1854 matches found
chromium: multiple issues
CVE-2016-1660: Out-of-bounds write in Blink. Credit to Atte Kettunen of OUSPG. - CVE-2016-1661: Memory corruption in cross-process frames. Credit to Wadih Matar. - CVE-2016-1662: Use-after-free in extensions. Credit to Rob Wu. - CVE-2016-1663: Use-after-free in Blink's V8 bindings. Credit to...
flashplugin: arbitrary code execution
CVE-2016-0963 CVE-2016-0993 CVE-2016-1010 arbitrary code execution Integer overflow vulnerabilities that could lead to code execution. - CVE-2016-0987 CVE-2016-0988 CVE-2016-0990 CVE-2016-0991 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000...
phpmyadmin: content spoofing
This vulnerability allows an attacker to perform a content spoofing attack using the phpMyAdmin's redirection mechanism to external sites. This vulnerability is not considered to be critical since the spoofed content is escaped and no HTML injection is possible...
bind: denial of service
CVE-2015-5722 Parsing malformed keys may cause BIND to exit due to a failed assertion in buffer.c: Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example...
cups: multiple issues
CVE-2015-1158 arbitrary code execution, privilege escalation An issue with how localized strings are handled in cupsd allows a reference counter to over-decrement when handling certain print job request errors. As a result, an attacker can prematurely free an arbitrary string of global scope,...
wireshark-gtk: denial of service
CVE-2015-3808 denial of service There is an infinite loop condition in dissectlbmrpser in epan/dissectors/packet-lbmr.c. It's possible for an attacker to set the the variable 'optionlen' to 0, causing the loop to never terminate. This issue is leading to excessive CPU resources consumption by...
wpa_supplicant: arbitrary code execution
A vulnerability was found in how wpasupplicant uses SSID information parsed from management frames that create or update P2P peer entries e.g., Probe Response frame or number of P2P Public Action frames. SSID field has valid length range of 0-32 octets. However, it is transmitted in an element th...
jre7-openjdk-headless: multiple issues
CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...
jre8-openjdk: multiple issues
CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...
thunderbird: multiple issues
CVE-2015-0801 same-origin bypass: Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG...
flashplugin: multiple issues
CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339: Memory corruption vulnerabilities leading to code execution. -CVE-2015-0334, CVE-2015-0336: Type confusion vulnerabilities leading to code execution. - CVE-2015-0337 : Vulnerability leading to a cross-domain policy bypass. -...
jre8-openjdk: multiple issues
CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6549 arbitrary code execution Incorrect class loader permission check in ClassLoader...
jre8-openjdk-headless: multiple issues
CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6549 arbitrary code execution Incorrect class loader permission check in ClassLoader...
[ASA-202506-10] libblockdev: privilege escalation
Arch Linux Security Advisory ASA-202506-10 ========================================== Severity: High Date : 2025-06-22 CVE-ID : CVE-2025-6019 Package : libblockdev Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-2905 Summary ======= The package libblockdev before...
[ASA-202205-2] git: arbitrary command execution
Arch Linux Security Advisory ASA-202205-2 ========================================= Severity: Medium Date : 2022-05-16 CVE-ID : CVE-2022-24765 Package : git Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-2679 Summary ======= The package git before version...
[ASA-202204-7] gzip: arbitrary command execution
Arch Linux Security Advisory ASA-202204-7 ========================================= Severity: High Date : 2022-04-07 CVE-ID : CVE-2022-1271 Package : gzip Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-2666 Summary ======= The package gzip before version...
[ASA-202112-11] grafana: directory traversal
Arch Linux Security Advisory ASA-202112-11 ========================================== Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 Package : grafana Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-2609 Summary ======= The...
[ASA-202112-9] thunderbird: multiple issues
Arch Linux Security Advisory ASA-202112-9 ========================================= Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-43528 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 Package : thunderbird...
[ASA-202111-9] chromium: multiple issues
Arch Linux Security Advisory ASA-202111-9 ========================================= Severity: High Date : 2021-11-18 CVE-ID : CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015...
[ASA-201910-8] sdl: arbitrary code execution
Arch Linux Security Advisory ASA-201910-8 ========================================= Severity: High Date : 2019-10-11 CVE-ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 CVE-2019-13616...
[ASA-201908-7] postgresql-libs: multiple issues
Arch Linux Security Advisory ASA-201908-7 ========================================= Severity: Medium Date : 2019-08-10 CVE-ID : CVE-2019-10208 CVE-2019-10209 Package : postgresql-libs Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1019 Summary ======= The package...
[ASA-201908-5] sdl2: arbitrary code execution
Arch Linux Security Advisory ASA-201908-5 ========================================= Severity: High Date : 2019-08-05 CVE-ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7638 Package : sdl2 Type : arbitrary...
[ASA-201908-2] python-django: multiple issues
Arch Linux Security Advisory ASA-201908-2 ========================================= Severity: Medium Date : 2019-08-05 CVE-ID : CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 Package : python-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1015...
[ASA-201906-7] openssl: information disclosure
Arch Linux Security Advisory ASA-201906-7 ========================================= Severity: Low Date : 2019-06-11 CVE-ID : CVE-2019-1543 Package : openssl Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-919 Summary ======= The package openssl before version...
[ASA-201903-2] openssl-1.0: information disclosure
Arch Linux Security Advisory ASA-201903-2 ========================================= Severity: Medium Date : 2019-03-02 CVE-ID : CVE-2019-1559 Package : openssl-1.0 Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-917 Summary ======= The package openssl-1.0 befo...
[ASA-201902-6] runc: privilege escalation
Arch Linux Security Advisory ASA-201902-6 ========================================= Severity: High Date : 2019-02-11 CVE-ID : CVE-2019-5736 Package : runc Type : privilege escalation Remote : Yes Link : https://security.archlinux.org/AVG-878 Summary ======= The package runc before version...
[ASA-201901-3] elfutils: denial of service
Arch Linux Security Advisory ASA-201901-3 ========================================= Severity: Medium Date : 2019-01-08 CVE-ID : CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 Package : elfutils Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-785 Summary ======= The...
[ASA-201810-11] net-snmp: multiple issues
Arch Linux Security Advisory ASA-201810-11 ========================================== Severity: High Date : 2018-10-17 CVE-ID : CVE-2015-5621 CVE-2018-18065 Package : net-snmp Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-777 Summary ======= The package net-snmp...
[ASA-201808-5] linux-lts: denial of service
Arch Linux Security Advisory ASA-201808-5 ========================================= Severity: High Date : 2018-08-08 CVE-ID : CVE-2018-5390 Package : linux-lts Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-748 Summary ======= The package linux-lts before version...
[ASA-201703-4] chromium: multiple issues
Arch Linux Security Advisory ASA-201703-4 ========================================= Severity: Critical Date : 2017-03-11 CVE-ID : CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040...
[ASA-201701-36] lib32-openssl: multiple issues
Arch Linux Security Advisory ASA-201701-36 ========================================== Severity: Medium Date : 2017-01-27 CVE-ID : CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 Package : lib32-openssl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-155 Summary ======= The...
[ASA-201701-1] libwmf: multiple issues
Arch Linux Security Advisory ASA-201701-1 ========================================= Severity: Critical Date : 2017-01-01 CVE-ID : CVE-2006-3376 CVE-2007-0455 CVE-2007-2756 CVE-2007-3472 CVE-2007-3473 CVE-2007-3477 CVE-2009-1364 CVE-2009-3546 CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696...
wordpress: multiple issues
CVE-2016-7168 cross-site scripting A cross-site scripting vulnerability via an image filename, reported by SumOfPwm researcher Cengiz Han Sahin. - CVE-2016-7169 directory traversal A directory traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the...
python2-django: cross-site scripting
Unsafe usage of JavaScript's Element.innerHTML could result in XSS in the admin's add/change related popup. Element.textContent is now used to prevent execution of the data. The debug view also used innerHTML. Although a security issue wasn't identified there, out of an abundance of caution it's...
lib32-expat: arbitrary code execution
CVE-2015-1283 arbitrary code execution Multiple integer overflows in the XMLGetBuffer function allow remote attackers to cause a denial of service heap-based buffer overflow or possibly arbitrary code execution via crafted XML data. This problem has already been fixed in version 2.1.0-1 but this...
expat: arbitrary code execution
CVE-2015-1283 arbitrary code execution Multiple integer overflows in the XMLGetBuffer function allow remote attackers to cause a denial of service heap-based buffer overflow or possibly arbitrary code execution via crafted XML data. This problem has already been fixed in version 2.1.0-1 but this...
jre8-openjdk: sandbox escape
It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...
pcre: arbitrary code execution
PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. Exploits with advanced Heap Fengshui techniques may allow an attacker to execu...
lib32-glibc: unbound stack usage
CVE-2014-9761 unbound stack usage The nan, nanf and nanl functions no longer have unbounded stack usage depending on the length of the string passed as an argument to the functions...
libsndfile: multiple issues
CVE-2014-9496 unspecified impact The sd2parsersrcfork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a 1 map offset or 2 rsrc marker, which triggers an out-of-bounds read. - CVE-2014-9756 denial of service The psffwrite function in fileio.c in...
ffmpeg: information leakage
A vulnerability in the way FFmpeg handles the concat CVE-2016-1897 and subfile CVE-2016-1898 protocols in a HTTP Live Streaming HLS M3U8 file allows a remote attacker to conduct a cross-origin attacks, and to access arbitrary local files on the vulnerable host. The attack uses a crafted M3U8 file...
php: multiple issues
CVE-2016-1903 information disclosure An out-of-bounds vulnerability has been discovered in ext/gd/libgd/gdinterpolation.c in the gdImageRotateInterpolated function. The background color of an image is passed in as an integer that represents an index to the color palette. As there is a lack of...
thunderbird: multiple issues
CVE-2015-7201 cross-origin restriction bypass using data: and view-source: uri scheme: Security researcher Tsubasa Iinuma reported a mechanism to violate same-origin policy to content using data: and view-source: URIs to confuse protections and bypass restrictions. This resulted in the ability to...
subversion: authentication bypass
CVE-2015-3184: Subversion's modauthzsvn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible. - CVE-2015-3187:...
curl: multiple issues
CVE-2015-3143 re-using authenticated connection when unauthenticated: libcurl keeps a pool of its last few connections around after use to fascilitate easy, conventient and completely transparent connection re-use for applications. When doing HTTP requests NTLM authenticated, the entire...
jre8-openjdk-headless: multiple issues
CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...
drupal: session hijacking and denial of service
Custom configured session.inc and password.inc need to be audited as well to verify if they are prone to the following vulnerabilities. More information can be found in the upstream advisory 0. - CVE-2014-9015 session hijacking Aaron Averill discovered that a specially crafted request can give a...
mingw-w64-binutils: multiple issues
CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...
[ASA-202207-3] webkit2gtk: multiple issues
Arch Linux Security Advisory ASA-202207-3 ========================================= Severity: Critical Date : 2022-07-29 CVE-ID : CVE-2022-32792 CVE-2022-32816 Package : webkit2gtk Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2790 Summary ======= The package...
[ASA-202204-14] mediawiki: cross-site scripting
Arch Linux Security Advisory ASA-202204-14 ========================================== Severity: Medium Date : 2022-04-15 CVE-ID : CVE-2022-28202 Package : mediawiki Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-2677 Summary ======= The package mediawiki before...