1854 matches found
[ASA-201807-5] lib32-curl: arbitrary code execution
Arch Linux Security Advisory ASA-201807-5 ========================================= Severity: High Date : 2018-07-16 CVE-ID : CVE-2018-0500 Package : lib32-curl Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-730 Summary ======= The package lib32-curl before...
[ASA-201803-2] mkinitcpio-busybox: arbitrary code execution
Arch Linux Security Advisory ASA-201803-2 ========================================= Severity: High Date : 2018-03-01 CVE-ID : CVE-2017-16544 Package : mkinitcpio-busybox Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-514 Summary ======= The package...
flashplugin: multiple issues
CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924 arbitrary code execution Multiple Memory corruption vulnerabilities that could lead to arbitrary code execution have been found...
chromium: multiple issues
CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski. - CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski. - CVE-2016-1675: Cross-origin bypass in Blink. Credit to...
wireshark-qt: denial of service
CVE-2016-2522: The dissectberconstrainedbitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service out-of-bounds read and application...
nettle: improper cryptographic calculations
CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 improper cryptographic calculations It has been discovered that multiple carry propagation bugs are producing wrong results in calculations. They affect the NIST P-256 and P-384 curves. The P-256 bug is in the C code and affects multiple architectures...
nss: arbitrary code execution
Several issues existed within the ASN.1 decoder used by NSS for handling streaming BER data. While the majority of NSS uses a separate, unaffected DER decoder, several public routines also accept BER data, and thus are affected. An attacker that successfully exploited these issues can overflow th...
firefox: multiple issues
CVE-2015-2708 Memory safety bugs fixed in Firefox ESR 31.7 and Firefox 38: Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink reported memory safety problems and crashes that affect Firefox ESR 31.6 and Firefox 37. - CVE-2015-2709 Memory safety bugs fixed in Firefox 38: Gary Kwong,...
openssl: multiple issues
CVE-2015-1787 denial of service If client auth is used then a server can segfault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. - CVE-2015-0207 denial of service The DTLSv1listen...
wireshark-gtk: denial of service
CVE-2014-8710 out-of-bounds read Out-of-bounds read flaw in the SigComp dissector sigcomp-udvm leads to denial of service while processing malformed packets. - CVE-2014-8711 out-of-bounds read The AMQP dissector is seeing a large value in the capture file for what it thinks should be a field...
tnftp: arbitrary command execution
A malicious webserver can trick tnftp below 20141031 via HTTP redirects into executing arbitrary commands...
[ASA-202205-1] python-httpx: access restriction bypass
Arch Linux Security Advisory ASA-202205-1 ========================================= Severity: Critical Date : 2022-05-16 CVE-ID : CVE-2021-41945 Package : python-httpx Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-2718 Summary ======= The package...
[ASA-202205-4] firefox: multiple issues
Arch Linux Security Advisory ASA-202205-4 ========================================= Severity: High Date : 2022-05-16 CVE-ID : CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29914 CVE-2022-29915 CVE-2022-29916 CVE-2022-29917 CVE-2022-29918 Package : firefox Type : multiple issues Remote : Y...
[ASA-202006-6] tomcat7: arbitrary code execution
Arch Linux Security Advisory ASA-202006-6 ========================================= Severity: High Date : 2020-06-06 CVE-ID : CVE-2020-9484 Package : tomcat7 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1169 Summary ======= The package tomcat7 before...
[ASA-201906-19] firefox-developer-edition: arbitrary code execution
Arch Linux Security Advisory ASA-201906-19 ========================================== Severity: Critical Date : 2019-06-19 CVE-ID : CVE-2019-11707 Package : firefox-developer-edition Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-995 Summary ======= The...
[ASA-201906-14] linux-lts: denial of service
Arch Linux Security Advisory ASA-201906-14 ========================================== Severity: High Date : 2019-06-18 CVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 Package : linux-lts Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-984 Summary ======= The...
[ASA-201808-4] linux: denial of service
Arch Linux Security Advisory ASA-201808-4 ========================================= Severity: High Date : 2018-08-08 CVE-ID : CVE-2018-5390 Package : linux Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-747 Summary ======= The package linux before version 4.17.11-...
[ASA-201807-8] libcurl-compat: arbitrary code execution
Arch Linux Security Advisory ASA-201807-8 ========================================= Severity: High Date : 2018-07-16 CVE-ID : CVE-2018-0500 Package : libcurl-compat Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-733 Summary ======= The package libcurl-compa...
[ASA-201712-6] qt5-webengine: multiple issues
Arch Linux Security Advisory ASA-201712-6 ========================================= Severity: Critical Date : 2017-12-13 CVE-ID : CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15390 CVE-2017-15392 CVE-2017-15394 CVE-2017-5124 CVE-2017-5126 CVE-2017-5127 CVE-2017-5128 CVE-2017-5129...
[ASA-201711-23] firefox: multiple issues
Arch Linux Security Advisory ASA-201711-23 ========================================== Severity: Critical Date : 2017-11-15 CVE-ID : CVE-2017-7826 CVE-2017-7827 CVE-2017-7828 CVE-2017-7830 CVE-2017-7831 CVE-2017-7832 CVE-2017-7833 CVE-2017-7834 CVE-2017-7835 CVE-2017-7836 CVE-2017-7837 CVE-2017-78...
[ASA-201701-22] wordpress: multiple issues
Arch Linux Security Advisory ASA-201701-22 ========================================== Severity: High Date : 2017-01-15 CVE-ID : CVE-2016-10033 CVE-2016-10045 CVE-2017-5487 CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493 Package : wordpress Type : multiple issue...
linux-grsec: information disclosure
A security issue has been found in the Linux kernel's implementation of challenge ACKs as specified in RFC 5961. An attacker which knows a connection's client IP, server IP and server port can abuse the challenge ACK mechanism to determine the accuracy of a normally 'blind' attack on the client o...
jre7-openjdk-headless: sandbox escape
It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...
jre7-openjdk: sandbox escape
It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...
firefox: multiple issues
CVE-2016-1952 CVE-2016-1953 arbitrary code execution Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough...
glibc: multiple issues
CVE-2015-7547 arbitrary code execution A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the...
lib32-libsndfile: multiple issues
CVE-2014-9496 unspecified impact The sd2parsersrcfork function in sd2.c in lib32-libsndfile allows attackers to have unspecified impact via vectors related to a 1 map offset or 2 rsrc marker, which triggers an out-of-bounds read. - CVE-2014-9756 denial of service The psffwrite function in...
ntp: time alteration
If ntpd is always started with the -g option, which is common and against long-standing recommendation, and if at the moment ntpd is restarted an attacker can immediately respond to enough requests from enough sources trusted by the target, which is difficult and not common, there is a window of...
bind: denial of service
An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. Intentional exploitation of this condition is possible...
chromium: multiple issues
CVE-2015-6764: Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own. - CVE-2015-6765, CVE-2015-6766, CVE-2015-6767: Use-after-free in AppCache. - CVE-2015-6768, CVE-2015-6770, CVE-2015-6772: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2015-6769: Cross-origin...
wireshark-qt: denial of service
CVE-2015-3808 denial of service There is an infinite loop condition in dissectlbmrpser in epan/dissectors/packet-lbmr.c. It's possible for an attacker to set the the variable 'optionlen' to 0, causing the loop to never terminate. This issue is leading to excessive CPU resources consumption by...
jdk8-openjdk: multiple issues
CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6549 arbitrary code execution Incorrect class loader permission check in ClassLoader...
python2: Information leakage through integer overflow
It was reported that Python 2.7.8 fixes a potential wraparound in buffer with possible CWE-200 implications. This could allow an attacker to access private information through information leakage. PoC: --- overflow.py --- import sys a = bytearray'here be dragons' b = buffera, sys.maxsize,...
[ASA-202204-11] powerdns: denial of service
Arch Linux Security Advisory ASA-202204-11 ========================================== Severity: Low Date : 2022-04-15 CVE-ID : CVE-2022-27227 Package : powerdns Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2655 Summary ======= The package powerdns before version...
[ASA-202204-6] libtiff: multiple issues
Arch Linux Security Advisory ASA-202204-6 ========================================= Severity: High Date : 2022-04-05 CVE-ID : CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891 CVE-2022-0907 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-22844 Package : libtiff Type : multiple issues...
[ASA-202011-1] firefox: multiple issues
Arch Linux Security Advisory ASA-202011-1 ========================================= Severity: Critical Date : 2020-11-02 CVE-ID : CVE-2020-15254 CVE-2020-15680 CVE-2020-15681 CVE-2020-15682 CVE-2020-15683 CVE-2020-15684 CVE-2020-15969 Package : firefox Type : multiple issues Remote : Yes Link :...
[ASA-202010-10] freetype2: arbitrary code execution
Arch Linux Security Advisory ASA-202010-10 ========================================== Severity: High Date : 2020-10-20 CVE-ID : CVE-2020-15999 Package : freetype2 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1254 Summary ======= The package freetype2 befo...
[ASA-201911-12] linux-zen: arbitrary code execution
Arch Linux Security Advisory ASA-201911-12 ========================================== Severity: Critical Date : 2019-11-13 CVE-ID : CVE-2019-17666 Package : linux-zen Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1066 Summary ======= The package linux-zen...
[ASA-201908-12] nginx-mainline: denial of service
Arch Linux Security Advisory ASA-201908-12 ========================================== Severity: Medium Date : 2019-08-16 CVE-ID : CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 Package : nginx-mainline Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1022 Summary =======...
[ASA-201812-6] lib32-openssl: private key recovery
Arch Linux Security Advisory ASA-201812-6 ========================================= Severity: Low Date : 2018-12-08 CVE-ID : CVE-2018-0734 CVE-2018-0735 Package : lib32-openssl Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-793 Summary ======= The package...
[ASA-201805-21] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201805-21 ========================================== Severity: Critical Date : 2018-05-21 CVE-ID : CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5159 CVE-2018-5161 CVE-2018-5162 CVE-2018-5168 CVE-2018-5170 CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-51...
[ASA-201712-11] lib32-openssl-1.0: multiple issues
Arch Linux Security Advisory ASA-201712-11 ========================================== Severity: Medium Date : 2017-12-17 CVE-ID : CVE-2017-3735 CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 Package : lib32-openssl-1.0 Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-480...
flashplugin: multiple issues
CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154,...
expat: multiple issues
CVE-2012-6702 predictable random numbers It was found that when calling XMLParse ahead of rand, it causes the pseudo random generator to generate non-random predictable numbers. - CVE-2016-5300 denial of service It was found that original fix for CVE-2012-0876 used too little entropy for the hash...
firefox: multiple issues
CVE-2016-2815 arbitrary code execution Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with...
gd: arbitrary code execution
A heap-based buffer overflow caused by an integer signedness error has been found in the libgd code handling compressed gd2 chunks...
bind: denial of service
CVE-2016-2088 denial of service Allows remote attackers to cause a denial of service INSIST assertion failure and daemon exit via a malformed packet with more than one cookie option. - CVE-2016-1286 denial of service Allows remote attackers to cause a denial of service assertion failure and...
exim: privilege escalation
All installations having Exim set-uid root and using 'perlstartup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim and this is normally any user can gain root privileges...
lib32-nettle: improper cryptographic calculations
CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 improper cryptographic calculations It has been discovered that multiple carry propagation bugs are producing wrong results in calculations. They affect the NIST P-256 and P-384 curves. The P-256 bug is in the C code and affects multiple architectures...
libxslt: denial of service
A type confusion vulnerability was discovered in the xsltStylePreCompute function of libxslt. A remote attacker could possibly exploit this flaw to cause an application using libxslt to crash by tricking the application into processing a specially crafted XSLT document...