1854 matches found
chromium: multiple issues
CVE-2015-6788 arbitrary code execution A type confusion vulnerability has been discovered in the handling of extensions that could possibly lead to arbitrary code execution. - CVE-2015-6789 arbitrary code execution A use-after free vulnerability has been discovered in Blink that could possibly...
miniupnpc: arbitrary code execution
An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this...
firefox: multiple issues
CVE-2015-4500 Memory safety bugs fixed in Firefox ESR 38.3 and Firefox 41: Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight and Cameron McCormack reported memory safety problems and crashes that affect Firefox ESR 38.2 and Firefox 40. Some of these...
firefox: local file stealing via PDF reader
Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the victim's computer. Mozilla has received reports that an exploit...
pacman: silent downgrade
A flaw has been discovered in pacman that is leading to possible silent package downgrade when exploited. While loading each package it was not ensured that the internal version matches the expected database version, leading to the possibility to circumvent the version check. This issue can be us...
libxfont: multiple issues
As libXfont is used by the X server to read font files, and an unprivileged user with access to the X server can tell the X server to read a given font file from a path of their choosing, these vulnerabilities have the potential to allow unprivileged users to run code with the privileges of the X...
samba: arbitrary code execution
A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges. This flaw arises because of an uninitialized pointer is passed ...
flashplugin: remote code execution
CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322 Use-after-free vulnerabilities leading to arbitrary code execution. - CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330 Memory corruption vulnerabilities leading to arbitrary code execution. -...
chromium: multiple issues
CVE-2015-1209 use-after-free Use-after-free in DOM, possibly leading to arbitrary code execution. Credit to Maksymillian Motyl. - CVE-2015-1210 cross-origin bypass Cross-origin-bypass in V8 bindings allows an attacker to bypass the same-origin policy. - CVE-2015-1211 privilege escalation...
chromium: multiple issues
CVE-2014-7923 memory corruption The Regular Expressions package in International Components for Unicode ICU 52, allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via vectors related to a 1 zero-length quantifier or 2 look-behind...
polarssl: remote code execution
During the parsing of a ASN.1 sequence, a pointer in the linked list of asn1sequence is not initialized by asn1getsequenceof. In case an error occurs during parsing of the list, a situation is created where the uninitialized pointer is passed to polarsslfree. This sequence can be triggered when a...
unzip: arbitrary code execution
CVE-2014-8139 heap buffer overflow A heap-based buffer overflow exists in the CRC32 verification that allows attackers to potentially execute arbitrary code or cause a denial of service memory corruption. - CVE-2014-8140 out-of-bounds read/write Out-of-bounds access both read and write issues...
gnupg: denial of service
By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow. The bug is not easy to exploit because there only 80 possible values which can be used to overwrite memory. However, a denial of service is possible and someone may come up with other...
[ASA-202505-1] screen: multiple issues
Arch Linux Security Advisory ASA-202505-1 ========================================= Severity: High Date : 2025-05-13 CVE-ID : CVE-2025-23395 CVE-2025-46802 CVE-2025-46803 CVE-2025-46804 CVE-2025-46805 Package : screen Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-28...
[ASA-202006-15] freerdp: multiple issues
Arch Linux Security Advisory ASA-202006-15 ========================================== Severity: High Date : 2020-06-28 CVE-ID : CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033 CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098 CVE-2020-11099 Package : freerdp Type : multiple issu...
[ASA-202006-3] chromium: multiple issues
Arch Linux Security Advisory ASA-202006-3 ========================================= Severity: High Date : 2020-06-06 CVE-ID : CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1178 Summary =====...
[ASA-202004-11] libssh: denial of service
Arch Linux Security Advisory ASA-202004-11 ========================================== Severity: Medium Date : 2020-04-09 CVE-ID : CVE-2020-1730 Package : libssh Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1130 Summary ======= The package libssh before version...
[ASA-202003-8] firefox: multiple issues
Arch Linux Security Advisory ASA-202003-8 ========================================= Severity: Critical Date : 2020-03-11 CVE-ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6808 CVE-2020-6809 CVE-2020-6810 CVE-2020-6811 CVE-2020-6812 CVE-2020-6813 CVE-2020-6814 CVE-2020-681...
[ASA-201912-4] shadow: privilege escalation
Arch Linux Security Advisory ASA-201912-4 ========================================= Severity: High Date : 2019-12-18 CVE-ID : CVE-2019-19882 Package : shadow Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1079 Summary ======= The package shadow before version...
[ASA-201911-8] squid: multiple issues
Arch Linux Security Advisory ASA-201911-8 ========================================= Severity: Critical Date : 2019-11-07 CVE-ID : CVE-2019-12526 CVE-2019-18678 CVE-2019-18679 Package : squid Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1062 Summary ======= The...
[ASA-201910-12] go: denial of service
Arch Linux Security Advisory ASA-201910-12 ========================================== Severity: Medium Date : 2019-10-21 CVE-ID : CVE-2019-17596 Package : go Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1051 Summary ======= The package go before version 2:1.13.3...
[ASA-201907-4] firefox: multiple issues
Arch Linux Security Advisory ASA-201907-4 ========================================= Severity: Critical Date : 2019-07-17 CVE-ID : CVE-2019-9811 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718...
[ASA-201903-10] wordpress: directory traversal
Arch Linux Security Advisory ASA-201903-10 ========================================== Severity: High Date : 2019-03-18 CVE-ID : CVE-2019-8943 Package : wordpress Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-909 Summary ======= The package wordpress before...
[ASA-201902-16] firefox: multiple issues
Arch Linux Security Advisory ASA-201902-16 ========================================== Severity: High Date : 2019-02-13 CVE-ID : CVE-2018-18356 CVE-2018-18511 CVE-2019-5785 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-896 Summary ======= The packa...
[ASA-201902-9] curl: arbitrary code execution
Arch Linux Security Advisory ASA-201902-9 ========================================= Severity: High Date : 2019-02-12 CVE-ID : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Package : curl Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-873 Summary ======= The...
[ASA-201902-1] dovecot: authentication bypass
Arch Linux Security Advisory ASA-201902-1 ========================================= Severity: High Date : 2019-02-06 CVE-ID : CVE-2019-3814 Package : dovecot Type : authentication bypass Remote : Yes Link : https://security.archlinux.org/AVG-872 Summary ======= The package dovecot before version...
[ASA-201811-11] systemd: multiple issues
Arch Linux Security Advisory ASA-201811-11 ========================================== Severity: Critical Date : 2018-11-07 CVE-ID : CVE-2018-15686 CVE-2018-15687 CVE-2018-15688 Package : systemd Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-789 Summary ======= The...
[ASA-201810-9] wireshark-cli: multiple issues
Arch Linux Security Advisory ASA-201810-9 ========================================= Severity: High Date : 2018-10-12 CVE-ID : CVE-2018-12086 CVE-2018-18225 CVE-2018-18226 CVE-2018-18227 Package : wireshark-cli Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-779 Summa...
[ASA-201807-12] apache: denial of service
Arch Linux Security Advisory ASA-201807-12 ========================================== Severity: Medium Date : 2018-07-20 CVE-ID : CVE-2018-1333 CVE-2018-8011 Package : apache Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-736 Summary ======= The package apache...
[ASA-201806-3] krb5: insufficient validation
Arch Linux Security Advisory ASA-201806-3 ========================================= Severity: Medium Date : 2018-06-05 CVE-ID : CVE-2018-5729 CVE-2018-5730 Package : krb5 Type : insufficient validation Remote : Yes Link : https://security.archlinux.org/AVG-586 Summary ======= The package krb5...
[ASA-201805-18] libcurl-gnutls: multiple issues
Arch Linux Security Advisory ASA-201805-18 ========================================== Severity: Critical Date : 2018-05-18 CVE-ID : CVE-2018-1000300 CVE-2018-1000301 Package : libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-699 Summary ======= The...
[ASA-201804-2] openssl: multiple issues
Arch Linux Security Advisory ASA-201804-2 ========================================= Severity: Medium Date : 2018-04-01 CVE-ID : CVE-2017-3738 CVE-2018-0739 Package : openssl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-540 Summary ======= The package openssl befor...
[ASA-201803-6] python2-django: denial of service
Arch Linux Security Advisory ASA-201803-6 ========================================= Severity: Medium Date : 2018-03-06 CVE-ID : CVE-2018-7536 CVE-2018-7537 Package : python2-django Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-649 Summary ======= The package...
[ASA-201801-20] curl: multiple issues
Arch Linux Security Advisory ASA-201801-20 ========================================== Severity: Medium Date : 2018-01-28 CVE-ID : CVE-2018-1000005 CVE-2018-1000007 Package : curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-593 Summary ======= The package curl...
[ASA-201801-8] lib32-glibc: multiple issues
Arch Linux Security Advisory ASA-201801-8 ========================================= Severity: High Date : 2018-01-10 CVE-ID : CVE-2017-15670 CVE-2017-15671 Package : lib32-glibc Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-460 Summary ======= The package lib32-gli...
[ASA-201712-8] chromium: cross-site scripting
Arch Linux Security Advisory ASA-201712-8 ========================================= Severity: High Date : 2017-12-16 CVE-ID : CVE-2017-15429 Package : chromium Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-546 Summary ======= The package chromium before versio...
[ASA-201711-5] zathura-pdf-mupdf: arbitrary code execution
Arch Linux Security Advisory ASA-201711-5 ========================================= Severity: High Date : 2017-11-01 CVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587 Package : zathura-pdf-mupdf Type : arbitrary code execution Remote : No Link :...
[ASA-201710-19] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201710-19 ========================================== Severity: Critical Date : 2017-10-12 CVE-ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 Package : thunderbird Type : multiple issues Remote :...
[ASA-201707-30] cacti: cross-site scripting
Arch Linux Security Advisory ASA-201707-30 ========================================== Severity: Medium Date : 2017-07-27 CVE-ID : CVE-2017-11691 Package : cacti Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-365 Summary ======= The package cacti before version...
[ASA-201707-28] wireshark-cli: denial of service
Arch Linux Security Advisory ASA-201707-28 ========================================== Severity: Low Date : 2017-07-26 CVE-ID : CVE-2017-11406 CVE-2017-11407 CVE-2017-11408 CVE-2017-11410 CVE-2017-11411 Package : wireshark-cli Type : denial of service Remote : Yes Link :...
[ASA-201707-22] vim: arbitrary code execution
Arch Linux Security Advisory ASA-201707-22 ========================================== Severity: High Date : 2017-07-18 CVE-ID : CVE-2017-11109 Package : vim Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-347 Summary ======= The package vim before version...
[ASA-201706-21] chromium: multiple issues
Arch Linux Security Advisory ASA-201706-21 ========================================== Severity: High Date : 2017-06-17 CVE-ID : CVE-2017-5087 CVE-2017-5088 CVE-2017-5089 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-304 Summary ======= The packag...
[ASA-201706-7] tomcat8: access restriction bypass
Arch Linux Security Advisory ASA-201706-7 ========================================= Severity: High Date : 2017-06-06 CVE-ID : CVE-2017-5664 Package : tomcat8 Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-291 Summary ======= The package tomcat8 before...
[ASA-201705-21] lib32-nss: arbitrary code execution
Arch Linux Security Advisory ASA-201705-21 ========================================== Severity: Critical Date : 2017-05-29 CVE-ID : CVE-2017-5461 Package : lib32-nss Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-248 Summary ======= The package lib32-nss...
[ASA-201705-13] kdelibs: privilege escalation
Arch Linux Security Advisory ASA-201705-13 ========================================== Severity: High Date : 2017-05-10 CVE-ID : CVE-2017-8422 Package : kdelibs Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-270 Summary ======= The package kdelibs before version...
[ASA-201609-19] curl: denial of service
Arch Linux Security Advisory ASA-201609-19 ========================================== Severity: Low Date : 20916-09-20 CVE-ID : CVE-2016-7167 Package : curl Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package curl before version 7.50.3...
squid: multiple issues
CVE-2016-4554 cache poisoning, same-origin policy bypass: Due to incorrect input validation, Squid is vulnerable to a header smuggling attack leading to cache poisoning and bypass of the same-origin security policy in Squid and some client browsers. - CVE-2016-4555, CVE-2016-4556 denial of...
jasper: multiple issues
CVE-2016-1577 arbitrary code execution Double free vulnerability in the jasiccattrvaldestroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file. -...
chromium: multiple issues
CVE-2016-1643 type confusion Type confusion in Blink. - CVE-2016-1644 use-after-free Use-after-free in Blink. - CVE-2016-1645 out-of-bounds write Out-of-bounds write in PDFium...
kscreenlocker: access restriction bypass
A vulnerability has been discovered in kscreenlocker that is leading to access restriction bypass. Turning all screens off while the lock screen is shown can result in the screen being unlocked when turning a screen on again...