Archlinux - Page 24 of Archlinux Most Viewed Vulnerabilities List

ArchLinux•added 2017/11/01 12:0 a.m.•37 views

[ASA-201711-1] mupdf-gl: arbitrary code execution

Arch Linux Security Advisory ASA-201711-1 ========================================= Severity: High Date : 2017-11-01 CVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587 Package : mupdf-gl Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-458...

7.8CVSS3.2AI score0.0186EPSS

Exploits3References13

ArchLinux•added 2017/11/01 12:0 a.m.•37 views

[ASA-201711-4] mupdf: arbitrary code execution

Arch Linux Security Advisory ASA-201711-4 ========================================= Severity: High Date : 2017-11-01 CVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587 Package : mupdf Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-458 Summa...

7.8CVSS3.2AI score0.0186EPSS

Exploits3References13

ArchLinux•added 2017/11/01 12:0 a.m.•37 views

[ASA-201711-5] zathura-pdf-mupdf: arbitrary code execution

Arch Linux Security Advisory ASA-201711-5 ========================================= Severity: High Date : 2017-11-01 CVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587 Package : zathura-pdf-mupdf Type : arbitrary code execution Remote : No Link :...

7.8CVSS3.5AI score0.0186EPSS

Exploits3References13

ArchLinux•added 2017/08/22 12:0 a.m.•37 views

[ASA-201708-16] curl: information disclosure

Arch Linux Security Advisory ASA-201708-16 ========================================== Severity: Medium Date : 2017-08-22 CVE-ID : CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000101 Package : curl Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-370 Summary...

6.5CVSS7.4AI score0.03958EPSS

Exploits0References10

ArchLinux•added 2017/07/18 12:0 a.m.•37 views

[ASA-201707-22] vim: arbitrary code execution

Arch Linux Security Advisory ASA-201707-22 ========================================== Severity: High Date : 2017-07-18 CVE-ID : CVE-2017-11109 Package : vim Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-347 Summary ======= The package vim before version...

7.8CVSS3.1AI score0.01088EPSS

ArchLinux•added 2017/07/18 12:0 a.m.•37 views

[ASA-201707-20] pcre: multiple issues

Arch Linux Security Advisory ASA-201707-20 ========================================== Severity: Medium Date : 2017-07-18 CVE-ID : CVE-2017-7186 CVE-2017-7244 CVE-2017-7245 CVE-2017-7246 Package : pcre Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-222 Summary ======...

7.8CVSS1.1AI score0.05033EPSS

Exploits0References12

ArchLinux•added 2017/06/22 12:0 a.m.•37 views

[ASA-201706-28] linux-hardened: privilege escalation

Arch Linux Security Advisory ASA-201706-28 ========================================== Severity: High Date : 2017-06-22 CVE-ID : CVE-2017-1000364 Package : linux-hardened Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-314 Summary ======= The package linux-hardene...

7.4CVSS0.5AI score0.05186EPSS

Exploits3References5

ArchLinux•added 2017/06/16 12:0 a.m.•37 views

[ASA-201706-19] firefox: multiple issues

Arch Linux Security Advisory ASA-201706-19 ========================================== Severity: Critical Date : 2017-06-16 CVE-ID : CVE-2017-5470 CVE-2017-5471 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-77...

9.8CVSS0.05216EPSS

Exploits12References59

ArchLinux•added 2017/05/29 12:0 a.m.•37 views

[ASA-201705-21] lib32-nss: arbitrary code execution

Arch Linux Security Advisory ASA-201705-21 ========================================== Severity: Critical Date : 2017-05-29 CVE-ID : CVE-2017-5461 Package : lib32-nss Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-248 Summary ======= The package lib32-nss...

9.8CVSS2.1AI score0.04741EPSS

ArchLinux•added 2017/01/02 12:0 a.m.•37 views

[ASA-201701-5] lib32-libpng: denial of service

Arch Linux Security Advisory ASA-201701-5 ========================================= Severity: Low Date : 2017-01-02 CVE-ID : CVE-2016-10087 Package : lib32-libpng Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-120 Summary ======= The package lib32-libpng before...

7.5CVSS1.9AI score0.05517EPSS

ArchLinux•added 2016/12/27 12:0 a.m.•37 views

[ASA-201612-22] curl: multiple issues

Arch Linux Security Advisory ASA-201612-22 ========================================== Severity: Medium Date : 2016-12-27 CVE-ID : CVE-2016-9586 CVE-2016-9594 Package : curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-112 Summary ======= The package curl before...

8.1CVSS1AI score0.04999EPSS

Exploits0References6

ArchLinux•added 2016/10/03 12:0 a.m.•37 views

[ASA-201610-1] chromium: arbitrary code execution

Arch Linux Security Advisory ASA-201610-1 ========================================= Severity: Critical Date : 2016-10-03 CVE-ID : CVE-2016-5177 CVE-2016-5178 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...

9.8CVSS2.4AI score0.01836EPSS

Exploits0References4

ArchLinux•added 2016/09/28 12:0 a.m.•37 views

[ASA-201609-30] openssl: denial of service

Arch Linux Security Advisory ASA-201609-30 ========================================== Severity: Medium Date : 2016-09-28 CVE-ID : CVE-2016-7052 Package : openssl Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package openssl before versio...

7.5CVSS1.4AI score0.30435EPSS

Exploits1References3

ArchLinux•added 2016/08/30 12:0 a.m.•37 views

mupdf: arbitrary code execution

Yu Hong and Zheng Jihong discovered a heap overflow vulnerability within the pdfloadmeshparams function, allowing an attacker to cause an application crash denial-of-service, or potentially to execute arbitrary code with the privileges of the user running MuPDF, if a specially crafted PDF file is...

3.5AI score0.03803EPSS

ArchLinux•added 2016/07/05 12:0 a.m.•37 views

libreoffice-fresh: arbitrary code execution

A use after free vulnerability was found in the RTF parser of LibreOffice. The vulnerability lies in the parsing of documents containing both stylesheet and superscript tokens. A specially crafted RTF document containing both a stylesheet and superscript element causes LibreOffice to access an...

6.8CVSS2.4AI score0.02842EPSS

Exploits1References3

ArchLinux•added 2016/06/04 12:0 a.m.•37 views

webkit2gtk: arbitrary code execution

WebKitGTK+ allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. Credit to Jeonghoon Shin at A.D.D and Liang Chen, Zhen Feng, wushi of KeenLab, Tencen...

6.8CVSS6.8AI score0.02905EPSS

ArchLinux•added 2016/05/15 12:0 a.m.•37 views

thunderbird: arbitrary code execution

CVE-2016-2804: Gary Kwong, Christian Holler, Andrew McCreight, Boris Zbarsky, and Steve Fink reported memory safety problems and crashes. - CVE-2016-2805: Christian Holler reported a memory safety problem. - CVE-2016-2806: Gary Kwong, Christian Holler, Jesse Ruderman, Mats Palmgren, Carsten Book,...

10CVSS2.5AI score0.04841EPSS

ArchLinux•added 2016/03/11 12:0 a.m.•37 views

lib32-flashplugin: arbitrary code execution

CVE-2016-0963 CVE-2016-0993 CVE-2016-1010 arbitrary code execution Integer overflow vulnerabilities that could lead to code execution. - CVE-2016-0987 CVE-2016-0988 CVE-2016-0990 CVE-2016-0991 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000...

10CVSS3.3AI score0.29839EPSS

Exploits14References24

ArchLinux•added 2016/01/17 12:0 a.m.•37 views

docker: information leakage

This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...

5CVSS3.1AI score0.02627EPSS

ArchLinux•added 2016/01/11 12:0 a.m.•37 views

dhcpcd: denial of service

CVE-2016-1503 denial of service An issue has been discovered that can lead to a heap overflow via malformed dhcp responses later in printoption via dhcpenvoption1 due to incorrect option length values. - CVE-2016-1504 denial of service A malformed dhcp response can lead to an invalid read/crash...

10CVSS1.8AI score0.06344EPSS

ArchLinux•added 2015/11/11 12:0 a.m.•37 views

flashplugin: multiple issues

CVE-2015-7651 CVE-2015-7652 CVE-2015-7653 CVE-2015-7654 CVE-2015-7655 CVE-2015-7656 CVE-2015-7657 CVE-2015-7658 CVE-2015-7660 CVE-2015-7661 CVE-2015-7663 CVE-2015-8042 CVE-2015-8043 CVE-2015-8044 CVE-2015-8046 arbitrary code execution It has been discovered that multiple use-after-free...

10CVSS3.4AI score0.40682EPSS

Exploits4References18

ArchLinux•added 2015/10/16 12:0 a.m.•37 views

firefox: cross-origin restriction bypass

Security researcher Abdulrahman Alqabandi reported that the fetch API did not correctly implement the Cross-Origin Resource Sharing CORS specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue...

6.8CVSS9.1AI score0.01662EPSS

ArchLinux•added 2015/08/25 12:0 a.m.•37 views

python-django, python2-django: denial of service

Previously, a session could be created when anonymously accessing the django.contrib.auth.views.logout view provided it wasn't decorated with django.contrib.auth.decorators.loginrequired as done in the admin. This could allow an attacker to easily create many new session records by sending repeat...

5CVSS4AI score0.05163EPSS

ArchLinux•added 2015/07/09 12:0 a.m.•37 views

openssl: man-in-the-middle

During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the ...

6.4CVSS4AI score0.61798EPSS

Exploits6References2

ArchLinux•added 2015/07/03 12:0 a.m.•37 views

firefox: multiple issues

CVE-2015-2722, CVE-2015-2733 Use-after-free in workers while using XMLHttpRequest: Security researcher Looben Yan used the Address Sanitizer tool to discover two related use-after-free vulnerabilities that occur when using XMLHttpRequest in concert with either shared or dedicated workers. These...

10CVSS6.5AI score0.06181EPSS

Exploits0References28

ArchLinux•added 2015/05/26 12:0 a.m.•37 views

webkitgtk: man-in-the-middle

It was found that WebKitGTK+ version performed TLS certificate verification too late, after sending an HTTP request rather than before. This issue allows a man-in-the-middle attack to possibly gain sensitive information...

3.2CVSS1.9AI score0.01694EPSS

ArchLinux•added 2015/05/26 12:0 a.m.•37 views

nbd: denial of service

Signal handlers themselves were entered only once, but they called posixly unsafe, non-reentrant functions, such as syslog. If a signal was caught in the middle of the execution of such function, consequences were undefined. In practice, nbd-server was observed to deadlock during the execution of...

7.8CVSS4.1AI score0.03132EPSS

ArchLinux•added 2015/05/13 12:0 a.m.•37 views

tomcat6: denial of service

When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be processed. There was no limit to the size of request body that Tomcat woul...

7.8CVSS3AI score0.20318EPSS

ArchLinux•added 2015/04/07 12:0 a.m.•37 views

tor: multiple issues

CVE-2015-2928 "disgleirio" discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible. CVE-2015-2929 "DonnchaC" discovered that Tor clients would crash with an assertion failure upon parsing specially...

3.7CVSS2.3AI score0.01384EPSS

ArchLinux•added 2015/02/09 12:0 a.m.•37 views

pigz: arbitrary write to files

The package pigz before version 2.3.3-1 is vulnerable to multiple directory traversal vulnerabilities. That allows remote attackers to write to arbitrary files via a 1 full pathname or 2 .. dot dot in an archive...

5CVSS5.9AI score0.03029EPSS

Exploits1References1

ArchLinux•added 2014/12/16 12:0 a.m.•37 views

unrtf: arbitrary code execution

CVE-2014-9274 arbitrary code execution A flaw allows remote attackers to cause a denial of service crash and possibly execute arbitrary code as demonstrated by a file containing the string "\cb-999999999". - CVE-2014-9275 arbitrary code execution A flaw allows remote attackers to cause a denial...

7.5CVSS7.6AI score0.05826EPSS

Exploits1References5

ArchLinux•added 2014/11/12 12:0 a.m.•37 views

file: denial of service through out-of-bounds read

An out-of-bounds read flaw was found in file's donote function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash...

5CVSS3.9AI score0.13757EPSS

Exploits0References4

ArchLinux•added 2014/10/15 12:0 a.m.•37 views

zeromq: Man-in-the-middle downgrade and replay attack

CVE-2014-7202 downgrade attack A bug in streamengine.cpp allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. - CVE-2014-7203 replay attack libzmq did not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks...

4.3CVSS6.1AI score0.02015EPSS

Exploits0References6

ArchLinux•added 2020/09/26 12:0 a.m.•36 views

[ASA-202009-14] yaws: multiple issues

Arch Linux Security Advisory ASA-202009-14 ========================================== Severity: High Date : 2020-09-26 CVE-ID : CVE-2020-12872 CVE-2020-24379 CVE-2020-24916 Package : yaws Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1228 Summary ======= The packag...

10CVSS1.8AI score0.17374EPSS

Exploits5References13

ArchLinux•added 2020/06/28 12:0 a.m.•36 views

[ASA-202006-11] sqlite: arbitrary code execution

Arch Linux Security Advisory ASA-202006-11 ========================================== Severity: High Date : 2020-06-28 CVE-ID : CVE-2020-13871 Package : sqlite Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1182 Summary ======= The package sqlite before...

7.5CVSS1.3AI score0.04447EPSS

Exploits1References5

ArchLinux•added 2020/05/09 12:0 a.m.•36 views

[ASA-202005-7] thunderbird: multiple issues

Arch Linux Security Advisory ASA-202005-7 ========================================= Severity: Critical Date : 2020-05-09 CVE-ID : CVE-2020-6831 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 CVE-2020-12397 Package : thunderbird Type : multiple issues Remote : Yes Link :...

10CVSS0.2AI score0.05803EPSS

Exploits0References22

ArchLinux•added 2020/04/22 12:0 a.m.•36 views

[ASA-202004-19] lib32-openssl: denial of service

Arch Linux Security Advisory ASA-202004-19 ========================================== Severity: High Date : 2020-04-22 CVE-ID : CVE-2020-1967 Package : lib32-openssl Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1142 Summary ======= The package lib32-openssl befo...

7.5CVSS1AI score0.53336EPSS

Exploits2References4

ArchLinux•added 2020/04/01 12:0 a.m.•36 views

[ASA-202004-2] linux-hardened: privilege escalation

Arch Linux Security Advisory ASA-202004-2 ========================================= Severity: High Date : 2020-04-01 CVE-ID : CVE-2020-8835 Package : linux-hardened Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1120 Summary ======= The package linux-hardened...

7.8CVSS2.4AI score0.0606EPSS

Exploits9References5

ArchLinux•added 2019/07/01 12:0 a.m.•36 views

[ASA-201907-1] irssi: arbitrary code execution

Arch Linux Security Advisory ASA-201907-1 ========================================= Severity: High Date : 2019-07-01 CVE-ID : CVE-2019-13045 Package : irssi Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-999 Summary ======= The package irssi before version...

8.1CVSS1.8AI score0.03333EPSS