[ASA-202004-21] git: information disclosure

Arch Linux Security Advisory ASA-202004-21 ========================================== Severity: High Date : 2020-04-22 CVE-ID : CVE-2020-11008 Package : git Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-1138 Summary ======= The package git before version...

[ASA-202004-20] chromium: multiple issues

Arch Linux Security Advisory ASA-202004-20 ========================================== Severity: High Date : 2020-04-22 CVE-ID : CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1140 Summary ======= The packa...

[ASA-201910-12] go: denial of service

Arch Linux Security Advisory ASA-201910-12 ========================================== Severity: Medium Date : 2019-10-21 CVE-ID : CVE-2019-17596 Package : go Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1051 Summary ======= The package go before version 2:1.13.3...

[ASA-201908-18] dovecot: arbitrary code execution

Arch Linux Security Advisory ASA-201908-18 ========================================== Severity: Critical Date : 2019-08-28 CVE-ID : CVE-2019-11500 Package : dovecot Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1026 Summary ======= The package dovecot befo...

[ASA-201907-4] firefox: multiple issues

Arch Linux Security Advisory ASA-201907-4 ========================================= Severity: Critical Date : 2019-07-17 CVE-ID : CVE-2019-9811 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718...

[ASA-201903-10] wordpress: directory traversal

Arch Linux Security Advisory ASA-201903-10 ========================================== Severity: High Date : 2019-03-18 CVE-ID : CVE-2019-8943 Package : wordpress Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-909 Summary ======= The package wordpress before...

[ASA-201902-9] curl: arbitrary code execution

Arch Linux Security Advisory ASA-201902-9 ========================================= Severity: High Date : 2019-02-12 CVE-ID : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Package : curl Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-873 Summary ======= The...

[ASA-201901-11] go: private key recovery

Arch Linux Security Advisory ASA-201901-11 ========================================== Severity: Medium Date : 2019-01-24 CVE-ID : CVE-2019-6486 Package : go Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-859 Summary ======= The package go before version...

[ASA-201811-14] patch: multiple issues

Arch Linux Security Advisory ASA-201811-14 ========================================== Severity: High Date : 2018-11-12 CVE-ID : CVE-2018-6952 CVE-2018-1000156 Package : patch Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-808 Summary ======= The package patch before...

[ASA-201811-11] systemd: multiple issues

Arch Linux Security Advisory ASA-201811-11 ========================================== Severity: Critical Date : 2018-11-07 CVE-ID : CVE-2018-15686 CVE-2018-15687 CVE-2018-15688 Package : systemd Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-789 Summary ======= The...

[ASA-201811-1] linux: denial of service

Arch Linux Security Advisory ASA-201811-1 ========================================= Severity: Low Date : 2018-11-01 CVE-ID : CVE-2018-18445 Package : linux Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-784 Summary ======= The package linux before version...

[ASA-201810-8] patch: multiple issues

Arch Linux Security Advisory ASA-201810-8 ========================================= Severity: High Date : 2018-10-09 CVE-ID : CVE-2018-6951 CVE-2018-6952 CVE-2018-1000156 Package : patch Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-619 Summary ======= The package...

[ASA-201806-3] krb5: insufficient validation

Arch Linux Security Advisory ASA-201806-3 ========================================= Severity: Medium Date : 2018-06-05 CVE-ID : CVE-2018-5729 CVE-2018-5730 Package : krb5 Type : insufficient validation Remote : Yes Link : https://security.archlinux.org/AVG-586 Summary ======= The package krb5...

[ASA-201803-15] curl: multiple issues

Arch Linux Security Advisory ASA-201803-15 ========================================== Severity: Medium Date : 2018-03-19 CVE-ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 Package : curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-653 Summary ======= The...

[ASA-201711-2] libmupdf: arbitrary code execution

Arch Linux Security Advisory ASA-201711-2 ========================================= Severity: High Date : 2017-11-01 CVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587 Package : libmupdf Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-458...

[ASA-201710-29] xorg-server: arbitrary code execution

Arch Linux Security Advisory ASA-201710-29 ========================================== Severity: High Date : 2017-10-21 CVE-ID : CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12183 Package : xorg-server Type : arbitrary code execution Remote : Yes Link :...

[ASA-201710-1] dnsmasq: multiple issues

Arch Linux Security Advisory ASA-201710-1 ========================================= Severity: Critical Date : 2017-10-02 CVE-ID : CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Package : dnsmasq Type : multiple issues Remote : Yes Link :...

[ASA-201708-18] thunderbird: multiple issues

Arch Linux Security Advisory ASA-201708-18 ========================================== Severity: Critical Date : 2017-08-23 CVE-ID : CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-78...

[ASA-201705-13] kdelibs: privilege escalation

Arch Linux Security Advisory ASA-201705-13 ========================================== Severity: High Date : 2017-05-10 CVE-ID : CVE-2017-8422 Package : kdelibs Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-270 Summary ======= The package kdelibs before version...

[ASA-201704-12] curl: certificate verification bypass

Arch Linux Security Advisory ASA-201704-12 ========================================== Severity: Medium Date : 2017-04-29 CVE-ID : CVE-2017-7468 Package : curl Type : certificate verification bypass Remote : Yes Link : https://security.archlinux.org/AVG-241 Summary ======= The package curl before...

[ASA-201701-3] gst-plugins-bad: multiple issues

Arch Linux Security Advisory ASA-201701-3 ========================================= Severity: High Date : 2017-01-02 CVE-ID : CVE-2016-9445 CVE-2016-9446 Package : gst-plugins-bad Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-76 Summary ======= The package...

[ASA-201609-28] lib32-openssl: denial of service

Arch Linux Security Advisory ASA-201609-28 ========================================== Severity: Medium Date : 2016-09-27 CVE-ID : CVE-2016-7052 Package : lib32-openssl Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lib32-openssl...

[ASA-201609-19] curl: denial of service

Arch Linux Security Advisory ASA-201609-19 ========================================== Severity: Low Date : 20916-09-20 CVE-ID : CVE-2016-7167 Package : curl Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package curl before version 7.50.3...

python-django: cross-site scripting

Unsafe usage of JavaScript's Element.innerHTML could result in XSS in the admin's add/change related popup. Element.textContent is now used to prevent execution of the data. The debug view also used innerHTML. Although a security issue wasn't identified there, out of an abundance of caution it's...

subversion: multiple issues

CVE-2016-2167 authentication restriction bypass The canonicalizeusername function in svnserve/cyrusauth.c, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm...

ntp: distributed denial of service amplification

CVE-2016-4953 distributed denial of service amplification An attacker who knows the origin timestamp and can send a spoofed packet containing a CRYPTO-NAK to an ephemeral peer target before any other response is sent can demobilize that association. Credit to Miroslav Lichvar of Red Hat -...

glibc: multiple issues

CVE-2016-1234 arbitrary code execution It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOBALTDIRFUNC is used, causing a large stack-based buffer overflow with controlled length and content. - CVE-2016-3706 denial of service A...

libksba: denial of service

An out-of-bound read access due to incorrect utf-8 strings handling has been in found in the ksbadntostr function. This issue is due to an incomplete fix for CVE-2016-4356, caused by an off-by-one error when handling incorrect utf-8 strings...

glibc: unbound stack usage

CVE-2014-9761 unbound stack usage The nan, nanf and nanl functions no longer have unbounded stack usage depending on the length of the string passed as an argument to the functions...

kscreenlocker: access restriction bypass

A vulnerability has been discovered in kscreenlocker that is leading to access restriction bypass. Turning all screens off while the lock screen is shown can result in the screen being unlocked when turning a screen on again...

python2-rsa: signature forgery

The verify function in the RSA package for Python Python-RSA before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack...

go: information leakage

This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...

gajim: man-in-the-middle

It was found that gajim doesn't verify the origin of roster pushes thus allowing third parties to modify the roster. This vulnerability allows to intercept messages resulting in man-in-the-middle...

flashplugin: multiple issues

CVE-2015-5569 information leak, insufficient hardening These updates include a defense-in-depth feature in the Flash broker API. - CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7630 CVE-2015-7633 CVE-2015-7634 arbitrary code execution These updates resolve memory corruption vulnerabilities...

postgresql: multiple issues

CVE-2015-3165 denial of service SSL clients disconnecting just before the authentication timeout expires can cause the server to crash via a double-free issue leading to denial of service. - CVE-2015-3166 information disclosure The replacement implementation of snprintf failed to check for errors...

qemu: arbitrary code execution

The guest operating system communicates with the FDC by sending commands such as seek, read, write, format, etc. to the FDCs input/output port. QEMUs virtual FDC uses a fixed-size buffer for storing these commands and their associated data parameters. The FDC keeps track of how much data to expec...

libtasn1: arbitrary code execution

A heap-based buffer overflow flaw was found in the way the libtasn1 library decoded certain DER-encoded input. A specially crafted, DER-encoded input could cause an application using libtasn1 to perform an invalid read, causing the application to crash or, possibly, execute arbitrary code. The he...

perl-xml-libxml: XML External Entity

Unpreserved unset options after a clone call e.g: in loadxml leads to not preserved expandentities. Therefore it leads to a XML-External-Entity Vulnerability...

chromium: multiple issues

CVE-2015-1243 use-after-free: Use-after-free in DOM. Credit to Saif El-Sherei. - CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives...

firefox: arbitrary code execution

Mozilla developer Robert Kaiser reported that a specially crafted HTML, when loaded by the target user, will trigger a use-after-free race condition when a plugin fails to initialize, which may lead to a memory corruption error in AsyncPaintWaitEvent::AsyncPaintWaitEvent and arbitrary code...

ettercap: multiple issues

CVE-2014-6395 arbitrary code execution Heap-based buffer overflow in the dissectorpostgresql function in dissectors/ecpostgresql.c allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual...

libevent: heap overflow

A defect in the libevent evbuffer API could possibly leave some programs that use the evbuffer API open to potential heap overflows. A program using the evbufferadd, evbufferprepend, evbufferexpand, exbufferreservespace, or evbufferread functions may be vulnerable if an attacker is able to coax t...

graphviz: format string vulnerability

A format string vulnerability has been found in the error reporting part of the parser used by graphviz...

wget: arbitrary filesystem access

It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP. By default, when retrieving ftp directories recursively and a symbolic link is encountered, t...

[ASA-202110-11] freerdp: arbitrary code execution

Arch Linux Security Advisory ASA-202110-11 ========================================== Severity: Medium Date : 2021-10-29 CVE-ID : CVE-2021-41159 CVE-2021-41160 Package : freerdp Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2488 Summary ======= The package...

[ASA-202109-4] element-desktop: information disclosure

Arch Linux Security Advisory ASA-202109-4 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-40823 Package : element-desktop Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2377 Summary ======= The package...

[ASA-202010-1] chromium: multiple issues

Arch Linux Security Advisory ASA-202010-1 ========================================= Severity: Critical Date : 2020-10-10 CVE-ID : CVE-2020-6557 CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976...

[ASA-202007-4] ffmpeg: arbitrary code execution

Arch Linux Security Advisory ASA-202007-4 ========================================= Severity: High Date : 2020-07-31 CVE-ID : CVE-2020-13904 Package : ffmpeg Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1180 Summary ======= The package ffmpeg before versi...

[ASA-202003-2] opensc: denial of service

Arch Linux Security Advisory ASA-202003-2 ========================================= Severity: Medium Date : 2020-03-04 CVE-ID : CVE-2019-6502 CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2019-19480 CVE-2019-19481 Package : opensc Type : denial of service Remote : No Link :...

[ASA-201912-4] shadow: privilege escalation

Arch Linux Security Advisory ASA-201912-4 ========================================= Severity: High Date : 2019-12-18 CVE-ID : CVE-2019-19882 Package : shadow Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1079 Summary ======= The package shadow before version...