16376EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2016/02/21 12:0 a.m.•57 views

thunderbird: multiple issues

CVE-2015-7575 man-in-the-middle: Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services NSS where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the...

10CVSS1.9AI score0.05992EPSS
Exploits0References9
ArchLinux
ArchLinux
•added 2016/02/03 12:0 a.m.•57 views

nettle: improper cryptographic calculations

CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 improper cryptographic calculations It has been discovered that multiple carry propagation bugs are producing wrong results in calculations. They affect the NIST P-256 and P-384 curves. The P-256 bug is in the C code and affects multiple architectures...

7.5CVSS2AI score0.04212EPSS
Exploits0References5
ArchLinux
ArchLinux
•added 2015/12/16 12:0 a.m.•57 views

bind: denial of service

An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. Intentional exploitation of this condition is possible...

6.9CVSS1.8AI score0.5469EPSS
Exploits1References2
ArchLinux
ArchLinux
•added 2015/11/17 12:0 a.m.•57 views

libpng: multiple issues

CVE-2015-7981 out-of-bounds read This is an array indexing error, which can lead to an out-of-bounds read of a static buffer. The result is now unsigned no longer negative, but now a huge positive number. - CVE-2015-8126 arbitrary code execution Buffer overflow vulnerabilities in functions...

7.5CVSS1.8AI score0.10339EPSS
Exploits1References5
ArchLinux
ArchLinux
•added 2022/05/16 12:0 a.m.•56 views

[ASA-202205-4] firefox: multiple issues

Arch Linux Security Advisory ASA-202205-4 ========================================= Severity: High Date : 2022-05-16 CVE-ID : CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29914 CVE-2022-29915 CVE-2022-29916 CVE-2022-29917 CVE-2022-29918 Package : firefox Type : multiple issues Remote : Y...

9.4AI score0.01005EPSS
Exploits4References31
ArchLinux
ArchLinux
•added 2022/04/04 12:0 a.m.•56 views

[ASA-202204-4] rizin: multiple issues

Arch Linux Security Advisory ASA-202204-4 ========================================= Severity: Medium Date : 2022-04-04 CVE-ID : CVE-2021-4022 CVE-2021-43814 Package : rizin Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-2590 Summary ======= The package rizin before...

7.8CVSS2.6AI score0.00846EPSS
Exploits1References12
ArchLinux
ArchLinux
•added 2020/11/02 12:0 a.m.•56 views

[ASA-202011-1] firefox: multiple issues

Arch Linux Security Advisory ASA-202011-1 ========================================= Severity: Critical Date : 2020-11-02 CVE-ID : CVE-2020-15254 CVE-2020-15680 CVE-2020-15681 CVE-2020-15682 CVE-2020-15683 CVE-2020-15684 CVE-2020-15969 Package : firefox Type : multiple issues Remote : Yes Link :...

9.8CVSS0.7AI score0.02776EPSS
Exploits1References24
ArchLinux
ArchLinux
•added 2020/06/06 12:0 a.m.•56 views

[ASA-202006-6] tomcat7: arbitrary code execution

Arch Linux Security Advisory ASA-202006-6 ========================================= Severity: High Date : 2020-06-06 CVE-ID : CVE-2020-9484 Package : tomcat7 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1169 Summary ======= The package tomcat7 before...

7CVSS3.6AI score0.56636EPSS
Exploits16References3
ArchLinux
ArchLinux
•added 2019/06/18 12:0 a.m.•56 views

[ASA-201906-13] linux: denial of service

Arch Linux Security Advisory ASA-201906-13 ========================================== Severity: High Date : 2019-06-18 CVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 Package : linux Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-983 Summary ======= The...

7.8CVSS0.4AI score0.98745EPSS
Exploits4References10
Total number of security vulnerabilities1854