Lucene search
K
ArchlinuxMost viewed

1854 matches found

ArchLinux
ArchLinux
•added 2016/05/05 12:0 a.m.•50 views

chromium: multiple issues

CVE-2016-1660: Out-of-bounds write in Blink. Credit to Atte Kettunen of OUSPG. - CVE-2016-1661: Memory corruption in cross-process frames. Credit to Wadih Matar. - CVE-2016-1662: Use-after-free in extensions. Credit to Rob Wu. - CVE-2016-1663: Use-after-free in Blink's V8 bindings. Credit to...

10CVSS2AI score0.03881EPSS
Exploits0References8
ArchLinux
ArchLinux
•added 2016/03/11 12:0 a.m.•50 views

flashplugin: arbitrary code execution

CVE-2016-0963 CVE-2016-0993 CVE-2016-1010 arbitrary code execution Integer overflow vulnerabilities that could lead to code execution. - CVE-2016-0987 CVE-2016-0988 CVE-2016-0990 CVE-2016-0991 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000...

10CVSS3.1AI score0.29839EPSS
Exploits14References24
ArchLinux
ArchLinux
•added 2015/10/30 12:0 a.m.•50 views

phpmyadmin: content spoofing

This vulnerability allows an attacker to perform a content spoofing attack using the phpMyAdmin's redirection mechanism to external sites. This vulnerability is not considered to be critical since the spoofed content is escaped and no HTML injection is possible...

5CVSS1.3AI score0.02624EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2015/09/03 12:0 a.m.•50 views

bind: denial of service

CVE-2015-5722 Parsing malformed keys may cause BIND to exit due to a failed assertion in buffer.c: Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example...

7.8CVSS4.2AI score0.33652EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2015/06/10 12:0 a.m.•50 views

cups: multiple issues

CVE-2015-1158 arbitrary code execution, privilege escalation An issue with how localized strings are handled in cupsd allows a reference counter to over-decrement when handling certain print job request errors. As a result, an attacker can prematurely free an arbitrary string of global scope,...

10CVSS2.9AI score0.29913EPSS
Exploits9References4
ArchLinux
ArchLinux
•added 2015/05/15 12:0 a.m.•50 views

wireshark-gtk: denial of service

CVE-2015-3808 denial of service There is an infinite loop condition in dissectlbmrpser in epan/dissectors/packet-lbmr.c. It's possible for an attacker to set the the variable 'optionlen' to 0, causing the loop to never terminate. This issue is leading to excessive CPU resources consumption by...

7.8CVSS1.5AI score0.03731EPSS
Exploits0References9
ArchLinux
ArchLinux
•added 2015/04/24 12:0 a.m.•50 views

wpa_supplicant: arbitrary code execution

A vulnerability was found in how wpasupplicant uses SSID information parsed from management frames that create or update P2P peer entries e.g., Probe Response frame or number of P2P Public Action frames. SSID field has valid length range of 0-32 octets. However, it is transmitted in an element th...

5.8CVSS2.2AI score0.05228EPSS
Exploits0References3
ArchLinux
ArchLinux
•added 2015/04/17 12:0 a.m.•50 views

jre7-openjdk-headless: multiple issues

CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...

10CVSS3.4AI score0.07224EPSS
Exploits1References7
ArchLinux
ArchLinux
•added 2015/04/17 12:0 a.m.•50 views

jre8-openjdk: multiple issues

CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...

10CVSS3.2AI score0.07224EPSS
Exploits1References8
ArchLinux
ArchLinux
•added 2015/04/04 12:0 a.m.•50 views

thunderbird: multiple issues

CVE-2015-0801 same-origin bypass: Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG...

7.5CVSS0.8AI score0.66936EPSS
Exploits3References10
ArchLinux
ArchLinux
•added 2015/03/16 12:0 a.m.•50 views

flashplugin: multiple issues

CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339: Memory corruption vulnerabilities leading to code execution. -CVE-2015-0334, CVE-2015-0336: Type confusion vulnerabilities leading to code execution. - CVE-2015-0337 : Vulnerability leading to a cross-domain policy bypass. -...

10CVSS2.8AI score0.71536EPSS
Exploits5References12
ArchLinux
ArchLinux
•added 2015/01/23 12:0 a.m.•50 views

jre8-openjdk: multiple issues

CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6549 arbitrary code execution Incorrect class loader permission check in ClassLoader...

10CVSS6.8AI score0.99999EPSS
Exploits12References20
ArchLinux
ArchLinux
•added 2015/01/23 12:0 a.m.•50 views

jre8-openjdk-headless: multiple issues

CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6549 arbitrary code execution Incorrect class loader permission check in ClassLoader...

10CVSS6.5AI score0.99999EPSS
Exploits12References18
ArchLinux
ArchLinux
•added 2025/06/22 12:0 a.m.•49 views

[ASA-202506-10] libblockdev: privilege escalation

Arch Linux Security Advisory ASA-202506-10 ========================================== Severity: High Date : 2025-06-22 CVE-ID : CVE-2025-6019 Package : libblockdev Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-2905 Summary ======= The package libblockdev before...

7CVSS7.1AI score0.00433EPSS
Exploits18References4
ArchLinux
ArchLinux
•added 2022/05/16 12:0 a.m.•49 views

[ASA-202205-2] git: arbitrary command execution

Arch Linux Security Advisory ASA-202205-2 ========================================= Severity: Medium Date : 2022-05-16 CVE-ID : CVE-2022-24765 Package : git Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-2679 Summary ======= The package git before version...

6.9CVSS1.5AI score0.00782EPSS
Exploits0References3
ArchLinux
ArchLinux
•added 2022/04/07 12:0 a.m.•49 views

[ASA-202204-7] gzip: arbitrary command execution

Arch Linux Security Advisory ASA-202204-7 ========================================= Severity: High Date : 2022-04-07 CVE-ID : CVE-2022-1271 Package : gzip Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-2666 Summary ======= The package gzip before version...

8.8CVSS9.4AI score0.04271EPSS
Exploits0References7
ArchLinux
ArchLinux
•added 2021/12/11 12:0 a.m.•49 views

[ASA-202112-11] grafana: directory traversal

Arch Linux Security Advisory ASA-202112-11 ========================================== Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 Package : grafana Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-2609 Summary ======= The...

7.5CVSS0.9AI score0.88849EPSS
Exploits44References14
ArchLinux
ArchLinux
•added 2021/12/11 12:0 a.m.•49 views

[ASA-202112-9] thunderbird: multiple issues

Arch Linux Security Advisory ASA-202112-9 ========================================= Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-43528 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 Package : thunderbird...

8.8CVSS0.8AI score0.0202EPSS
Exploits0References23
ArchLinux
ArchLinux
•added 2021/11/18 12:0 a.m.•49 views

[ASA-202111-9] chromium: multiple issues

Arch Linux Security Advisory ASA-202111-9 ========================================= Severity: High Date : 2021-11-18 CVE-ID : CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015...

9.6CVSS9AI score0.01362EPSS
Exploits2References38
ArchLinux
ArchLinux
•added 2019/10/11 12:0 a.m.•49 views

[ASA-201910-8] sdl: arbitrary code execution

Arch Linux Security Advisory ASA-201910-8 ========================================= Severity: High Date : 2019-10-11 CVE-ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 CVE-2019-13616...

8.8CVSS0.7AI score0.03299EPSS
Exploits12References40
ArchLinux
ArchLinux
•added 2019/08/10 12:0 a.m.•49 views

[ASA-201908-7] postgresql-libs: multiple issues

Arch Linux Security Advisory ASA-201908-7 ========================================= Severity: Medium Date : 2019-08-10 CVE-ID : CVE-2019-10208 CVE-2019-10209 Package : postgresql-libs Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1019 Summary ======= The package...

8.8CVSS1.6AI score0.0217EPSS
Exploits0References6
ArchLinux
ArchLinux
•added 2019/08/05 12:0 a.m.•49 views

[ASA-201908-5] sdl2: arbitrary code execution

Arch Linux Security Advisory ASA-201908-5 ========================================= Severity: High Date : 2019-08-05 CVE-ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7638 Package : sdl2 Type : arbitrary...

8.8CVSS0.6AI score0.03299EPSS
Exploits10References34
ArchLinux
ArchLinux
•added 2019/08/05 12:0 a.m.•49 views

[ASA-201908-2] python-django: multiple issues

Arch Linux Security Advisory ASA-201908-2 ========================================= Severity: Medium Date : 2019-08-05 CVE-ID : CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 Package : python-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1015...

9.8CVSS1.6AI score0.47694EPSS
Exploits0References10
ArchLinux
ArchLinux
•added 2019/06/11 12:0 a.m.•49 views

[ASA-201906-7] openssl: information disclosure

Arch Linux Security Advisory ASA-201906-7 ========================================= Severity: Low Date : 2019-06-11 CVE-ID : CVE-2019-1543 Package : openssl Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-919 Summary ======= The package openssl before version...

7.4CVSS5.9AI score0.05701EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2019/03/02 12:0 a.m.•49 views

[ASA-201903-2] openssl-1.0: information disclosure

Arch Linux Security Advisory ASA-201903-2 ========================================= Severity: Medium Date : 2019-03-02 CVE-ID : CVE-2019-1559 Package : openssl-1.0 Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-917 Summary ======= The package openssl-1.0 befo...

5.9CVSS0.8AI score0.17139EPSS
Exploits0References3
ArchLinux
ArchLinux
•added 2019/02/11 12:0 a.m.•49 views

[ASA-201902-6] runc: privilege escalation

Arch Linux Security Advisory ASA-201902-6 ========================================= Severity: High Date : 2019-02-11 CVE-ID : CVE-2019-5736 Package : runc Type : privilege escalation Remote : Yes Link : https://security.archlinux.org/AVG-878 Summary ======= The package runc before version...

9.3CVSS2.4AI score0.9857EPSS
Exploits33References5
ArchLinux
ArchLinux
•added 2019/01/08 12:0 a.m.•49 views

[ASA-201901-3] elfutils: denial of service

Arch Linux Security Advisory ASA-201901-3 ========================================= Severity: Medium Date : 2019-01-08 CVE-ID : CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 Package : elfutils Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-785 Summary ======= The...

6.5CVSS2.4AI score0.02791EPSS
Exploits3References10
ArchLinux
ArchLinux
•added 2018/10/17 12:0 a.m.•49 views

[ASA-201810-11] net-snmp: multiple issues

Arch Linux Security Advisory ASA-201810-11 ========================================== Severity: High Date : 2018-10-17 CVE-ID : CVE-2015-5621 CVE-2018-18065 Package : net-snmp Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-777 Summary ======= The package net-snmp...

7.5CVSS8.3AI score0.40002EPSS
Exploits2References11
ArchLinux
ArchLinux
•added 2018/08/08 12:0 a.m.•49 views

[ASA-201808-5] linux-lts: denial of service

Arch Linux Security Advisory ASA-201808-5 ========================================= Severity: High Date : 2018-08-08 CVE-ID : CVE-2018-5390 Package : linux-lts Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-748 Summary ======= The package linux-lts before version...

7.8CVSS0.2AI score0.7354EPSS
Exploits0References9
ArchLinux
ArchLinux
•added 2017/03/11 12:0 a.m.•49 views

[ASA-201703-4] chromium: multiple issues

Arch Linux Security Advisory ASA-201703-4 ========================================= Severity: Critical Date : 2017-03-11 CVE-ID : CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040...

8.8CVSS0.4AI score0.41603EPSS
Exploits2References37
ArchLinux
ArchLinux
•added 2017/01/27 12:0 a.m.•49 views

[ASA-201701-36] lib32-openssl: multiple issues

Arch Linux Security Advisory ASA-201701-36 ========================================== Severity: Medium Date : 2017-01-27 CVE-ID : CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 Package : lib32-openssl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-155 Summary ======= The...

7.5CVSS7.6AI score0.57595EPSS
Exploits1References7
ArchLinux
ArchLinux
•added 2017/01/01 12:0 a.m.•49 views

[ASA-201701-1] libwmf: multiple issues

Arch Linux Security Advisory ASA-201701-1 ========================================= Severity: Critical Date : 2017-01-01 CVE-ID : CVE-2006-3376 CVE-2007-0455 CVE-2007-2756 CVE-2007-3472 CVE-2007-3473 CVE-2007-3477 CVE-2009-1364 CVE-2009-3546 CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696...

9.3CVSS8.1AI score0.13311EPSS
Exploits4References17
ArchLinux
ArchLinux
•added 2016/09/09 12:0 a.m.•49 views

wordpress: multiple issues

CVE-2016-7168 cross-site scripting A cross-site scripting vulnerability via an image filename, reported by SumOfPwm researcher Cengiz Han Sahin. - CVE-2016-7169 directory traversal A directory traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the...

1.1AI score0.03237EPSS
Exploits0References5
ArchLinux
ArchLinux
•added 2016/07/22 12:0 a.m.•49 views

python2-django: cross-site scripting

Unsafe usage of JavaScript's Element.innerHTML could result in XSS in the admin's add/change related popup. Element.textContent is now used to prevent execution of the data. The debug view also used innerHTML. Although a security issue wasn't identified there, out of an abundance of caution it's...

4.3CVSS0.8AI score0.05536EPSS
Exploits6References3
ArchLinux
ArchLinux
•added 2016/05/18 12:0 a.m.•49 views

lib32-expat: arbitrary code execution

CVE-2015-1283 arbitrary code execution Multiple integer overflows in the XMLGetBuffer function allow remote attackers to cause a denial of service heap-based buffer overflow or possibly arbitrary code execution via crafted XML data. This problem has already been fixed in version 2.1.0-1 but this...

7.5CVSS6.6AI score0.19069EPSS
Exploits3References3
ArchLinux
ArchLinux
•added 2016/05/18 12:0 a.m.•49 views

expat: arbitrary code execution

CVE-2015-1283 arbitrary code execution Multiple integer overflows in the XMLGetBuffer function allow remote attackers to cause a denial of service heap-based buffer overflow or possibly arbitrary code execution via crafted XML data. This problem has already been fixed in version 2.1.0-1 but this...

7.5CVSS6.6AI score0.19069EPSS
Exploits3References3
ArchLinux
ArchLinux
•added 2016/03/29 12:0 a.m.•49 views

jre8-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

9.3CVSS2.8AI score0.05765EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2016/03/13 12:0 a.m.•49 views

pcre: arbitrary code execution

PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. Exploits with advanced Heap Fengshui techniques may allow an attacker to execu...

7.5CVSS2.3AI score0.07791EPSS
Exploits1References3
ArchLinux
ArchLinux
•added 2016/02/28 12:0 a.m.•49 views

lib32-glibc: unbound stack usage

CVE-2014-9761 unbound stack usage The nan, nanf and nanl functions no longer have unbounded stack usage depending on the length of the string passed as an argument to the functions...

4.9CVSS2AI score0.05506EPSS
Exploits2References2
ArchLinux
ArchLinux
•added 2016/02/06 12:0 a.m.•49 views

libsndfile: multiple issues

CVE-2014-9496 unspecified impact The sd2parsersrcfork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a 1 map offset or 2 rsrc marker, which triggers an out-of-bounds read. - CVE-2014-9756 denial of service The psffwrite function in fileio.c in...

10CVSS7.4AI score0.13294EPSS
Exploits3References3
ArchLinux
ArchLinux
•added 2016/01/17 12:0 a.m.•49 views

ffmpeg: information leakage

A vulnerability in the way FFmpeg handles the concat CVE-2016-1897 and subfile CVE-2016-1898 protocols in a HTTP Live Streaming HLS M3U8 file allows a remote attacker to conduct a cross-origin attacks, and to access arbitrary local files on the vulnerable host. The attack uses a crafted M3U8 file...

4.3CVSS1.7AI score0.14621EPSS
Exploits3References4
ArchLinux
ArchLinux
•added 2016/01/14 12:0 a.m.•49 views

php: multiple issues

CVE-2016-1903 information disclosure An out-of-bounds vulnerability has been discovered in ext/gd/libgd/gdinterpolation.c in the gdImageRotateInterpolated function. The background color of an image is passed in as an integer that represents an index to the color palette. As there is a lack of...

7.5CVSS3.4AI score0.07806EPSS
Exploits2References4
ArchLinux
ArchLinux
•added 2015/12/25 12:0 a.m.•49 views

thunderbird: multiple issues

CVE-2015-7201 cross-origin restriction bypass using data: and view-source: uri scheme: Security researcher Tsubasa Iinuma reported a mechanism to violate same-origin policy to content using data: and view-source: URIs to confuse protections and bypass restrictions. This resulted in the ability to...

10CVSS0.3AI score0.06058EPSS
Exploits1References6
ArchLinux
ArchLinux
•added 2015/08/14 12:0 a.m.•49 views

subversion: authentication bypass

CVE-2015-3184: Subversion's modauthzsvn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible. - CVE-2015-3187:...

5CVSS3AI score0.10607EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2015/04/24 12:0 a.m.•49 views

curl: multiple issues

CVE-2015-3143 re-using authenticated connection when unauthenticated: libcurl keeps a pool of its last few connections around after use to fascilitate easy, conventient and completely transparent connection re-use for applications. When doing HTTP requests NTLM authenticated, the entire...

9CVSS0.3AI score0.3763EPSS
Exploits1References8
ArchLinux
ArchLinux
•added 2015/04/17 12:0 a.m.•49 views

jre8-openjdk-headless: multiple issues

CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...

10CVSS3.2AI score0.07224EPSS
Exploits1References8
ArchLinux
ArchLinux
•added 2014/11/20 12:0 a.m.•49 views

drupal: session hijacking and denial of service

Custom configured session.inc and password.inc need to be audited as well to verify if they are prone to the following vulnerabilities. More information can be found in the upstream advisory 0. - CVE-2014-9015 session hijacking Aaron Averill discovered that a specially crafted request can give a...

6.8CVSS2.2AI score0.82234EPSS
Exploits3References4
ArchLinux
ArchLinux
•added 2014/11/19 12:0 a.m.•49 views

mingw-w64-binutils: multiple issues

CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...

7.5CVSS4.6AI score0.07486EPSS
Exploits7References11
ArchLinux
ArchLinux
•added 2022/07/29 12:0 a.m.•48 views

[ASA-202207-3] webkit2gtk: multiple issues

Arch Linux Security Advisory ASA-202207-3 ========================================= Severity: Critical Date : 2022-07-29 CVE-ID : CVE-2022-32792 CVE-2022-32816 Package : webkit2gtk Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2790 Summary ======= The package...

1.3AI score0.06463EPSS
Exploits0References6
ArchLinux
ArchLinux
•added 2022/04/15 12:0 a.m.•48 views

[ASA-202204-14] mediawiki: cross-site scripting

Arch Linux Security Advisory ASA-202204-14 ========================================== Severity: Medium Date : 2022-04-15 CVE-ID : CVE-2022-28202 Package : mediawiki Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-2677 Summary ======= The package mediawiki before...

4.3CVSS1.4AI score0.01161EPSS
Exploits0References3
Total number of security vulnerabilities1854