1854 matches found
[ASA-201902-23] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201902-23 ========================================== Severity: Critical Date : 2019-02-20 CVE-ID : CVE-2018-18335 CVE-2018-18356 CVE-2018-18509 CVE-2019-5785 Package : thunderbird Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-908...
[ASA-201902-18] hiawatha: directory traversal
Arch Linux Security Advisory ASA-201902-18 ========================================== Severity: High Date : 2019-02-16 CVE-ID : CVE-2019-8358 Package : hiawatha Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-900 Summary ======= The package hiawatha before versio...
[ASA-201803-14] clamav: multiple issues
Arch Linux Security Advisory ASA-201803-14 ========================================== Severity: Critical Date : 2018-03-18 CVE-ID : CVE-2012-6706 CVE-2017-6419 CVE-2017-11423 CVE-2018-0202 CVE-2018-1000085 Package : clamav Type : multiple issues Remote : Yes Link :...
[ASA-201803-12] libvorbis: multiple issues
Arch Linux Security Advisory ASA-201803-12 ========================================== Severity: Critical Date : 2018-03-16 CVE-ID : CVE-2017-14632 CVE-2017-14633 CVE-2018-5146 Package : libvorbis Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-367 Summary ======= The...
[ASA-201803-5] python-django: denial of service
Arch Linux Security Advisory ASA-201803-5 ========================================= Severity: Medium Date : 2018-03-06 CVE-ID : CVE-2018-7536 CVE-2018-7537 Package : python-django Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-649 Summary ======= The package...
[ASA-201711-12] chromium: arbitrary code execution
Arch Linux Security Advisory ASA-201711-12 ========================================== Severity: Critical Date : 2017-11-07 CVE-ID : CVE-2017-15398 CVE-2017-15399 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-482 Summary ======= The packa...
[ASA-201710-2] curl: denial of service
Arch Linux Security Advisory ASA-201710-2 ========================================= Severity: Low Date : 2017-10-05 CVE-ID : CVE-2017-1000254 Package : curl Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-422 Summary ======= The package curl before version 7.56.0-1...
[ASA-201708-7] mercurial: multiple issues
Arch Linux Security Advisory ASA-201708-7 ========================================= Severity: Critical Date : 2017-08-12 CVE-ID : CVE-2017-1000115 CVE-2017-1000116 Package : mercurial Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-378 Summary ======= The package...
[ASA-201708-5] libsoup: arbitrary code execution
Arch Linux Security Advisory ASA-201708-5 ========================================= Severity: Critical Date : 2017-08-10 CVE-ID : CVE-2017-2885 Package : libsoup Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-376 Summary ======= The package libsoup before...
[ASA-201707-15] apache: multiple issues
Arch Linux Security Advisory ASA-201707-15 ========================================== Severity: Critical Date : 2017-07-14 CVE-ID : CVE-2017-9788 CVE-2017-9789 Package : apache Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-350 Summary ======= The package apache...
[ASA-201706-8] chromium: multiple issues
Arch Linux Security Advisory ASA-201706-8 ========================================= Severity: Critical Date : 2017-06-07 CVE-ID : CVE-2017-5070 CVE-2017-5071 CVE-2017-5072 CVE-2017-5073 CVE-2017-5074 CVE-2017-5075 CVE-2017-5076 CVE-2017-5077 CVE-2017-5078 CVE-2017-5079 CVE-2017-5080 CVE-2017-5081...
[ASA-201705-22] samba: arbitrary code execution
Arch Linux Security Advisory ASA-201705-22 ========================================== Severity: High Date : 2017-05-30 CVE-ID : CVE-2017-7494 Package : samba Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-279 Summary ======= The package samba before version...
[ASA-201701-13] icoutils: arbitrary code execution
Arch Linux Security Advisory ASA-201701-13 ========================================== Severity: High Date : 2017-01-09 CVE-ID : CVE-2017-5208 Package : icoutils Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-129 Summary ======= The package icoutils before...
imagemagick: information leakage
An out-of-bounds read has been found in ImageMagick's Get8BIMProperty function. This issue can lead to memory leak since the data read is written to the output image afterwards...
chromium: multiple issues
CVE-2016-1705 arbitrary code execution Various fixes from internal audits, fuzzing and other initiatives. - CVE-2016-1706 sandbox escape Sandbox escape in PPAPI. Credit to Pinkie Pie. - CVE-2016-1708 arbitrary code execution Use-after-free in Extensions. Credit to Adam Varsan. - CVE-2016-1709...
phpmyadmin: multiple issues
CVE-2016-5702 cookie attribute injection A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies. Only affected when PHPSELF is not set. - CVE-2016-5703 SQL injection A vulnerability was discovered that allows an SQL injection...
imlib2: multiple issues
CVE-2011-5326 denial of service Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results in a floating point exception. - CVE-2016-3993 information leakage Yuriy M. Kaminskiy discovered that drawing using coordinates from an untrusted source could lead to an out-of-bound memory...
optipng: arbitrary code execution
An invalid write may occur in optipng before version 0.7.6 while processing bitmap images due to crtrow' being inc|decremented without any boundary checking when encountering delta escapes. This issue can possibly be used to execute arbitrary code...
chromium: multiple issues
CVE-2015-8126: Buffer overflow vulnerabilities in functions pnggetPLTE/pngsetPLTE, allowing remote attackers to cause DoS to application or have unspecified other impact. These functions failed to check for an out-of-range palette when reading or writing PNG files with a bitdepth less than 8...
chromium: multiple issues
Same-origin bypass in Blink and Sandbox escape in Chrome...
bind: denial of service
CVE-2015-8704 denial of service A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl42.c. A server could exit while performing certain string formatting operations. Examples include but may not be limited to: 1 Slaves using text-format db...
unzip: multiple issues
CVE-2015-7696 arbitrary code execution A heap buffer overflow triggered by unzipping a file with password that can lead to arbitrary code execution. - CVE-2015-7697 denial of service A denial of service with a file that never finishes unzipping...
bugzilla: unauthorized account creation
Login names usually an email address longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the one originally requested...
wordpress: multiple issues
CVE-2015-5714 cross-side scripting A cross-site scripting vulnerability has been discovered when processing shortcode tags. - CVE-2015-5715 permission bypass It has been discovered that users without proper permissions could publish private posts and make them sticky...
lib32-openssl: man-in-the-middle
During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the ...
powerdns-recursor: denial of service
A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. This loop is capped at a 1000 iterations by a failsafe, making the issue harmless on most platforms. However, on specific platforms, the recursion...
ettercap-gtk: multiple issues
CVE-2014-6395 arbitrary code execution Heap-based buffer overflow in the dissectorpostgresql function in dissectors/ecpostgresql.c allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual...
jasper: arbitrary code execution
CVE-2014-8137 arbitrary code execution A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. - CVE-2014-9029 arbitrary code execution...
xorg-server: multiple issues
CVE-2014-8091 denial of service X.Org X Window System, when using SUN-DES-1 Secure RPC authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service NULL pointer dereference and server crash via a crafted connection...
powerdns-recursor: denial of service
PowerDNS, while acting as a caching nameserver, can be negatively impacted by sending queries for specially configured, hard to resolve domain names. This is the same issue as the ones found in bind ASA-201412-7 and unbound ASA-201412-8...
libjpeg-turbo: denial of service
Special crafted jpeg files lead to stack smashing and lead to at least a dos maybe remote due to imagick. The Huffman encoder's local buffer can be overrun when a buffered destination manager is being used and an extremely-high-frequency block basically junk image data is being encoded. Even thou...
arm-none-eabi-binutils: multiple issues
CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...
libpurple: remote dos and information leakage
A malicious server and possibly even a malicious remote user could create a carefully crafted XMPP message that causes libpurple to send an XMPP message containing arbitrary memory. A malicious server or man-in-the-middle could trigger a crash in libpurple by sending an emoticon via MXit with an...
[ASA-202503-1] exim: privilege escalation
Arch Linux Security Advisory ASA-202503-1 ========================================= Severity: High Date : 2025-03-26 CVE-ID : CVE-2025-30232 Package : exim Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-2859 Summary ======= The package exim before version 4.98.2...
[ASA-202112-6] chromium: multiple issues
Arch Linux Security Advisory ASA-202112-6 ========================================= Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064...
[ASA-202111-8] opera: multiple issues
Arch Linux Security Advisory ASA-202111-8 ========================================= Severity: High Date : 2021-11-18 CVE-ID : CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004 Package : opera Type : multiple issues Remote : Yes...
[ASA-202005-15] ant: arbitrary command execution
Arch Linux Security Advisory ASA-202005-15 ========================================== Severity: Medium Date : 2020-05-20 CVE-ID : CVE-2020-1945 Package : ant Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-1159 Summary ======= The package ant before versio...
[ASA-202004-23] webkit2gtk: arbitrary code execution
Arch Linux Security Advisory ASA-202004-23 ========================================== Severity: Critical Date : 2020-04-28 CVE-ID : CVE-2020-3899 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1144 Summary ======= The package webkit2gtk...
[ASA-202004-12] thunderbird: multiple issues
Arch Linux Security Advisory ASA-202004-12 ========================================== Severity: Critical Date : 2020-04-13 CVE-ID : CVE-2020-6815 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 Package : thunderbird Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1132...
[ASA-202004-8] firefox: multiple issues
Arch Linux Security Advisory ASA-202004-8 ========================================= Severity: Critical Date : 2020-04-08 CVE-ID : CVE-2020-6821 CVE-2020-6823 CVE-2020-6824 CVE-2020-6825 CVE-2020-6826 Package : firefox Type : multiple issues Remote : Yes Link :...
[ASA-202004-3] linux-lts: privilege escalation
Arch Linux Security Advisory ASA-202004-3 ========================================= Severity: High Date : 2020-04-01 CVE-ID : CVE-2020-8835 Package : linux-lts Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1121 Summary ======= The package linux-lts before versi...
[ASA-202003-11] thunderbird: multiple issues
Arch Linux Security Advisory ASA-202003-11 ========================================== Severity: Critical Date : 2020-03-16 CVE-ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 Package : thunderbird Type : multiple issues Remote : Yes Link :...
[ASA-201912-6] git: arbitrary code execution
Arch Linux Security Advisory ASA-201912-6 ========================================= Severity: High Date : 2019-12-18 CVE-ID : CVE-2019-1348 CVE-2019-1349 CVE-2019-1352 CVE-2019-1387 CVE-2019-19604 Package : git Type : arbitrary code execution Remote : Yes Link :...
[ASA-201909-2] firefox: multiple issues
Arch Linux Security Advisory ASA-201909-2 ========================================= Severity: High Date : 2019-09-04 CVE-ID : CVE-2019-5849 CVE-2019-9812 CVE-2019-11734 CVE-2019-11735 CVE-2019-11737 CVE-2019-11738 CVE-2019-11740 CVE-2019-11741 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744...
[ASA-201904-8] flashplugin: multiple issues
Arch Linux Security Advisory ASA-201904-8 ========================================= Severity: Critical Date : 2019-04-12 CVE-ID : CVE-2019-7096 CVE-2019-7108 Package : flashplugin Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-949 Summary ======= The package...
[ASA-201903-11] firefox: multiple issues
Arch Linux Security Advisory ASA-201903-11 ========================================== Severity: Critical Date : 2019-03-22 CVE-ID : CVE-2019-9788 CVE-2019-9789 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9797 CVE-2019-9799 CVE-2019-9802 CVE-2019-98...
[ASA-201902-20] flatpak: privilege escalation
Arch Linux Security Advisory ASA-201902-20 ========================================== Severity: High Date : 2019-02-17 CVE-ID : CVE-2019-5736 Package : flatpak Type : privilege escalation Remote : Yes Link : https://security.archlinux.org/AVG-880 Summary ======= The package flatpak before version...
[ASA-201812-2] chromium: multiple issues
Arch Linux Security Advisory ASA-201812-2 ========================================= Severity: Critical Date : 2018-12-08 CVE-ID : CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343...
[ASA-201810-12] chromium: multiple issues
Arch Linux Security Advisory ASA-201810-12 ========================================== Severity: Critical Date : 2018-10-17 CVE-ID : CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471...
[ASA-201712-5] chromium: multiple issues
Arch Linux Security Advisory ASA-201712-5 ========================================= Severity: Critical Date : 2017-12-07 CVE-ID : CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418...