1854 matches found
[ASA-201811-22] samba: multiple issues
Arch Linux Security Advisory ASA-201811-22 ========================================== Severity: High Date : 2018-11-28 CVE-ID : CVE-2018-14629 CVE-2018-16841 CVE-2018-16851 CVE-2018-16852 CVE-2018-16853 CVE-2018-16857 Package : samba Type : multiple issues Remote : Yes Link :...
[ASA-201810-16] gitlab: multiple issues
Arch Linux Security Advisory ASA-201810-16 ========================================== Severity: Critical Date : 2018-10-31 CVE-ID : CVE-2018-18640 CVE-2018-18641 CVE-2018-18643 CVE-2018-18645 CVE-2018-18646 CVE-2018-18648 CVE-2018-18649 Package : gitlab Type : multiple issues Remote : Yes Link :...
[ASA-201807-14] jenkins: multiple issues
Arch Linux Security Advisory ASA-201807-14 ========================================== Severity: High Date : 2018-07-21 CVE-ID : CVE-2018-1999001 CVE-2018-1999002 CVE-2018-1999003 CVE-2018-1999004 CVE-2018-1999005 CVE-2018-1999006 CVE-2018-1999007 Package : jenkins Type : multiple issues Remote :...
[ASA-201805-24] wireshark-common: multiple issues
Arch Linux Security Advisory ASA-201805-24 ========================================== Severity: Critical Date : 2018-05-25 CVE-ID : CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 Package : wireshark-common Typ...
[ASA-201805-4] mupdf: multiple issues
Arch Linux Security Advisory ASA-201805-4 ========================================= Severity: High Date : 2018-05-09 CVE-ID : CVE-2018-5686 CVE-2018-6187 CVE-2018-6192 CVE-2018-6544 CVE-2018-1000051 Package : mupdf Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-609...
[ASA-201803-22] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201803-22 ========================================== Severity: Critical Date : 2018-03-24 CVE-ID : CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 Package : thunderbird Type : multiple issues Remote : Yes Link :...
[ASA-201711-22] lib32-flashplugin: arbitrary code execution
Arch Linux Security Advisory ASA-201711-22 ========================================== Severity: Critical Date : 2017-11-15 CVE-ID : CVE-2017-11213 CVE-2017-11215 CVE-2017-11225 CVE-2017-3112 CVE-2017-3114 Package : lib32-flashplugin Type : arbitrary code execution Remote : Yes Link :...
[ASA-201711-21] flashplugin: arbitrary code execution
Arch Linux Security Advisory ASA-201711-21 ========================================== Severity: Critical Date : 2017-11-15 CVE-ID : CVE-2017-11213 CVE-2017-11215 CVE-2017-11225 CVE-2017-3112 CVE-2017-3114 Package : flashplugin Type : arbitrary code execution Remote : Yes Link :...
[ASA-201710-34] wget: multiple issues
Arch Linux Security Advisory ASA-201710-34 ========================================== Severity: Critical Date : 2017-10-29 CVE-ID : CVE-2017-13089 CVE-2017-13090 CVE-2017-6508 Package : wget Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-473 Summary ======= The...
[ASA-201710-14] wireshark-cli: denial of service
Arch Linux Security Advisory ASA-201710-14 ========================================== Severity: Medium Date : 2017-10-12 CVE-ID : CVE-2017-15189 CVE-2017-15190 CVE-2017-15191 CVE-2017-15192 CVE-2017-15193 Package : wireshark-cli Type : denial of service Remote : Yes Link :...
[ASA-201709-23] ffmpeg2.8: denial of service
Arch Linux Security Advisory ASA-201709-23 ========================================== Severity: Medium Date : 2017-09-28 CVE-ID : CVE-2017-14055 CVE-2017-14056 CVE-2017-14057 CVE-2017-14058 CVE-2017-14059 CVE-2017-14169 CVE-2017-14170 CVE-2017-14171 CVE-2017-14225 Package : ffmpeg2.8 Type : denia...
[ASA-201709-8] linux-lts: arbitrary code execution
Arch Linux Security Advisory ASA-201709-8 ========================================= Severity: High Date : 2017-09-14 CVE-ID : CVE-2017-1000251 Package : linux-lts Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-393 Summary ======= The package linux-lts befor...
[ASA-201709-4] linux-hardened: arbitrary code execution
Arch Linux Security Advisory ASA-201709-4 ========================================= Severity: High Date : 2017-09-13 CVE-ID : CVE-2017-1000251 Package : linux-hardened Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-395 Summary ======= The package...
[ASA-201707-1] libgcrypt: private key recovery
Arch Linux Security Advisory ASA-201707-1 ========================================= Severity: High Date : 2017-07-03 CVE-ID : CVE-2017-7526 Package : libgcrypt Type : private key recovery Remote : No Link : https://security.archlinux.org/AVG-338 Summary ======= The package libgcrypt before versio...
[ASA-201706-28] linux-hardened: privilege escalation
Arch Linux Security Advisory ASA-201706-28 ========================================== Severity: High Date : 2017-06-22 CVE-ID : CVE-2017-1000364 Package : linux-hardened Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-314 Summary ======= The package linux-hardene...
[ASA-201705-15] zziplib: multiple issues
Arch Linux Security Advisory ASA-201705-15 ========================================== Severity: High Date : 2017-05-12 CVE-ID : CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5979 CVE-2017-5981 Package : zziplib Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-191...
[ASA-201610-15] chromium: multiple issues
Arch Linux Security Advisory ASA-201610-15 ========================================== Severity: Critical Date : 2016-10-23 CVE-ID : CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-51...
[ASA-201610-1] chromium: arbitrary code execution
Arch Linux Security Advisory ASA-201610-1 ========================================= Severity: Critical Date : 2016-10-03 CVE-ID : CVE-2016-5177 CVE-2016-5178 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...
[ASA-201609-22] firefox: multiple issues
Arch Linux Security Advisory ASA-201609-22 ========================================== Severity: Critical Date : 2016-09-22 CVE-ID : CVE-2016-5256 CVE-2016-5257 CVE-2016-5270 CVE-2016-5271 CVE-2016-5272 CVE-2016-5273 CVE-2016-5274 CVE-2016-5275 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-52...
mupdf: arbitrary code execution
Marco Grassi discovered a use-after-free vulnerability in MuPDF. An attacker can take advantage of this flaw to cause an application crash denial-of-service, or potentially to execute arbitrary code with the privileges of the user running MuPDF, if a specially crafted PDF file is processed...
libreoffice-fresh: arbitrary code execution
A use after free vulnerability was found in the RTF parser of LibreOffice. The vulnerability lies in the parsing of documents containing both stylesheet and superscript tokens. A specially crafted RTF document containing both a stylesheet and superscript element causes LibreOffice to access an...
thunderbird: arbitrary code execution
CVE-2016-2804: Gary Kwong, Christian Holler, Andrew McCreight, Boris Zbarsky, and Steve Fink reported memory safety problems and crashes. - CVE-2016-2805: Christian Holler reported a memory safety problem. - CVE-2016-2806: Gary Kwong, Christian Holler, Jesse Ruderman, Mats Palmgren, Carsten Book,...
lib32-flashplugin: arbitrary code execution
CVE-2016-0963 CVE-2016-0993 CVE-2016-1010 arbitrary code execution Integer overflow vulnerabilities that could lead to code execution. - CVE-2016-0987 CVE-2016-0988 CVE-2016-0990 CVE-2016-0991 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000...
dhcpcd: denial of service
CVE-2016-1503 denial of service An issue has been discovered that can lead to a heap overflow via malformed dhcp responses later in printoption via dhcpenvoption1 due to incorrect option length values. - CVE-2016-1504 denial of service A malformed dhcp response can lead to an invalid read/crash...
firefox: multiple issues
CVE-2015-7201 CVE-2015-7202 arbitrary code execution Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we...
flashplugin: arbitrary code execution
Several critical type confusion vulnerabilities CVE-2015-7645, CVE-2015-7647, CVE-2015-7648 have been identified in Adobe Flash Player 11.2.202.535 and earlier 11.x versions for Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected...
firefox: cross-origin restriction bypass
Security researcher Abdulrahman Alqabandi reported that the fetch API did not correctly implement the Cross-Origin Resource Sharing CORS specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue...
flashplugin: multiple issues
CVE-2015-5573 arbitrary code execution These updates resolve a type confusion vulnerability that could lead to code execution. - CVE-2015-5570 CVE-2015-5574 CVE-2015-5581 CVE-2015-5584 CVE-2015-6682 arbitrary code execution These updates resolve use-after-free vulnerabilities that could lead to...
libuser: multiple issues
CVE-2015-3245 denial of service It was found that libuser, as used by the chfn userhelper functionality, did not properly filter out newline characters in GECOS fields. A local, authenticated user could use this flaw to corrupt the /etc/passwd file, resulting in a denial-of-service on the system...
flashplugin: arbitrary code execution
CVE-2015-5122 arbitrary code execution Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted Flash content that leverages improper handling of...
openssl: man-in-the-middle
During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the ...
firefox: multiple issues
CVE-2015-2722, CVE-2015-2733 Use-after-free in workers while using XMLHttpRequest: Security researcher Looben Yan used the Address Sanitizer tool to discover two related use-after-free vulnerabilities that occur when using XMLHttpRequest in concert with either shared or dedicated workers. These...
webkitgtk: man-in-the-middle
It was found that WebKitGTK+ version performed TLS certificate verification too late, after sending an HTTP request rather than before. This issue allows a man-in-the-middle attack to possibly gain sensitive information...
tor: multiple issues
CVE-2015-2928 "disgleirio" discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible. CVE-2015-2929 "DonnchaC" discovered that Tor clients would crash with an assertion failure upon parsing specially...
python2-django python-django - cross site scripting
XSS attack via properties in ModelAdmin.readonlyfields...
flashplugin: multiple issues
CVE-2014-0580 policy bypass A flaw allows remote attackers to bypass the same origin policy via unspecified vectors. - CVE-2014-0587 arbitrary code execution A flaw allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors. - CVE-2014-8443...
file: denial of service through out-of-bounds read
An out-of-bounds read flaw was found in file's donote function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash...
zeromq: Man-in-the-middle downgrade and replay attack
CVE-2014-7202 downgrade attack A bug in streamengine.cpp allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. - CVE-2014-7203 replay attack libzmq did not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks...
[ASA-202004-24] libmicrodns: multiple issues
Arch Linux Security Advisory ASA-202004-24 ========================================== Severity: Critical Date : 2020-04-30 CVE-ID : CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077 CVE-2020-6078 CVE-2020-6079 CVE-2020-6080 Package : libmicrodns Type : multiple issues Remote : Yes Link :...
[ASA-202003-1] chromium: access restriction bypass
Arch Linux Security Advisory ASA-202003-1 ========================================= Severity: High Date : 2020-03-04 CVE-ID : CVE-2020-6420 Package : chromium Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-1107 Summary ======= The package chromium before...
[ASA-201910-7] chromium: multiple issues
Arch Linux Security Advisory ASA-201910-7 ========================================= Severity: High Date : 2019-10-11 CVE-ID : CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 Package : chromium Type : multiple issues Remote : Yes Link :...
[ASA-201905-13] lib32-libcurl-gnutls: arbitrary code execution
Arch Linux Security Advisory ASA-201905-13 ========================================== Severity: High Date : 2019-05-31 CVE-ID : CVE-2019-5435 CVE-2019-5436 Package : lib32-libcurl-gnutls Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-961 Summary ======= The...
[ASA-201905-3] nautilus: sandbox escape
Arch Linux Security Advisory ASA-201905-3 ========================================= Severity: High Date : 2019-05-06 CVE-ID : CVE-2019-11461 Package : nautilus Type : sandbox escape Remote : No Link : https://security.archlinux.org/AVG-956 Summary ======= The package nautilus before version...
[ASA-201903-4] pcre: denial of service
Arch Linux Security Advisory ASA-201903-4 ========================================= Severity: Low Date : 2019-03-03 CVE-ID : CVE-2017-11164 Package : pcre Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-351 Summary ======= The package pcre before version 8.43-1 is...
[ASA-201902-21] python-mysql-connector: authentication bypass
Arch Linux Security Advisory ASA-201902-21 ========================================== Severity: High Date : 2019-02-17 CVE-ID : CVE-2019-2435 Package : python-mysql-connector Type : authentication bypass Remote : Yes Link : https://security.archlinux.org/AVG-898 Summary ======= The package...
[ASA-201902-3] chromium: multiple issues
Arch Linux Security Advisory ASA-201902-3 ========================================= Severity: Critical Date : 2019-02-11 CVE-ID : CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5761 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765...
[ASA-201810-13] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201810-13 ========================================== Severity: Critical Date : 2018-10-18 CVE-ID : CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 Package : thunderbird Type : multiple issues Remote : Yes Link :...
[ASA-201810-6] firefox: multiple issues
Arch Linux Security Advisory ASA-201810-6 ========================================= Severity: Critical Date : 2018-10-04 CVE-ID : CVE-2018-12386 CVE-2018-12387 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-775 Summary ======= The package firefox...
[ASA-201808-1] python-django: open redirect
Arch Linux Security Advisory ASA-201808-1 ========================================= Severity: Medium Date : 2018-08-01 CVE-ID : CVE-2018-14574 Package : python-django Type : open redirect Remote : Yes Link : https://security.archlinux.org/AVG-743 Summary ======= The package python-django before...
[ASA-201806-7] flashplugin: multiple issues
Arch Linux Security Advisory ASA-201806-7 ========================================= Severity: Critical Date : 2018-06-09 CVE-ID : CVE-2018-4945 CVE-2018-5000 CVE-2018-5001 CVE-2018-5002 Package : flashplugin Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-716 Summary...