1854 matches found
bind: denial of service
By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the delegation. This can lead to resource exhaustion and...
curl: out-of-bounds read
Symeon Paraschoudis discovered that the curleasyduphandle function has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending...
[ASA-202005-14] unbound: denial of service
Arch Linux Security Advisory ASA-202005-14 ========================================== Severity: High Date : 2020-05-20 CVE-ID : CVE-2020-12662 CVE-2020-12663 Package : unbound Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1164 Summary ======= The package unbound...
[ASA-202003-9] webkit2gtk: arbitrary code execution
Arch Linux Security Advisory ASA-202003-9 ========================================= Severity: Critical Date : 2020-03-13 CVE-ID : CVE-2020-10018 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1114 Summary ======= The package webkit2gtk...
[ASA-201911-8] squid: multiple issues
Arch Linux Security Advisory ASA-201911-8 ========================================= Severity: Critical Date : 2019-11-07 CVE-ID : CVE-2019-12526 CVE-2019-18678 CVE-2019-18679 Package : squid Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1062 Summary ======= The...
[ASA-201902-17] webkit2gtk: arbitrary code execution
Arch Linux Security Advisory ASA-201902-17 ========================================== Severity: Critical Date : 2019-02-15 CVE-ID : CVE-2019-6212 CVE-2019-6215 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-899 Summary ======= The packa...
[ASA-201902-9] curl: arbitrary code execution
Arch Linux Security Advisory ASA-201902-9 ========================================= Severity: High Date : 2019-02-12 CVE-ID : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Package : curl Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-873 Summary ======= The...
[ASA-201901-15] haproxy: denial of service
Arch Linux Security Advisory ASA-201901-15 ========================================== Severity: Medium Date : 2019-01-24 CVE-ID : CVE-2018-20102 CVE-2018-20103 Package : haproxy Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-836 Summary ======= The package haproxy...
[ASA-201811-14] patch: multiple issues
Arch Linux Security Advisory ASA-201811-14 ========================================== Severity: High Date : 2018-11-12 CVE-ID : CVE-2018-6952 CVE-2018-1000156 Package : patch Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-808 Summary ======= The package patch before...
[ASA-201811-1] linux: denial of service
Arch Linux Security Advisory ASA-201811-1 ========================================= Severity: Low Date : 2018-11-01 CVE-ID : CVE-2018-18445 Package : linux Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-784 Summary ======= The package linux before version...
[ASA-201810-8] patch: multiple issues
Arch Linux Security Advisory ASA-201810-8 ========================================= Severity: High Date : 2018-10-09 CVE-ID : CVE-2018-6951 CVE-2018-6952 CVE-2018-1000156 Package : patch Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-619 Summary ======= The package...
[ASA-201806-14] firefox: multiple issues
Arch Linux Security Advisory ASA-201806-14 ========================================== Severity: Critical Date : 2018-06-27 CVE-ID : CVE-2018-5186 CVE-2018-5187 CVE-2018-5188 CVE-2018-12356 CVE-2018-12358 CVE-2018-12359 CVE-2018-12360 CVE-2018-12361 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364...
[ASA-201805-5] mupdf-gl: multiple issues
Arch Linux Security Advisory ASA-201805-5 ========================================= Severity: High Date : 2018-05-10 CVE-ID : CVE-2018-5686 CVE-2018-6187 CVE-2018-6192 CVE-2018-6544 CVE-2018-1000051 Package : mupdf-gl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-6...
[ASA-201803-20] lib32-libcurl-gnutls: multiple issues
Arch Linux Security Advisory ASA-201803-20 ========================================== Severity: Medium Date : 2018-03-19 CVE-ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 Package : lib32-libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-656...
[ASA-201801-26] lib32-libcurl-compat: multiple issues
Arch Linux Security Advisory ASA-201801-26 ========================================== Severity: Medium Date : 2018-01-29 CVE-ID : CVE-2018-1000005 CVE-2018-1000007 Package : lib32-libcurl-compat Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-598 Summary ======= The...
[ASA-201801-20] curl: multiple issues
Arch Linux Security Advisory ASA-201801-20 ========================================== Severity: Medium Date : 2018-01-28 CVE-ID : CVE-2018-1000005 CVE-2018-1000007 Package : curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-593 Summary ======= The package curl...
[ASA-201801-8] lib32-glibc: multiple issues
Arch Linux Security Advisory ASA-201801-8 ========================================= Severity: High Date : 2018-01-10 CVE-ID : CVE-2017-15670 CVE-2017-15671 Package : lib32-glibc Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-460 Summary ======= The package lib32-gli...
[ASA-201711-4] mupdf: arbitrary code execution
Arch Linux Security Advisory ASA-201711-4 ========================================= Severity: High Date : 2017-11-01 CVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587 Package : mupdf Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-458 Summa...
[ASA-201711-1] mupdf-gl: arbitrary code execution
Arch Linux Security Advisory ASA-201711-1 ========================================= Severity: High Date : 2017-11-01 CVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587 Package : mupdf-gl Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-458...
[ASA-201710-29] xorg-server: arbitrary code execution
Arch Linux Security Advisory ASA-201710-29 ========================================== Severity: High Date : 2017-10-21 CVE-ID : CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12183 Package : xorg-server Type : arbitrary code execution Remote : Yes Link :...
[ASA-201710-19] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201710-19 ========================================== Severity: Critical Date : 2017-10-12 CVE-ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 Package : thunderbird Type : multiple issues Remote :...
[ASA-201710-1] dnsmasq: multiple issues
Arch Linux Security Advisory ASA-201710-1 ========================================= Severity: Critical Date : 2017-10-02 CVE-ID : CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Package : dnsmasq Type : multiple issues Remote : Yes Link :...
[ASA-201707-22] vim: arbitrary code execution
Arch Linux Security Advisory ASA-201707-22 ========================================== Severity: High Date : 2017-07-18 CVE-ID : CVE-2017-11109 Package : vim Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-347 Summary ======= The package vim before version...
[ASA-201706-21] chromium: multiple issues
Arch Linux Security Advisory ASA-201706-21 ========================================== Severity: High Date : 2017-06-17 CVE-ID : CVE-2017-5087 CVE-2017-5088 CVE-2017-5089 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-304 Summary ======= The packag...
[ASA-201705-9] lib32-flashplugin: arbitrary code execution
Arch Linux Security Advisory ASA-201705-9 ========================================= Severity: Critical Date : 2017-05-09 CVE-ID : CVE-2017-3068 CVE-2017-3069 CVE-2017-3070 CVE-2017-3071 CVE-2017-3072 CVE-2017-3073 CVE-2017-3074 Package : lib32-flashplugin Type : arbitrary code execution Remote :...
[ASA-201704-12] curl: certificate verification bypass
Arch Linux Security Advisory ASA-201704-12 ========================================== Severity: Medium Date : 2017-04-29 CVE-ID : CVE-2017-7468 Package : curl Type : certificate verification bypass Remote : Yes Link : https://security.archlinux.org/AVG-241 Summary ======= The package curl before...
[ASA-201701-3] gst-plugins-bad: multiple issues
Arch Linux Security Advisory ASA-201701-3 ========================================= Severity: High Date : 2017-01-02 CVE-ID : CVE-2016-9445 CVE-2016-9446 Package : gst-plugins-bad Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-76 Summary ======= The package...
[ASA-201612-22] curl: multiple issues
Arch Linux Security Advisory ASA-201612-22 ========================================== Severity: Medium Date : 2016-12-27 CVE-ID : CVE-2016-9586 CVE-2016-9594 Package : curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-112 Summary ======= The package curl before...
[ASA-201609-30] openssl: denial of service
Arch Linux Security Advisory ASA-201609-30 ========================================== Severity: Medium Date : 2016-09-28 CVE-ID : CVE-2016-7052 Package : openssl Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package openssl before versio...
[ASA-201609-28] lib32-openssl: denial of service
Arch Linux Security Advisory ASA-201609-28 ========================================== Severity: Medium Date : 2016-09-27 CVE-ID : CVE-2016-7052 Package : lib32-openssl Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lib32-openssl...
[ASA-201609-26] lib32-gnutls: certificate verification bypass
Arch Linux Security Advisory ASA-201609-26 ========================================== Severity: Medium Date : 2016-09-26 CVE-ID : CVE-2016-7444 Package : lib32-gnutls Type : certificate verification bypass Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...
mupdf: arbitrary code execution
Yu Hong and Zheng Jihong discovered a heap overflow vulnerability within the pdfloadmeshparams function, allowing an attacker to cause an application crash denial-of-service, or potentially to execute arbitrary code with the privileges of the user running MuPDF, if a specially crafted PDF file is...
python-django: cross-site scripting
Unsafe usage of JavaScript's Element.innerHTML could result in XSS in the admin's add/change related popup. Element.textContent is now used to prevent execution of the data. The debug view also used innerHTML. Although a security issue wasn't identified there, out of an abundance of caution it's...
glibc: unbound stack usage
CVE-2014-9761 unbound stack usage The nan, nanf and nanl functions no longer have unbounded stack usage depending on the length of the string passed as an argument to the functions...
go: information leakage
This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...
gajim: man-in-the-middle
It was found that gajim doesn't verify the origin of roster pushes thus allowing third parties to modify the roster. This vulnerability allows to intercept messages resulting in man-in-the-middle...
openldap: denial of service
By sending a crafted packet, an attacker can cause the OpenLDAP daemon to crash with a SIGABRT. This is due to an assert call within the bergetnext method io.c line 682 that is hit when decoding tampered BER data. The following proof of concept exploit can be used to trigger the condition: echo...
python-django, python2-django: denial of service
Previously, a session could be created when anonymously accessing the django.contrib.auth.views.logout view provided it wasn't decorated with django.contrib.auth.decorators.loginrequired as done in the admin. This could allow an attacker to easily create many new session records by sending repeat...
lib32-krb5: multiple issues
CVE-2014-5355 denial of service When a server process uses the krb5recvauth function, an unauthenticated remote attacker can cause a NULL dereference by sending a zero-byte version string, or a read beyond the end of allocated storage by sending a non-null-terminated version string. The example...
libtasn1: arbitrary code execution
A heap-based buffer overflow flaw was found in the way the libtasn1 library decoded certain DER-encoded input. A specially crafted, DER-encoded input could cause an application using libtasn1 to perform an invalid read, causing the application to crash or, possibly, execute arbitrary code. The he...
perl-xml-libxml: XML External Entity
Unpreserved unset options after a clone call e.g: in loadxml leads to not preserved expandentities. Therefore it leads to a XML-External-Entity Vulnerability...
chromium: multiple issues
CVE-2015-1243 use-after-free: Use-after-free in DOM. Credit to Saif El-Sherei. - CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives...
ettercap: multiple issues
CVE-2014-6395 arbitrary code execution Heap-based buffer overflow in the dissectorpostgresql function in dissectors/ecpostgresql.c allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual...
rsyslog: remote denial of service
Sending a syslog message containing an invalid PRI value to a vulnerable rsyslog server accepting remote message will trigger a denial of service by crashing the rsyslog process...
[ASA-202410-1] oath-toolkit: privilege escalation
Arch Linux Security Advisory ASA-202410-1 ========================================= Severity: High Date : 2024-10-04 CVE-ID : CVE-2024-47191 Package : oath-toolkit Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-2857 Summary ======= The package oath-toolkit befor...
[ASA-202112-12] grafana-agent: information disclosure
Arch Linux Security Advisory ASA-202112-12 ========================================== Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-41090 Package : grafana-agent Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2614 Summary ======= The package grafana-agen...
[ASA-202009-14] yaws: multiple issues
Arch Linux Security Advisory ASA-202009-14 ========================================== Severity: High Date : 2020-09-26 CVE-ID : CVE-2020-12872 CVE-2020-24379 CVE-2020-24916 Package : yaws Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1228 Summary ======= The packag...
[ASA-202007-4] ffmpeg: arbitrary code execution
Arch Linux Security Advisory ASA-202007-4 ========================================= Severity: High Date : 2020-07-31 CVE-ID : CVE-2020-13904 Package : ffmpeg Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1180 Summary ======= The package ffmpeg before versi...
[ASA-202006-11] sqlite: arbitrary code execution
Arch Linux Security Advisory ASA-202006-11 ========================================== Severity: High Date : 2020-06-28 CVE-ID : CVE-2020-13871 Package : sqlite Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1182 Summary ======= The package sqlite before...
[ASA-202004-19] lib32-openssl: denial of service
Arch Linux Security Advisory ASA-202004-19 ========================================== Severity: High Date : 2020-04-22 CVE-ID : CVE-2020-1967 Package : lib32-openssl Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1142 Summary ======= The package lib32-openssl befo...