1854 matches found
xerces-c: denial of service
The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker...
lib32-gnutls: arbitrary file overwrite
Setuid programs using GnuTLS could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 with the GNUTLSKEYLOGFILE environment variable handling via getenv and fixed in GnuTLS 3.4.13 by switching to securegetenv where...
squid: multiple issues
CVE-2016-4554 cache poisoning, same-origin policy bypass: Due to incorrect input validation, Squid is vulnerable to a header smuggling attack leading to cache poisoning and bypass of the same-origin security policy in Squid and some client browsers. - CVE-2016-4555, CVE-2016-4556 denial of...
jasper: multiple issues
CVE-2016-1577 arbitrary code execution Double free vulnerability in the jasiccattrvaldestroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file. -...
chromium: multiple issues
CVE-2016-1643 type confusion Type confusion in Blink. - CVE-2016-1644 use-after-free Use-after-free in Blink. - CVE-2016-1645 out-of-bounds write Out-of-bounds write in PDFium...
python2-django: permission bypass
If a ModelAdmin uses saveas=True not the default, the admin provides an option when editing objects to "Save as new". A regression in Django 1.9 prevented that form submission from raising a "Permission Denied" error for users without the "add" permission...
miniupnpc: arbitrary code execution
An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this...
chromium: multiple issues
CVE-2015-6755 cross-origin bypass: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2015-6756 use-after-free: Use-after-free in PDFium. - CVE-2015-6757 use-after-free: Use-after-free in ServiceWorker. Credit to Collin Payne. - CVE-2015-6758: Bad-cast in PDFium. Credit to Atte...
firefox: multiple issues
CVE-2015-4500 Memory safety bugs fixed in Firefox ESR 38.3 and Firefox 41: Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight and Cameron McCormack reported memory safety problems and crashes that affect Firefox ESR 38.2 and Firefox 40. Some of these...
pacman: silent downgrade
A flaw has been discovered in pacman that is leading to possible silent package downgrade when exploited. While loading each package it was not ensured that the internal version matches the expected database version, leading to the possibility to circumvent the version check. This issue can be us...
bind: denial of service
A very uncommon combination of zone data has been found that triggers a bug in BIND, with the result that named will exit with a "REQUIRE" failure in name.c when validating the data returned in answer to a recursive query. This means that a recursive resolver that is performing DNSSEC validation...
mariadb-clients: denial of service
A heap-based buffer overflow was found in the way PCRE handled certain malformed regular expressions. This issue could cause a crash while parsing malicious regular expressions related to an assertion that allows zero repeats...
firefox: certificate verification bypass
Security researcher Muneaki Nishimura discovered a flaw in the Mozilla's HTTP Alternative Services implementation. If an Alt-Svc header is specified in the HTTP/2 response, SSL certificate verification can be bypassed for the specified alternate server. As a result of this, warnings of invalid SS...
firefox: multiple issues
CVE-2015-0817 arbitrary remote code execution: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation JIT and its management of bounds checking for heap access...
unzip: arbitrary code execution
A buffer overflow out-of-bounds read or write in testcompreb in extract.c was found in the way unzip handled an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. A specially crafted Zip archive could cause unzi...
xorg-server: information leak and denial of service
Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request. The issue stems from the server trusting the client to send valid string lengths in the request data. A malicious client with string lengths exceeding the...
chromium: multiple issues
CVE-2015-1209 use-after-free Use-after-free in DOM, possibly leading to arbitrary code execution. Credit to Maksymillian Motyl. - CVE-2015-1210 cross-origin bypass Cross-origin-bypass in V8 bindings allows an attacker to bypass the same-origin policy. - CVE-2015-1211 privilege escalation...
chromium: multiple issues
CVE-2014-7923 memory corruption The Regular Expressions package in International Components for Unicode ICU 52, allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via vectors related to a 1 zero-length quantifier or 2 look-behind...
gnupg: denial of service
By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow. The bug is not easy to exploit because there only 80 possible values which can be used to overwrite memory. However, a denial of service is possible and someone may come up with other...
curl: out-of-bounds read
Symeon Paraschoudis discovered that the curleasyduphandle function has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending...
[ASA-202505-1] screen: multiple issues
Arch Linux Security Advisory ASA-202505-1 ========================================= Severity: High Date : 2025-05-13 CVE-ID : CVE-2025-23395 CVE-2025-46802 CVE-2025-46803 CVE-2025-46804 CVE-2025-46805 Package : screen Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-28...
[ASA-202207-2] wpewebkit: multiple issues
Arch Linux Security Advisory ASA-202207-2 ========================================= Severity: Critical Date : 2022-07-29 CVE-ID : CVE-2022-32792 CVE-2022-32816 Package : wpewebkit Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2789 Summary ======= The package...
[ASA-202111-1] jenkins: multiple issues
Arch Linux Security Advisory ASA-202111-1 ========================================= Severity: Critical Date : 2021-11-05 CVE-ID : CVE-2021-21685 CVE-2021-21686 CVE-2021-21687 CVE-2021-21688 CVE-2021-21689 CVE-2021-21690 CVE-2021-21691 CVE-2021-21692 CVE-2021-21693 CVE-2021-21694 CVE-2021-21695...
[ASA-202006-3] chromium: multiple issues
Arch Linux Security Advisory ASA-202006-3 ========================================= Severity: High Date : 2020-06-06 CVE-ID : CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1178 Summary =====...
[ASA-202005-14] unbound: denial of service
Arch Linux Security Advisory ASA-202005-14 ========================================== Severity: High Date : 2020-05-20 CVE-ID : CVE-2020-12662 CVE-2020-12663 Package : unbound Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1164 Summary ======= The package unbound...
[ASA-202004-11] libssh: denial of service
Arch Linux Security Advisory ASA-202004-11 ========================================== Severity: Medium Date : 2020-04-09 CVE-ID : CVE-2020-1730 Package : libssh Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1130 Summary ======= The package libssh before version...
[ASA-202004-6] firefox: arbitrary code execution
Arch Linux Security Advisory ASA-202004-6 ========================================= Severity: Critical Date : 2020-04-04 CVE-ID : CVE-2020-6819 CVE-2020-6820 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1125 Summary ======= The package...
[ASA-202004-4] linux: privilege escalation
Arch Linux Security Advisory ASA-202004-4 ========================================= Severity: High Date : 2020-04-01 CVE-ID : CVE-2020-8835 Package : linux Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1122 Summary ======= The package linux before version...
[ASA-202003-9] webkit2gtk: arbitrary code execution
Arch Linux Security Advisory ASA-202003-9 ========================================= Severity: Critical Date : 2020-03-13 CVE-ID : CVE-2020-10018 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1114 Summary ======= The package webkit2gtk...
[ASA-202003-8] firefox: multiple issues
Arch Linux Security Advisory ASA-202003-8 ========================================= Severity: Critical Date : 2020-03-11 CVE-ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6808 CVE-2020-6809 CVE-2020-6810 CVE-2020-6811 CVE-2020-6812 CVE-2020-6813 CVE-2020-6814 CVE-2020-681...
[ASA-201911-8] squid: multiple issues
Arch Linux Security Advisory ASA-201911-8 ========================================= Severity: Critical Date : 2019-11-07 CVE-ID : CVE-2019-12526 CVE-2019-18678 CVE-2019-18679 Package : squid Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1062 Summary ======= The...
[ASA-201902-17] webkit2gtk: arbitrary code execution
Arch Linux Security Advisory ASA-201902-17 ========================================== Severity: Critical Date : 2019-02-15 CVE-ID : CVE-2019-6212 CVE-2019-6215 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-899 Summary ======= The packa...
[ASA-201902-16] firefox: multiple issues
Arch Linux Security Advisory ASA-201902-16 ========================================== Severity: High Date : 2019-02-13 CVE-ID : CVE-2018-18356 CVE-2018-18511 CVE-2019-5785 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-896 Summary ======= The packa...
[ASA-201901-15] haproxy: denial of service
Arch Linux Security Advisory ASA-201901-15 ========================================== Severity: Medium Date : 2019-01-24 CVE-ID : CVE-2018-20102 CVE-2018-20103 Package : haproxy Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-836 Summary ======= The package haproxy...
[ASA-201901-11] go: private key recovery
Arch Linux Security Advisory ASA-201901-11 ========================================== Severity: Medium Date : 2019-01-24 CVE-ID : CVE-2019-6486 Package : go Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-859 Summary ======= The package go before version...
[ASA-201812-3] wireshark-cli: multiple issues
Arch Linux Security Advisory ASA-201812-3 ========================================= Severity: Critical Date : 2018-12-08 CVE-ID : CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 CVE-2018-19627 CVE-2018-19628 Package : wireshark-cli Type : multiple issues Remote : Yes Li...
[ASA-201806-14] firefox: multiple issues
Arch Linux Security Advisory ASA-201806-14 ========================================== Severity: Critical Date : 2018-06-27 CVE-ID : CVE-2018-5186 CVE-2018-5187 CVE-2018-5188 CVE-2018-12356 CVE-2018-12358 CVE-2018-12359 CVE-2018-12360 CVE-2018-12361 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364...
[ASA-201803-20] lib32-libcurl-gnutls: multiple issues
Arch Linux Security Advisory ASA-201803-20 ========================================== Severity: Medium Date : 2018-03-19 CVE-ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 Package : lib32-libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-656...
[ASA-201803-15] curl: multiple issues
Arch Linux Security Advisory ASA-201803-15 ========================================== Severity: Medium Date : 2018-03-19 CVE-ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 Package : curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-653 Summary ======= The...
[ASA-201803-6] python2-django: denial of service
Arch Linux Security Advisory ASA-201803-6 ========================================= Severity: Medium Date : 2018-03-06 CVE-ID : CVE-2018-7536 CVE-2018-7537 Package : python2-django Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-649 Summary ======= The package...
[ASA-201801-7] graphicsmagick: multiple issues
Arch Linux Security Advisory ASA-201801-7 ========================================= Severity: High Date : 2018-01-08 CVE-ID : CVE-2017-11403 CVE-2017-12935 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 CVE-2017-13066 CVE-2017-13134 CVE-2017-13776 CVE-2017-13777...
[ASA-201711-20] mediawiki: multiple issues
Arch Linux Security Advisory ASA-201711-20 ========================================== Severity: High Date : 2017-11-15 CVE-ID : CVE-2017-0361 CVE-2017-8808 CVE-2017-8809 CVE-2017-8810 CVE-2017-8811 CVE-2017-8812 CVE-2017-8814 CVE-2017-8815 Package : mediawiki Type : multiple issues Remote : Yes...
[ASA-201710-19] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201710-19 ========================================== Severity: Critical Date : 2017-10-12 CVE-ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 Package : thunderbird Type : multiple issues Remote :...
[ASA-201708-18] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201708-18 ========================================== Severity: Critical Date : 2017-08-23 CVE-ID : CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-78...
[ASA-201707-13] irssi: denial of service
Arch Linux Security Advisory ASA-201707-13 ========================================== Severity: Critical Date : 2017-07-13 CVE-ID : CVE-2017-10965 CVE-2017-10966 Package : irssi Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-342 Summary ======= The package irssi...
[ASA-201706-5] libusbmuxd: access restriction bypass
Arch Linux Security Advisory ASA-201706-5 ========================================= Severity: Medium Date : 2017-06-05 CVE-ID : CVE-2016-5104 Package : libusbmuxd Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-7 Summary ======= The package libusbmuxd befor...
[ASA-201704-12] curl: certificate verification bypass
Arch Linux Security Advisory ASA-201704-12 ========================================== Severity: Medium Date : 2017-04-29 CVE-ID : CVE-2017-7468 Package : curl Type : certificate verification bypass Remote : Yes Link : https://security.archlinux.org/AVG-241 Summary ======= The package curl before...
glibc: multiple issues
CVE-2016-1234 arbitrary code execution It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOBALTDIRFUNC is used, causing a large stack-based buffer overflow with controlled length and content. - CVE-2016-3706 denial of service A...
curl: authentication bypass
A vulnerability was found in a way libcurl uses NTLM-authenticated proxy connections. Libcurl will reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. Since NTLM-based authentication is...
go-ipfs: information leakage
This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...