1854 matches found
[ASA-202004-21] git: information disclosure
Arch Linux Security Advisory ASA-202004-21 ========================================== Severity: High Date : 2020-04-22 CVE-ID : CVE-2020-11008 Package : git Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-1138 Summary ======= The package git before version...
[ASA-202004-20] chromium: multiple issues
Arch Linux Security Advisory ASA-202004-20 ========================================== Severity: High Date : 2020-04-22 CVE-ID : CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1140 Summary ======= The packa...
[ASA-201908-18] dovecot: arbitrary code execution
Arch Linux Security Advisory ASA-201908-18 ========================================== Severity: Critical Date : 2019-08-28 CVE-ID : CVE-2019-11500 Package : dovecot Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1026 Summary ======= The package dovecot befo...
[ASA-201901-11] go: private key recovery
Arch Linux Security Advisory ASA-201901-11 ========================================== Severity: Medium Date : 2019-01-24 CVE-ID : CVE-2019-6486 Package : go Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-859 Summary ======= The package go before version...
[ASA-201811-7] lib32-libcurl-gnutls: arbitrary code execution
Arch Linux Security Advisory ASA-201811-7 ========================================= Severity: High Date : 2018-11-06 CVE-ID : CVE-2018-16839 CVE-2018-16840 Package : lib32-libcurl-gnutls Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-798 Summary ======= The...
[ASA-201810-16] gitlab: multiple issues
Arch Linux Security Advisory ASA-201810-16 ========================================== Severity: Critical Date : 2018-10-31 CVE-ID : CVE-2018-18640 CVE-2018-18641 CVE-2018-18643 CVE-2018-18645 CVE-2018-18646 CVE-2018-18648 CVE-2018-18649 Package : gitlab Type : multiple issues Remote : Yes Link :...
[ASA-201810-4] lib32-libxml2: denial of service
Arch Linux Security Advisory ASA-201810-4 ========================================= Severity: Medium Date : 2018-10-01 CVE-ID : CVE-2018-9251 Package : lib32-libxml2 Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-673 Summary ======= The package lib32-libxml2 befor...
[ASA-201803-22] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201803-22 ========================================== Severity: Critical Date : 2018-03-24 CVE-ID : CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 Package : thunderbird Type : multiple issues Remote : Yes Link :...
[ASA-201803-15] curl: multiple issues
Arch Linux Security Advisory ASA-201803-15 ========================================== Severity: Medium Date : 2018-03-19 CVE-ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 Package : curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-653 Summary ======= The...
[ASA-201803-11] ntp: multiple issues
Arch Linux Security Advisory ASA-201803-11 ========================================== Severity: High Date : 2018-03-16 CVE-ID : CVE-2016-1549 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 Package : ntp Type : multiple issues Remote : Yes Link :...
[ASA-201801-29] libmupdf: arbitrary code execution
Arch Linux Security Advisory ASA-201801-29 ========================================== Severity: High Date : 2018-01-30 CVE-ID : CVE-2017-17858 Package : libmupdf Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-599 Summary ======= The package libmupdf before...
[ASA-201711-11] libcurl-gnutls: information disclosure
Arch Linux Security Advisory ASA-201711-11 ========================================== Severity: Medium Date : 2017-11-02 CVE-ID : CVE-2017-1000257 Package : libcurl-gnutls Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-462 Summary ======= The package...
[ASA-201710-5] libcurl-gnutls: multiple issues
Arch Linux Security Advisory ASA-201710-5 ========================================= Severity: Medium Date : 2017-10-05 CVE-ID : CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000254 Package : libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-387 Summary...
[ASA-201708-18] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201708-18 ========================================== Severity: Critical Date : 2017-08-23 CVE-ID : CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-78...
[ASA-201708-16] curl: information disclosure
Arch Linux Security Advisory ASA-201708-16 ========================================== Severity: Medium Date : 2017-08-22 CVE-ID : CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000101 Package : curl Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-370 Summary...
[ASA-201707-1] libgcrypt: private key recovery
Arch Linux Security Advisory ASA-201707-1 ========================================= Severity: High Date : 2017-07-03 CVE-ID : CVE-2017-7526 Package : libgcrypt Type : private key recovery Remote : No Link : https://security.archlinux.org/AVG-338 Summary ======= The package libgcrypt before versio...
[ASA-201706-19] firefox: multiple issues
Arch Linux Security Advisory ASA-201706-19 ========================================== Severity: Critical Date : 2017-06-16 CVE-ID : CVE-2017-5470 CVE-2017-5471 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-77...
[ASA-201705-8] flashplugin: arbitrary code execution
Arch Linux Security Advisory ASA-201705-8 ========================================= Severity: Critical Date : 2017-05-09 CVE-ID : CVE-2017-3068 CVE-2017-3069 CVE-2017-3070 CVE-2017-3071 CVE-2017-3072 CVE-2017-3073 CVE-2017-3074 Package : flashplugin Type : arbitrary code execution Remote : Yes Li...
[ASA-201701-5] lib32-libpng: denial of service
Arch Linux Security Advisory ASA-201701-5 ========================================= Severity: Low Date : 2017-01-02 CVE-ID : CVE-2016-10087 Package : lib32-libpng Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-120 Summary ======= The package lib32-libpng before...
[ASA-201609-31] c-ares: arbitrary code execution
Arch Linux Security Advisory ASA-201609-31 ========================================== Severity: High Date : 2016-09-30 CVE-ID : CVE-2016-5180 Package : c-ares Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package c-ares before...
subversion: multiple issues
CVE-2016-2167 authentication restriction bypass The canonicalizeusername function in svnserve/cyrusauth.c, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm...
ntp: distributed denial of service amplification
CVE-2016-4953 distributed denial of service amplification An attacker who knows the origin timestamp and can send a spoofed packet containing a CRYPTO-NAK to an ephemeral peer target before any other response is sent can demobilize that association. Credit to Miroslav Lichvar of Red Hat -...
webkit2gtk: arbitrary code execution
WebKitGTK+ allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. Credit to Jeonghoon Shin at A.D.D and Liang Chen, Zhen Feng, wushi of KeenLab, Tencen...
libksba: denial of service
An out-of-bound read access due to incorrect utf-8 strings handling has been in found in the ksbadntostr function. This issue is due to an incomplete fix for CVE-2016-4356, caused by an off-by-one error when handling incorrect utf-8 strings...
lib32-flashplugin: arbitrary code execution
CVE-2016-0963 CVE-2016-0993 CVE-2016-1010 arbitrary code execution Integer overflow vulnerabilities that could lead to code execution. - CVE-2016-0987 CVE-2016-0988 CVE-2016-0990 CVE-2016-0991 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000...
python2-rsa: signature forgery
The verify function in the RSA package for Python Python-RSA before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack...
docker: information leakage
This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...
python-django, python2-django: information leakage
If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, e.g. lastupdated|date:userdateformat , then a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a date format. e.g...
flashplugin: multiple issues
CVE-2015-7651 CVE-2015-7652 CVE-2015-7653 CVE-2015-7654 CVE-2015-7655 CVE-2015-7656 CVE-2015-7657 CVE-2015-7658 CVE-2015-7660 CVE-2015-7661 CVE-2015-7663 CVE-2015-8042 CVE-2015-8043 CVE-2015-8044 CVE-2015-8046 arbitrary code execution It has been discovered that multiple use-after-free...
flashplugin: arbitrary code execution
Several critical type confusion vulnerabilities CVE-2015-7645, CVE-2015-7647, CVE-2015-7648 have been identified in Adobe Flash Player 11.2.202.535 and earlier 11.x versions for Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected...
firefox: cross-origin restriction bypass
Security researcher Abdulrahman Alqabandi reported that the fetch API did not correctly implement the Cross-Origin Resource Sharing CORS specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue...
flashplugin: multiple issues
CVE-2015-5569 information leak, insufficient hardening These updates include a defense-in-depth feature in the Flash broker API. - CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7630 CVE-2015-7633 CVE-2015-7634 arbitrary code execution These updates resolve memory corruption vulnerabilities...
crypto++: private key recovery
Evgeny Sidorov discovered that it is possible to recover the private key when using Rabin-Williams signatures due to a bad interaction with the blinding value used to mask private key operations. The bad interaction had to do with the random value not meeting certain Jacobi requirements, which...
libuser: multiple issues
CVE-2015-3245 denial of service It was found that libuser, as used by the chfn userhelper functionality, did not properly filter out newline characters in GECOS fields. A local, authenticated user could use this flaw to corrupt the /etc/passwd file, resulting in a denial-of-service on the system...
flashplugin: arbitrary code execution
CVE-2015-5122 arbitrary code execution Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted Flash content that leverages improper handling of...
postgresql: multiple issues
CVE-2015-3165 denial of service SSL clients disconnecting just before the authentication timeout expires can cause the server to crash via a double-free issue leading to denial of service. - CVE-2015-3166 information disclosure The replacement implementation of snprintf failed to check for errors...
nbd: denial of service
Signal handlers themselves were entered only once, but they called posixly unsafe, non-reentrant functions, such as syslog. If a signal was caught in the middle of the execution of such function, consequences were undefined. In practice, nbd-server was observed to deadlock during the execution of...
qemu: arbitrary code execution
The guest operating system communicates with the FDC by sending commands such as seek, read, write, format, etc. to the FDCs input/output port. QEMUs virtual FDC uses a fixed-size buffer for storing these commands and their associated data parameters. The FDC keeps track of how much data to expec...
tomcat6: denial of service
When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be processed. There was no limit to the size of request body that Tomcat woul...
firefox: arbitrary code execution
Mozilla developer Robert Kaiser reported that a specially crafted HTML, when loaded by the target user, will trigger a use-after-free race condition when a plugin fails to initialize, which may lead to a memory corruption error in AsyncPaintWaitEvent::AsyncPaintWaitEvent and arbitrary code...
libevent: heap overflow
A defect in the libevent evbuffer API could possibly leave some programs that use the evbuffer API open to potential heap overflows. A program using the evbufferadd, evbufferprepend, evbufferexpand, exbufferreservespace, or evbufferread functions may be vulnerable if an attacker is able to coax t...
unrtf: arbitrary code execution
CVE-2014-9274 arbitrary code execution A flaw allows remote attackers to cause a denial of service crash and possibly execute arbitrary code as demonstrated by a file containing the string "\cb-999999999". - CVE-2014-9275 arbitrary code execution A flaw allows remote attackers to cause a denial...
nvidia: arbitrary code execution
It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation...
graphviz: format string vulnerability
A format string vulnerability has been found in the error reporting part of the parser used by graphviz...
wget: arbitrary filesystem access
It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP. By default, when retrieving ftp directories recursively and a symbolic link is encountered, t...
zeromq: Man-in-the-middle downgrade and replay attack
CVE-2014-7202 downgrade attack A bug in streamengine.cpp allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. - CVE-2014-7203 replay attack libzmq did not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks...
libvirt: out-of-bounds read access
Luyao Huang of Red Hat found that the qemu implementation of virDomainGetBlockIoTune computed an index into the array of disks for the live definition, then used it as the index into the array of disks for the persistent definition, which could result into an out-of-bounds read access in...
[ASA-202110-11] freerdp: arbitrary code execution
Arch Linux Security Advisory ASA-202110-11 ========================================== Severity: Medium Date : 2021-10-29 CVE-ID : CVE-2021-41159 CVE-2021-41160 Package : freerdp Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2488 Summary ======= The package...
[ASA-202109-4] element-desktop: information disclosure
Arch Linux Security Advisory ASA-202109-4 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-40823 Package : element-desktop Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2377 Summary ======= The package...
[ASA-202109-2] firefox: multiple issues
Arch Linux Security Advisory ASA-202109-2 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-38491 CVE-2021-38494 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2350 Summary ======= The package firefox befo...