1854 matches found
drupal: proxy injection
Drupal 8 uses the third-party PHP library Guzzle for making server-side HTTP requests. An attacker can provide a proxy server that Guzzle will use. This vulnerability is called 'httpoxy'. httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It...
flashplugin: multiple issues
CVE-2016-4175 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235...
libarchive: arbitrary code execution
A vulnerability was found in libarchive. A specially crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the application...
expat: arbitrary code execution
CVE-2015-1283 arbitrary code execution Multiple integer overflows in the XMLGetBuffer function allow remote attackers to cause a denial of service heap-based buffer overflow or possibly arbitrary code execution via crafted XML data. This problem has already been fixed in version 2.1.0-1 but this...
flashplugin: multiple issues
CVE-2016-1006 JIT spraying mitigation bypass These updates harden a mitigation against JIT spraying attacks that could be used to bypass memory layout randomization mitigations. - CVE-2016-1015 CVE-2016-1019 arbitrary code execution These updates resolve type confusion vulnerabilities that could...
chromium: multiple issues
CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab. - CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous. - CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous. - CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt working with...
openssl: man-in-the-middle
CVE-2015-3197 man-in-the-middle A flaw was found in the way malicious SSL/TLS clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSL/TLS connections, making them vulnerable to man-in-the-middle attacks. -...
nspr: arbitrary code execution
A logic bug in the handling of large allocations would allow exceptionally large allocations to be reported as successful, without actually allocating the requested memory. This may allow attackers to bypass security checks and obtain control of arbitrary memory...
spice: multiple issues
CVE-2015-3247 race condition flaw: A race condition flaw was found in spice's workerupdatemonitorsconfig function, leading to a heap-based memory corruption. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of...
chromium: multiple issues
CVE-2015-1251 arbitrary code execution Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem allows remote attackers to execute arbitrary code via a crafted document. - CVE-2015-1252 sandbox protection bypass It has been discovered that...
wireshark-cli: denial of service
CVE-2015-3808 denial of service There is an infinite loop condition in dissectlbmrpser in epan/dissectors/packet-lbmr.c. It's possible for an attacker to set the the variable 'optionlen' to 0, causing the loop to never terminate. This issue is leading to excessive CPU resources consumption by...
jre7-openjdk: multiple issues
CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...
thunderbird: multiple issues
CVE-2015-0801 same-origin bypass: Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG...
glibc: multiple issues
glibc has multiple issues including heap- and stack overflows that could be exploitable. The heap- and stack-overflow is possible in the swscanf function...
libssh: denial of service
It was discovered that a double free vulnerability in the sshpacketkexinit function in kex.c allows remote attackers to cause a denial of service via a crafted kexinit packet...
[ASA-202207-3] webkit2gtk: multiple issues
Arch Linux Security Advisory ASA-202207-3 ========================================= Severity: Critical Date : 2022-07-29 CVE-ID : CVE-2022-32792 CVE-2022-32816 Package : webkit2gtk Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2790 Summary ======= The package...
[ASA-202110-9] webkit2gtk: multiple issues
Arch Linux Security Advisory ASA-202110-9 ========================================= Severity: Medium Date : 2021-10-29 CVE-ID : CVE-2021-30846 CVE-2021-30851 CVE-2021-42762 Package : webkit2gtk Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2483 Summary ======= The...
[ASA-202004-9] chromium: multiple issues
Arch Linux Security Advisory ASA-202004-9 ========================================= Severity: High Date : 2020-04-08 CVE-ID : CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440...
[ASA-201911-10] linux: arbitrary code execution
Arch Linux Security Advisory ASA-201911-10 ========================================== Severity: Critical Date : 2019-11-13 CVE-ID : CVE-2019-17666 Package : linux Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1064 Summary ======= The package linux before...
[ASA-201908-3] python2-django: multiple issues
Arch Linux Security Advisory ASA-201908-3 ========================================= Severity: Medium Date : 2019-08-05 CVE-ID : CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 Package : python2-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1014...
[ASA-201803-4] dhcp: denial of service
Arch Linux Security Advisory ASA-201803-4 ========================================= Severity: High Date : 2018-03-05 CVE-ID : CVE-2018-5733 Package : dhcp Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-646 Summary ======= The package dhcp before version 4.4.1-1 is...
[ASA-201709-17] tomcat7: information disclosure
Arch Linux Security Advisory ASA-201709-17 ========================================== Severity: Medium Date : 2017-09-19 CVE-ID : CVE-2017-12616 Package : tomcat7 Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-408 Summary ======= The package tomcat7 before...
[ASA-201708-8] jdk7-openjdk: multiple issues
Arch Linux Security Advisory ASA-201708-8 ========================================= Severity: Critical Date : 2017-08-12 CVE-ID : CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10107...
[ASA-201707-17] libtiff: arbitrary code execution
Arch Linux Security Advisory ASA-201707-17 ========================================== Severity: Critical Date : 2017-07-18 CVE-ID : CVE-2015-7554 CVE-2016-10095 Package : libtiff Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-5 Summary ======= The package...
[ASA-201702-17] linux: multiple issues
Arch Linux Security Advisory ASA-201702-17 ========================================== Severity: High Date : 2017-02-22 CVE-ID : CVE-2016-10088 CVE-2016-9588 CVE-2017-5986 CVE-2017-6074 Package : linux Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-178 Summary =======...
[ASA-201701-33] chromium: multiple issues
Arch Linux Security Advisory ASA-201701-33 ========================================== Severity: Critical Date : 2017-01-27 CVE-ID : CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009 CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5013 CVE-2017-5014 CVE-2017-5015 CVE-2017-5016 CVE-2017-50...
[ASA-201701-1] libwmf: multiple issues
Arch Linux Security Advisory ASA-201701-1 ========================================= Severity: Critical Date : 2017-01-01 CVE-ID : CVE-2006-3376 CVE-2007-0455 CVE-2007-2756 CVE-2007-3472 CVE-2007-3473 CVE-2007-3477 CVE-2009-1364 CVE-2009-3546 CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696...
[ASA-201610-7] wpa_supplicant: multiple issues
Arch Linux Security Advisory ASA-201610-7 ========================================= Severity: High Date : 2016-10-08 CVE-ID : CVE-2016-4476 CVE-2016-4477 Package : wpasupplicant Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...
powerdns: denial of service
Two issues have been found in PowerDNS Authoritative Server allowing a remote, unauthenticated attacker to cause an abnormal load on the PowerDNS backend by sending crafted DNS queries, which might result in a partial denial of service if the backend becomes overloaded. SQL backends for example a...
libidn: denial of service
CVE-2015-8948 denial of service Solve out-of-bounds-read when reading one zero byte as input. Also replaced fgets with getline. Reported by Hanno Boeck. - CVE-2016-6261 denial of service Fix out-of-bounds stack read in idnatoascii4i. Reported by Hanno Boeck. - CVE-2016-6262 denial of service...
lib32-flashplugin: multiple issues
CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154,...
qemu: multiple issues
CVE-2015-8558 denial of service An infinite-loop issue was found in the QEMU emulator built with USB EHCI emulation support. The flaw occurred during communication between the host controller interfaceEHCI and a respective device driver. These two communicate using an isochronous transfer...
p7zip: arbitrary code execution
CVE-2016-2334 arbitrary code execution An exploitable heap overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip that can lead to arbitrary code execution. Before decompression, ExtractZlibFile method read block size and its offset from file...
lib32-glibc: multiple issues
CVE-2016-1234 arbitrary code execution It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOBALTDIRFUNC is used, causing a large stack-based buffer overflow with controlled length and content. - CVE-2016-3706 denial of service A...
cacti: sql injection
A SQL injection vulnerability has been found in cacti, in the the hostgroupdata parameter of the graphview.php file...
jre8-openjdk: sandbox escape
It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...
botan: multiple issues
CVE-2016-2849 ECDSA side channel: ECDSA and DSA signature algorithms perform a modular inverse on the signature nonce k. The modular inverse algorithm used had input dependent loops, and it is possible a side channel attack could recover sufficient information about the nonce to eventually...
thunderbird: multiple issues
CVE-2016-1952 CVE-2016-1953 arbitrary code execution: Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough...
libotr: arbitrary code execution
CVE-2016-2851 arbitrary code execution Versions 4.1.0 and earlier of libotr in 64-bit builds contain an integer overflow security flaw. This flaw could potentially be exploited by a remote attacker to cause a heap buffer overflow and subsequently for arbitrary code to be executed on the user's...
lib32-libssh2: man-in-the-middle
There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...
lib32-glibc: multiple issues
CVE-2015-7547 arbitrary code execution A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the...
hub: information leakage
This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...
ffmpeg: information leakage
A vulnerability in the way FFmpeg handles the concat CVE-2016-1897 and subfile CVE-2016-1898 protocols in a HTTP Live Streaming HLS M3U8 file allows a remote attacker to conduct a cross-origin attacks, and to access arbitrary local files on the vulnerable host. The attack uses a crafted M3U8 file...
openssh: multiple issues
CVE-2016-0777 information disclosure An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory possibly including private SSH keys of a successfully authenticated OpenSSH client...
mbedtls: arbitrary code execution
When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the session ticket extension an...
gnutls: denial of service
Kurt Roeckx reported that decoding a specific certificate with very long DistinguishedName DN entries leads to double free, which may result to a denial of service. Since the DN decoding occurs in almost all applications using certificates it is recommended to upgrade the latest GnuTLS version...
curl: information leakage
libcurl provides applications a way to set custom HTTP headers to be sent to the server by using CURLOPTHTTPHEADER. A similar option is available for the curl command-line tool with the '--header' option. When the connection passes through an HTTP proxy the same set of headers is sent to the prox...
powerdns: denial of service
A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. This loop is capped at a 1000 iterations by a failsafe, making the issue harmless on most platforms. However, on specific platforms, the recursion...
jre8-openjdk-headless: multiple issues
CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...
librsync: checksum collision
librsync previously used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff...