Lucene search
K
ArchlinuxMost viewed

1854 matches found

ArchLinux
ArchLinux
•added 2019/02/11 12:0 a.m.•48 views

[ASA-201902-6] runc: privilege escalation

Arch Linux Security Advisory ASA-201902-6 ========================================= Severity: High Date : 2019-02-11 CVE-ID : CVE-2019-5736 Package : runc Type : privilege escalation Remote : Yes Link : https://security.archlinux.org/AVG-878 Summary ======= The package runc before version...

9.3CVSS2.4AI score0.9857EPSS
Exploits33References5
ArchLinux
ArchLinux
•added 2017/06/12 12:0 a.m.•48 views

[ASA-201706-10] lib32-libtasn1: arbitrary code execution

Arch Linux Security Advisory ASA-201706-10 ========================================== Severity: High Date : 2017-06-12 CVE-ID : CVE-2017-6891 Package : lib32-libtasn1 Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-286 Summary ======= The package lib32-libtas...

8.8CVSS2.1AI score0.05585EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2017/01/27 12:0 a.m.•48 views

[ASA-201701-33] chromium: multiple issues

Arch Linux Security Advisory ASA-201701-33 ========================================== Severity: Critical Date : 2017-01-27 CVE-ID : CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009 CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5013 CVE-2017-5014 CVE-2017-5015 CVE-2017-5016 CVE-2017-50...

8.8CVSS0.6AI score0.02099EPSS
Exploits4References65
ArchLinux
ArchLinux
•added 2017/01/15 12:0 a.m.•48 views

[ASA-201701-26] python-crypto: arbitrary code execution

Arch Linux Security Advisory ASA-201701-26 ========================================== Severity: Critical Date : 2017-01-15 CVE-ID : CVE-2013-7459 Package : python-crypto Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-118 Summary ======= The package...

9.8CVSS2AI score0.09501EPSS
Exploits1References5
ArchLinux
ArchLinux
•added 2016/10/04 12:0 a.m.•48 views

[ASA-201610-3] hostapd: multiple issues

Arch Linux Security Advisory ASA-201610-3 ========================================= Severity: High Date : 2016-10-04 CVE-ID : CVE-2016-4476 CVE-2016-4477 Package : hostapd Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package hostapd befor...

7.8CVSS1.2AI score0.02858EPSS
Exploits0References5
ArchLinux
ArchLinux
•added 2016/07/21 12:0 a.m.•48 views

drupal: proxy injection

Drupal 8 uses the third-party PHP library Guzzle for making server-side HTTP requests. An attacker can provide a proxy server that Guzzle will use. This vulnerability is called 'httpoxy'. httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It...

5.1CVSS1.1AI score0.50427EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2016/07/05 12:0 a.m.•48 views

libarchive: arbitrary code execution

A vulnerability was found in libarchive. A specially crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the application...

6.8CVSS4.1AI score0.10284EPSS
Exploits1References3
ArchLinux
ArchLinux
•added 2016/05/18 12:0 a.m.•48 views

p7zip: arbitrary code execution

CVE-2016-2334 arbitrary code execution An exploitable heap overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip that can lead to arbitrary code execution. Before decompression, ExtractZlibFile method read block size and its offset from file...

6.8CVSS1.4AI score0.14742EPSS
Exploits5References4
ArchLinux
ArchLinux
•added 2016/05/13 12:0 a.m.•48 views

lib32-glibc: multiple issues

CVE-2016-1234 arbitrary code execution It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOBALTDIRFUNC is used, causing a large stack-based buffer overflow with controlled length and content. - CVE-2016-3706 denial of service A...

5CVSS3.4AI score0.05926EPSS
Exploits3References4
ArchLinux
ArchLinux
•added 2016/04/10 12:0 a.m.•48 views

flashplugin: multiple issues

CVE-2016-1006 JIT spraying mitigation bypass These updates harden a mitigation against JIT spraying attacks that could be used to bypass memory layout randomization mitigations. - CVE-2016-1015 CVE-2016-1019 arbitrary code execution These updates resolve type confusion vulnerabilities that could...

10CVSS1.9AI score0.25639EPSS
Exploits5References26
ArchLinux
ArchLinux
•added 2016/03/26 12:0 a.m.•48 views

chromium: multiple issues

CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab. - CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous. - CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous. - CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt working with...

9.3CVSS3AI score0.4811EPSS
Exploits1References6
ArchLinux
ArchLinux
•added 2016/03/09 12:0 a.m.•48 views

libotr: arbitrary code execution

CVE-2016-2851 arbitrary code execution Versions 4.1.0 and earlier of libotr in 64-bit builds contain an integer overflow security flaw. This flaw could potentially be exploited by a remote attacker to cause a heap buffer overflow and subsequently for arbitrary code to be executed on the user's...

7.5CVSS6.5AI score0.254EPSS
Exploits5References2
ArchLinux
ArchLinux
•added 2016/02/17 12:0 a.m.•48 views

lib32-glibc: multiple issues

CVE-2015-7547 arbitrary code execution A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the...

6.8CVSS2.3AI score0.89557EPSS
Exploits18References6
ArchLinux
ArchLinux
•added 2015/11/06 12:0 a.m.•48 views

nspr: arbitrary code execution

A logic bug in the handling of large allocations would allow exceptionally large allocations to be reported as successful, without actually allocating the requested memory. This may allow attackers to bypass security checks and obtain control of arbitrary memory...

7.5CVSS5.7AI score0.06792EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2015/10/15 12:0 a.m.•48 views

mbedtls: arbitrary code execution

When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the session ticket extension an...

6.8CVSS2.6AI score0.03629EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2015/07/12 12:0 a.m.•48 views

krb5: multiple issues

CVE-2014-5355 denial of service When a server process uses the krb5recvauth function, an unauthenticated remote attacker can cause a NULL dereference by sending a zero-byte version string, or a read beyond the end of allocated storage by sending a non-null-terminated version string. The example...

5.8CVSS2.4AI score0.04587EPSS
Exploits0References5
ArchLinux
ArchLinux
•added 2015/05/15 12:0 a.m.•48 views

wireshark-cli: denial of service

CVE-2015-3808 denial of service There is an infinite loop condition in dissectlbmrpser in epan/dissectors/packet-lbmr.c. It's possible for an attacker to set the the variable 'optionlen' to 0, causing the loop to never terminate. This issue is leading to excessive CPU resources consumption by...

7.8CVSS1.5AI score0.03731EPSS
Exploits0References9
ArchLinux
ArchLinux
•added 2015/05/08 12:0 a.m.•48 views

mariadb: denial of service

CVE-2014-8964 denial of service A heap-based buffer overflow was found in the way PCRE handled certain malformed regular expressions. This issue could cause a crash while parsing malicious regular expressions related to an assertion that allows zero repeats. - CVE-2015-0499 denial of service...

5.7CVSS4.3AI score0.09984EPSS
Exploits0References6
ArchLinux
ArchLinux
•added 2015/04/17 12:0 a.m.•48 views

jre8-openjdk-headless: multiple issues

CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...

10CVSS3.2AI score0.07224EPSS
Exploits1References8
ArchLinux
ArchLinux
•added 2015/04/04 12:0 a.m.•48 views

thunderbird: multiple issues

CVE-2015-0801 same-origin bypass: Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG...

7.5CVSS0.8AI score0.66936EPSS
Exploits3References10
ArchLinux
ArchLinux
•added 2015/03/05 12:0 a.m.•48 views

chromium: multiple issues

CVE-2015-1212: Out-of-bounds write in media. - CVE-2015-1213, CVE-2015-1214, CVE-2015-1215: Out-of-bounds write in skia filters. - CVE-2015-1216: Use-after-free in v8 bindings. - CVE-2015-1217: Type confusion in v8 bindings. - CVE-2015-1218: Use-after-free in dom. - CVE-2015-1219: Integer...

7.5CVSS4.8AI score0.02565EPSS
Exploits0References21
ArchLinux
ArchLinux
•added 2015/03/02 12:0 a.m.•48 views

putty: information disclosure

When PuTTY has sensitive data in memory and has no further need for it, it should wipe the data out of its memory, in case malware later gains access to the PuTTY process or the memory is swapped out to disk or written into a crash dump file. An obvious example of this is the password typed durin...

2.1CVSS0.00585EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2014/11/26 12:0 a.m.•48 views

pcre: heap buffer overflow

A heap buffer overflow issue was found in PCRE when processing a specially crafted regular expression, causing a denial of service or other unspecified impact...

5CVSS3.5AI score0.06505EPSS
Exploits0References3
ArchLinux
ArchLinux
•added 2014/11/19 12:0 a.m.•48 views

mingw-w64-binutils: multiple issues

CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...

7.5CVSS4.6AI score0.07486EPSS
Exploits7References11
ArchLinux
ArchLinux
•added 2014/11/13 12:0 a.m.•48 views

php: denial of service

An out-of-bounds read flaw was found in the way the file information fileinfo extension parsed executable and linkable format ELF files...

5CVSS3.4AI score0.14013EPSS
Exploits0References5
ArchLinux
ArchLinux
•added 2020/01/10 12:0 a.m.•47 views

[ASA-202001-3] firefox: arbitrary code execution

Arch Linux Security Advisory ASA-202001-3 ========================================= Severity: Critical Date : 2020-01-10 CVE-ID : CVE-2019-17026 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1085 Summary ======= The package firefox before...

8.8CVSS1.9AI score0.46589EPSS
Exploits7References5
ArchLinux
ArchLinux
•added 2020/01/08 12:0 a.m.•47 views

[ASA-202001-1] firefox: multiple issues

Arch Linux Security Advisory ASA-202001-1 ========================================= Severity: Critical Date : 2020-01-08 CVE-ID : CVE-2019-17016 CVE-2019-17017 CVE-2019-17020 CVE-2019-17022 CVE-2019-17023 CVE-2019-17024 CVE-2019-17025 Package : firefox Type : multiple issues Remote : Yes Link :...

8.8CVSS1.9AI score0.02489EPSS
Exploits1References23
ArchLinux
ArchLinux
•added 2019/11/13 12:0 a.m.•47 views

[ASA-201911-10] linux: arbitrary code execution

Arch Linux Security Advisory ASA-201911-10 ========================================== Severity: Critical Date : 2019-11-13 CVE-ID : CVE-2019-17666 Package : linux Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1064 Summary ======= The package linux before...

8.8CVSS1.8AI score0.03017EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2019/08/24 12:0 a.m.•47 views

[ASA-201908-15] go: multiple issues

Arch Linux Security Advisory ASA-201908-15 ========================================== Severity: Medium Date : 2019-08-24 CVE-ID : CVE-2019-9512 CVE-2019-9514 CVE-2019-14809 Package : go Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1021 Summary ======= The package ...

9.8CVSS1.2AI score0.83433EPSS
Exploits2References7
ArchLinux
ArchLinux
•added 2019/08/10 12:0 a.m.•47 views

[ASA-201908-8] postgresql: multiple issues

Arch Linux Security Advisory ASA-201908-8 ========================================= Severity: Medium Date : 2019-08-10 CVE-ID : CVE-2019-10208 CVE-2019-10209 Package : postgresql Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1019 Summary ======= The package...

8.8CVSS1.5AI score0.0217EPSS
Exploits0References6
ArchLinux
ArchLinux
•added 2019/07/06 12:0 a.m.•47 views

[ASA-201907-3] python2-django: silent downgrade

Arch Linux Security Advisory ASA-201907-3 ========================================= Severity: High Date : 2019-07-06 CVE-ID : CVE-2019-12781 Package : python2-django Type : silent downgrade Remote : Yes Link : https://security.archlinux.org/AVG-1001 Summary ======= The package python2-django befo...

5.3CVSS1.2AI score0.01697EPSS
Exploits0References5
ArchLinux
ArchLinux
•added 2019/04/24 12:0 a.m.•47 views

[ASA-201904-10] libpng: denial of service

Arch Linux Security Advisory ASA-201904-10 ========================================== Severity: Low Date : 2019-04-24 CVE-ID : CVE-2019-7317 Package : libpng Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-868 Summary ======= The package libpng before version 1.6.37...

5.3CVSS2.5AI score0.09393EPSS
Exploits3References4
ArchLinux
ArchLinux
•added 2018/11/12 12:0 a.m.•47 views

[ASA-201811-12] powerdns: denial of service

Arch Linux Security Advisory ASA-201811-12 ========================================== Severity: Medium Date : 2018-11-12 CVE-ID : CVE-2018-10851 CVE-2018-14626 Package : powerdns Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-804 Summary ======= The package powerd...

7.5CVSS2.3AI score0.06041EPSS
Exploits0References7
ArchLinux
ArchLinux
•added 2018/03/19 12:0 a.m.•47 views

[ASA-201803-21] lib32-libvorbis: multiple issues

Arch Linux Security Advisory ASA-201803-21 ========================================== Severity: Critical Date : 2018-03-19 CVE-ID : CVE-2017-14632 CVE-2017-14633 CVE-2018-5146 Package : lib32-libvorbis Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-658 Summary =====...

9.8CVSS1AI score0.12054EPSS
Exploits0References10
ArchLinux
ArchLinux
•added 2017/12/16 12:0 a.m.•47 views

[ASA-201712-9] openssl-1.0: multiple issues

Arch Linux Security Advisory ASA-201712-9 ========================================= Severity: Medium Date : 2017-12-16 CVE-ID : CVE-2017-3735 CVE-2017-3736 Package : openssl-1.0 Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-479 Summary ======= The package openssl-1...

6.5CVSS0.9AI score0.17699EPSS
Exploits0References9
ArchLinux
ArchLinux
•added 2017/11/19 12:0 a.m.•47 views

[ASA-201711-25] icu: arbitrary code execution

Arch Linux Security Advisory ASA-201711-25 ========================================== Severity: Critical Date : 2017-11-19 CVE-ID : CVE-2017-14952 Package : icu Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-504 Summary ======= The package icu before versio...

9.8CVSS3.8AI score0.05096EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2017/08/12 12:0 a.m.•47 views

[ASA-201708-8] jdk7-openjdk: multiple issues

Arch Linux Security Advisory ASA-201708-8 ========================================= Severity: Critical Date : 2017-08-12 CVE-ID : CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10107...

9.6CVSS1.3AI score0.05034EPSS
Exploits2References53
ArchLinux
ArchLinux
•added 2016/10/08 12:0 a.m.•47 views

[ASA-201610-6] imagemagick: multiple issues

Arch Linux Security Advisory ASA-201610-6 ========================================= Severity: High Date : 2016-10-08 CVE-ID : CVE-2016-7799 CVE-2016-7906 Package : imagemagick Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package imagemagi...

6.5CVSS0.9AI score0.03566EPSS
Exploits0References9
ArchLinux
ArchLinux
•added 2016/09/13 12:0 a.m.•47 views

powerdns: denial of service

Two issues have been found in PowerDNS Authoritative Server allowing a remote, unauthenticated attacker to cause an abnormal load on the PowerDNS backend by sending crafted DNS queries, which might result in a partial denial of service if the backend becomes overloaded. SQL backends for example a...

1.9AI score0.62982EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2016/07/18 12:0 a.m.•47 views

flashplugin: multiple issues

CVE-2016-4175 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235...

10CVSS1AI score0.36456EPSS
Exploits26References50
ArchLinux
ArchLinux
•added 2016/07/17 12:0 a.m.•47 views

gimp: arbitrary code execution

Multiple Use-After-Free when parsing XCF channel and layer properties...

6.8CVSS5.2AI score0.03113EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2016/06/08 12:0 a.m.•47 views

qemu: multiple issues

CVE-2015-8558 denial of service An infinite-loop issue was found in the QEMU emulator built with USB EHCI emulation support. The flaw occurred during communication between the host controller interfaceEHCI and a respective device driver. These two communicate using an isochronous transfer...

7.2CVSS1.5AI score0.00916EPSS
Exploits0References6
ArchLinux
ArchLinux
•added 2016/03/29 12:0 a.m.•47 views

jre8-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

9.3CVSS2.8AI score0.05765EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2016/03/03 12:0 a.m.•47 views

chromium: multiple issues

CVE-2015-8126: Buffer overflow vulnerabilities in functions pnggetPLTE/pngsetPLTE, allowing remote attackers to cause DoS to application or have unspecified other impact. These functions failed to check for an out-of-range palette when reading or writing PNG files with a bitdepth less than 8...

10CVSS0.5AI score0.10339EPSS
Exploits3References15
ArchLinux
ArchLinux
•added 2016/01/29 12:0 a.m.•47 views

openssl: man-in-the-middle

CVE-2015-3197 man-in-the-middle A flaw was found in the way malicious SSL/TLS clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSL/TLS connections, making them vulnerable to man-in-the-middle attacks. -...

4.3CVSS1.8AI score0.9986EPSS
Exploits3References4
ArchLinux
ArchLinux
•added 2016/01/25 12:0 a.m.•47 views

ecryptfs-utils: privilege escalation

An unprivileged user can mount an ecryptfs over /proc/$pid because according to stat, it is a normal directory and owned by the user. However, the user is not actually permitted to create arbitrary directory entries in /proc/$pid, and ecryptfs' behavior might be enabling privilege escalation...

4.6CVSS1.5AI score0.00368EPSS
Exploits0References3
ArchLinux
ArchLinux
•added 2016/01/17 12:0 a.m.•47 views

hub: information leakage

This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...

5CVSS2AI score0.02627EPSS
Exploits0References3
ArchLinux
ArchLinux
•added 2015/11/17 12:0 a.m.•47 views

lib32-libpng: multiple issues

CVE-2015-7981 out-of-bounds read This is an array indexing error, which can lead to an out-of-bounds read of a static buffer. The result is now unsigned no longer negative, but now a huge positive number. - CVE-2015-8126 arbitrary code execution Buffer overflow vulnerabilities in functions...

7.5CVSS1.7AI score0.10339EPSS
Exploits1References5
ArchLinux
ArchLinux
•added 2015/05/28 12:0 a.m.•47 views

curl: information leakage

libcurl provides applications a way to set custom HTTP headers to be sent to the server by using CURLOPTHTTPHEADER. A similar option is available for the curl command-line tool with the '--header' option. When the connection passes through an HTTP proxy the same set of headers is sent to the prox...

5CVSS0.07538EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2015/05/21 12:0 a.m.•47 views

chromium: multiple issues

CVE-2015-1251 arbitrary code execution Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem allows remote attackers to execute arbitrary code via a crafted document. - CVE-2015-1252 sandbox protection bypass It has been discovered that...

7.5CVSS5.3AI score0.07855EPSS
Exploits4References14
Total number of security vulnerabilities1854