Lucene search
K
ArchlinuxMost viewed

1854 matches found

ArchLinux
ArchLinux
added 2018/03/19 12:0 a.m.37 views

[ASA-201803-16] lib32-curl: multiple issues

Arch Linux Security Advisory ASA-201803-16 ========================================== Severity: Medium Date : 2018-03-19 CVE-ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 Package : lib32-curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-654 Summary =====...

9.8CVSS0.6AI score0.12058EPSS
Exploits0References13
ArchLinux
ArchLinux
added 2018/03/06 12:0 a.m.37 views

[ASA-201803-7] dovecot: multiple issues

Arch Linux Security Advisory ASA-201803-7 ========================================= Severity: High Date : 2018-03-06 CVE-ID : CVE-2017-14461 CVE-2017-15130 CVE-2017-15132 Package : dovecot Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-645 Summary ======= The packag...

7.5CVSS0.3AI score0.16979EPSS
Exploits0References15
ArchLinux
ArchLinux
added 2018/02/09 12:0 a.m.37 views

[ASA-201802-3] go-pie: arbitrary code execution

Arch Linux Security Advisory ASA-201802-3 ========================================= Severity: High Date : 2018-02-09 CVE-ID : CVE-2018-6574 Package : go-pie Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-606 Summary ======= The package go-pie before version...

7.8CVSS2AI score0.07768EPSS
Exploits4References5
ArchLinux
ArchLinux
added 2018/01/18 12:0 a.m.37 views

[ASA-201801-17] zziplib: denial of service

Arch Linux Security Advisory ASA-201801-17 ========================================== Severity: Medium Date : 2018-01-18 CVE-ID : CVE-2017-5977 CVE-2017-5978 Package : zziplib Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-273 Summary ======= The package zziplib...

5.5CVSS2.5AI score0.01727EPSS
Exploits2References11
ArchLinux
ArchLinux
added 2017/11/30 12:0 a.m.37 views

[ASA-201711-43] thunderbird: multiple issues

Arch Linux Security Advisory ASA-201711-43 ========================================== Severity: Critical Date : 2017-11-30 CVE-ID : CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 Package : thunderbird Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-530 Summary ======= The...

10CVSS0.2AI score0.07439EPSS
Exploits0References12
ArchLinux
ArchLinux
added 2017/10/27 12:0 a.m.37 views

[ASA-201710-31] chromium: arbitrary code execution

Arch Linux Security Advisory ASA-201710-31 ========================================== Severity: Critical Date : 2017-10-27 CVE-ID : CVE-2017-15396 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-472 Summary ======= The package chromium...

6.5CVSS3.4AI score0.02203EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2017/10/09 12:0 a.m.37 views

[ASA-201710-11] lame: denial of service

Arch Linux Security Advisory ASA-201710-11 ========================================== Severity: Low Date : 2017-10-09 CVE-ID : CVE-2017-15018 Package : lame Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-437 Summary ======= The package lame before version 3.99.5-4 ...

5.5CVSS0.1AI score0.00836EPSS
Exploits1References4
ArchLinux
ArchLinux
added 2017/10/05 12:0 a.m.37 views

[ASA-201710-6] lib32-libcurl-compat: multiple issues

Arch Linux Security Advisory ASA-201710-6 ========================================= Severity: Medium Date : 2017-10-05 CVE-ID : CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000254 Package : lib32-libcurl-compat Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-388 Summa...

7.5CVSS7.7AI score0.08465EPSS
Exploits0References11
ArchLinux
ArchLinux
added 2017/09/15 12:0 a.m.37 views

[ASA-201709-10] ffmpeg: denial of service

Arch Linux Security Advisory ASA-201709-10 ========================================== Severity: Medium Date : 2017-09-15 CVE-ID : CVE-2017-14054 CVE-2017-14055 CVE-2017-14056 CVE-2017-14057 CVE-2017-14058 CVE-2017-14059 CVE-2017-14169 CVE-2017-14170 CVE-2017-14171 CVE-2017-14222 CVE-2017-14223...

8.8CVSS1.2AI score0.02575EPSS
Exploits0References25
ArchLinux
ArchLinux
added 2017/07/26 12:0 a.m.37 views

[ASA-201707-25] webkit2gtk: multiple issues

Arch Linux Security Advisory ASA-201707-25 ========================================== Severity: Critical Date : 2017-07-26 CVE-ID : CVE-2017-7018 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7039 CVE-2017-7046 CVE-2017-7048 CVE-2017-7055 CVE-2017-7056 CVE-2017-7061 CVE-2017-7064 Package :...

8.8CVSS1.2AI score0.08059EPSS
Exploits29References13
ArchLinux
ArchLinux
added 2017/07/18 12:0 a.m.37 views

[ASA-201707-19] gvim: arbitrary code execution

Arch Linux Security Advisory ASA-201707-19 ========================================== Severity: High Date : 2017-07-18 CVE-ID : CVE-2017-11109 Package : gvim Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-347 Summary ======= The package gvim before version...

7.8CVSS3AI score0.01088EPSS
Exploits0References5
ArchLinux
ArchLinux
added 2017/07/18 12:0 a.m.37 views

[ASA-201707-20] pcre: multiple issues

Arch Linux Security Advisory ASA-201707-20 ========================================== Severity: Medium Date : 2017-07-18 CVE-ID : CVE-2017-7186 CVE-2017-7244 CVE-2017-7245 CVE-2017-7246 Package : pcre Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-222 Summary ======...

7.8CVSS1.1AI score0.05033EPSS
Exploits0References12
ArchLinux
ArchLinux
added 2017/06/26 12:0 a.m.37 views

[ASA-201706-33] poppler: arbitrary code execution

Arch Linux Security Advisory ASA-201706-33 ========================================== Severity: High Date : 2017-06-26 CVE-ID : CVE-2017-9775 CVE-2017-9776 Package : poppler Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-326 Summary ======= The package...

7.8CVSS0.9AI score0.04338EPSS
Exploits0References7
ArchLinux
ArchLinux
added 2017/06/20 12:0 a.m.37 views

[ASA-201706-23] glibc: privilege escalation

Arch Linux Security Advisory ASA-201706-23 ========================================== Severity: High Date : 2017-06-20 CVE-ID : CVE-2017-1000366 Package : glibc Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-307 Summary ======= The package glibc before version...

7.8CVSS0.8AI score0.02733EPSS
Exploits14References3
ArchLinux
ArchLinux
added 2017/06/13 12:0 a.m.37 views

[ASA-201706-13] tor: denial of service

Arch Linux Security Advisory ASA-201706-13 ========================================== Severity: Medium Date : 2017-06-13 CVE-ID : CVE-2017-0375 CVE-2017-0376 Package : tor Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-296 Summary ======= The package tor before...

7.5CVSS0.9AI score0.02613EPSS
Exploits1References9
ArchLinux
ArchLinux
added 2017/06/02 12:0 a.m.37 views

[ASA-201706-3] libtasn1: arbitrary code execution

Arch Linux Security Advisory ASA-201706-3 ========================================= Severity: High Date : 2017-06-02 CVE-ID : CVE-2017-6891 Package : libtasn1 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-285 Summary ======= The package libtasn1 before...

8.8CVSS2.6AI score0.05585EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2017/05/07 12:0 a.m.37 views

[ASA-201705-6] lib32-libtirpc: denial of service

Arch Linux Security Advisory ASA-201705-6 ========================================= Severity: Medium Date : 2017-05-07 CVE-ID : CVE-2017-8779 Package : lib32-libtirpc Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-263 Summary ======= The package lib32-libtirpc...

7.8CVSS1.7AI score0.81921EPSS
Exploits4References4
ArchLinux
ArchLinux
added 2017/03/16 12:0 a.m.37 views

[ASA-201703-13] linux-zen: privilege escalation

Arch Linux Security Advisory ASA-201703-13 ========================================== Severity: High Date : 2017-03-16 CVE-ID : CVE-2017-2636 Package : linux-zen Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-203 Summary ======= The package linux-zen before...

7CVSS0.5AI score0.01021EPSS
Exploits2References5
ArchLinux
ArchLinux
added 2017/03/14 12:0 a.m.37 views

[ASA-201703-8] linux: privilege escalation

Arch Linux Security Advisory ASA-201703-8 ========================================= Severity: High Date : 2017-03-14 CVE-ID : CVE-2017-2636 Package : linux Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-192 Summary ======= The package linux before version 4.10.2...

7CVSS0.6AI score0.01021EPSS
Exploits2References5
ArchLinux
ArchLinux
added 2017/02/11 12:0 a.m.37 views

[ASA-201702-9] webkit2gtk: multiple issues

Arch Linux Security Advisory ASA-201702-9 ========================================= Severity: Critical Date : 2017-02-11 CVE-ID : CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373...

8.8CVSS1.3AI score0.07043EPSS
Exploits21References14
ArchLinux
ArchLinux
added 2017/01/03 12:0 a.m.37 views

[ASA-201701-8] libcurl-gnutls: multiple issues

Arch Linux Security Advisory ASA-201701-8 ========================================= Severity: Medium Date : 2017-01-03 CVE-ID : CVE-2016-9586 CVE-2016-9594 Package : libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-114 Summary ======= The package...

8.1CVSS0.9AI score0.04935EPSS
Exploits0References6
ArchLinux
ArchLinux
added 2016/10/23 12:0 a.m.37 views

[ASA-201610-15] chromium: multiple issues

Arch Linux Security Advisory ASA-201610-15 ========================================== Severity: Critical Date : 2016-10-23 CVE-ID : CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-51...

10CVSS0.1AI score0.01978EPSS
Exploits0References16
ArchLinux
ArchLinux
added 2016/10/03 12:0 a.m.37 views

[ASA-201610-1] chromium: arbitrary code execution

Arch Linux Security Advisory ASA-201610-1 ========================================= Severity: Critical Date : 2016-10-03 CVE-ID : CVE-2016-5177 CVE-2016-5178 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...

9.8CVSS2.4AI score0.01836EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2016/09/26 12:0 a.m.37 views

[ASA-201609-27] wireshark-cli: denial of service

Arch Linux Security Advisory ASA-201609-27 ========================================== Severity: Medium Date : 2016-09-26 CVE-ID : CVE-2016-7175 CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179 CVE-2016-7180 Package : wireshark-cli Type : denial of service Remote : Yes Link :...

5.9CVSS0.5AI score0.02652EPSS
Exploits0References13
ArchLinux
ArchLinux
added 2016/09/17 12:0 a.m.37 views

chromium: multiple issues

CVE-2016-5170, CVE-2016-5171 arbitrary code execution Use after free in Blink. - CVE-2016-5172 information leakage Arbitrary Memory Read in v8. - CVE-2016-5173 access restriction bypass Extension resource access. - CVE-2016-5174 Popup not correctly suppressed. - CVE-2016-5175 arbitrary code...

3.7AI score0.0186EPSS
Exploits0References7
ArchLinux
ArchLinux
added 2016/09/09 12:0 a.m.37 views

graphicsmagick: multiple issues

A last instance of CVE-2016-2317 heap buffer overflow in the MVG rendering code also impacts SVG. This problem was originally reported by Gustavo Grieco. 2. A possible heap overflow of the EscapeParenthesis function. While I was not able to reproduce it for myself, the implementation is replaced...

6.4CVSS0.9AI score0.0199EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2016/09/04 12:0 a.m.38 views

thunderbird: arbitrary code execution

CVE-2016-2835 arbitrary code execution Carsten Book, Christian Holler, Gary Kwong, Jesse Ruderman, Andrew McCreight, Phil Ringnalda and Philipp reported memory safety problems and crashes. - CVE-2016-2836 arbitrary code execution Christian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, and...

6.8CVSS3.4AI score0.0289EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2016/08/14 12:0 a.m.37 views

postgresql: multiple issues

CVE-2016-5423 arbitrary code execution It was discovered that certain SQL statements containing CASE/WHEN commands could crash the PostgreSQL server, or disclose a few bytes of server memory, potentially leading to arbitrary code execution. - CVE-2016-5424 privilege escalation It was found that...

3.2AI score0.05962EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2016/08/08 12:0 a.m.37 views

glibc: denial of service

CVE-2016-3075 denial of service The getnetbyname implementation in nssdns contains a potentially unbounded alloca call in the form of a call to strdupa, leading to a stack overflow stack exhaustion and a crash if getnetbyname is invoked on a very long name. - CVE-2016-5417 denial of service The...

5CVSS2.1AI score0.07629EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2016/04/02 12:0 a.m.37 views

Squid: denial of service

Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses...

7.5CVSS1AI score0.1462EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2015/11/12 12:0 a.m.37 views

putty: arbitrary code execution

A potential memory-corrupting integer overflow has been discovered in the handling of the ECH erase characters control sequence in the terminal emulator. To exploit a vulnerability in the terminal emulator, an attacker must be able to insert a carefully crafted escape sequence into the terminal...

4.3CVSS0.6AI score0.03467EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2015/09/28 12:0 a.m.37 views

chromium: cross-origin bypass

CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski...

7.5CVSS1.7AI score0.01757EPSS
Exploits2References3
ArchLinux
ArchLinux
added 2015/09/14 12:0 a.m.37 views

icedtea-web: multiple issues

CVE-2015-5234 unexpected permanent authorization of unsigned applets It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed...

6.8CVSS2.1AI score0.03037EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2015/05/08 12:0 a.m.37 views

docker: multiple issues

CVE-2015-3627 privilege escalation The file-descriptor passed by libcontainer to the pid-1 process of a container has been found to be opened prior to performing the chroot, allowing insecure open and symlink traversal. This allows malicious container images to trigger a local privilege...

7.2CVSS3.7AI score0.00609EPSS
Exploits0References5
ArchLinux
ArchLinux
added 2015/03/02 12:0 a.m.37 views

elfutils: directory traversal

Directory traversal vulnerability in the readlongnames function in libelf/elfbegin.c allows remote attackers to write to arbitrary files to the root directory via a / slash in a crafted archive, as demonstrated using the ar program...

6.4CVSS6.1AI score0.05018EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2015/02/06 12:0 a.m.37 views

ntp: multiple issues

CVE-2014-9297 information disclosure, denial of service The vallen packet value is not validated in several code paths in ntpcrypto.c which can lead to information leakage or a possible crash. - CVE-2014-9298 access restriction bypass While available kernels will prevent 127.0.0.1 addresses from...

2AI score
Exploits0References4
ArchLinux
ArchLinux
added 2014/11/19 12:0 a.m.37 views

binutils: multiple issues

CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...

7.5CVSS4.5AI score0.07486EPSS
Exploits7References11
ArchLinux
ArchLinux
added 2014/11/13 12:0 a.m.37 views

imagemagick: denial of service

Converting some specially crafted jpeg with convert could lead to a dos...

3.1AI score0.00402EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2025/05/18 12:0 a.m.36 views

[ASA-202505-4] webkit2gtk-4.1: arbitrary code execution

Arch Linux Security Advisory ASA-202505-4 ========================================= Severity: High Date : 2025-05-18 CVE-ID : CVE-2023-42875 CVE-2023-42970 Package : webkit2gtk-4.1 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2868 Summary ======= The...

8.8CVSS9.3AI score0.00523EPSS
Exploits0References9
ArchLinux
ArchLinux
added 2022/04/15 12:0 a.m.36 views

[ASA-202204-10] powerdns-recursor: denial of service

Arch Linux Security Advisory ASA-202204-10 ========================================== Severity: Low Date : 2022-04-15 CVE-ID : CVE-2022-27227 Package : powerdns-recursor Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2656 Summary ======= The package...

4.3CVSS1.5AI score0.04908EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2021/11/05 12:0 a.m.36 views

[ASA-202111-5] grafana: cross-site scripting

Arch Linux Security Advisory ASA-202111-5 ========================================= Severity: Medium Date : 2021-11-05 CVE-ID : CVE-2021-41174 Package : grafana Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-2517 Summary ======= The package grafana before versi...

6.9CVSS7.3AI score0.84607EPSS
Exploits0References8
ArchLinux
ArchLinux
added 2020/09/23 12:0 a.m.36 views

[ASA-202009-9] chromium: multiple issues

Arch Linux Security Advisory ASA-202009-9 ========================================= Severity: High Date : 2020-09-23 CVE-ID : CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 Package : chromium Type : multiple issues Remote : Yes Link :...

9.6CVSS0.7AI score0.02948EPSS
Exploits6References16
ArchLinux
ArchLinux
added 2020/06/28 12:0 a.m.36 views

[ASA-202006-16] tomcat8: denial of service

Arch Linux Security Advisory ASA-202006-16 ========================================== Severity: Medium Date : 2020-06-28 CVE-ID : CVE-2020-11996 Package : tomcat8 Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1197 Summary ======= The package tomcat8 before versio...

7.5CVSS2.1AI score0.26699EPSS
Exploits0References7
ArchLinux
ArchLinux
added 2020/06/06 12:0 a.m.36 views

[ASA-202006-8] python-django: multiple issues

Arch Linux Security Advisory ASA-202006-8 ========================================= Severity: Medium Date : 2020-06-06 CVE-ID : CVE-2020-13254 CVE-2020-13596 Package : python-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1176 Summary ======= The package...

6.1CVSS1.7AI score0.0609EPSS
Exploits0References6
ArchLinux
ArchLinux
added 2020/05/20 12:0 a.m.36 views

[ASA-202005-12] chromium: multiple issues

Arch Linux Security Advisory ASA-202005-12 ========================================== Severity: High Date : 2020-05-20 CVE-ID : CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476...

9.6CVSS0.2AI score0.06414EPSS
Exploits13References56
ArchLinux
ArchLinux
added 2020/05/19 12:0 a.m.36 views

[ASA-202005-10] powerdns-recursor: multiple issues

Arch Linux Security Advisory ASA-202005-10 ========================================== Severity: Medium Date : 2020-05-19 CVE-ID : CVE-2020-10995 CVE-2020-12244 Package : powerdns-recursor Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1163 Summary ======= The packag...

7.5CVSS1.8AI score0.04372EPSS
Exploits0References9
ArchLinux
ArchLinux
added 2020/03/11 12:0 a.m.36 views

[ASA-202003-7] mbedtls: private key recovery

Arch Linux Security Advisory ASA-202003-7 ========================================= Severity: High Date : 2020-03-11 CVE-ID : CVE-2019-18222 Package : mbedtls Type : private key recovery Remote : No Link : https://security.archlinux.org/AVG-1104 Summary ======= The package mbedtls before version...

4.7CVSS1.9AI score0.00343EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2020/03/07 12:0 a.m.36 views

[ASA-202003-3] ppp: arbitrary code execution

Arch Linux Security Advisory ASA-202003-3 ========================================= Severity: Medium Date : 2020-03-07 CVE-ID : CVE-2020-8597 Package : ppp Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1101 Summary ======= The package ppp before version...

9.8CVSS1AI score0.19582EPSS
Exploits3References5
ArchLinux
ArchLinux
added 2020/02/25 12:0 a.m.36 views

[ASA-202002-11] chromium: multiple issues

Arch Linux Security Advisory ASA-202002-11 ========================================== Severity: High Date : 2020-02-25 CVE-ID : CVE-2020-6407 CVE-2020-6418 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1102 Summary ======= The package chromium...

8.8CVSS1.8AI score0.78808EPSS
Exploits6References6
ArchLinux
ArchLinux
added 2019/10/21 12:0 a.m.36 views

[ASA-201910-11] go-pie: denial of service

Arch Linux Security Advisory ASA-201910-11 ========================================== Severity: Medium Date : 2019-10-21 CVE-ID : CVE-2019-17596 Package : go-pie Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1051 Summary ======= The package go-pie before version...

7.5CVSS1.5AI score0.04693EPSS
Exploits1References6
Total number of security vulnerabilities1854