1854 matches found
libvncserver: remote code execution, denial of service
CVE-2014-6051 Integer overflow in MallocFrameBuffer on client side. A malicious VNC server could advertise a very large screen size by RFB protocol, width and height are 16-bit integers, resulting in an integer overflow during malloc on client-side. Heap corruption, and possibly remote code...
wpa_supplicant, hostapd: Arbitrary command execution
Jouni Malinen discovered an input sanitization issue in the wpacli and hostapdcli tools included in the wpasupplicant and hostapd packages. A remote wifi system within range could provide a crafted frame triggering arbitrary command execution under the privileges of the wpacli/hostapdcli process...
mediawiki: Cross-site Scripting (XSS) and UI redressing
It was discovered that MediaWiki, a wiki engine, was separating the allowance of css and js modules resulting in Cross-site Scripting XSS and UI redressing issues...
[ASA-202112-5] isync: arbitrary code execution
Arch Linux Security Advisory ASA-202112-5 ========================================= Severity: Medium Date : 2021-12-03 CVE-ID : CVE-2021-3657 CVE-2021-44143 Package : isync Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2579 Summary ======= The package isyn...
[ASA-202111-1] jenkins: multiple issues
Arch Linux Security Advisory ASA-202111-1 ========================================= Severity: Critical Date : 2021-11-05 CVE-ID : CVE-2021-21685 CVE-2021-21686 CVE-2021-21687 CVE-2021-21688 CVE-2021-21689 CVE-2021-21690 CVE-2021-21691 CVE-2021-21692 CVE-2021-21693 CVE-2021-21694 CVE-2021-21695...
[ASA-202004-16] openvpn: denial of service
Arch Linux Security Advisory ASA-202004-16 ========================================== Severity: Medium Date : 2020-04-17 CVE-ID : CVE-2020-11810 Package : openvpn Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1135 Summary ======= The package openvpn before versio...
[ASA-201910-16] firefox: multiple issues
Arch Linux Security Advisory ASA-201910-16 ========================================== Severity: Critical Date : 2019-10-26 CVE-ID : CVE-2018-6156 CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-11765 CVE-2019-15903 CVE-2019-17000...
[ASA-201905-10] webkit2gtk: multiple issues
Arch Linux Security Advisory ASA-201905-10 ========================================== Severity: Critical Date : 2019-05-28 CVE-ID : CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 Package : webkit2gtk Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-967 Summary ======= The...
[ASA-201903-12] libssh2: multiple issues
Arch Linux Security Advisory ASA-201903-12 ========================================== Severity: Critical Date : 2019-03-22 CVE-ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Package : libssh2 Type : multiple issue...
[ASA-201903-5] file: multiple issues
Arch Linux Security Advisory ASA-201903-5 ========================================= Severity: High Date : 2019-03-03 CVE-ID : CVE-2019-8904 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 Package : file Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-907 Summary ======= Th...
[ASA-201902-25] bind: multiple issues
Arch Linux Security Advisory ASA-201902-25 ========================================== Severity: High Date : 2019-02-25 CVE-ID : CVE-2018-5744 CVE-2018-5745 CVE-2019-6465 Package : bind Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-915 Summary ======= The package bi...
[ASA-201902-2] firefox: multiple issues
Arch Linux Security Advisory ASA-201902-2 ========================================= Severity: Critical Date : 2019-02-06 CVE-ID : CVE-2018-18500 CVE-2018-18501 CVE-2018-18502 CVE-2018-18503 CVE-2018-18504 CVE-2018-18505 CVE-2018-18506 Package : firefox Type : multiple issues Remote : Yes Link :...
[ASA-201806-10] libgcrypt: private key recovery
Arch Linux Security Advisory ASA-201806-10 ========================================== Severity: High Date : 2018-06-16 CVE-ID : CVE-2018-0495 Package : libgcrypt Type : private key recovery Remote : No Link : https://security.archlinux.org/AVG-719 Summary ======= The package libgcrypt before...
[ASA-201801-6] linux-lts: access restriction bypass
Arch Linux Security Advisory ASA-201801-6 ========================================= Severity: High Date : 2018-01-08 CVE-ID : CVE-2017-5754 Package : linux-lts Type : access restriction bypass Remote : No Link : https://security.archlinux.org/AVG-577 Summary ======= The package linux-lts before...
[ASA-201712-5] chromium: multiple issues
Arch Linux Security Advisory ASA-201712-5 ========================================= Severity: Critical Date : 2017-12-07 CVE-ID : CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418...
[ASA-201707-18] lib32-libtiff: arbitrary code execution
Arch Linux Security Advisory ASA-201707-18 ========================================== Severity: Critical Date : 2017-07-18 CVE-ID : CVE-2015-7554 CVE-2016-10095 Package : lib32-libtiff Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-87 Summary ======= The...
[ASA-201706-8] chromium: multiple issues
Arch Linux Security Advisory ASA-201706-8 ========================================= Severity: Critical Date : 2017-06-07 CVE-ID : CVE-2017-5070 CVE-2017-5071 CVE-2017-5072 CVE-2017-5073 CVE-2017-5074 CVE-2017-5075 CVE-2017-5076 CVE-2017-5077 CVE-2017-5078 CVE-2017-5079 CVE-2017-5080 CVE-2017-5081...
[ASA-201706-6] tomcat7: access restriction bypass
Arch Linux Security Advisory ASA-201706-6 ========================================= Severity: High Date : 2017-06-06 CVE-ID : CVE-2017-5664 Package : tomcat7 Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-290 Summary ======= The package tomcat7 before...
[ASA-201609-7] tomcat8: proxy injection
Arch Linux Security Advisory ASA-201609-7 ========================================= Severity: Medium Date : 2016-09-10 CVE-ID : CVE-2016-5388 Package : tomcat8 Type : proxy injection Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package tomcat8 before version...
wireshark-cli: denial of service
CVE-2016-6505 denial of service It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. - CVE-2016-6506 denial of service It may be possible to make Wireshark consume excessive CPU resources by...
curl: multiple issues
CVE-2016-5419 authentication bypass libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established...
chromium: arbitrary code execution
Various fixes from internal audits, fuzzing and other initiatives, including multiple issues in the processing of malformed web content...
glibc: denial of service
clntudpcall allocates a buffer, using alloca, to store the payload of an incoming socket error. If a malicious server floods the client with crafted ICMP and UDP packets, this can cause the client to allocate sufficiently many such temporary buffers to cause a stack frame overflow denial of...
imlib2: multiple issues
CVE-2011-5326 denial of service Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results in a floating point exception. - CVE-2016-3993 information leakage Yuriy M. Kaminskiy discovered that drawing using coordinates from an untrusted source could lead to an out-of-bound memory...
optipng: arbitrary code execution
An invalid write may occur in optipng before version 0.7.6 while processing bitmap images due to crtrow' being inc|decremented without any boundary checking when encountering delta escapes. This issue can possibly be used to execute arbitrary code...
perl: improper input validation
Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV, but getenv would return the first. Perl's taint...
botan: multiple issues
CVE-2016-2194 denial of service The ressol function implements the Tonelli-Shanks algorithm for finding square roots could be sent into a nearly infinite loop due to a misplaced conditional check. This could occur if a composite modulus is provided, as this algorithm is only defined for primes...
privoxy: denial of service
CVE-2016-1982 denial of service A vulnerability was discovered in a way the privoxy deals with corrupted chunk-encoded content. A maliciously crafted input can result in a remote denial of service. - CVE-2016-1983 denial of service A vulnerability was found in a way the privoxy processes specific...
keybase: information leakage
This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...
wordpress: multiple issues
CVE-2015-2213: SQL injection in comments ID. - CVE-2015-5730: Timing attack in widgets. - CVE-2015-5731: Denial of service by locking a post from being edited. - CVE-2015-5732, CVE-2015-5733 CVE-2015-5734: XSS...
krb5: multiple issues
CVE-2014-5352 authenticated remote code execution: In the MIT krb5 libgssapikrb5 library, after gssprocesscontexttoken is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will result in...
firefox: multiple issues
CVE-2014-1587: Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas Werner reported memory safety problems and crashes that affect Firefox ESR 31.2 and Firefox 33. CVE-2014-1588: Christian Holler, Gary Kwong, Jon Coppeard, Eric Rahm, Byron Campen, Eric Rescorla, and Xidorn Quan...
libksba: denial of service
By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow. The bug is not easy to exploit because there only 80 possible values which can be used to overwrite memory. However, a denial of service is possible and someone may come up with other...
wireshark-cli: denial of service
CVE-2014-8710 out-of-bounds read Out-of-bounds read flaw in the SigComp dissector sigcomp-udvm leads to denial of service while processing malformed packets. - CVE-2014-8711 out-of-bounds read The AMQP dissector is seeing a large value in the capture file for what it thinks should be a field...
flashplugin: remote code execution
These updates resolve memory corruption vulnerabilities that could lead to code execution CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2014-0573, CVE-2014-0588, CVE-2014-8438. These updates...
mantisbt: sql injection
Edwin Gozeling and Wim Visser discovered that when the projectid parameter of the SOAP-request starts with the integer of a project to which the user or anonymous is authorized, the ENTIRE value will become the first item of $tprojects. As this value is concatenated in the SQL statement,...
flashplugin: multiple issues
CVE-2015-0301 Improper file validation issue. - CVE-2015-0302 information disclosure Information disclosure vulnerability that could be exploited to capture keystrokes on the affected system. - CVE-2015-0303, CVE-2015-0306 arbitrary code execution Memory corruption vulnerabilities that could lead...
[ASA-202503-1] exim: privilege escalation
Arch Linux Security Advisory ASA-202503-1 ========================================= Severity: High Date : 2025-03-26 CVE-ID : CVE-2025-30232 Package : exim Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-2859 Summary ======= The package exim before version 4.98.2...
[ASA-202204-5] bind: multiple issues
Arch Linux Security Advisory ASA-202204-5 ========================================= Severity: High Date : 2022-04-04 CVE-ID : CVE-2021-25220 CVE-2022-0396 CVE-2022-0635 CVE-2022-0667 Package : bind Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2661 Summary =======...
[ASA-202112-6] chromium: multiple issues
Arch Linux Security Advisory ASA-202112-6 ========================================= Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064...
[ASA-202110-8] opera: multiple issues
Arch Linux Security Advisory ASA-202110-8 ========================================= Severity: High Date : 2021-10-29 CVE-ID : CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 Package : opera Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2444 Summary...
[ASA-202009-7] netbeans: arbitrary code execution
Arch Linux Security Advisory ASA-202009-7 ========================================= Severity: Critical Date : 2020-09-14 CVE-ID : CVE-2020-11986 Package : netbeans Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1221 Summary ======= The package netbeans befo...
[ASA-202005-16] freerdp: information disclosure
Arch Linux Security Advisory ASA-202005-16 ========================================== Severity: High Date : 2020-05-23 CVE-ID : CVE-2020-13396 CVE-2020-13397 CVE-2020-13398 Package : freerdp Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-1172 Summary ======= T...
[ASA-202005-5] qutebrowser: certificate verification bypass
Arch Linux Security Advisory ASA-202005-5 ========================================= Severity: Low Date : 2020-05-07 CVE-ID : CVE-2020-11054 Package : qutebrowser Type : certificate verification bypass Remote : Yes Link : https://security.archlinux.org/AVG-1152 Summary ======= The package...
[ASA-202005-2] chromium: arbitrary code execution
Arch Linux Security Advisory ASA-202005-2 ========================================= Severity: High Date : 2020-05-06 CVE-ID : CVE-2020-6464 CVE-2020-6831 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1149 Summary ======= The package...
[ASA-202004-23] webkit2gtk: arbitrary code execution
Arch Linux Security Advisory ASA-202004-23 ========================================== Severity: Critical Date : 2020-04-28 CVE-ID : CVE-2020-3899 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1144 Summary ======= The package webkit2gtk...
[ASA-201911-9] linux-hardened: arbitrary code execution
Arch Linux Security Advisory ASA-201911-9 ========================================= Severity: Critical Date : 2019-11-07 CVE-ID : CVE-2019-17666 Package : linux-hardened Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1063 Summary ======= The package...
[ASA-201910-6] unbound: denial of service
Arch Linux Security Advisory ASA-201910-6 ========================================= Severity: High Date : 2019-10-11 CVE-ID : CVE-2019-16866 Package : unbound Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1042 Summary ======= The package unbound before version...
[ASA-201908-19] pigeonhole: arbitrary code execution
Arch Linux Security Advisory ASA-201908-19 ========================================== Severity: Critical Date : 2019-08-28 CVE-ID : CVE-2019-11500 Package : pigeonhole Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1027 Summary ======= The package pigeonhol...
[ASA-201906-20] firefox: sandbox escape
Arch Linux Security Advisory ASA-201906-20 ========================================== Severity: High Date : 2019-06-25 CVE-ID : CVE-2019-11708 Package : firefox Type : sandbox escape Remote : Yes Link : https://security.archlinux.org/AVG-997 Summary ======= The package firefox before version...