1854 matches found
putty: information disclosure
When PuTTY has sensitive data in memory and has no further need for it, it should wipe the data out of its memory, in case malware later gains access to the PuTTY process or the memory is swapped out to disk or written into a crash dump file. An obvious example of this is the password typed durin...
firefox: multiple issues
CVE-2015-0819 tab spoofing: Mozilla developer Matthew Noorenberghe reported that whitelisted Mozilla domains could make UITour API calls while the UI Tour pages for Firefox are present in background tabs. If one of these Mozilla domains was compromised and open in another tab, an attacker could...
polarssl: multiple issues
CVE-2014-8627 weak signature negotiation A mistake resulted in servers negotiating the lowest common hash from signaturealgorithms extension in TLS 1.2. - CVE-2014-8628 memory leaks Two issues were found that result in remotely triggerable memory leaks when parsing crafted ClientHello messages or...
[ASA-202506-10] libblockdev: privilege escalation
Arch Linux Security Advisory ASA-202506-10 ========================================== Severity: High Date : 2025-06-22 CVE-ID : CVE-2025-6019 Package : libblockdev Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-2905 Summary ======= The package libblockdev before...
[ASA-202205-2] git: arbitrary command execution
Arch Linux Security Advisory ASA-202205-2 ========================================= Severity: Medium Date : 2022-05-16 CVE-ID : CVE-2022-24765 Package : git Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-2679 Summary ======= The package git before version...
[ASA-202204-14] mediawiki: cross-site scripting
Arch Linux Security Advisory ASA-202204-14 ========================================== Severity: Medium Date : 2022-04-15 CVE-ID : CVE-2022-28202 Package : mediawiki Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-2677 Summary ======= The package mediawiki before...
[ASA-202112-5] isync: arbitrary code execution
Arch Linux Security Advisory ASA-202112-5 ========================================= Severity: Medium Date : 2021-12-03 CVE-ID : CVE-2021-3657 CVE-2021-44143 Package : isync Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2579 Summary ======= The package isyn...
[ASA-202110-4] nodejs: url request injection
Arch Linux Security Advisory ASA-202110-4 ========================================= Severity: Medium Date : 2021-10-21 CVE-ID : CVE-2021-22959 CVE-2021-22960 Package : nodejs Type : url request injection Remote : Yes Link : https://security.archlinux.org/AVG-2460 Summary ======= The package nodej...
[ASA-202110-2] chromium: multiple issues
Arch Linux Security Advisory ASA-202110-2 ========================================= Severity: High Date : 2021-10-21 CVE-ID : CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991...
[ASA-202006-9] dbus: denial of service
Arch Linux Security Advisory ASA-202006-9 ========================================= Severity: Low Date : 2020-06-13 CVE-ID : CVE-2020-12049 Package : dbus Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-1183 Summary ======= The package dbus before version 1.12.18-1 ...
[ASA-202005-1] salt: multiple issues
Arch Linux Security Advisory ASA-202005-1 ========================================= Severity: Critical Date : 2020-05-05 CVE-ID : CVE-2020-11651 CVE-2020-11652 Package : salt Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1147 Summary ======= The package salt before...
[ASA-202004-16] openvpn: denial of service
Arch Linux Security Advisory ASA-202004-16 ========================================== Severity: Medium Date : 2020-04-17 CVE-ID : CVE-2020-11810 Package : openvpn Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1135 Summary ======= The package openvpn before versio...
[ASA-202001-1] firefox: multiple issues
Arch Linux Security Advisory ASA-202001-1 ========================================= Severity: Critical Date : 2020-01-08 CVE-ID : CVE-2019-17016 CVE-2019-17017 CVE-2019-17020 CVE-2019-17022 CVE-2019-17023 CVE-2019-17024 CVE-2019-17025 Package : firefox Type : multiple issues Remote : Yes Link :...
[ASA-201905-14] lib32-libcurl-compat: arbitrary code execution
Arch Linux Security Advisory ASA-201905-14 ========================================== Severity: High Date : 2019-05-31 CVE-ID : CVE-2019-5435 CVE-2019-5436 Package : lib32-libcurl-compat Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-962 Summary ======= The...
[ASA-201905-9] firefox: multiple issues
Arch Linux Security Advisory ASA-201905-9 ========================================= Severity: Critical Date : 2019-05-23 CVE-ID : CVE-2019-7317 CVE-2019-9800 CVE-2019-9814 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-9821 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693...
[ASA-201903-5] file: multiple issues
Arch Linux Security Advisory ASA-201903-5 ========================================= Severity: High Date : 2019-03-03 CVE-ID : CVE-2019-8904 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 Package : file Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-907 Summary ======= Th...
[ASA-201902-25] bind: multiple issues
Arch Linux Security Advisory ASA-201902-25 ========================================== Severity: High Date : 2019-02-25 CVE-ID : CVE-2018-5744 CVE-2018-5745 CVE-2019-6465 Package : bind Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-915 Summary ======= The package bi...
[ASA-201811-12] powerdns: denial of service
Arch Linux Security Advisory ASA-201811-12 ========================================== Severity: Medium Date : 2018-11-12 CVE-ID : CVE-2018-10851 CVE-2018-14626 Package : powerdns Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-804 Summary ======= The package powerd...
[ASA-201807-4] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201807-4 ========================================= Severity: Critical Date : 2018-07-16 CVE-ID : CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374...
[ASA-201805-10] firefox: multiple issues
Arch Linux Security Advisory ASA-201805-10 ========================================== Severity: Critical Date : 2018-05-13 CVE-ID : CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-51...
[ASA-201804-1] drupal: arbitrary code execution
Arch Linux Security Advisory ASA-201804-1 ========================================= Severity: Critical Date : 2018-04-01 CVE-ID : CVE-2018-7600 Package : drupal Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-665 Summary ======= The package drupal before...
[ASA-201803-21] lib32-libvorbis: multiple issues
Arch Linux Security Advisory ASA-201803-21 ========================================== Severity: Critical Date : 2018-03-19 CVE-ID : CVE-2017-14632 CVE-2017-14633 CVE-2018-5146 Package : lib32-libvorbis Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-658 Summary =====...
[ASA-201801-6] linux-lts: access restriction bypass
Arch Linux Security Advisory ASA-201801-6 ========================================= Severity: High Date : 2018-01-08 CVE-ID : CVE-2017-5754 Package : linux-lts Type : access restriction bypass Remote : No Link : https://security.archlinux.org/AVG-577 Summary ======= The package linux-lts before...
[ASA-201711-25] icu: arbitrary code execution
Arch Linux Security Advisory ASA-201711-25 ========================================== Severity: Critical Date : 2017-11-19 CVE-ID : CVE-2017-14952 Package : icu Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-504 Summary ======= The package icu before versio...
[ASA-201707-18] lib32-libtiff: arbitrary code execution
Arch Linux Security Advisory ASA-201707-18 ========================================== Severity: Critical Date : 2017-07-18 CVE-ID : CVE-2015-7554 CVE-2016-10095 Package : lib32-libtiff Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-87 Summary ======= The...
[ASA-201706-10] lib32-libtasn1: arbitrary code execution
Arch Linux Security Advisory ASA-201706-10 ========================================== Severity: High Date : 2017-06-12 CVE-ID : CVE-2017-6891 Package : lib32-libtasn1 Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-286 Summary ======= The package lib32-libtas...
[ASA-201701-11] lib32-libcurl-gnutls: multiple issues
Arch Linux Security Advisory ASA-201701-11 ========================================== Severity: Medium Date : 2017-01-03 CVE-ID : CVE-2016-9586 CVE-2016-9594 Package : lib32-libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-117 Summary ======= The packag...
[ASA-201610-3] hostapd: multiple issues
Arch Linux Security Advisory ASA-201610-3 ========================================= Severity: High Date : 2016-10-04 CVE-ID : CVE-2016-4476 CVE-2016-4477 Package : hostapd Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package hostapd befor...
[ASA-201609-29] bind: denial of service
Arch Linux Security Advisory ASA-201609-29 ========================================== Severity: High Date : 2016-09-27 CVE-ID : CVE-2016-2776 Package : bind Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package bind before version...
[ASA-201609-18] lib32-curl: denial of service
Arch Linux Security Advisory ASA-201609-18 ========================================== Severity: Low Date : 20916-09-20 CVE-ID : CVE-2016-7167 Package : lib32-curl Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lib32-curl before...
curl: multiple issues
CVE-2016-5419 authentication bypass libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established...
gimp: arbitrary code execution
Multiple Use-After-Free when parsing XCF channel and layer properties...
chromium: arbitrary code execution
Various fixes from internal audits, fuzzing and other initiatives, including multiple issues in the processing of malformed web content...
qemu-arch-extra: multiple issues
CVE-2015-8558 denial of service An infinite-loop issue was found in the QEMU emulator built with USB EHCI emulation support. The flaw occurred during communication between the host controller interfaceEHCI and a respective device driver. These two communicate using an isochronous transfer...
libssh2: man-in-the-middle
There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...
lib32-libpng: multiple issues
CVE-2015-7981 out-of-bounds read This is an array indexing error, which can lead to an out-of-bounds read of a static buffer. The result is now unsigned no longer negative, but now a huge positive number. - CVE-2015-8126 arbitrary code execution Buffer overflow vulnerabilities in functions...
hostapd: denial of service
CVE-2015-4141 denial of service A vulnerability was found in the WPS UPnP function shared by hostapd WPS AP and wpasupplicant WPS external registrar. This may allow a possible denial of service attack through - CVE-2015-4142 denial of service A vulnerability was found in WMM Action frame...
firefox: multiple issues
CVE-2015-4473 Memory safety bugs fixed in Firefox ESR 38.2 and Firefox 40: Gary Kwong, Christian Holler, and Byron Campen reported memory safety problems and crashes that affect Firefox ESR 38.1 and Firefox 39. - CVE-2015-4474 Memory safety bugs fixed in Firefox 40: Tyson Smith, Bobby Holley,...
chromium: multiple issues
CVE-2015-1212: Out-of-bounds write in media. - CVE-2015-1213, CVE-2015-1214, CVE-2015-1215: Out-of-bounds write in skia filters. - CVE-2015-1216: Use-after-free in v8 bindings. - CVE-2015-1217: Type confusion in v8 bindings. - CVE-2015-1218: Use-after-free in dom. - CVE-2015-1219: Integer...
krb5: multiple issues
CVE-2014-5352 authenticated remote code execution: In the MIT krb5 libgssapikrb5 library, after gssprocesscontexttoken is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will result in...
clamav: arbitrary code execution
Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code...
dbus: denial of service
The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning and does not fully prevent the attack described in the impact section below. Preventing that attack requires raising the system dbus-daemon's RLIMITNOFILE ulimit -n to a higher value...
wireshark-cli: denial of service
CVE-2014-8710 out-of-bounds read Out-of-bounds read flaw in the SigComp dissector sigcomp-udvm leads to denial of service while processing malformed packets. - CVE-2014-8711 out-of-bounds read The AMQP dissector is seeing a large value in the capture file for what it thinks should be a field...
mingw-w64-binutils: multiple issues
CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...
flashplugin: remote code execution
These updates resolve memory corruption vulnerabilities that could lead to code execution CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2014-0573, CVE-2014-0588, CVE-2014-8438. These updates...
gnutls: out-of-bounds memory write
An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC Elliptic Curve Cryptography certificates or certificate signing requests CSR resulting in heap corruption...
mantisbt: sql injection
Edwin Gozeling and Wim Visser discovered that when the projectid parameter of the SOAP-request starts with the integer of a project to which the user or anonymous is authorized, the ENTIRE value will become the first item of $tprojects. As this value is concatenated in the SQL statement,...
libvncserver: remote code execution, denial of service
CVE-2014-6051 Integer overflow in MallocFrameBuffer on client side. A malicious VNC server could advertise a very large screen size by RFB protocol, width and height are 16-bit integers, resulting in an integer overflow during malloc on client-side. Heap corruption, and possibly remote code...
wpa_supplicant, hostapd: Arbitrary command execution
Jouni Malinen discovered an input sanitization issue in the wpacli and hostapdcli tools included in the wpasupplicant and hostapd packages. A remote wifi system within range could provide a crafted frame triggering arbitrary command execution under the privileges of the wpacli/hostapdcli process...
mediawiki: Cross-site Scripting (XSS) and UI redressing
It was discovered that MediaWiki, a wiki engine, was separating the allowance of css and js modules resulting in Cross-site Scripting XSS and UI redressing issues...