1854 matches found
[ASA-201803-12] libvorbis: multiple issues
Arch Linux Security Advisory ASA-201803-12 ========================================== Severity: Critical Date : 2018-03-16 CVE-ID : CVE-2017-14632 CVE-2017-14633 CVE-2018-5146 Package : libvorbis Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-367 Summary ======= The...
[ASA-201803-5] python-django: denial of service
Arch Linux Security Advisory ASA-201803-5 ========================================= Severity: Medium Date : 2018-03-06 CVE-ID : CVE-2018-7536 CVE-2018-7537 Package : python-django Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-649 Summary ======= The package...
[ASA-201711-20] mediawiki: multiple issues
Arch Linux Security Advisory ASA-201711-20 ========================================== Severity: High Date : 2017-11-15 CVE-ID : CVE-2017-0361 CVE-2017-8808 CVE-2017-8809 CVE-2017-8810 CVE-2017-8811 CVE-2017-8812 CVE-2017-8814 CVE-2017-8815 Package : mediawiki Type : multiple issues Remote : Yes...
[ASA-201711-12] chromium: arbitrary code execution
Arch Linux Security Advisory ASA-201711-12 ========================================== Severity: Critical Date : 2017-11-07 CVE-ID : CVE-2017-15398 CVE-2017-15399 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-482 Summary ======= The packa...
[ASA-201710-2] curl: denial of service
Arch Linux Security Advisory ASA-201710-2 ========================================= Severity: Low Date : 2017-10-05 CVE-ID : CVE-2017-1000254 Package : curl Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-422 Summary ======= The package curl before version 7.56.0-1...
[ASA-201709-5] tcpdump: multiple issues
Arch Linux Security Advisory ASA-201709-5 ========================================= Severity: Critical Date : 2017-09-13 CVE-ID : CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900...
[ASA-201708-5] libsoup: arbitrary code execution
Arch Linux Security Advisory ASA-201708-5 ========================================= Severity: Critical Date : 2017-08-10 CVE-ID : CVE-2017-2885 Package : libsoup Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-376 Summary ======= The package libsoup before...
[ASA-201708-3] firefox: multiple issues
Arch Linux Security Advisory ASA-201708-3 ========================================= Severity: Critical Date : 2017-08-10 CVE-ID : CVE-2017-7753 CVE-2017-7779 CVE-2017-7780 CVE-2017-7781 CVE-2017-7783 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7788 CVE-2017-7789 CVE-2017-7791...
[ASA-201707-15] apache: multiple issues
Arch Linux Security Advisory ASA-201707-15 ========================================== Severity: Critical Date : 2017-07-14 CVE-ID : CVE-2017-9788 CVE-2017-9789 Package : apache Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-350 Summary ======= The package apache...
[ASA-201707-9] lib32-flashplugin: multiple issues
Arch Linux Security Advisory ASA-201707-9 ========================================= Severity: Critical Date : 2017-07-11 CVE-ID : CVE-2017-3080 CVE-2017-3099 CVE-2017-3100 Package : lib32-flashplugin Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-343 Summary =======...
[ASA-201705-7] freetype2: arbitrary code execution
Arch Linux Security Advisory ASA-201705-7 ========================================= Severity: High Date : 2017-05-09 CVE-ID : CVE-2017-8105 CVE-2017-8287 Package : freetype2 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-257 Summary ======= The package...
[ASA-201702-2] qt5-webengine: multiple issues
Arch Linux Security Advisory ASA-201702-2 ========================================= Severity: High Date : 2017-02-02 CVE-ID : CVE-2016-5182 CVE-2016-5183 CVE-2016-5189 CVE-2016-5199 CVE-2016-5201 CVE-2016-5203 CVE-2016-5204 CVE-2016-5205 CVE-2016-5206 CVE-2016-5207 CVE-2016-5208 CVE-2016-5210...
websvn: cross-site scripting
Multiple cross-site scripting XSS vulnerabilities in revision.php, log.php, listing.php, and comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a file or directory in a repository...
chromium: multiple issues
CVE-2016-1705 arbitrary code execution Various fixes from internal audits, fuzzing and other initiatives. - CVE-2016-1706 sandbox escape Sandbox escape in PPAPI. Credit to Pinkie Pie. - CVE-2016-1708 arbitrary code execution Use-after-free in Extensions. Credit to Adam Varsan. - CVE-2016-1709...
thunderbird: arbitrary code execution
CVE-2016-2815 arbitrary code execution Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with...
xerces-c: denial of service
The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker...
glibc: multiple issues
CVE-2016-1234 arbitrary code execution It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOBALTDIRFUNC is used, causing a large stack-based buffer overflow with controlled length and content. - CVE-2016-3706 denial of service A...
chromium: multiple issues
Same-origin bypass in Blink and Sandbox escape in Chrome...
unzip: multiple issues
CVE-2015-7696 arbitrary code execution A heap buffer overflow triggered by unzipping a file with password that can lead to arbitrary code execution. - CVE-2015-7697 denial of service A denial of service with a file that never finishes unzipping...
bugzilla: unauthorized account creation
Login names usually an email address longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the one originally requested...
lib32-openssl: man-in-the-middle
During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the ...
mariadb-clients: denial of service
A heap-based buffer overflow was found in the way PCRE handled certain malformed regular expressions. This issue could cause a crash while parsing malicious regular expressions related to an assertion that allows zero repeats...
powerdns-recursor: denial of service
A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. This loop is capped at a 1000 iterations by a failsafe, making the issue harmless on most platforms. However, on specific platforms, the recursion...
util-linux: command injection
There is a command injection inside blkid. It uses caching files /dev/.blkid.tab or /run/blkid/blkid.tab to store info about the UUID, LABEL etc it finds on certain devices. However, it does not strip " character, so it can be confused to build variable names containing embedded shell metas, whic...
samba: arbitrary code execution
A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges. This flaw arises because of an uninitialized pointer is passed ...
mantisbt: multiple issues
CVE-2014-9571 cross-side scripting Cross-site scripting XSS vulnerability in admin/install.php allows remote attackers to inject arbitrary web script or HTML via the 1 adminusername or 2 adminpassword parameter. - CVE-2014-9572 information disclosure It was discovered that mantisbt does not...
chromium: multiple issues
CVE-2014-7923 memory corruption The Regular Expressions package in International Components for Unicode ICU 52, allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via vectors related to a 1 zero-length quantifier or 2 look-behind...
unzip: arbitrary code execution
CVE-2014-8139 heap buffer overflow A heap-based buffer overflow exists in the CRC32 verification that allows attackers to potentially execute arbitrary code or cause a denial of service memory corruption. - CVE-2014-8140 out-of-bounds read/write Out-of-bounds access both read and write issues...
jasper: arbitrary code execution
CVE-2014-8137 arbitrary code execution A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. - CVE-2014-9029 arbitrary code execution...
docker: multiple issues
CVE-2014-9356 path traversal Path traversal attacks are possible in the processing of absolute symlinks. In checking symlinks for traversals, only relative links were considered. This allowed path traversals to exist where they should have otherwise been prevented. This was exploitable via both...
libjpeg-turbo: denial of service
Special crafted jpeg files lead to stack smashing and lead to at least a dos maybe remote due to imagick. The Huffman encoder's local buffer can be overrun when a buffered destination manager is being used and an extremely-high-frequency block basically junk image data is being encoded. Even thou...
chromium: multiple issues
CVE-2014-7899 address bar spoofing A flaw allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. - CVE-2014-7900 use-after-free Use-after-free vulnerability in the...
libpurple: remote dos and information leakage
A malicious server and possibly even a malicious remote user could create a carefully crafted XMPP message that causes libpurple to send an XMPP message containing arbitrary memory. A malicious server or man-in-the-middle could trigger a crash in libpurple by sending an emoticon via MXit with an...
[ASA-202207-2] wpewebkit: multiple issues
Arch Linux Security Advisory ASA-202207-2 ========================================= Severity: Critical Date : 2022-07-29 CVE-ID : CVE-2022-32792 CVE-2022-32816 Package : wpewebkit Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2789 Summary ======= The package...
[ASA-202009-16] zeromq: denial of service
Arch Linux Security Advisory ASA-202009-16 ========================================== Severity: High Date : 2020-09-26 CVE-ID : CVE-2020-15166 Package : zeromq Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1219 Summary ======= The package zeromq before version...
[ASA-202005-15] ant: arbitrary command execution
Arch Linux Security Advisory ASA-202005-15 ========================================== Severity: Medium Date : 2020-05-20 CVE-ID : CVE-2020-1945 Package : ant Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-1159 Summary ======= The package ant before versio...
[ASA-202004-6] firefox: arbitrary code execution
Arch Linux Security Advisory ASA-202004-6 ========================================= Severity: Critical Date : 2020-04-04 CVE-ID : CVE-2020-6819 CVE-2020-6820 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1125 Summary ======= The package...
[ASA-202004-3] linux-lts: privilege escalation
Arch Linux Security Advisory ASA-202004-3 ========================================= Severity: High Date : 2020-04-01 CVE-ID : CVE-2020-8835 Package : linux-lts Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1121 Summary ======= The package linux-lts before versi...
[ASA-202004-4] linux: privilege escalation
Arch Linux Security Advisory ASA-202004-4 ========================================= Severity: High Date : 2020-04-01 CVE-ID : CVE-2020-8835 Package : linux Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1122 Summary ======= The package linux before version...
[ASA-202003-11] thunderbird: multiple issues
Arch Linux Security Advisory ASA-202003-11 ========================================== Severity: Critical Date : 2020-03-16 CVE-ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 Package : thunderbird Type : multiple issues Remote : Yes Link :...
[ASA-202003-6] linux: multiple issues
Arch Linux Security Advisory ASA-202003-6 ========================================= Severity: High Date : 2020-03-08 CVE-ID : CVE-2020-2732 CVE-2020-9383 Package : linux Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1108 Summary ======= The package linux before...
[ASA-202002-2] sudo: privilege escalation
Arch Linux Security Advisory ASA-202002-2 ========================================= Severity: High Date : 2020-02-06 CVE-ID : CVE-2019-18634 Package : sudo Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1093 Summary ======= The package sudo before version 1.8.31...
[ASA-201902-1] dovecot: authentication bypass
Arch Linux Security Advisory ASA-201902-1 ========================================= Severity: High Date : 2019-02-06 CVE-ID : CVE-2019-3814 Package : dovecot Type : authentication bypass Remote : Yes Link : https://security.archlinux.org/AVG-872 Summary ======= The package dovecot before version...
[ASA-201812-3] wireshark-cli: multiple issues
Arch Linux Security Advisory ASA-201812-3 ========================================= Severity: Critical Date : 2018-12-08 CVE-ID : CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 CVE-2018-19627 CVE-2018-19628 Package : wireshark-cli Type : multiple issues Remote : Yes Li...
[ASA-201807-12] apache: denial of service
Arch Linux Security Advisory ASA-201807-12 ========================================== Severity: Medium Date : 2018-07-20 CVE-ID : CVE-2018-1333 CVE-2018-8011 Package : apache Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-736 Summary ======= The package apache...
[ASA-201806-3] krb5: insufficient validation
Arch Linux Security Advisory ASA-201806-3 ========================================= Severity: Medium Date : 2018-06-05 CVE-ID : CVE-2018-5729 CVE-2018-5730 Package : krb5 Type : insufficient validation Remote : Yes Link : https://security.archlinux.org/AVG-586 Summary ======= The package krb5...
[ASA-201805-18] libcurl-gnutls: multiple issues
Arch Linux Security Advisory ASA-201805-18 ========================================== Severity: Critical Date : 2018-05-18 CVE-ID : CVE-2018-1000300 CVE-2018-1000301 Package : libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-699 Summary ======= The...
[ASA-201804-2] openssl: multiple issues
Arch Linux Security Advisory ASA-201804-2 ========================================= Severity: Medium Date : 2018-04-01 CVE-ID : CVE-2017-3738 CVE-2018-0739 Package : openssl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-540 Summary ======= The package openssl befor...
[ASA-201712-8] chromium: cross-site scripting
Arch Linux Security Advisory ASA-201712-8 ========================================= Severity: High Date : 2017-12-16 CVE-ID : CVE-2017-15429 Package : chromium Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-546 Summary ======= The package chromium before versio...
[ASA-201711-2] libmupdf: arbitrary code execution
Arch Linux Security Advisory ASA-201711-2 ========================================= Severity: High Date : 2017-11-01 CVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587 Package : libmupdf Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-458...