1854 matches found
qemu: multiple issues
CVE-2015-3214 information disclosure, arbitrary code execution An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pitioportread function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could...
[ASA-202204-4] rizin: multiple issues
Arch Linux Security Advisory ASA-202204-4 ========================================= Severity: Medium Date : 2022-04-04 CVE-ID : CVE-2021-4022 CVE-2021-43814 Package : rizin Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-2590 Summary ======= The package rizin before...
[ASA-202011-1] firefox: multiple issues
Arch Linux Security Advisory ASA-202011-1 ========================================= Severity: Critical Date : 2020-11-02 CVE-ID : CVE-2020-15254 CVE-2020-15680 CVE-2020-15681 CVE-2020-15682 CVE-2020-15683 CVE-2020-15684 CVE-2020-15969 Package : firefox Type : multiple issues Remote : Yes Link :...
[ASA-201906-14] linux-lts: denial of service
Arch Linux Security Advisory ASA-201906-14 ========================================== Severity: High Date : 2019-06-18 CVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 Package : linux-lts Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-984 Summary ======= The...
[ASA-201812-11] go: multiple issues
Arch Linux Security Advisory ASA-201812-11 ========================================== Severity: High Date : 2018-12-18 CVE-ID : CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Package : go Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-835 Summary ======= The package g...
[ASA-201808-4] linux: denial of service
Arch Linux Security Advisory ASA-201808-4 ========================================= Severity: High Date : 2018-08-08 CVE-ID : CVE-2018-5390 Package : linux Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-747 Summary ======= The package linux before version 4.17.11-...
[ASA-201808-7] linux-hardened: denial of service
Arch Linux Security Advisory ASA-201808-7 ========================================= Severity: High Date : 2018-08-08 CVE-ID : CVE-2018-5390 Package : linux-hardened Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-750 Summary ======= The package linux-hardened befor...
[ASA-201807-5] lib32-curl: arbitrary code execution
Arch Linux Security Advisory ASA-201807-5 ========================================= Severity: High Date : 2018-07-16 CVE-ID : CVE-2018-0500 Package : lib32-curl Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-730 Summary ======= The package lib32-curl before...
[ASA-201807-8] libcurl-compat: arbitrary code execution
Arch Linux Security Advisory ASA-201807-8 ========================================= Severity: High Date : 2018-07-16 CVE-ID : CVE-2018-0500 Package : libcurl-compat Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-733 Summary ======= The package libcurl-compa...
[ASA-201803-2] mkinitcpio-busybox: arbitrary code execution
Arch Linux Security Advisory ASA-201803-2 ========================================= Severity: High Date : 2018-03-01 CVE-ID : CVE-2017-16544 Package : mkinitcpio-busybox Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-514 Summary ======= The package...
[ASA-201702-1] tcpdump: arbitrary code execution
Arch Linux Security Advisory ASA-201702-1 ========================================= Severity: Critical Date : 2017-02-02 CVE-ID : CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933...
[ASA-201701-22] wordpress: multiple issues
Arch Linux Security Advisory ASA-201701-22 ========================================== Severity: High Date : 2017-01-15 CVE-ID : CVE-2016-10033 CVE-2016-10045 CVE-2017-5487 CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493 Package : wordpress Type : multiple issue...
flashplugin: multiple issues
CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924 arbitrary code execution Multiple Memory corruption vulnerabilities that could lead to arbitrary code execution have been found...
linux-grsec: information disclosure
A security issue has been found in the Linux kernel's implementation of challenge ACKs as specified in RFC 5961. An attacker which knows a connection's client IP, server IP and server port can abuse the challenge ACK mechanism to determine the accuracy of a normally 'blind' attack on the client o...
bind: denial of service
CVE-2016-2088 denial of service Allows remote attackers to cause a denial of service INSIST assertion failure and daemon exit via a malformed packet with more than one cookie option. - CVE-2016-1286 denial of service Allows remote attackers to cause a denial of service assertion failure and...
wireshark-gtk: denial of service
CVE-2015-8742 denial of service The dissectCPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service memory consumption or application crash via a...
nss: arbitrary code execution
Several issues existed within the ASN.1 decoder used by NSS for handling streaming BER data. While the majority of NSS uses a separate, unaffected DER decoder, several public routines also accept BER data, and thus are affected. An attacker that successfully exploited these issues can overflow th...
mariadb: denial of service
CVE-2015-4913 denial of service allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. - CVE-2015-4870 denial of service allows remote authenticated users to affect availability via unknown vectors related to...
haproxy: information leakage
A vulnerability was found in the handling of HTTP pipelining. In some cases, a client might be able to cause a buffer alignment issue and retrieve uninitialized memory contents that exhibit data from a past request or session. With the proper timing and by requesting files of specific sizes from...
openssl: multiple issues
CVE-2015-1787 denial of service If client auth is used then a server can segfault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. - CVE-2015-0207 denial of service The DTLSv1listen...
[ASA-201912-1] firefox: multiple issues
Arch Linux Security Advisory ASA-201912-1 ========================================= Severity: Critical Date : 2019-12-03 CVE-ID : CVE-2019-11745 CVE-2019-11756 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 CVE-2019-17013 CVE-2019-17014 Package : firefox...
[ASA-201908-9] libreoffice-still: multiple issues
Arch Linux Security Advisory ASA-201908-9 ========================================= Severity: High Date : 2019-08-16 CVE-ID : CVE-2019-9848 CVE-2019-9849 Package : libreoffice-still Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1010 Summary ======= The package...
[ASA-201712-11] lib32-openssl-1.0: multiple issues
Arch Linux Security Advisory ASA-201712-11 ========================================== Severity: Medium Date : 2017-12-17 CVE-ID : CVE-2017-3735 CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 Package : lib32-openssl-1.0 Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-480...
[ASA-201711-23] firefox: multiple issues
Arch Linux Security Advisory ASA-201711-23 ========================================== Severity: Critical Date : 2017-11-15 CVE-ID : CVE-2017-7826 CVE-2017-7827 CVE-2017-7828 CVE-2017-7830 CVE-2017-7831 CVE-2017-7832 CVE-2017-7833 CVE-2017-7834 CVE-2017-7835 CVE-2017-7836 CVE-2017-7837 CVE-2017-78...
lib32-glibc: denial of service
CVE-2016-3075 denial of service The getnetbyname implementation in nssdns contains a potentially unbounded alloca call in the form of a call to strdupa, leading to a stack overflow stack exhaustion and a crash if getnetbyname is invoked on a very long name. - CVE-2016-5417 denial of service The...
libpurple: multiple issues
CVE-2016-2365 denial of service Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. - CVE-2016-2366 denial of service Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. - CVE-2016-2367 information...
jre7-openjdk-headless: sandbox escape
It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...
jre7-openjdk: sandbox escape
It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...
wireshark-cli: denial of service
CVE-2016-2522: The dissectberconstrainedbitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service out-of-bounds read and application...
firefox: multiple issues
CVE-2016-1952 CVE-2016-1953 arbitrary code execution Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough...
glibc: multiple issues
CVE-2015-7547 arbitrary code execution A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the...
lib32-libsndfile: multiple issues
CVE-2014-9496 unspecified impact The sd2parsersrcfork function in sd2.c in lib32-libsndfile allows attackers to have unspecified impact via vectors related to a 1 map offset or 2 rsrc marker, which triggers an out-of-bounds read. - CVE-2014-9756 denial of service The psffwrite function in...
lib32-nettle: improper cryptographic calculations
CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 improper cryptographic calculations It has been discovered that multiple carry propagation bugs are producing wrong results in calculations. They affect the NIST P-256 and P-384 curves. The P-256 bug is in the C code and affects multiple architectures...
ntp: time alteration
If ntpd is always started with the -g option, which is common and against long-standing recommendation, and if at the moment ntpd is restarted an attacker can immediately respond to enough requests from enough sources trusted by the target, which is difficult and not common, there is a window of...
firefox: multiple issues
CVE-2015-4513 Miscellaneous memory safety hazards: Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and Gary Kwong reported memory safety problems and crashes that affect Firefox ESR 38.3 and Firefox 41. -...
chromium: multiple issues
CVE-2015-1291, CVE-2015-1293: Cross-origin bypass in DOM. - CVE-2015-1292: Cross-origin bypass in ServiceWorker. - CVE-2015-1294: Use-after-free in Skia. - CVE-2015-1295: Use-after-free in Printing. - CVE-2015-1296: Character spoofing in omnibox. - CVE-2015-1297: Permission scoping error in...
firefox: multiple issues
CVE-2015-2708 Memory safety bugs fixed in Firefox ESR 31.7 and Firefox 38: Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink reported memory safety problems and crashes that affect Firefox ESR 31.6 and Firefox 37. - CVE-2015-2709 Memory safety bugs fixed in Firefox 38: Gary Kwong,...
jdk8-openjdk: multiple issues
CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6549 arbitrary code execution Incorrect class loader permission check in ClassLoader...
wireshark-gtk: denial of service
CVE-2014-8710 out-of-bounds read Out-of-bounds read flaw in the SigComp dissector sigcomp-udvm leads to denial of service while processing malformed packets. - CVE-2014-8711 out-of-bounds read The AMQP dissector is seeing a large value in the capture file for what it thinks should be a field...
tnftp: arbitrary command execution
A malicious webserver can trick tnftp below 20141031 via HTTP redirects into executing arbitrary commands...
[ASA-202207-1] webkit2gtk-5.0: multiple issues
Arch Linux Security Advisory ASA-202207-1 ========================================= Severity: Critical Date : 2022-07-29 CVE-ID : CVE-2022-32792 CVE-2022-32816 Package : webkit2gtk-5.0 Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2792 Summary ======= The package...
[ASA-202207-4] webkit2gtk-4.1: multiple issues
Arch Linux Security Advisory ASA-202207-4 ========================================= Severity: Critical Date : 2022-07-29 CVE-ID : CVE-2022-32792 CVE-2022-32816 Package : webkit2gtk-4.1 Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2791 Summary ======= The package...
[ASA-202204-11] powerdns: denial of service
Arch Linux Security Advisory ASA-202204-11 ========================================== Severity: Low Date : 2022-04-15 CVE-ID : CVE-2022-27227 Package : powerdns Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2655 Summary ======= The package powerdns before version...
[ASA-201908-12] nginx-mainline: denial of service
Arch Linux Security Advisory ASA-201908-12 ========================================== Severity: Medium Date : 2019-08-16 CVE-ID : CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 Package : nginx-mainline Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1022 Summary =======...
[ASA-201812-9] firefox: multiple issues
Arch Linux Security Advisory ASA-201812-9 ========================================= Severity: Critical Date : 2018-12-12 CVE-ID : CVE-2018-12405 CVE-2018-12406 CVE-2018-12407 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18495 CVE-2018-18497 Package : firefox Type : multipl...
[ASA-201812-6] lib32-openssl: private key recovery
Arch Linux Security Advisory ASA-201812-6 ========================================= Severity: Low Date : 2018-12-08 CVE-ID : CVE-2018-0734 CVE-2018-0735 Package : lib32-openssl Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-793 Summary ======= The package...
[ASA-201712-6] qt5-webengine: multiple issues
Arch Linux Security Advisory ASA-201712-6 ========================================= Severity: Critical Date : 2017-12-13 CVE-ID : CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15390 CVE-2017-15392 CVE-2017-15394 CVE-2017-5124 CVE-2017-5126 CVE-2017-5127 CVE-2017-5128 CVE-2017-5129...
[ASA-201711-15] lib32-openssl: multiple issues
Arch Linux Security Advisory ASA-201711-15 ========================================== Severity: Medium Date : 2017-11-08 CVE-ID : CVE-2017-3735 CVE-2017-3736 Package : lib32-openssl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-478 Summary ======= The package...
[ASA-201701-32] linux: privilege escalation
Arch Linux Security Advisory ASA-201701-32 ========================================== Severity: Medium Date : 2017-01-27 CVE-ID : CVE-2017-2583 Package : linux Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-149 Summary ======= The package linux before version...
flashplugin: multiple issues
CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154,...