1854 matches found
[ASA-202112-8] firefox: multiple issues
Arch Linux Security Advisory ASA-202112-8 ========================================= Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43540 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 Package : firefox Typ...
[ASA-202011-6] firefox: arbitrary code execution
Arch Linux Security Advisory ASA-202011-6 ========================================= Severity: Critical Date : 2020-11-10 CVE-ID : CVE-2020-26950 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1265 Summary ======= The package firefox before...
[ASA-202005-6] qemu: multiple issues
Arch Linux Security Advisory ASA-202005-6 ========================================= Severity: High Date : 2020-05-07 CVE-ID : CVE-2019-20382 CVE-2020-1711 CVE-2020-7039 Package : qemu Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1110 Summary ======= The package qe...
[ASA-202002-7] webkit2gtk: arbitrary code execution
Arch Linux Security Advisory ASA-202002-7 ========================================= Severity: Critical Date : 2020-02-12 CVE-ID : CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1098 Summary...
[ASA-201811-8] lib32-libcurl-compat: arbitrary code execution
Arch Linux Security Advisory ASA-201811-8 ========================================= Severity: High Date : 2018-11-06 CVE-ID : CVE-2018-16839 CVE-2018-16840 Package : lib32-libcurl-compat Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-797 Summary ======= The...
[ASA-201808-6] linux-zen: denial of service
Arch Linux Security Advisory ASA-201808-6 ========================================= Severity: High Date : 2018-08-08 CVE-ID : CVE-2018-5390 Package : linux-zen Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-749 Summary ======= The package linux-zen before version...
[ASA-201710-23] hostapd: man-in-the-middle
Arch Linux Security Advisory ASA-201710-23 ========================================== Severity: High Date : 2017-10-16 CVE-ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13087 CVE-2017-13088 Package : hostapd Type : man-in-the-middle Remote...
[ASA-201707-11] nginx: information disclosure
Arch Linux Security Advisory ASA-201707-11 ========================================== Severity: High Date : 2017-07-12 CVE-ID : CVE-2017-7529 Package : nginx Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-345 Summary ======= The package nginx before version...
[ASA-201704-3] mediawiki: multiple issues
Arch Linux Security Advisory ASA-201704-3 ========================================= Severity: High Date : 2017-04-07 CVE-ID : CVE-2017-0361 CVE-2017-0362 CVE-2017-0363 CVE-2017-0364 CVE-2017-0365 CVE-2017-0366 CVE-2017-0367 CVE-2017-0368 CVE-2017-0369 CVE-2017-0370 CVE-2017-0372 Package : mediawi...
mediawiki: multiple issues
CVE-2016-6331 permission bypass Check read permission when loading page content in ApiParse. Prevents leaking page contents for extensions that deny read rights to certain pages via a userCan hook, but still allow the user to have read rights in general. - CVE-2016-6332 permission bypass Make...
squid: multiple issues
CVE-2016-4051 denial of service Due to incorrect buffer management Squid cachemgr.cgi tool is vulnerable to a buffer overflow when processing remotely supplied inputs relayed to it from Squid. - CVE-2016-4052 denial of service Due to buffer overflow issues Squid is vulnerable to a denial of...
chromium: multiple issues
CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working with HP's Zero Day Initiative. - CVE-2016-1652: Universal XSS in extension bindings. Credit to anonymous. - CVE-2016-1653: Out-of-bounds write in V8. Credit to Choongwoo Han. - CVE-2016-1654: Uninitialized...
openssl: multiple issues
CVE-2016-0702 private key extraction A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing...
bind: denial of service
A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named functioning as an authoritative DNS server or a DNS resolver exit unexpectedly with an assertion failure via a specially crafted DNS request packet leading to denia...
jdk7-openjdk: multiple issues
CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...
[ASA-202210-2] linux: multiple issues
Arch Linux Security Advisory ASA-202210-2 ========================================= Severity: Critical Date : 2022-10-14 CVE-ID : CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 Package : linux Type : multiple issues Remote : Yes Link :...
[ASA-201912-2] thunderbird: arbitrary code execution
Arch Linux Security Advisory ASA-201912-2 ========================================= Severity: Critical Date : 2019-12-06 CVE-ID : CVE-2019-11745 CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 Package : thunderbird Type : arbitrary code execution Remote : Yes Link :...
[ASA-201911-2] qt5-webengine: arbitrary code execution
Arch Linux Security Advisory ASA-201911-2 ========================================= Severity: Critical Date : 2019-11-02 CVE-ID : CVE-2019-13720 Package : qt5-webengine Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1059 Summary ======= The package...
[ASA-201807-10] curl: arbitrary code execution
Arch Linux Security Advisory ASA-201807-10 ========================================== Severity: High Date : 2018-07-16 CVE-ID : CVE-2018-0500 Package : curl Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-729 Summary ======= The package curl before version...
[ASA-201803-13] firefox: arbitrary code execution
Arch Linux Security Advisory ASA-201803-13 ========================================== Severity: Critical Date : 2018-03-18 CVE-ID : CVE-2018-5146 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-657 Summary ======= The package firefox before...
[ASA-201711-35] libcurl-compat: information disclosure
Arch Linux Security Advisory ASA-201711-35 ========================================== Severity: Medium Date : 2017-11-30 CVE-ID : CVE-2017-8817 Package : libcurl-compat Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-526 Summary ======= The package...
[ASA-201703-2] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201703-2 ========================================= Severity: Critical Date : 2017-03-10 CVE-ID : CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 Package : thunderbird Type : multiple...
jre7-openjdk: multiple issues
CVE-2016-3458 sandbox restriction bypass It was discovered that the CORBA component of OpenJDK did not sufficiently restrict the use of custom ValueHandler when performing object deserialization. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox...
imagemagick: arbitrary code execution
It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...
thunderbird: multiple issues
CVE-2015-7575 man-in-the-middle: Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services NSS where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the...
jdk8-openjdk: multiple issues
CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...
freeradius: insufficient CRL validation
The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpire...
qemu: multiple issues
CVE-2015-3214 information disclosure, arbitrary code execution An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pitioportread function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could...
[ASA-202204-4] rizin: multiple issues
Arch Linux Security Advisory ASA-202204-4 ========================================= Severity: Medium Date : 2022-04-04 CVE-ID : CVE-2021-4022 CVE-2021-43814 Package : rizin Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-2590 Summary ======= The package rizin before...
[ASA-202010-2] linux: multiple issues
Arch Linux Security Advisory ASA-202010-2 ========================================= Severity: High Date : 2020-10-18 CVE-ID : CVE-2020-12351 CVE-2020-12352 CVE-2020-24490 Package : linux Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1248 Summary ======= The package...
[ASA-201812-11] go: multiple issues
Arch Linux Security Advisory ASA-201812-11 ========================================== Severity: High Date : 2018-12-18 CVE-ID : CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Package : go Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-835 Summary ======= The package g...
[ASA-201812-8] openssl-1.0: private key recovery
Arch Linux Security Advisory ASA-201812-8 ========================================= Severity: Low Date : 2018-12-08 CVE-ID : CVE-2018-0734 CVE-2018-5407 Package : openssl-1.0 Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-807 Summary ======= The package...
[ASA-201807-7] lib32-libcurl-gnutls: arbitrary code execution
Arch Linux Security Advisory ASA-201807-7 ========================================= Severity: High Date : 2018-07-16 CVE-ID : CVE-2018-0500 Package : lib32-libcurl-gnutls Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-732 Summary ======= The package...
[ASA-201801-1] linux: multiple issues
Arch Linux Security Advisory ASA-201801-1 ========================================= Severity: High Date : 2018-01-05 CVE-ID : CVE-2017-16995 CVE-2017-16996 CVE-2017-17449 CVE-2017-17558 CVE-2017-17712 CVE-2017-17805 CVE-2017-17806 CVE-2017-17852 CVE-2017-17853 CVE-2017-17854 CVE-2017-17855...
[ASA-201610-12] python2-django: cross-site request forgery
Arch Linux Security Advisory ASA-201610-12 ========================================== Severity: Medium Date : 2016-10-21 CVE-ID : CVE-2016-7401 Package : python2-django Type : cross-site request forgery Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...
vlc: arbitrary code execution
A buffer overflow has been found in the DecodeAdpcmImaQT function of VLC's QuickTime IMA decoder...
nginx: denial of service
A vulnerability was found in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while handling the client request body...
mercurial: arbitrary code execution
CVE-2016-3068 arbitrary code execution It was reported that in mercurial, there is similar vulnerability as CVE-2015-7545 in git. Git's git-remote-ext remote helper provides an ext:: URL scheme that allows running arbitrary shell commands. Mercurial allows specifying git repositories as...
wireshark-cli: denial of service
CVE-2016-2522: The dissectberconstrainedbitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service out-of-bounds read and application...
libpng: multiple issues
CVE-2015-7981 out-of-bounds read This is an array indexing error, which can lead to an out-of-bounds read of a static buffer. The result is now unsigned no longer negative, but now a huge positive number. - CVE-2015-8126 arbitrary code execution Buffer overflow vulnerabilities in functions...
mariadb: denial of service
CVE-2015-4913 denial of service allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. - CVE-2015-4870 denial of service allows remote authenticated users to affect availability via unknown vectors related to...
haproxy: information leakage
A vulnerability was found in the handling of HTTP pipelining. In some cases, a client might be able to cause a buffer alignment issue and retrieve uninitialized memory contents that exhibit data from a past request or session. With the proper timing and by requesting files of specific sizes from...
mediawiki: multiple issues
CVE-2015-2931 cross-side scripting It was discovered that MIME types were not properly restricted, allowing a way to circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in a SVG file. - CVE-2015-2932 cross-side scripting The SVG filter to prevent...
lib32-openssl: multiple issues
CVE-2015-1787 denial of service If client auth is used then a server can segfault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. - CVE-2015-0207 denial of service The DTLSv1listen...
[ASA-202204-8] xz: arbitrary command execution
Arch Linux Security Advisory ASA-202204-8 ========================================= Severity: High Date : 2022-04-07 CVE-ID : CVE-2022-1271 Package : xz Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-2665 Summary ======= The package xz before version...
[ASA-202204-2] polkit: multiple issues
Arch Linux Security Advisory ASA-202204-2 ========================================= Severity: High Date : 2022-04-04 CVE-ID : CVE-2021-4034 CVE-2021-4115 Package : polkit Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-2654 Summary ======= The package polkit before...
[ASA-202112-7] vivaldi: multiple issues
Arch Linux Security Advisory ASA-202112-7 ========================================= Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064...
[ASA-201912-1] firefox: multiple issues
Arch Linux Security Advisory ASA-201912-1 ========================================= Severity: Critical Date : 2019-12-03 CVE-ID : CVE-2019-11745 CVE-2019-11756 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 CVE-2019-17013 CVE-2019-17014 Package : firefox...
[ASA-201908-9] libreoffice-still: multiple issues
Arch Linux Security Advisory ASA-201908-9 ========================================= Severity: High Date : 2019-08-16 CVE-ID : CVE-2019-9848 CVE-2019-9849 Package : libreoffice-still Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1010 Summary ======= The package...
[ASA-201808-7] linux-hardened: denial of service
Arch Linux Security Advisory ASA-201808-7 ========================================= Severity: High Date : 2018-08-08 CVE-ID : CVE-2018-5390 Package : linux-hardened Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-750 Summary ======= The package linux-hardened befor...