Lucene search
K
ArchlinuxMost viewed

1854 matches found

ArchLinux
ArchLinux
•added 2015/04/17 12:0 a.m.•47 views

jre7-openjdk: multiple issues

CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...

10CVSS3.4AI score0.07224EPSS
Exploits1References7
ArchLinux
ArchLinux
•added 2015/03/16 12:0 a.m.•47 views

librsync: checksum collision

librsync previously used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff...

5.8CVSS1AI score0.02939EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2015/02/25 12:0 a.m.•47 views

firefox: multiple issues

CVE-2015-0819 tab spoofing: Mozilla developer Matthew Noorenberghe reported that whitelisted Mozilla domains could make UITour API calls while the UI Tour pages for Firefox are present in background tabs. If one of these Mozilla domains was compromised and open in another tab, an attacker could...

7.5CVSS8.9AI score0.06029EPSS
Exploits0References16
ArchLinux
ArchLinux
•added 2015/02/09 12:0 a.m.•47 views

glibc: multiple issues

glibc has multiple issues including heap- and stack overflows that could be exploitable. The heap- and stack-overflow is possible in the swscanf function...

7.5CVSS2.5AI score0.04688EPSS
Exploits2References3
ArchLinux
ArchLinux
•added 2015/01/19 12:0 a.m.•47 views

libssh: denial of service

It was discovered that a double free vulnerability in the sshpacketkexinit function in kex.c allows remote attackers to cause a denial of service via a crafted kexinit packet...

5CVSS5.3AI score0.05145EPSS
Exploits0References3
ArchLinux
ArchLinux
•added 2022/05/16 12:0 a.m.•46 views

[ASA-202205-3] thunderbird: multiple issues

Arch Linux Security Advisory ASA-202205-3 ========================================= Severity: High Date : 2022-05-16 CVE-ID : CVE-2022-1520 CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29913 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 Package : thunderbird Type : multiple issues Remote ...

9.3AI score0.01005EPSS
Exploits3References31
ArchLinux
ArchLinux
•added 2021/10/29 12:0 a.m.•46 views

[ASA-202110-9] webkit2gtk: multiple issues

Arch Linux Security Advisory ASA-202110-9 ========================================= Severity: Medium Date : 2021-10-29 CVE-ID : CVE-2021-30846 CVE-2021-30851 CVE-2021-42762 Package : webkit2gtk Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2483 Summary ======= The...

8.8CVSS0.5AI score0.02319EPSS
Exploits1References9
ArchLinux
ArchLinux
•added 2021/10/21 12:0 a.m.•46 views

[ASA-202110-4] nodejs: url request injection

Arch Linux Security Advisory ASA-202110-4 ========================================= Severity: Medium Date : 2021-10-21 CVE-ID : CVE-2021-22959 CVE-2021-22960 Package : nodejs Type : url request injection Remote : Yes Link : https://security.archlinux.org/AVG-2460 Summary ======= The package nodej...

6.5CVSS0.4AI score0.02936EPSS
Exploits2References10
ArchLinux
ArchLinux
•added 2021/10/21 12:0 a.m.•46 views

[ASA-202110-2] chromium: multiple issues

Arch Linux Security Advisory ASA-202110-2 ========================================= Severity: High Date : 2021-10-21 CVE-ID : CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991...

9.6CVSS1.8AI score0.01EPSS
Exploits0References34
ArchLinux
ArchLinux
•added 2020/06/13 12:0 a.m.•46 views

[ASA-202006-9] dbus: denial of service

Arch Linux Security Advisory ASA-202006-9 ========================================= Severity: Low Date : 2020-06-13 CVE-ID : CVE-2020-12049 Package : dbus Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-1183 Summary ======= The package dbus before version 1.12.18-1 ...

5.5CVSS1.5AI score0.00569EPSS
Exploits1References5
ArchLinux
ArchLinux
•added 2019/08/05 12:0 a.m.•46 views

[ASA-201908-3] python2-django: multiple issues

Arch Linux Security Advisory ASA-201908-3 ========================================= Severity: Medium Date : 2019-08-05 CVE-ID : CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 Package : python2-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1014...

9.8CVSS1.6AI score0.47694EPSS
Exploits0References10
ArchLinux
ArchLinux
•added 2019/06/18 12:0 a.m.•46 views

[ASA-201906-15] linux-zen: denial of service

Arch Linux Security Advisory ASA-201906-15 ========================================== Severity: High Date : 2019-06-18 CVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 Package : linux-zen Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-985 Summary ======= The...

7.8CVSS0.3AI score0.98745EPSS
Exploits4References10
ArchLinux
ArchLinux
•added 2019/06/04 12:0 a.m.•46 views

[ASA-201906-3] binutils: multiple issues

Arch Linux Security Advisory ASA-201906-3 ========================================= Severity: High Date : 2019-06-04 CVE-ID : CVE-2018-19931 CVE-2018-19932 CVE-2018-20002 CVE-2018-20712 Package : binutils Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-832 Summary...

7.8CVSS1AI score0.02685EPSS
Exploits3References16
ArchLinux
ArchLinux
•added 2019/05/31 12:0 a.m.•46 views

[ASA-201905-14] lib32-libcurl-compat: arbitrary code execution

Arch Linux Security Advisory ASA-201905-14 ========================================== Severity: High Date : 2019-05-31 CVE-ID : CVE-2019-5435 CVE-2019-5436 Package : lib32-libcurl-compat Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-962 Summary ======= The...

7.8CVSS0.6AI score0.49739EPSS
Exploits2References7
ArchLinux
ArchLinux
•added 2019/05/23 12:0 a.m.•46 views

[ASA-201905-9] firefox: multiple issues

Arch Linux Security Advisory ASA-201905-9 ========================================= Severity: Critical Date : 2019-05-23 CVE-ID : CVE-2019-7317 CVE-2019-9800 CVE-2019-9814 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-9821 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693...

9.8CVSS9.8AI score0.09393EPSS
Exploits6References60
ArchLinux
ArchLinux
•added 2019/03/22 12:0 a.m.•46 views

[ASA-201903-11] firefox: multiple issues

Arch Linux Security Advisory ASA-201903-11 ========================================== Severity: Critical Date : 2019-03-22 CVE-ID : CVE-2019-9788 CVE-2019-9789 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9797 CVE-2019-9799 CVE-2019-9802 CVE-2019-98...

9.8CVSS0.4AI score0.19762EPSS
Exploits13References56
ArchLinux
ArchLinux
•added 2019/03/13 12:0 a.m.•46 views

[ASA-201903-8] chromium: multiple issues

Arch Linux Security Advisory ASA-201903-8 ========================================= Severity: High Date : 2019-03-13 CVE-ID : CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798...

9.3CVSS0.6AI score0.07287EPSS
Exploits3References34
ArchLinux
ArchLinux
•added 2018/07/16 12:0 a.m.•46 views

[ASA-201807-4] thunderbird: multiple issues

Arch Linux Security Advisory ASA-201807-4 ========================================= Severity: Critical Date : 2018-07-16 CVE-ID : CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374...

9.8CVSS0.04647EPSS
Exploits0References36
ArchLinux
ArchLinux
•added 2018/07/16 12:0 a.m.•46 views

[ASA-201807-6] lib32-libcurl-compat: arbitrary code execution

Arch Linux Security Advisory ASA-201807-6 ========================================= Severity: High Date : 2018-07-16 CVE-ID : CVE-2018-0500 Package : lib32-libcurl-compat Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-731 Summary ======= The package...

9.8CVSS2.1AI score0.06433EPSS
Exploits1References3
ArchLinux
ArchLinux
•added 2018/05/13 12:0 a.m.•46 views

[ASA-201805-10] firefox: multiple issues

Arch Linux Security Advisory ASA-201805-10 ========================================== Severity: Critical Date : 2018-05-13 CVE-ID : CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-51...

10CVSS10AI score0.21288EPSS
Exploits4References74
ArchLinux
ArchLinux
•added 2018/04/01 12:0 a.m.•46 views

[ASA-201804-1] drupal: arbitrary code execution

Arch Linux Security Advisory ASA-201804-1 ========================================= Severity: Critical Date : 2018-04-01 CVE-ID : CVE-2018-7600 Package : drupal Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-665 Summary ======= The package drupal before...

9.8CVSS3.2AI score0.99993EPSS
Exploits46References5
ArchLinux
ArchLinux
•added 2017/09/19 12:0 a.m.•46 views

[ASA-201709-17] tomcat7: information disclosure

Arch Linux Security Advisory ASA-201709-17 ========================================== Severity: Medium Date : 2017-09-19 CVE-ID : CVE-2017-12616 Package : tomcat7 Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-408 Summary ======= The package tomcat7 before...

7.5CVSS1.8AI score0.708EPSS
Exploits4References5
ArchLinux
ArchLinux
•added 2017/07/18 12:0 a.m.•46 views

[ASA-201707-17] libtiff: arbitrary code execution

Arch Linux Security Advisory ASA-201707-17 ========================================== Severity: Critical Date : 2017-07-18 CVE-ID : CVE-2015-7554 CVE-2016-10095 Package : libtiff Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-5 Summary ======= The package...

9.8CVSS8.9AI score0.04187EPSS
Exploits2References8
ArchLinux
ArchLinux
•added 2017/01/03 12:0 a.m.•46 views

[ASA-201701-11] lib32-libcurl-gnutls: multiple issues

Arch Linux Security Advisory ASA-201701-11 ========================================== Severity: Medium Date : 2017-01-03 CVE-ID : CVE-2016-9586 CVE-2016-9594 Package : lib32-libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-117 Summary ======= The packag...

8.1CVSS0.9AI score0.04935EPSS
Exploits0References7
ArchLinux
ArchLinux
•added 2016/09/27 12:0 a.m.•46 views

[ASA-201609-29] bind: denial of service

Arch Linux Security Advisory ASA-201609-29 ========================================== Severity: High Date : 2016-09-27 CVE-ID : CVE-2016-2776 Package : bind Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package bind before version...

7.8CVSS7.5AI score0.89482EPSS
Exploits7References3
ArchLinux
ArchLinux
•added 2016/09/20 12:0 a.m.•46 views

[ASA-201609-18] lib32-curl: denial of service

Arch Linux Security Advisory ASA-201609-18 ========================================== Severity: Low Date : 20916-09-20 CVE-ID : CVE-2016-7167 Package : lib32-curl Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lib32-curl before...

9.8CVSS1.2AI score0.11737EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2016/09/01 12:0 a.m.•46 views

webkit2gtk: multiple issues

CVE-2016-4590 same-origin policy bypass xisigr of Tencents Xuanwu Lab discovered a vulnerability in the way webkit handles URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. - CVE-2016-4591 arbitrary filesystem access ma.la of LINE Corporation discoveered...

7.8CVSS6.7AI score0.18843EPSS
Exploits4References5
ArchLinux
ArchLinux
•added 2016/07/30 12:0 a.m.•46 views

libidn: denial of service

CVE-2015-8948 denial of service Solve out-of-bounds-read when reading one zero byte as input. Also replaced fgets with getline. Reported by Hanno Boeck. - CVE-2016-6261 denial of service Fix out-of-bounds stack read in idnatoascii4i. Reported by Hanno Boeck. - CVE-2016-6262 denial of service...

1.7AI score0.06721EPSS
Exploits0References9
ArchLinux
ArchLinux
•added 2016/06/20 12:0 a.m.•46 views

lib32-flashplugin: multiple issues

CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154,...

10CVSS3AI score0.25419EPSS
Exploits8References37
ArchLinux
ArchLinux
•added 2016/06/08 12:0 a.m.•46 views

qemu-arch-extra: multiple issues

CVE-2015-8558 denial of service An infinite-loop issue was found in the QEMU emulator built with USB EHCI emulation support. The flaw occurred during communication between the host controller interfaceEHCI and a respective device driver. These two communicate using an isochronous transfer...

7.2CVSS1.5AI score0.00916EPSS
Exploits0References6
ArchLinux
ArchLinux
•added 2016/06/05 12:0 a.m.•46 views

chromium: multiple issues

CVE-2016-1696 cross-origin bypass: Cross-origin bypass in Extension bindings. Credit to anonymous. - CVE-2016-1697 cross-origin bypass: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1698 information leakage: Information leak in Extension bindings. Credit to Rob Wu. -...

6.8CVSS1.6AI score0.01849EPSS
Exploits1References9
ArchLinux
ArchLinux
•added 2016/05/10 12:0 a.m.•46 views

cacti: sql injection

A SQL injection vulnerability has been found in cacti, in the the hostgroupdata parameter of the graphview.php file...

6.5CVSS2.8AI score0.02256EPSS
Exploits2References2
ArchLinux
ArchLinux
•added 2016/03/24 12:0 a.m.•46 views

botan: multiple issues

CVE-2016-2849 ECDSA side channel: ECDSA and DSA signature algorithms perform a modular inverse on the signature nonce k. The modular inverse algorithm used had input dependent loops, and it is possible a side channel attack could recover sufficient information about the nonce to eventually...

5CVSS1.6AI score0.02443EPSS
Exploits0References3
ArchLinux
ArchLinux
•added 2016/03/20 12:0 a.m.•46 views

thunderbird: multiple issues

CVE-2016-1952 CVE-2016-1953 arbitrary code execution: Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough...

9.3CVSS1AI score0.30946EPSS
Exploits9References33
ArchLinux
ArchLinux
•added 2016/02/25 12:0 a.m.•46 views

lib32-libssh2: man-in-the-middle

There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...

4.3CVSS0.4AI score0.02697EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2016/02/25 12:0 a.m.•46 views

libssh2: man-in-the-middle

There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...

4.3CVSS0.4AI score0.02697EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2016/01/14 12:0 a.m.•46 views

openssh: multiple issues

CVE-2016-0777 information disclosure An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory possibly including private SSH keys of a successfully authenticated OpenSSH client...

6.5CVSS2.4AI score0.63468EPSS
Exploits3References3
ArchLinux
ArchLinux
•added 2015/10/19 12:0 a.m.•46 views

spice: multiple issues

CVE-2015-3247 race condition flaw: A race condition flaw was found in spice's workerupdatemonitorsconfig function, leading to a heap-based memory corruption. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of...

6.9CVSS1.8AI score0.01144EPSS
Exploits0References5
ArchLinux
ArchLinux
•added 2015/10/05 12:0 a.m.•46 views

hostapd: denial of service

CVE-2015-4141 denial of service A vulnerability was found in the WPS UPnP function shared by hostapd WPS AP and wpasupplicant WPS external registrar. This may allow a possible denial of service attack through - CVE-2015-4142 denial of service A vulnerability was found in WMM Action frame...

5CVSS4.6AI score0.04198EPSS
Exploits0References10
ArchLinux
ArchLinux
•added 2015/08/25 12:0 a.m.•46 views

gnutls: denial of service

Kurt Roeckx reported that decoding a specific certificate with very long DistinguishedName DN entries leads to double free, which may result to a denial of service. Since the DN decoding occurs in almost all applications using certificates it is recommended to upgrade the latest GnuTLS version...

5CVSS3.7AI score0.1903EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2015/08/12 12:0 a.m.•46 views

firefox: multiple issues

CVE-2015-4473 Memory safety bugs fixed in Firefox ESR 38.2 and Firefox 40: Gary Kwong, Christian Holler, and Byron Campen reported memory safety problems and crashes that affect Firefox ESR 38.1 and Firefox 39. - CVE-2015-4474 Memory safety bugs fixed in Firefox 40: Tyson Smith, Bobby Holley,...

10CVSS10AI score0.09027EPSS
Exploits0References20
ArchLinux
ArchLinux
•added 2015/04/24 12:0 a.m.•46 views

powerdns: denial of service

A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. This loop is capped at a 1000 iterations by a failsafe, making the issue harmless on most platforms. However, on specific platforms, the recursion...

7.8CVSS2.5AI score0.81834EPSS
Exploits0References3
ArchLinux
ArchLinux
•added 2015/03/23 12:0 a.m.•46 views

cpio: directory traversal

It was reported that cpio is vulnerable to a directory traversal vulnerability when using the --no-absolute-filenames option. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write to...

1.9CVSS3.9AI score0.02906EPSS
Exploits4References3
ArchLinux
ArchLinux
•added 2015/03/17 12:0 a.m.•46 views

ettercap-gtk: multiple issues

CVE-2014-6395 arbitrary code execution Heap-based buffer overflow in the dissectorpostgresql function in dissectors/ecpostgresql.c allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual...

7.5CVSS7.6AI score0.13056EPSS
Exploits6References11
ArchLinux
ArchLinux
•added 2015/02/25 12:0 a.m.•46 views

thunderbird: multiple issues

CVE-2015-0822 information leak: Security researcher Armin Razmdjou reported that a user readable file in a known local path could be uploaded to a malicious site. This was done by manipulating the autocomplete feature in a form and user interaction with it. While the local file is not visibly...

7.5CVSS1.7AI score0.04359EPSS
Exploits0References6
ArchLinux
ArchLinux
•added 2015/02/06 12:0 a.m.•46 views

clamav: arbitrary code execution

Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS3.5AI score0.03234EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2014/12/16 12:0 a.m.•46 views

dokuwiki: cross-site scripting

It was discovered that dokuwiki did not sufficiently filter uploaded files. A remote attacker with upload access is able to use this flaw in order to upload SWF files leading to possible cross-site scripting...

4.3CVSS2AI score0.02365EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2014/11/23 12:0 a.m.•46 views

dbus: denial of service

The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning and does not fully prevent the attack described in the impact section below. Preventing that attack requires raising the system dbus-daemon's RLIMITNOFILE ulimit -n to a higher value...

2.1CVSS3.6AI score0.00594EPSS
Exploits1References3
ArchLinux
ArchLinux
•added 2014/11/12 12:0 a.m.•46 views

gnutls: out-of-bounds memory write

An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC Elliptic Curve Cryptography certificates or certificate signing requests CSR resulting in heap corruption...

5CVSS2.1AI score0.03281EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2014/11/06 12:0 a.m.•46 views

polarssl: multiple issues

CVE-2014-8627 weak signature negotiation A mistake resulted in servers negotiating the lowest common hash from signaturealgorithms extension in TLS 1.2. - CVE-2014-8628 memory leaks Two issues were found that result in remotely triggerable memory leaks when parsing crafted ClientHello messages or...

7.8CVSS4.5AI score0.0209EPSS
Exploits0References6
Total number of security vulnerabilities1854