1854 matches found
[ASA-201808-6] linux-zen: denial of service
Arch Linux Security Advisory ASA-201808-6 ========================================= Severity: High Date : 2018-08-08 CVE-ID : CVE-2018-5390 Package : linux-zen Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-749 Summary ======= The package linux-zen before version...
[ASA-201711-33] curl: information disclosure
Arch Linux Security Advisory ASA-201711-33 ========================================== Severity: Medium Date : 2017-11-30 CVE-ID : CVE-2017-8817 Package : curl Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-524 Summary ======= The package curl before version...
[ASA-201710-23] hostapd: man-in-the-middle
Arch Linux Security Advisory ASA-201710-23 ========================================== Severity: High Date : 2017-10-16 CVE-ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13087 CVE-2017-13088 Package : hostapd Type : man-in-the-middle Remote...
[ASA-201704-3] mediawiki: multiple issues
Arch Linux Security Advisory ASA-201704-3 ========================================= Severity: High Date : 2017-04-07 CVE-ID : CVE-2017-0361 CVE-2017-0362 CVE-2017-0363 CVE-2017-0364 CVE-2017-0365 CVE-2017-0366 CVE-2017-0367 CVE-2017-0368 CVE-2017-0369 CVE-2017-0370 CVE-2017-0372 Package : mediawi...
openssl: multiple issues
CVE-2016-0702 private key extraction A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing...
jdk7-openjdk: multiple issues
CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...
php: use after free
A use-after-free flaw was found in PHP unserialize. An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize...
[ASA-202112-8] firefox: multiple issues
Arch Linux Security Advisory ASA-202112-8 ========================================= Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43540 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 Package : firefox Typ...
[ASA-202011-6] firefox: arbitrary code execution
Arch Linux Security Advisory ASA-202011-6 ========================================= Severity: Critical Date : 2020-11-10 CVE-ID : CVE-2020-26950 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1265 Summary ======= The package firefox before...
[ASA-202002-7] webkit2gtk: arbitrary code execution
Arch Linux Security Advisory ASA-202002-7 ========================================= Severity: Critical Date : 2020-02-12 CVE-ID : CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1098 Summary...
[ASA-201912-2] thunderbird: arbitrary code execution
Arch Linux Security Advisory ASA-201912-2 ========================================= Severity: Critical Date : 2019-12-06 CVE-ID : CVE-2019-11745 CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 Package : thunderbird Type : arbitrary code execution Remote : Yes Link :...
[ASA-201908-16] go-pie: multiple issues
Arch Linux Security Advisory ASA-201908-16 ========================================== Severity: Medium Date : 2019-08-24 CVE-ID : CVE-2019-9512 CVE-2019-9514 CVE-2019-14809 Package : go-pie Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1020 Summary ======= The...
[ASA-201811-8] lib32-libcurl-compat: arbitrary code execution
Arch Linux Security Advisory ASA-201811-8 ========================================= Severity: High Date : 2018-11-06 CVE-ID : CVE-2018-16839 CVE-2018-16840 Package : lib32-libcurl-compat Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-797 Summary ======= The...
imagemagick: arbitrary code execution
It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...
chromium: multiple issues
CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working with HP's Zero Day Initiative. - CVE-2016-1652: Universal XSS in extension bindings. Credit to anonymous. - CVE-2016-1653: Out-of-bounds write in V8. Credit to Choongwoo Han. - CVE-2016-1654: Uninitialized...
bind: denial of service
A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named functioning as an authoritative DNS server or a DNS resolver exit unexpectedly with an assertion failure via a specially crafted DNS request packet leading to denia...
apache: multiple issues
CVE-2015-0228 denial of service: modlua: A maliciously crafted websockets PING after a script calls r:wsupgrade can cause a child process crash. - CVE-2015-0253 denial of service: Fix a crash with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in...
java-batik: xml external entity injection
Batik offers several classes for SVG to PNG/JPG conversion, which suffer from a XML External Entity Injection due to the evaluation of external entities within the given SVG file. If an application offers the possibility to upload a SVG file an attacker can put in a malicious formed file and...
[ASA-202204-8] xz: arbitrary command execution
Arch Linux Security Advisory ASA-202204-8 ========================================= Severity: High Date : 2022-04-07 CVE-ID : CVE-2022-1271 Package : xz Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-2665 Summary ======= The package xz before version...
[ASA-201807-7] lib32-libcurl-gnutls: arbitrary code execution
Arch Linux Security Advisory ASA-201807-7 ========================================= Severity: High Date : 2018-07-16 CVE-ID : CVE-2018-0500 Package : lib32-libcurl-gnutls Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-732 Summary ======= The package...
[ASA-201707-11] nginx: information disclosure
Arch Linux Security Advisory ASA-201707-11 ========================================== Severity: High Date : 2017-07-12 CVE-ID : CVE-2017-7529 Package : nginx Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-345 Summary ======= The package nginx before version...
mediawiki: multiple issues
CVE-2016-6331 permission bypass Check read permission when loading page content in ApiParse. Prevents leaking page contents for extensions that deny read rights to certain pages via a userCan hook, but still allow the user to have read rights in general. - CVE-2016-6332 permission bypass Make...
jre7-openjdk: multiple issues
CVE-2016-3458 sandbox restriction bypass It was discovered that the CORBA component of OpenJDK did not sufficiently restrict the use of custom ValueHandler when performing object deserialization. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox...
chromium: multiple issues
CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski. - CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski. - CVE-2016-1675: Cross-origin bypass in Blink. Credit to...
squid: multiple issues
CVE-2016-4051 denial of service Due to incorrect buffer management Squid cachemgr.cgi tool is vulnerable to a buffer overflow when processing remotely supplied inputs relayed to it from Squid. - CVE-2016-4052 denial of service Due to buffer overflow issues Squid is vulnerable to a denial of...
mercurial: arbitrary code execution
CVE-2016-3068 arbitrary code execution It was reported that in mercurial, there is similar vulnerability as CVE-2015-7545 in git. Git's git-remote-ext remote helper provides an ext:: URL scheme that allows running arbitrary shell commands. Mercurial allows specifying git repositories as...
freeradius: insufficient CRL validation
The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpire...
mediawiki: multiple issues
CVE-2015-2931 cross-side scripting It was discovered that MIME types were not properly restricted, allowing a way to circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in a SVG file. - CVE-2015-2932 cross-side scripting The SVG filter to prevent...
lib32-openssl: multiple issues
CVE-2015-1787 denial of service If client auth is used then a server can segfault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. - CVE-2015-0207 denial of service The DTLSv1listen...
[ASA-202205-1] python-httpx: access restriction bypass
Arch Linux Security Advisory ASA-202205-1 ========================================= Severity: Critical Date : 2022-05-16 CVE-ID : CVE-2021-41945 Package : python-httpx Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-2718 Summary ======= The package...
[ASA-202204-2] polkit: multiple issues
Arch Linux Security Advisory ASA-202204-2 ========================================= Severity: High Date : 2022-04-04 CVE-ID : CVE-2021-4034 CVE-2021-4115 Package : polkit Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-2654 Summary ======= The package polkit before...
[ASA-202112-7] vivaldi: multiple issues
Arch Linux Security Advisory ASA-202112-7 ========================================= Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064...
[ASA-202010-2] linux: multiple issues
Arch Linux Security Advisory ASA-202010-2 ========================================= Severity: High Date : 2020-10-18 CVE-ID : CVE-2020-12351 CVE-2020-12352 CVE-2020-24490 Package : linux Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1248 Summary ======= The package...
[ASA-201812-8] openssl-1.0: private key recovery
Arch Linux Security Advisory ASA-201812-8 ========================================= Severity: Low Date : 2018-12-08 CVE-ID : CVE-2018-0734 CVE-2018-5407 Package : openssl-1.0 Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-807 Summary ======= The package...
[ASA-201807-10] curl: arbitrary code execution
Arch Linux Security Advisory ASA-201807-10 ========================================== Severity: High Date : 2018-07-16 CVE-ID : CVE-2018-0500 Package : curl Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-729 Summary ======= The package curl before version...
[ASA-201803-13] firefox: arbitrary code execution
Arch Linux Security Advisory ASA-201803-13 ========================================== Severity: Critical Date : 2018-03-18 CVE-ID : CVE-2018-5146 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-657 Summary ======= The package firefox before...
[ASA-201711-35] libcurl-compat: information disclosure
Arch Linux Security Advisory ASA-201711-35 ========================================== Severity: Medium Date : 2017-11-30 CVE-ID : CVE-2017-8817 Package : libcurl-compat Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-526 Summary ======= The package...
[ASA-201703-2] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201703-2 ========================================= Severity: Critical Date : 2017-03-10 CVE-ID : CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 Package : thunderbird Type : multiple...
[ASA-201610-12] python2-django: cross-site request forgery
Arch Linux Security Advisory ASA-201610-12 ========================================== Severity: Medium Date : 2016-10-21 CVE-ID : CVE-2016-7401 Package : python2-django Type : cross-site request forgery Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...
vlc: arbitrary code execution
A buffer overflow has been found in the DecodeAdpcmImaQT function of VLC's QuickTime IMA decoder...
nginx: denial of service
A vulnerability was found in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while handling the client request body...
thunderbird: multiple issues
CVE-2015-7575 man-in-the-middle: Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services NSS where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the...
nettle: improper cryptographic calculations
CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 improper cryptographic calculations It has been discovered that multiple carry propagation bugs are producing wrong results in calculations. They affect the NIST P-256 and P-384 curves. The P-256 bug is in the C code and affects multiple architectures...
bind: denial of service
An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. Intentional exploitation of this condition is possible...
libpng: multiple issues
CVE-2015-7981 out-of-bounds read This is an array indexing error, which can lead to an out-of-bounds read of a static buffer. The result is now unsigned no longer negative, but now a huge positive number. - CVE-2015-8126 arbitrary code execution Buffer overflow vulnerabilities in functions...
[ASA-202205-4] firefox: multiple issues
Arch Linux Security Advisory ASA-202205-4 ========================================= Severity: High Date : 2022-05-16 CVE-ID : CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29914 CVE-2022-29915 CVE-2022-29916 CVE-2022-29917 CVE-2022-29918 Package : firefox Type : multiple issues Remote : Y...
[ASA-202204-4] rizin: multiple issues
Arch Linux Security Advisory ASA-202204-4 ========================================= Severity: Medium Date : 2022-04-04 CVE-ID : CVE-2021-4022 CVE-2021-43814 Package : rizin Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-2590 Summary ======= The package rizin before...
[ASA-202011-1] firefox: multiple issues
Arch Linux Security Advisory ASA-202011-1 ========================================= Severity: Critical Date : 2020-11-02 CVE-ID : CVE-2020-15254 CVE-2020-15680 CVE-2020-15681 CVE-2020-15682 CVE-2020-15683 CVE-2020-15684 CVE-2020-15969 Package : firefox Type : multiple issues Remote : Yes Link :...
[ASA-202006-6] tomcat7: arbitrary code execution
Arch Linux Security Advisory ASA-202006-6 ========================================= Severity: High Date : 2020-06-06 CVE-ID : CVE-2020-9484 Package : tomcat7 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1169 Summary ======= The package tomcat7 before...
[ASA-201906-13] linux: denial of service
Arch Linux Security Advisory ASA-201906-13 ========================================== Severity: High Date : 2019-06-18 CVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 Package : linux Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-983 Summary ======= The...