jdk8-openjdk: multiple issues

CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...

drupal: multiple issues

CVE-2015-2559 access bypass Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password. In Drupal 7, this vulnerability is mitigated by the fact that it can only be exploited on sites where...

flashplugin: multiple issues

CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339: Memory corruption vulnerabilities leading to code execution. -CVE-2015-0334, CVE-2015-0336: Type confusion vulnerabilities leading to code execution. - CVE-2015-0337 : Vulnerability leading to a cross-domain policy bypass. -...

lib32-elfutils: directory traversal

Directory traversal vulnerability in the readlongnames function in libelf/elfbegin.c allows remote attackers to write to arbitrary files to the root directory via a / slash in a crafted archive, as demonstrated using the ar program...

patch: multiple issues

CVE-2015-1196 directory traversal A directory traversal flaw was discovered that allows remote attackers to write to arbitrary files via a symlink attack in a patch file. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the...

nvidia-340xx: arbitrary code execution

It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation...

nvidia-304xx: arbitrary code execution

It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation...

[ASA-202111-9] chromium: multiple issues

Arch Linux Security Advisory ASA-202111-9 ========================================= Severity: High Date : 2021-11-18 CVE-ID : CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015...

[ASA-202111-4] opera: multiple issues

Arch Linux Security Advisory ASA-202111-4 ========================================= Severity: High Date : 2021-11-05 CVE-ID : CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991...

[ASA-202002-5] firefox: multiple issues

Arch Linux Security Advisory ASA-202002-5 ========================================= Severity: Critical Date : 2020-02-11 CVE-ID : CVE-2020-6796 CVE-2020-6798 CVE-2020-6800 CVE-2020-6801 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1096 Summary...

[ASA-201910-15] thunderbird: multiple issues

Arch Linux Security Advisory ASA-201910-15 ========================================== Severity: Critical Date : 2019-10-26 CVE-ID : CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 Package : thunderbird Type : multiple issues...

[ASA-201910-8] sdl: arbitrary code execution

Arch Linux Security Advisory ASA-201910-8 ========================================= Severity: High Date : 2019-10-11 CVE-ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 CVE-2019-13616...

[ASA-201908-7] postgresql-libs: multiple issues

Arch Linux Security Advisory ASA-201908-7 ========================================= Severity: Medium Date : 2019-08-10 CVE-ID : CVE-2019-10208 CVE-2019-10209 Package : postgresql-libs Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1019 Summary ======= The package...

[ASA-201908-2] python-django: multiple issues

Arch Linux Security Advisory ASA-201908-2 ========================================= Severity: Medium Date : 2019-08-05 CVE-ID : CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 Package : python-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1015...

[ASA-201906-7] openssl: information disclosure

Arch Linux Security Advisory ASA-201906-7 ========================================= Severity: Low Date : 2019-06-11 CVE-ID : CVE-2019-1543 Package : openssl Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-919 Summary ======= The package openssl before version...

[ASA-201902-6] runc: privilege escalation

Arch Linux Security Advisory ASA-201902-6 ========================================= Severity: High Date : 2019-02-11 CVE-ID : CVE-2019-5736 Package : runc Type : privilege escalation Remote : Yes Link : https://security.archlinux.org/AVG-878 Summary ======= The package runc before version...

[ASA-201812-7] lib32-openssl-1.0: private key recovery

Arch Linux Security Advisory ASA-201812-7 ========================================= Severity: Low Date : 2018-12-08 CVE-ID : CVE-2018-0734 CVE-2018-5407 Package : lib32-openssl-1.0 Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-806 Summary ======= The package...

[ASA-201810-11] net-snmp: multiple issues

Arch Linux Security Advisory ASA-201810-11 ========================================== Severity: High Date : 2018-10-17 CVE-ID : CVE-2015-5621 CVE-2018-18065 Package : net-snmp Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-777 Summary ======= The package net-snmp...

[ASA-201709-12] linux-zen: arbitrary code execution

Arch Linux Security Advisory ASA-201709-12 ========================================== Severity: High Date : 2017-09-18 CVE-ID : CVE-2017-1000251 Package : linux-zen Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-394 Summary ======= The package linux-zen...

[ASA-201706-20] thunderbird: multiple issues

Arch Linux Security Advisory ASA-201706-20 ========================================== Severity: Critical Date : 2017-06-16 CVE-ID : CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-77...

[ASA-201704-6] firefox: multiple issues

Arch Linux Security Advisory ASA-201704-6 ========================================= Severity: Critical Date : 2017-04-21 CVE-ID : CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441...

[ASA-201610-13] python-django: cross-site request forgery

Arch Linux Security Advisory ASA-201610-13 ========================================== Severity: Medium Date : 2016-10-21 CVE-ID : CVE-2016-7401 Package : python-django Type : cross-site request forgery Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...

firefox: multiple issues

CVE-2016-0718 arbitrary code execution Out-of-bounds read during XML parsing in Expat library. - CVE-2016-2830 information disclosure Favicon network connection can persist when page is closed. - CVE-2016-2835 CVE-2016-2836 arbitrary code execution Mozilla developers and community members...

python2-django: cross-site scripting

Unsafe usage of JavaScript's Element.innerHTML could result in XSS in the admin's add/change related popup. Element.textContent is now used to prevent execution of the data. The debug view also used innerHTML. Although a security issue wasn't identified there, out of an abundance of caution it's...

lib32-expat: arbitrary code execution

CVE-2015-1283 arbitrary code execution Multiple integer overflows in the XMLGetBuffer function allow remote attackers to cause a denial of service heap-based buffer overflow or possibly arbitrary code execution via crafted XML data. This problem has already been fixed in version 2.1.0-1 but this...

chromium: multiple issues

CVE-2016-1660: Out-of-bounds write in Blink. Credit to Atte Kettunen of OUSPG. - CVE-2016-1661: Memory corruption in cross-process frames. Credit to Wadih Matar. - CVE-2016-1662: Use-after-free in extensions. Credit to Rob Wu. - CVE-2016-1663: Use-after-free in Blink's V8 bindings. Credit to...

pcre: arbitrary code execution

PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. Exploits with advanced Heap Fengshui techniques may allow an attacker to execu...

flashplugin: arbitrary code execution

CVE-2016-0963 CVE-2016-0993 CVE-2016-1010 arbitrary code execution Integer overflow vulnerabilities that could lead to code execution. - CVE-2016-0987 CVE-2016-0988 CVE-2016-0990 CVE-2016-0991 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000...

thunderbird: multiple issues

CVE-2015-7201 cross-origin restriction bypass using data: and view-source: uri scheme: Security researcher Tsubasa Iinuma reported a mechanism to violate same-origin policy to content using data: and view-source: URIs to confuse protections and bypass restrictions. This resulted in the ability to...

lib32-flashplugin: arbitrary code execution

CVE-2015-5122 arbitrary code execution Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted Flash content that leverages improper handling of...

krb5: multiple issues

CVE-2014-5355 denial of service When a server process uses the krb5recvauth function, an unauthenticated remote attacker can cause a NULL dereference by sending a zero-byte version string, or a read beyond the end of allocated storage by sending a non-null-terminated version string. The example...

cups: multiple issues

CVE-2015-1158 arbitrary code execution, privilege escalation An issue with how localized strings are handled in cupsd allows a reference counter to over-decrement when handling certain print job request errors. As a result, an attacker can prematurely free an arbitrary string of global scope,...

mariadb: denial of service

CVE-2014-8964 denial of service A heap-based buffer overflow was found in the way PCRE handled certain malformed regular expressions. This issue could cause a crash while parsing malicious regular expressions related to an assertion that allows zero repeats. - CVE-2015-0499 denial of service...

firefox: multiple issues

CVE-2015-0801 same-origin bypass Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG...

pcre: heap buffer overflow

A heap buffer overflow issue was found in PCRE when processing a specially crafted regular expression, causing a denial of service or other unspecified impact...

drupal: session hijacking and denial of service

Custom configured session.inc and password.inc need to be audited as well to verify if they are prone to the following vulnerabilities. More information can be found in the upstream advisory 0. - CVE-2014-9015 session hijacking Aaron Averill discovered that a specially crafted request can give a...

php: denial of service

An out-of-bounds read flaw was found in the way the file information fileinfo extension parsed executable and linkable format ELF files...

[ASA-202204-7] gzip: arbitrary command execution

Arch Linux Security Advisory ASA-202204-7 ========================================= Severity: High Date : 2022-04-07 CVE-ID : CVE-2022-1271 Package : gzip Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-2666 Summary ======= The package gzip before version...

[ASA-202110-12] bind: denial of service

Arch Linux Security Advisory ASA-202110-12 ========================================== Severity: Medium Date : 2021-10-29 CVE-ID : CVE-2021-25219 Package : bind Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2502 Summary ======= The package bind before version...

[ASA-201912-5] libgit2: arbitrary code execution

Arch Linux Security Advisory ASA-201912-5 ========================================= Severity: High Date : 2019-12-18 CVE-ID : CVE-2019-1348 CVE-2019-1349 CVE-2019-1352 CVE-2019-1387 Package : libgit2 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1075 Summa...

[ASA-201908-15] go: multiple issues

Arch Linux Security Advisory ASA-201908-15 ========================================== Severity: Medium Date : 2019-08-24 CVE-ID : CVE-2019-9512 CVE-2019-9514 CVE-2019-14809 Package : go Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1021 Summary ======= The package ...

[ASA-201908-8] postgresql: multiple issues

Arch Linux Security Advisory ASA-201908-8 ========================================= Severity: Medium Date : 2019-08-10 CVE-ID : CVE-2019-10208 CVE-2019-10209 Package : postgresql Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1019 Summary ======= The package...

[ASA-201908-5] sdl2: arbitrary code execution

Arch Linux Security Advisory ASA-201908-5 ========================================= Severity: High Date : 2019-08-05 CVE-ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7638 Package : sdl2 Type : arbitrary...

[ASA-201907-3] python2-django: silent downgrade

Arch Linux Security Advisory ASA-201907-3 ========================================= Severity: High Date : 2019-07-06 CVE-ID : CVE-2019-12781 Package : python2-django Type : silent downgrade Remote : Yes Link : https://security.archlinux.org/AVG-1001 Summary ======= The package python2-django befo...

[ASA-201905-16] curl: arbitrary code execution

Arch Linux Security Advisory ASA-201905-16 ========================================== Severity: High Date : 2019-05-31 CVE-ID : CVE-2019-5436 Package : curl Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-964 Summary ======= The package curl before version...

[ASA-201904-10] libpng: denial of service

Arch Linux Security Advisory ASA-201904-10 ========================================== Severity: Low Date : 2019-04-24 CVE-ID : CVE-2019-7317 Package : libpng Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-868 Summary ======= The package libpng before version 1.6.37...

[ASA-201712-9] openssl-1.0: multiple issues

Arch Linux Security Advisory ASA-201712-9 ========================================= Severity: Medium Date : 2017-12-16 CVE-ID : CVE-2017-3735 CVE-2017-3736 Package : openssl-1.0 Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-479 Summary ======= The package openssl-1...

[ASA-201703-4] chromium: multiple issues

Arch Linux Security Advisory ASA-201703-4 ========================================= Severity: Critical Date : 2017-03-11 CVE-ID : CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040...

[ASA-201701-26] python-crypto: arbitrary code execution

Arch Linux Security Advisory ASA-201701-26 ========================================== Severity: Critical Date : 2017-01-15 CVE-ID : CVE-2013-7459 Package : python-crypto Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-118 Summary ======= The package...

[ASA-201610-6] imagemagick: multiple issues

Arch Linux Security Advisory ASA-201610-6 ========================================= Severity: High Date : 2016-10-08 CVE-ID : CVE-2016-7799 CVE-2016-7906 Package : imagemagick Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package imagemagi...