1854 matches found
wireshark-gtk: denial of service
CVE-2015-8742 denial of service The dissectCPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service memory consumption or application crash via a...
nodejs: multiple issues
CVE-2015-6764 V8 out-of-bounds access vulnerability: A bug was discovered in V8's implementation of JSON.stringify that can result in out-of-bounds reads on arrays. The patch was included in this week's update of Chrome Stable. While this bug is high severity for browsers, it is considered lower...
firefox: multiple issues
CVE-2015-4513 Miscellaneous memory safety hazards: Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and Gary Kwong reported memory safety problems and crashes that affect Firefox ESR 38.3 and Firefox 41. -...
chromium: multiple issues
CVE-2015-1291, CVE-2015-1293: Cross-origin bypass in DOM. - CVE-2015-1292: Cross-origin bypass in ServiceWorker. - CVE-2015-1294: Use-after-free in Skia. - CVE-2015-1295: Use-after-free in Printing. - CVE-2015-1296: Character spoofing in omnibox. - CVE-2015-1297: Permission scoping error in...
nss: signature forgery
The definitelengthdecoder function in lib/util/quickder.c in Mozilla Network Security Services NSS does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as...
mantisbt: multiple issues
CVE-2014-9272 cross-side scripting The function "stringinserthrefs" doesn't validate the protocol, which is why one can make a link that executes arbitrary JavaScript code. - CVE-2014-9270 cross-side scripting The Projax library does not properly escape html strings. An attacker could take...
[ASA-202006-1] firefox: multiple issues
Arch Linux Security Advisory ASA-202006-1 ========================================= Severity: High Date : 2020-06-02 CVE-ID : CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12407 CVE-2020-12408 CVE-2020-12409 CVE-2020-12410 CVE-2020-12411 Package : firefox Type : multiple issues Remote : Y...
[ASA-202001-4] thunderbird: multiple issues
Arch Linux Security Advisory ASA-202001-4 ========================================= Severity: Critical Date : 2020-01-14 CVE-ID : CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 Package : thunderbird Type : multiple issues Remote : Yes Link :...
[ASA-201906-13] linux: denial of service
Arch Linux Security Advisory ASA-201906-13 ========================================== Severity: High Date : 2019-06-18 CVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 Package : linux Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-983 Summary ======= The...
[ASA-201902-26] kibana: multiple issues
Arch Linux Security Advisory ASA-201902-26 ========================================== Severity: High Date : 2019-02-25 CVE-ID : CVE-2019-7608 CVE-2019-7609 CVE-2019-7610 Package : kibana Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-911 Summary ======= The package...
[ASA-201812-9] firefox: multiple issues
Arch Linux Security Advisory ASA-201812-9 ========================================= Severity: Critical Date : 2018-12-12 CVE-ID : CVE-2018-12405 CVE-2018-12406 CVE-2018-12407 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18495 CVE-2018-18497 Package : firefox Type : multipl...
[ASA-201804-6] lib32-openssl: private key recovery
Arch Linux Security Advisory ASA-201804-6 ========================================= Severity: Medium Date : 2018-04-15 CVE-ID : CVE-2017-3738 Package : lib32-openssl Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-551 Summary ======= The package lib32-openssl...
[ASA-201702-1] tcpdump: arbitrary code execution
Arch Linux Security Advisory ASA-201702-1 ========================================= Severity: Critical Date : 2017-02-02 CVE-ID : CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933...
[ASA-201701-32] linux: privilege escalation
Arch Linux Security Advisory ASA-201701-32 ========================================== Severity: Medium Date : 2017-01-27 CVE-ID : CVE-2017-2583 Package : linux Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-149 Summary ======= The package linux before version...
chromium: multiple issues
CVE-2016-5147 CVE-2016-5148 cross-site scripting Universal XSS in Blink. - CVE-2016-5149 script injection Script injection in extensions. - CVE-2016-5150 arbitrary code execution Use after free in Blink. - CVE-2016-5151 arbitrary code execution Use after free in PDFium. - CVE-2016-5152...
lib32-glibc: denial of service
CVE-2016-3075 denial of service The getnetbyname implementation in nssdns contains a potentially unbounded alloca call in the form of a call to strdupa, leading to a stack overflow stack exhaustion and a crash if getnetbyname is invoked on a very long name. - CVE-2016-5417 denial of service The...
chromium: multiple issues
CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski. - CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han. - CVE-2016-1670: Race condition in loader. Credit to anonymous...
wordpress: multiple issues
CVE-2015-5714 cross-side scripting A cross-site scripting vulnerability has been discovered when processing shortcode tags. - CVE-2015-5715 insufficient permission restriction A vulnerability has been discovered, allowing users without proper permissions to publish private posts and make them...
jre7-openjdk: multiple issues
CVE-2015-2590 deserialization issue in ObjectInputStream.readSerialData: ObjectInputStream's readSerialData could, in certain cases, incorrectly perform deserialization of data from serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions...
tcpdump: multiple issues
CVE-2014-8767 denial of service Integer underflow in the olsrprint function when in verbose mode, allows remote attackers to cause a denial of service crash via a crafted length value in an OLSR frame. - CVE-2014-8768 denial of service Multiple Integer underflows in the geonetprint function, when...
[ASA-202207-4] webkit2gtk-4.1: multiple issues
Arch Linux Security Advisory ASA-202207-4 ========================================= Severity: Critical Date : 2022-07-29 CVE-ID : CVE-2022-32792 CVE-2022-32816 Package : webkit2gtk-4.1 Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2791 Summary ======= The package...
[ASA-202112-4] lib32-nss: arbitrary code execution
Arch Linux Security Advisory ASA-202112-4 ========================================= Severity: High Date : 2021-12-03 CVE-ID : CVE-2021-43527 Package : lib32-nss Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2597 Summary ======= The package lib32-nss before...
[ASA-202110-10] wpewebkit: multiple issues
Arch Linux Security Advisory ASA-202110-10 ========================================== Severity: Medium Date : 2021-10-29 CVE-ID : CVE-2021-30846 CVE-2021-30851 CVE-2021-42762 Package : wpewebkit Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2484 Summary ======= The...
[ASA-202109-6] chromium: arbitrary code execution
Arch Linux Security Advisory ASA-202109-6 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30629 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 Package : chromium Type : arbitrary...
[ASA-202004-14] apache: multiple issues
Arch Linux Security Advisory ASA-202004-14 ========================================== Severity: Low Date : 2020-04-15 CVE-ID : CVE-2020-1927 CVE-2020-1934 Package : apache Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1126 Summary ======= The package apache before...
[ASA-202002-9] thunderbird: multiple issues
Arch Linux Security Advisory ASA-202002-9 ========================================= Severity: Critical Date : 2020-02-13 CVE-ID : CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6798 CVE-2020-6800 Package : thunderbird Type : multiple issues Remote : Yes Link :...
[ASA-201911-6] samba: multiple issues
Arch Linux Security Advisory ASA-201911-6 ========================================= Severity: Medium Date : 2019-11-03 CVE-ID : CVE-2019-10218 CVE-2019-14833 CVE-2019-14847 Package : samba Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1057 Summary ======= The packa...
[ASA-201906-18] firefox: arbitrary code execution
Arch Linux Security Advisory ASA-201906-18 ========================================== Severity: Critical Date : 2019-06-19 CVE-ID : CVE-2019-11707 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-994 Summary ======= The package firefox befor...
[ASA-201801-21] rsync: multiple issues
Arch Linux Security Advisory ASA-201801-21 ========================================== Severity: High Date : 2018-01-29 CVE-ID : CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 CVE-2018-5764 Package : rsync Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-542 Summary...
[ASA-201711-15] lib32-openssl: multiple issues
Arch Linux Security Advisory ASA-201711-15 ========================================== Severity: Medium Date : 2017-11-08 CVE-ID : CVE-2017-3735 CVE-2017-3736 Package : lib32-openssl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-478 Summary ======= The package...
[ASA-201709-15] apache: information disclosure
Arch Linux Security Advisory ASA-201709-15 ========================================== Severity: High Date : 2017-09-18 CVE-ID : CVE-2017-9798 Package : apache Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-404 Summary ======= The package apache before version...
libgcrypt: information disclosure
Felix Drre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and...
nginx-mainline: denial of service
A vulnerability was found in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while handling the client request body...
samba: multiple issues
CVE-2015-5370 arbitrary code execution Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server high CPU load or a crash or, possibly, execute arbitrary code with the...
wireshark-gtk: denial of service
CVE-2016-2522: The dissectberconstrainedbitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service out-of-bounds read and application...
ruby: unsafe tainted string usage
There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi...
jre8-openjdk: multiple issues
CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...
chromium: multiple issues
CVE-2015-1235 cross-origin bypass A vulnerability was discovered that allows cross-origin-bypass in the HTML parser. - CVE-2015-1236 cross-origin bypass A vulnerability was discovered that allows cross-origin-bypass in the rendering engine Blink. - CVE-2015-1237 arbitrary code execution An...
php: integer overflow
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or,...
cpio: heap buffer overflow
A heap-based buffer overflow flaw was reported in cpio's listfile function. Attempting to extract a malicious cpio archive could cause cpio to crash or, potentially, execute arbitrary code. As noted in the original report, this issue could be trigger via other utilities, such as when running "les...
linux: local denial of service, privilege escalation
CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service host OS crash by leveraging guest OS privileges, relate...
libxml2: Denial of service
Daniel Berrange discovered that libxml2 incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that, when processed, leads to the exhaustion of CPU and...
mediawiki: Cross-site Scripting (XSS)
It was discovered that MediaWiki, a wiki engine, did not sufficiently filter CSS in uploaded SVG files, allowing for cross site scripting...
NSS: Signature forgery attack
Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is...
[ASA-202112-3] nss: arbitrary code execution
Arch Linux Security Advisory ASA-202112-3 ========================================= Severity: High Date : 2021-12-03 CVE-ID : CVE-2021-43527 Package : nss Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2596 Summary ======= The package nss before version...
[ASA-202112-2] opera: multiple issues
Arch Linux Security Advisory ASA-202112-2 ========================================= Severity: High Date : 2021-12-03 CVE-ID : CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015...
[ASA-202009-12] lib32-brotli: denial of service
Arch Linux Security Advisory ASA-202009-12 ========================================== Severity: Medium Date : 2020-09-26 CVE-ID : CVE-2020-8927 Package : lib32-brotli Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1231 Summary ======= The package lib32-brotli befo...
[ASA-202009-11] podman: information disclosure
Arch Linux Security Advisory ASA-202009-11 ========================================== Severity: High Date : 2020-09-26 CVE-ID : CVE-2020-14370 Package : podman Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-1233 Summary ======= The package podman before versi...
[ASA-201911-11] linux-lts: arbitrary code execution
Arch Linux Security Advisory ASA-201911-11 ========================================== Severity: Critical Date : 2019-11-13 CVE-ID : CVE-2019-17666 Package : linux-lts Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1065 Summary ======= The package linux-lts...
[ASA-201911-14] intel-ucode: multiple issues
Arch Linux Security Advisory ASA-201911-14 ========================================== Severity: High Date : 2019-11-13 CVE-ID : CVE-2019-0117 CVE-2019-11135 CVE-2019-11139 Package : intel-ucode Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1068 Summary ======= The...