Lucene search
K
ArchlinuxMost viewed

1854 matches found

ArchLinux
ArchLinux
added 2016/06/13 12:0 a.m.54 views

expat: multiple issues

CVE-2012-6702 predictable random numbers It was found that when calling XMLParse ahead of rand, it causes the pseudo random generator to generate non-random predictable numbers. - CVE-2016-5300 denial of service It was found that original fix for CVE-2012-0876 used too little entropy for the hash...

7.8CVSS2.2AI score0.06539EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2016/06/08 12:0 a.m.54 views

firefox: multiple issues

CVE-2016-2815 arbitrary code execution Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with...

6.8CVSS8.4AI score0.23957EPSS
Exploits7References12
ArchLinux
ArchLinux
added 2016/05/12 12:0 a.m.54 views

chromium: multiple issues

CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski. - CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han. - CVE-2016-1670: Race condition in loader. Credit to anonymous...

9.3CVSS1.8AI score0.04227EPSS
Exploits2References5
ArchLinux
ArchLinux
added 2016/05/06 12:0 a.m.54 views

gd: arbitrary code execution

A heap-based buffer overflow caused by an integer signedness error has been found in the libgd code handling compressed gd2 chunks...

7.5CVSS3.2AI score0.36974EPSS
Exploits8References3
ArchLinux
ArchLinux
added 2016/03/12 12:0 a.m.54 views

wireshark-qt: denial of service

CVE-2016-2522: The dissectberconstrainedbitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service out-of-bounds read and application...

7.1CVSS4.7AI score0.03104EPSS
Exploits1References29
ArchLinux
ArchLinux
added 2016/03/10 12:0 a.m.54 views

exim: privilege escalation

All installations having Exim set-uid root and using 'perlstartup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim and this is normally any user can gain root privileges...

6.9CVSS3.8AI score0.05901EPSS
Exploits13References2
ArchLinux
ArchLinux
added 2015/12/02 12:0 a.m.54 views

chromium: multiple issues

CVE-2015-6764: Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own. - CVE-2015-6765, CVE-2015-6766, CVE-2015-6767: Use-after-free in AppCache. - CVE-2015-6768, CVE-2015-6770, CVE-2015-6772: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2015-6769: Cross-origin...

10CVSS0.6AI score0.08115EPSS
Exploits6References1
ArchLinux
ArchLinux
added 2015/05/15 12:0 a.m.54 views

wireshark-qt: denial of service

CVE-2015-3808 denial of service There is an infinite loop condition in dissectlbmrpser in epan/dissectors/packet-lbmr.c. It's possible for an attacker to set the the variable 'optionlen' to 0, causing the loop to never terminate. This issue is leading to excessive CPU resources consumption by...

7.8CVSS1.5AI score0.03731EPSS
Exploits0References9
ArchLinux
ArchLinux
added 2015/03/20 12:0 a.m.54 views

tcpdump: multiple issues

CVE-2014-8767 denial of service Integer underflow in the olsrprint function when in verbose mode, allows remote attackers to cause a denial of service crash via a crafted length value in an OLSR frame. - CVE-2014-8768 denial of service Multiple Integer underflows in the geonetprint function, when...

7.5CVSS5.3AI score0.19807EPSS
Exploits15References9
ArchLinux
ArchLinux
added 2015/01/14 12:0 a.m.54 views

cpio: heap buffer overflow

A heap-based buffer overflow flaw was reported in cpio's listfile function. Attempting to extract a malicious cpio archive could cause cpio to crash or, potentially, execute arbitrary code. As noted in the original report, this issue could be trigger via other utilities, such as when running "les...

5CVSS3.5AI score0.07093EPSS
Exploits1References3
ArchLinux
ArchLinux
added 2014/09/26 12:0 a.m.54 views

python2: Information leakage through integer overflow

It was reported that Python 2.7.8 fixes a potential wraparound in buffer with possible CWE-200 implications. This could allow an attacker to access private information through information leakage. PoC: --- overflow.py --- import sys a = bytearray'here be dragons' b = buffera, sys.maxsize,...

6.4CVSS4.3AI score0.05307EPSS
Exploits1References3
ArchLinux
ArchLinux
added 2022/10/14 12:0 a.m.53 views

[ASA-202210-4] linux-zen: multiple issues

Arch Linux Security Advisory ASA-202210-4 ========================================= Severity: Critical Date : 2022-10-14 CVE-ID : CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 Package : linux-zen Type : multiple issues Remote : Yes Link :...

8.8CVSS8.3AI score0.03763EPSS
Exploits5References19
ArchLinux
ArchLinux
added 2022/04/05 12:0 a.m.53 views

[ASA-202204-6] libtiff: multiple issues

Arch Linux Security Advisory ASA-202204-6 ========================================= Severity: High Date : 2022-04-05 CVE-ID : CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891 CVE-2022-0907 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-22844 Package : libtiff Type : multiple issues...

7.7CVSS8.2AI score0.01542EPSS
Exploits9References34
ArchLinux
ArchLinux
added 2021/12/03 12:0 a.m.53 views

[ASA-202112-2] opera: multiple issues

Arch Linux Security Advisory ASA-202112-2 ========================================= Severity: High Date : 2021-12-03 CVE-ID : CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015...

9.6CVSS2.3AI score0.01362EPSS
Exploits2References40
ArchLinux
ArchLinux
added 2021/10/29 12:0 a.m.53 views

[ASA-202110-10] wpewebkit: multiple issues

Arch Linux Security Advisory ASA-202110-10 ========================================== Severity: Medium Date : 2021-10-29 CVE-ID : CVE-2021-30846 CVE-2021-30851 CVE-2021-42762 Package : wpewebkit Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2484 Summary ======= The...

8.8CVSS0.6AI score0.02319EPSS
Exploits1References9
ArchLinux
ArchLinux
added 2020/10/20 12:0 a.m.53 views

[ASA-202010-10] freetype2: arbitrary code execution

Arch Linux Security Advisory ASA-202010-10 ========================================== Severity: High Date : 2020-10-20 CVE-ID : CVE-2020-15999 Package : freetype2 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1254 Summary ======= The package freetype2 befo...

9.6CVSS1.3AI score0.5063EPSS
Exploits2References4
ArchLinux
ArchLinux
added 2020/01/14 12:0 a.m.53 views

[ASA-202001-4] thunderbird: multiple issues

Arch Linux Security Advisory ASA-202001-4 ========================================= Severity: Critical Date : 2020-01-14 CVE-ID : CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 Package : thunderbird Type : multiple issues Remote : Yes Link :...

8.8CVSS2.3AI score0.46589EPSS
Exploits8References17
ArchLinux
ArchLinux
added 2019/11/13 12:0 a.m.53 views

[ASA-201911-12] linux-zen: arbitrary code execution

Arch Linux Security Advisory ASA-201911-12 ========================================== Severity: Critical Date : 2019-11-13 CVE-ID : CVE-2019-17666 Package : linux-zen Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1066 Summary ======= The package linux-zen...

8.8CVSS2AI score0.03017EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2019/06/19 12:0 a.m.53 views

[ASA-201906-18] firefox: arbitrary code execution

Arch Linux Security Advisory ASA-201906-18 ========================================== Severity: Critical Date : 2019-06-19 CVE-ID : CVE-2019-11707 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-994 Summary ======= The package firefox befor...

8.8CVSS1.3AI score0.37951EPSS
Exploits7References5
ArchLinux
ArchLinux
added 2019/06/19 12:0 a.m.53 views

[ASA-201906-19] firefox-developer-edition: arbitrary code execution

Arch Linux Security Advisory ASA-201906-19 ========================================== Severity: Critical Date : 2019-06-19 CVE-ID : CVE-2019-11707 Package : firefox-developer-edition Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-995 Summary ======= The...

8.8CVSS1.3AI score0.37951EPSS
Exploits7References5
ArchLinux
ArchLinux
added 2019/06/17 12:0 a.m.53 views

[ASA-201906-12] linux-hardened: denial of service

Arch Linux Security Advisory ASA-201906-12 ========================================== Severity: High Date : 2019-06-17 CVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 Package : linux-hardened Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-986 Summary =======...

7.8CVSS0.3AI score0.98745EPSS
Exploits4References10
ArchLinux
ArchLinux
added 2019/02/25 12:0 a.m.53 views

[ASA-201902-26] kibana: multiple issues

Arch Linux Security Advisory ASA-201902-26 ========================================== Severity: High Date : 2019-02-25 CVE-ID : CVE-2019-7608 CVE-2019-7609 CVE-2019-7610 Package : kibana Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-911 Summary ======= The package...

10CVSS2.4AI score0.95338EPSS
Exploits12References5
ArchLinux
ArchLinux
added 2016/02/23 12:0 a.m.53 views

libssh: man-in-the-middle

libssh versions 0.1 and above have a bits/bytes confusion bug and generate the an anormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits...

4.3CVSS1.1AI score0.02431EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2016/01/13 12:0 a.m.53 views

libxslt: denial of service

A type confusion vulnerability was discovered in the xsltStylePreCompute function of libxslt. A remote attacker could possibly exploit this flaw to cause an application using libxslt to crash by tricking the application into processing a specially crafted XSLT document...

5CVSS2.6AI score0.04156EPSS
Exploits1References4
ArchLinux
ArchLinux
added 2015/12/05 12:0 a.m.53 views

nodejs: multiple issues

CVE-2015-6764 V8 out-of-bounds access vulnerability: A bug was discovered in V8's implementation of JSON.stringify that can result in out-of-bounds reads on arrays. The patch was included in this week's update of Chrome Stable. While this bug is high severity for browsers, it is considered lower...

7.5CVSS1.6AI score0.05356EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2015/07/22 12:0 a.m.53 views

jre7-openjdk: multiple issues

CVE-2015-2590 deserialization issue in ObjectInputStream.readSerialData: ObjectInputStream's readSerialData could, in certain cases, incorrectly perform deserialization of data from serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions...

10CVSS0.6AI score0.9986EPSS
Exploits1References17
ArchLinux
ArchLinux
added 2014/12/16 12:0 a.m.53 views

nss: signature forgery

The definitelengthdecoder function in lib/util/quickder.c in Mozilla Network Security Services NSS does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as...

7.5CVSS2.8AI score0.99999EPSS
Exploits11References5
ArchLinux
ArchLinux
added 2014/12/08 12:0 a.m.53 views

mantisbt: multiple issues

CVE-2014-9272 cross-side scripting The function "stringinserthrefs" doesn't validate the protocol, which is why one can make a link that executes arbitrary JavaScript code. - CVE-2014-9270 cross-side scripting The Projax library does not properly escape html strings. An attacker could take...

7.5CVSS2.1AI score0.03145EPSS
Exploits6References32
ArchLinux
ArchLinux
added 2020/06/02 12:0 a.m.52 views

[ASA-202006-1] firefox: multiple issues

Arch Linux Security Advisory ASA-202006-1 ========================================= Severity: High Date : 2020-06-02 CVE-ID : CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12407 CVE-2020-12408 CVE-2020-12409 CVE-2020-12410 CVE-2020-12411 Package : firefox Type : multiple issues Remote : Y...

9.3CVSS0.7AI score0.01537EPSS
Exploits1References19
ArchLinux
ArchLinux
added 2020/02/13 12:0 a.m.52 views

[ASA-202002-9] thunderbird: multiple issues

Arch Linux Security Advisory ASA-202002-9 ========================================= Severity: Critical Date : 2020-02-13 CVE-ID : CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6798 CVE-2020-6800 Package : thunderbird Type : multiple issues Remote : Yes Link :...

8.8CVSS0.2AI score0.02274EPSS
Exploits1References22
ArchLinux
ArchLinux
added 2018/04/15 12:0 a.m.52 views

[ASA-201804-6] lib32-openssl: private key recovery

Arch Linux Security Advisory ASA-201804-6 ========================================= Severity: Medium Date : 2018-04-15 CVE-ID : CVE-2017-3738 Package : lib32-openssl Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-551 Summary ======= The package lib32-openssl...

5.9CVSS0.7AI score0.13411EPSS
Exploits0References5
ArchLinux
ArchLinux
added 2018/01/29 12:0 a.m.52 views

[ASA-201801-21] rsync: multiple issues

Arch Linux Security Advisory ASA-201801-21 ========================================== Severity: High Date : 2018-01-29 CVE-ID : CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 CVE-2018-5764 Package : rsync Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-542 Summary...

9.8CVSS3AI score0.06337EPSS
Exploits0References11
ArchLinux
ArchLinux
added 2017/04/28 12:0 a.m.52 views

[ASA-201704-9] webkit2gtk: multiple issues

Arch Linux Security Advisory ASA-201704-9 ========================================= Severity: Critical Date : 2017-04-28 CVE-ID : CVE-2016-9642 CVE-2016-9643 CVE-2017-2367 CVE-2017-2376 CVE-2017-2377 CVE-2017-2386 CVE-2017-2392 CVE-2017-2394 CVE-2017-2395 CVE-2017-2396 CVE-2017-2405 CVE-2017-2415...

8.8CVSS4.7AI score0.09283EPSS
Exploits54References35
ArchLinux
ArchLinux
added 2016/09/01 12:0 a.m.52 views

chromium: multiple issues

CVE-2016-5147 CVE-2016-5148 cross-site scripting Universal XSS in Blink. - CVE-2016-5149 script injection Script injection in extensions. - CVE-2016-5150 arbitrary code execution Use after free in Blink. - CVE-2016-5151 arbitrary code execution Use after free in PDFium. - CVE-2016-5152...

1.4AI score0.04702EPSS
Exploits0References22
ArchLinux
ArchLinux
added 2016/06/01 12:0 a.m.52 views

nginx-mainline: denial of service

A vulnerability was found in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while handling the client request body...

5CVSS1.5AI score0.16376EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2016/04/23 12:0 a.m.52 views

samba: multiple issues

CVE-2015-5370 arbitrary code execution Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server high CPU load or a crash or, possibly, execute arbitrary code with the...

6.8CVSS1.2AI score0.3693EPSS
Exploits0References16
ArchLinux
ArchLinux
added 2016/02/02 12:0 a.m.52 views

lib32-curl: authentication bypass

A vulnerability was found in a way libcurl uses NTLM-authenticated proxy connections. Libcurl will reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. Since NTLM-based authentication is...

5CVSS2.4AI score0.09327EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2016/01/09 12:0 a.m.52 views

wireshark-qt: denial of service

CVE-2015-8742 denial of service The dissectCPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service memory consumption or application crash via a...

4.3CVSS3.7AI score0.07142EPSS
Exploits14References25
ArchLinux
ArchLinux
added 2015/10/30 12:0 a.m.52 views

wordpress: multiple issues

CVE-2015-5714 cross-side scripting A cross-site scripting vulnerability has been discovered when processing shortcode tags. - CVE-2015-5715 insufficient permission restriction A vulnerability has been discovered, allowing users without proper permissions to publish private posts and make them...

1.5AI score0.06389EPSS
Exploits2References5
ArchLinux
ArchLinux
added 2015/03/28 12:0 a.m.52 views

php: integer overflow

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or,...

7.5CVSS4.8AI score0.27692EPSS
Exploits1References5
ArchLinux
ArchLinux
added 2015/03/02 12:0 a.m.52 views

lib32-elfutils: directory traversal

Directory traversal vulnerability in the readlongnames function in libelf/elfbegin.c allows remote attackers to write to arbitrary files to the root directory via a / slash in a crafted archive, as demonstrated using the ar program...

6.4CVSS5.9AI score0.05018EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2014/11/17 12:0 a.m.52 views

linux: local denial of service, privilege escalation

CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service host OS crash by leveraging guest OS privileges, relate...

4.9CVSS3.8AI score0.01168EPSS
Exploits7References10
ArchLinux
ArchLinux
added 2014/10/24 12:0 a.m.52 views

libxml2: Denial of service

Daniel Berrange discovered that libxml2 incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that, when processed, leads to the exhaustion of CPU and...

5CVSS3.2AI score0.081EPSS
Exploits2References6
ArchLinux
ArchLinux
added 2014/09/29 12:0 a.m.52 views

mediawiki: Cross-site Scripting (XSS)

It was discovered that MediaWiki, a wiki engine, did not sufficiently filter CSS in uploaded SVG files, allowing for cross site scripting...

4.3CVSS2.2AI score0.01983EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2021/12/03 12:0 a.m.51 views

[ASA-202112-3] nss: arbitrary code execution

Arch Linux Security Advisory ASA-202112-3 ========================================= Severity: High Date : 2021-12-03 CVE-ID : CVE-2021-43527 Package : nss Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2596 Summary ======= The package nss before version...

9.8CVSS1.4AI score0.17563EPSS
Exploits0References6
ArchLinux
ArchLinux
added 2021/12/03 12:0 a.m.51 views

[ASA-202112-4] lib32-nss: arbitrary code execution

Arch Linux Security Advisory ASA-202112-4 ========================================= Severity: High Date : 2021-12-03 CVE-ID : CVE-2021-43527 Package : lib32-nss Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2597 Summary ======= The package lib32-nss before...

9.8CVSS1.6AI score0.17563EPSS
Exploits0References6
ArchLinux
ArchLinux
added 2021/09/14 12:0 a.m.51 views

[ASA-202109-6] chromium: arbitrary code execution

Arch Linux Security Advisory ASA-202109-6 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30629 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 Package : chromium Type : arbitrary...

9.6CVSS1.9AI score0.64546EPSS
Exploits4References20
ArchLinux
ArchLinux
added 2020/04/15 12:0 a.m.51 views

[ASA-202004-14] apache: multiple issues

Arch Linux Security Advisory ASA-202004-14 ========================================== Severity: Low Date : 2020-04-15 CVE-ID : CVE-2020-1927 CVE-2020-1934 Package : apache Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1126 Summary ======= The package apache before...

6.1CVSS0.1AI score0.56691EPSS
Exploits0References7
ArchLinux
ArchLinux
added 2019/11/13 12:0 a.m.51 views

[ASA-201911-11] linux-lts: arbitrary code execution

Arch Linux Security Advisory ASA-201911-11 ========================================== Severity: Critical Date : 2019-11-13 CVE-ID : CVE-2019-17666 Package : linux-lts Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1065 Summary ======= The package linux-lts...

8.8CVSS2AI score0.03017EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2019/11/03 12:0 a.m.51 views

[ASA-201911-6] samba: multiple issues

Arch Linux Security Advisory ASA-201911-6 ========================================= Severity: Medium Date : 2019-11-03 CVE-ID : CVE-2019-10218 CVE-2019-14833 CVE-2019-14847 Package : samba Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1057 Summary ======= The packa...

6.5CVSS0.6AI score0.03515EPSS
Exploits1References9
Total number of security vulnerabilities1854