1854 matches found
jre7-openjdk: multiple issues
CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...
librsync: checksum collision
librsync previously used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff...
firefox: multiple issues
CVE-2015-0819 tab spoofing: Mozilla developer Matthew Noorenberghe reported that whitelisted Mozilla domains could make UITour API calls while the UI Tour pages for Firefox are present in background tabs. If one of these Mozilla domains was compromised and open in another tab, an attacker could...
glibc: multiple issues
glibc has multiple issues including heap- and stack overflows that could be exploitable. The heap- and stack-overflow is possible in the swscanf function...
libssh: denial of service
It was discovered that a double free vulnerability in the sshpacketkexinit function in kex.c allows remote attackers to cause a denial of service via a crafted kexinit packet...
[ASA-202205-3] thunderbird: multiple issues
Arch Linux Security Advisory ASA-202205-3 ========================================= Severity: High Date : 2022-05-16 CVE-ID : CVE-2022-1520 CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29913 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 Package : thunderbird Type : multiple issues Remote ...
[ASA-202110-9] webkit2gtk: multiple issues
Arch Linux Security Advisory ASA-202110-9 ========================================= Severity: Medium Date : 2021-10-29 CVE-ID : CVE-2021-30846 CVE-2021-30851 CVE-2021-42762 Package : webkit2gtk Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2483 Summary ======= The...
[ASA-202110-4] nodejs: url request injection
Arch Linux Security Advisory ASA-202110-4 ========================================= Severity: Medium Date : 2021-10-21 CVE-ID : CVE-2021-22959 CVE-2021-22960 Package : nodejs Type : url request injection Remote : Yes Link : https://security.archlinux.org/AVG-2460 Summary ======= The package nodej...
[ASA-202110-2] chromium: multiple issues
Arch Linux Security Advisory ASA-202110-2 ========================================= Severity: High Date : 2021-10-21 CVE-ID : CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991...
[ASA-202006-9] dbus: denial of service
Arch Linux Security Advisory ASA-202006-9 ========================================= Severity: Low Date : 2020-06-13 CVE-ID : CVE-2020-12049 Package : dbus Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-1183 Summary ======= The package dbus before version 1.12.18-1 ...
[ASA-201908-3] python2-django: multiple issues
Arch Linux Security Advisory ASA-201908-3 ========================================= Severity: Medium Date : 2019-08-05 CVE-ID : CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 Package : python2-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1014...
[ASA-201906-15] linux-zen: denial of service
Arch Linux Security Advisory ASA-201906-15 ========================================== Severity: High Date : 2019-06-18 CVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 Package : linux-zen Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-985 Summary ======= The...
[ASA-201906-3] binutils: multiple issues
Arch Linux Security Advisory ASA-201906-3 ========================================= Severity: High Date : 2019-06-04 CVE-ID : CVE-2018-19931 CVE-2018-19932 CVE-2018-20002 CVE-2018-20712 Package : binutils Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-832 Summary...
[ASA-201905-14] lib32-libcurl-compat: arbitrary code execution
Arch Linux Security Advisory ASA-201905-14 ========================================== Severity: High Date : 2019-05-31 CVE-ID : CVE-2019-5435 CVE-2019-5436 Package : lib32-libcurl-compat Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-962 Summary ======= The...
[ASA-201905-9] firefox: multiple issues
Arch Linux Security Advisory ASA-201905-9 ========================================= Severity: Critical Date : 2019-05-23 CVE-ID : CVE-2019-7317 CVE-2019-9800 CVE-2019-9814 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-9821 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693...
[ASA-201903-11] firefox: multiple issues
Arch Linux Security Advisory ASA-201903-11 ========================================== Severity: Critical Date : 2019-03-22 CVE-ID : CVE-2019-9788 CVE-2019-9789 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9797 CVE-2019-9799 CVE-2019-9802 CVE-2019-98...
[ASA-201903-8] chromium: multiple issues
Arch Linux Security Advisory ASA-201903-8 ========================================= Severity: High Date : 2019-03-13 CVE-ID : CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798...
[ASA-201807-4] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201807-4 ========================================= Severity: Critical Date : 2018-07-16 CVE-ID : CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374...
[ASA-201807-6] lib32-libcurl-compat: arbitrary code execution
Arch Linux Security Advisory ASA-201807-6 ========================================= Severity: High Date : 2018-07-16 CVE-ID : CVE-2018-0500 Package : lib32-libcurl-compat Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-731 Summary ======= The package...
[ASA-201805-10] firefox: multiple issues
Arch Linux Security Advisory ASA-201805-10 ========================================== Severity: Critical Date : 2018-05-13 CVE-ID : CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-51...
[ASA-201804-1] drupal: arbitrary code execution
Arch Linux Security Advisory ASA-201804-1 ========================================= Severity: Critical Date : 2018-04-01 CVE-ID : CVE-2018-7600 Package : drupal Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-665 Summary ======= The package drupal before...
[ASA-201709-17] tomcat7: information disclosure
Arch Linux Security Advisory ASA-201709-17 ========================================== Severity: Medium Date : 2017-09-19 CVE-ID : CVE-2017-12616 Package : tomcat7 Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-408 Summary ======= The package tomcat7 before...
[ASA-201707-17] libtiff: arbitrary code execution
Arch Linux Security Advisory ASA-201707-17 ========================================== Severity: Critical Date : 2017-07-18 CVE-ID : CVE-2015-7554 CVE-2016-10095 Package : libtiff Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-5 Summary ======= The package...
[ASA-201701-11] lib32-libcurl-gnutls: multiple issues
Arch Linux Security Advisory ASA-201701-11 ========================================== Severity: Medium Date : 2017-01-03 CVE-ID : CVE-2016-9586 CVE-2016-9594 Package : lib32-libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-117 Summary ======= The packag...
[ASA-201609-29] bind: denial of service
Arch Linux Security Advisory ASA-201609-29 ========================================== Severity: High Date : 2016-09-27 CVE-ID : CVE-2016-2776 Package : bind Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package bind before version...
[ASA-201609-18] lib32-curl: denial of service
Arch Linux Security Advisory ASA-201609-18 ========================================== Severity: Low Date : 20916-09-20 CVE-ID : CVE-2016-7167 Package : lib32-curl Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lib32-curl before...
webkit2gtk: multiple issues
CVE-2016-4590 same-origin policy bypass xisigr of Tencents Xuanwu Lab discovered a vulnerability in the way webkit handles URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. - CVE-2016-4591 arbitrary filesystem access ma.la of LINE Corporation discoveered...
libidn: denial of service
CVE-2015-8948 denial of service Solve out-of-bounds-read when reading one zero byte as input. Also replaced fgets with getline. Reported by Hanno Boeck. - CVE-2016-6261 denial of service Fix out-of-bounds stack read in idnatoascii4i. Reported by Hanno Boeck. - CVE-2016-6262 denial of service...
lib32-flashplugin: multiple issues
CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154,...
qemu-arch-extra: multiple issues
CVE-2015-8558 denial of service An infinite-loop issue was found in the QEMU emulator built with USB EHCI emulation support. The flaw occurred during communication between the host controller interfaceEHCI and a respective device driver. These two communicate using an isochronous transfer...
chromium: multiple issues
CVE-2016-1696 cross-origin bypass: Cross-origin bypass in Extension bindings. Credit to anonymous. - CVE-2016-1697 cross-origin bypass: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1698 information leakage: Information leak in Extension bindings. Credit to Rob Wu. -...
cacti: sql injection
A SQL injection vulnerability has been found in cacti, in the the hostgroupdata parameter of the graphview.php file...
botan: multiple issues
CVE-2016-2849 ECDSA side channel: ECDSA and DSA signature algorithms perform a modular inverse on the signature nonce k. The modular inverse algorithm used had input dependent loops, and it is possible a side channel attack could recover sufficient information about the nonce to eventually...
thunderbird: multiple issues
CVE-2016-1952 CVE-2016-1953 arbitrary code execution: Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough...
lib32-libssh2: man-in-the-middle
There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...
libssh2: man-in-the-middle
There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...
openssh: multiple issues
CVE-2016-0777 information disclosure An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory possibly including private SSH keys of a successfully authenticated OpenSSH client...
spice: multiple issues
CVE-2015-3247 race condition flaw: A race condition flaw was found in spice's workerupdatemonitorsconfig function, leading to a heap-based memory corruption. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of...
hostapd: denial of service
CVE-2015-4141 denial of service A vulnerability was found in the WPS UPnP function shared by hostapd WPS AP and wpasupplicant WPS external registrar. This may allow a possible denial of service attack through - CVE-2015-4142 denial of service A vulnerability was found in WMM Action frame...
gnutls: denial of service
Kurt Roeckx reported that decoding a specific certificate with very long DistinguishedName DN entries leads to double free, which may result to a denial of service. Since the DN decoding occurs in almost all applications using certificates it is recommended to upgrade the latest GnuTLS version...
firefox: multiple issues
CVE-2015-4473 Memory safety bugs fixed in Firefox ESR 38.2 and Firefox 40: Gary Kwong, Christian Holler, and Byron Campen reported memory safety problems and crashes that affect Firefox ESR 38.1 and Firefox 39. - CVE-2015-4474 Memory safety bugs fixed in Firefox 40: Tyson Smith, Bobby Holley,...
powerdns: denial of service
A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. This loop is capped at a 1000 iterations by a failsafe, making the issue harmless on most platforms. However, on specific platforms, the recursion...
cpio: directory traversal
It was reported that cpio is vulnerable to a directory traversal vulnerability when using the --no-absolute-filenames option. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write to...
ettercap-gtk: multiple issues
CVE-2014-6395 arbitrary code execution Heap-based buffer overflow in the dissectorpostgresql function in dissectors/ecpostgresql.c allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual...
thunderbird: multiple issues
CVE-2015-0822 information leak: Security researcher Armin Razmdjou reported that a user readable file in a known local path could be uploaded to a malicious site. This was done by manipulating the autocomplete feature in a form and user interaction with it. While the local file is not visibly...
clamav: arbitrary code execution
Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code...
dokuwiki: cross-site scripting
It was discovered that dokuwiki did not sufficiently filter uploaded files. A remote attacker with upload access is able to use this flaw in order to upload SWF files leading to possible cross-site scripting...
dbus: denial of service
The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning and does not fully prevent the attack described in the impact section below. Preventing that attack requires raising the system dbus-daemon's RLIMITNOFILE ulimit -n to a higher value...
gnutls: out-of-bounds memory write
An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC Elliptic Curve Cryptography certificates or certificate signing requests CSR resulting in heap corruption...
polarssl: multiple issues
CVE-2014-8627 weak signature negotiation A mistake resulted in servers negotiating the lowest common hash from signaturealgorithms extension in TLS 1.2. - CVE-2014-8628 memory leaks Two issues were found that result in remotely triggerable memory leaks when parsing crafted ClientHello messages or...