1854 matches found
[ASA-202005-2] chromium: arbitrary code execution
Arch Linux Security Advisory ASA-202005-2 ========================================= Severity: High Date : 2020-05-06 CVE-ID : CVE-2020-6464 CVE-2020-6831 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1149 Summary ======= The package...
[ASA-202004-23] webkit2gtk: arbitrary code execution
Arch Linux Security Advisory ASA-202004-23 ========================================== Severity: Critical Date : 2020-04-28 CVE-ID : CVE-2020-3899 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1144 Summary ======= The package webkit2gtk...
[ASA-201911-9] linux-hardened: arbitrary code execution
Arch Linux Security Advisory ASA-201911-9 ========================================= Severity: Critical Date : 2019-11-07 CVE-ID : CVE-2019-17666 Package : linux-hardened Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1063 Summary ======= The package...
[ASA-201908-19] pigeonhole: arbitrary code execution
Arch Linux Security Advisory ASA-201908-19 ========================================== Severity: Critical Date : 2019-08-28 CVE-ID : CVE-2019-11500 Package : pigeonhole Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1027 Summary ======= The package pigeonhol...
[ASA-201906-20] firefox: sandbox escape
Arch Linux Security Advisory ASA-201906-20 ========================================== Severity: High Date : 2019-06-25 CVE-ID : CVE-2019-11708 Package : firefox Type : sandbox escape Remote : Yes Link : https://security.archlinux.org/AVG-997 Summary ======= The package firefox before version...
[ASA-201904-8] flashplugin: multiple issues
Arch Linux Security Advisory ASA-201904-8 ========================================= Severity: Critical Date : 2019-04-12 CVE-ID : CVE-2019-7096 CVE-2019-7108 Package : flashplugin Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-949 Summary ======= The package...
[ASA-201902-23] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201902-23 ========================================== Severity: Critical Date : 2019-02-20 CVE-ID : CVE-2018-18335 CVE-2018-18356 CVE-2018-18509 CVE-2019-5785 Package : thunderbird Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-908...
[ASA-201902-18] hiawatha: directory traversal
Arch Linux Security Advisory ASA-201902-18 ========================================== Severity: High Date : 2019-02-16 CVE-ID : CVE-2019-8358 Package : hiawatha Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-900 Summary ======= The package hiawatha before versio...
[ASA-201901-5] wireshark-cli: multiple issues
Arch Linux Security Advisory ASA-201901-5 ========================================= Severity: Medium Date : 2019-01-10 CVE-ID : CVE-2019-5716 CVE-2019-5717 CVE-2019-5718 CVE-2019-5719 Package : wireshark-cli Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-844 Summary...
[ASA-201812-2] chromium: multiple issues
Arch Linux Security Advisory ASA-201812-2 ========================================= Severity: Critical Date : 2018-12-08 CVE-ID : CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343...
[ASA-201810-14] firefox: multiple issues
Arch Linux Security Advisory ASA-201810-14 ========================================== Severity: Critical Date : 2018-10-24 CVE-ID : CVE-2018-12388 CVE-2018-12390 CVE-2018-12392 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 CVE-2018-12398 CVE-2018-12399 CVE-2018-12401 CVE-2018-12402 CVE-2018-12403...
[ASA-201808-3] python2-django: open redirect
Arch Linux Security Advisory ASA-201808-3 ========================================= Severity: Medium Date : 2018-08-03 CVE-ID : CVE-2018-14574 Package : python2-django Type : open redirect Remote : Yes Link : https://security.archlinux.org/AVG-746 Summary ======= The package python2-django before...
[ASA-201801-7] graphicsmagick: multiple issues
Arch Linux Security Advisory ASA-201801-7 ========================================= Severity: High Date : 2018-01-08 CVE-ID : CVE-2017-11403 CVE-2017-12935 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 CVE-2017-13066 CVE-2017-13134 CVE-2017-13776 CVE-2017-13777...
[ASA-201711-14] openssl: multiple issues
Arch Linux Security Advisory ASA-201711-14 ========================================== Severity: Medium Date : 2017-11-07 CVE-ID : CVE-2017-3735 CVE-2017-3736 Package : openssl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-477 Summary ======= The package openssl...
[ASA-201710-2] curl: denial of service
Arch Linux Security Advisory ASA-201710-2 ========================================= Severity: Low Date : 2017-10-05 CVE-ID : CVE-2017-1000254 Package : curl Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-422 Summary ======= The package curl before version 7.56.0-1...
[ASA-201709-5] tcpdump: multiple issues
Arch Linux Security Advisory ASA-201709-5 ========================================= Severity: Critical Date : 2017-09-13 CVE-ID : CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900...
[ASA-201708-5] libsoup: arbitrary code execution
Arch Linux Security Advisory ASA-201708-5 ========================================= Severity: Critical Date : 2017-08-10 CVE-ID : CVE-2017-2885 Package : libsoup Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-376 Summary ======= The package libsoup before...
[ASA-201706-31] linux: privilege escalation
Arch Linux Security Advisory ASA-201706-31 ========================================== Severity: High Date : 2017-06-23 CVE-ID : CVE-2017-1000364 Package : linux Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-313 Summary ======= The package linux before version...
[ASA-201705-22] samba: arbitrary code execution
Arch Linux Security Advisory ASA-201705-22 ========================================== Severity: High Date : 2017-05-30 CVE-ID : CVE-2017-7494 Package : samba Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-279 Summary ======= The package samba before version...
[ASA-201701-13] icoutils: arbitrary code execution
Arch Linux Security Advisory ASA-201701-13 ========================================== Severity: High Date : 2017-01-09 CVE-ID : CVE-2017-5208 Package : icoutils Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-129 Summary ======= The package icoutils before...
lib32-flashplugin: multiple issues
CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924 arbitrary code execution Multiple Memory corruption vulnerabilities that could lead to arbitrary code execution have been found...
imagemagick: information leakage
An out-of-bounds read has been found in ImageMagick's Get8BIMProperty function. This issue can lead to memory leak since the data read is written to the output image afterwards...
phpmyadmin: multiple issues
CVE-2016-5702 cookie attribute injection A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies. Only affected when PHPSELF is not set. - CVE-2016-5703 SQL injection A vulnerability was discovered that allows an SQL injection...
quassel-core: denial of service
CVE-2016-4414 denial of service It was found that quasselcore is vulnerable to a denial of service attack by unauthenticated clients. The protocol negotiation did not take into account lack of a match, in which case PeerFactory::createPeer returns a nullptr, which is immediately dereferenced...
firefox: multiple issues
CVE-2016-2804: Gary Kwong, Christian Holler, Andrew McCreight, Boris Zbarsky, and Steve Fink reported memory safety problems and crashes that are fixed in Firefox 46. - CVE-2016-2805: Christian Holler reported a memory safety problem that is fixed in Firefox ESR 38.8. - CVE-2016-2806: Gary Kwong,...
thunderbird: multiple issues
CVE-2016-1955 same-origin policy bypass A vulnerability allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element. - CVE-2016-1956 denial of...
cacti: sql injection
CVE-2015-8604 sql injection SQL injection in graphsnew.php. - CVE-2015-8377 sql injection SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php. - CVE-2015-8369 sql injection SQL injection in graph.php...
firefox: same-origin policy bypass
Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests...
bind: denial of service
CVE-2015-8704 denial of service A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl42.c. A server could exit while performing certain string formatting operations. Examples include but may not be limited to: 1 Slaves using text-format db...
chromium: multiple issues
CVE-2015-6755 cross-origin bypass: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2015-6756 use-after-free: Use-after-free in PDFium. - CVE-2015-6757 use-after-free: Use-after-free in ServiceWorker. Credit to Collin Payne. - CVE-2015-6758: Bad-cast in PDFium. Credit to Atte...
wordpress: multiple issues
CVE-2015-5714 cross-side scripting A cross-site scripting vulnerability has been discovered when processing shortcode tags. - CVE-2015-5715 permission bypass It has been discovered that users without proper permissions could publish private posts and make them sticky...
thunderbird: multiple issues
CVE-2015-2708 Memory safety bugs fixed in Firefox ESR 31.7 and Firefox 38: Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink reported memory safety problems and crashes that affect Firefox ESR 31.6 and Firefox 37. - CVE-2015-2709 Memory safety bugs fixed in Firefox 38: Gary Kwong,...
mariadb-clients: denial of service
A heap-based buffer overflow was found in the way PCRE handled certain malformed regular expressions. This issue could cause a crash while parsing malicious regular expressions related to an assertion that allows zero repeats...
dovecot: denial of service
Dovecot = 2.2.14 does not correctly handle SSL/TLS handshake failure in the login process, asking OpenSSL to flush a connection that has already been aborted. This results in a crash with some versions of OpenSSL most likely = 1.0.2. A patch to OpenSSL has also been written to handle more...
flashplugin: multiple issues
CVE-2015-0346 arbitrary code execution A double-free vulnerability allows attackers to execute arbitrary code via unspecified vectors. - CVE-2015-0347 arbitrary code execution Memory corruption vulnerability that could lead to arbitrary code execution or cause a denial of service via unspecified...
ruby: permissive certificate verification
After reviewing RFC 6125 and RFC 5280, multiple violations were found of matching hostnames and particularly wildcard certificates. Rubys OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching ...
chromium: remote code execution
CVE-2015-1233 remote code execution: A combination of V8, Gamepad and IPC bugs can lead to remote code execution outside of the sandbox. - CVE-2015-1234 buffer overflow: Buffer overflow via a race condition in GPU...
polarssl: remote code execution
During the parsing of a ASN.1 sequence, a pointer in the linked list of asn1sequence is not initialized by asn1getsequenceof. In case an error occurs during parsing of the list, a situation is created where the uninitialized pointer is passed to polarsslfree. This sequence can be triggered when a...
xorg-server: multiple issues
CVE-2014-8091 denial of service X.Org X Window System, when using SUN-DES-1 Secure RPC authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service NULL pointer dereference and server crash via a crafted connection...
openvpn: denial of service
It was discovered that an authenticated client could trigger an ASSERT in OpenVPN by sending a too-short control channel packet to the server. This could cause the OpenVPN server to crash and deny access to the VPN to other legitimate users...
clamav: denial of service
It was discovered that clamav crashes on certain files when using 'clamscan -a' or while scanning maliciously crafted files...
wireshark-qt: denial of service
CVE-2014-8710 out-of-bounds read Out-of-bounds read flaw in the SigComp dissector sigcomp-udvm leads to denial of service while processing malformed packets. - CVE-2014-8711 out-of-bounds read The AMQP dissector is seeing a large value in the capture file for what it thinks should be a field...
arm-none-eabi-binutils: multiple issues
CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...
ruby: denial of service
CPU exhaustion can occur as a result of recursive expansion with an empty string. When reading text nodes from an XML document, the REXML parser can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service...
libpurple: remote dos and information leakage
A malicious server and possibly even a malicious remote user could create a carefully crafted XMPP message that causes libpurple to send an XMPP message containing arbitrary memory. A malicious server or man-in-the-middle could trigger a crash in libpurple by sending an emoticon via MXit with an...
[ASA-202207-2] wpewebkit: multiple issues
Arch Linux Security Advisory ASA-202207-2 ========================================= Severity: Critical Date : 2022-07-29 CVE-ID : CVE-2022-32792 CVE-2022-32816 Package : wpewebkit Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2789 Summary ======= The package...
[ASA-202111-8] opera: multiple issues
Arch Linux Security Advisory ASA-202111-8 ========================================= Severity: High Date : 2021-11-18 CVE-ID : CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004 Package : opera Type : multiple issues Remote : Yes...
[ASA-202011-3] wordpress: multiple issues
Arch Linux Security Advisory ASA-202011-3 ========================================= Severity: Critical Date : 2020-11-03 CVE-ID : CVE-2020-28032 CVE-2020-28033 CVE-2020-28034 CVE-2020-28035 CVE-2020-28036 CVE-2020-28037 CVE-2020-28038 CVE-2020-28039 CVE-2020-28040 Package : wordpress Type :...
[ASA-202004-12] thunderbird: multiple issues
Arch Linux Security Advisory ASA-202004-12 ========================================== Severity: Critical Date : 2020-04-13 CVE-ID : CVE-2020-6815 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 Package : thunderbird Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1132...
[ASA-202004-8] firefox: multiple issues
Arch Linux Security Advisory ASA-202004-8 ========================================= Severity: Critical Date : 2020-04-08 CVE-ID : CVE-2020-6821 CVE-2020-6823 CVE-2020-6824 CVE-2020-6825 CVE-2020-6826 Package : firefox Type : multiple issues Remote : Yes Link :...