[ASA-201906-1] python2-django: cross-site scripting

Arch Linux Security Advisory ASA-201906-1 ========================================= Severity: Medium Date : 2019-06-04 CVE-ID : CVE-2019-12308 Package : python2-django Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-970 Summary ======= The package python2-django...

[ASA-201905-8] thunderbird: multiple issues

Arch Linux Security Advisory ASA-201905-8 ========================================= Severity: Critical Date : 2019-05-23 CVE-ID : CVE-2019-5798 CVE-2019-7317 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 CVE-2019-18511 Package ...

[ASA-201905-6] dovecot: denial of service

Arch Linux Security Advisory ASA-201905-6 ========================================= Severity: Medium Date : 2019-05-06 CVE-ID : CVE-2019-11494 CVE-2019-11499 Package : dovecot Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-954 Summary ======= The package dovecot...

[ASA-201902-28] logstash: information disclosure

Arch Linux Security Advisory ASA-201902-28 ========================================== Severity: High Date : 2019-02-25 CVE-ID : CVE-2019-7612 Package : logstash Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-913 Summary ======= The package logstash before...

[ASA-201902-7] libu2f-host: arbitrary code execution

Arch Linux Security Advisory ASA-201902-7 ========================================= Severity: High Date : 2019-02-11 CVE-ID : CVE-2018-20340 Package : libu2f-host Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-884 Summary ======= The package libu2f-host befo...

[ASA-201812-4] texlive-bin: arbitrary code execution

Arch Linux Security Advisory ASA-201812-4 ========================================= Severity: High Date : 2018-12-08 CVE-ID : CVE-2018-17407 Package : texlive-bin Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-770 Summary ======= The package texlive-bin befo...

[ASA-201811-10] thunderbird: arbitrary code execution

Arch Linux Security Advisory ASA-201811-10 ========================================== Severity: Critical Date : 2018-11-06 CVE-ID : CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 Package : thunderbird Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-803 Summary...

[ASA-201810-2] ntp: arbitrary code execution

Arch Linux Security Advisory ASA-201810-2 ========================================= Severity: Medium Date : 2018-10-01 CVE-ID : CVE-2018-12327 Package : ntp Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-723 Summary ======= The package ntp before version...

[ASA-201805-7] mupdf-tools: multiple issues

Arch Linux Security Advisory ASA-201805-7 ========================================= Severity: High Date : 2018-05-10 CVE-ID : CVE-2018-5686 CVE-2018-6187 CVE-2018-6192 CVE-2018-6544 CVE-2018-1000051 Package : mupdf-tools Type : multiple issues Remote : Yes Link :...

[ASA-201802-9] libmspack: multiple issues

Arch Linux Security Advisory ASA-201802-9 ========================================= Severity: Critical Date : 2018-02-20 CVE-ID : CVE-2017-6419 CVE-2017-11423 Package : libmspack Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-603 Summary ======= The package libmspac...

[ASA-201801-18] glibc: privilege escalation

Arch Linux Security Advisory ASA-201801-18 ========================================== Severity: High Date : 2018-01-28 CVE-ID : CVE-2018-1000001 Package : glibc Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-590 Summary ======= The package glibc before version...

[ASA-201801-17] zziplib: denial of service

Arch Linux Security Advisory ASA-201801-17 ========================================== Severity: Medium Date : 2018-01-18 CVE-ID : CVE-2017-5977 CVE-2017-5978 Package : zziplib Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-273 Summary ======= The package zziplib...

[ASA-201711-43] thunderbird: multiple issues

Arch Linux Security Advisory ASA-201711-43 ========================================== Severity: Critical Date : 2017-11-30 CVE-ID : CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 Package : thunderbird Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-530 Summary ======= The...

[ASA-201711-30] powerdns: access restriction bypass

Arch Linux Security Advisory ASA-201711-30 ========================================== Severity: Low Date : 2017-11-27 CVE-ID : CVE-2017-15091 Package : powerdns Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-519 Summary ======= The package powerdns before...

[ASA-201710-5] libcurl-gnutls: multiple issues

Arch Linux Security Advisory ASA-201710-5 ========================================= Severity: Medium Date : 2017-10-05 CVE-ID : CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000254 Package : libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-387 Summary...

[ASA-201708-17] salt: directory traversal

Arch Linux Security Advisory ASA-201708-17 ========================================== Severity: Medium Date : 2017-08-23 CVE-ID : CVE-2017-12791 Package : salt Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-383 Summary ======= The package salt before version...

[ASA-201708-14] subversion: arbitrary command execution

Arch Linux Security Advisory ASA-201708-14 ========================================== Severity: Critical Date : 2017-08-15 CVE-ID : CVE-2017-9800 Package : subversion Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-379 Summary ======= The package subversi...

[ASA-201707-25] webkit2gtk: multiple issues

Arch Linux Security Advisory ASA-201707-25 ========================================== Severity: Critical Date : 2017-07-26 CVE-ID : CVE-2017-7018 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7039 CVE-2017-7046 CVE-2017-7048 CVE-2017-7055 CVE-2017-7056 CVE-2017-7061 CVE-2017-7064 Package :...

[ASA-201707-4] qt5-webengine: multiple issues

Arch Linux Security Advisory ASA-201707-4 ========================================= Severity: Critical Date : 2017-07-04 CVE-ID : CVE-2017-5070 CVE-2017-5071 CVE-2017-5075 CVE-2017-5076 CVE-2017-5077 CVE-2017-5078 CVE-2017-5079 CVE-2017-5083 CVE-2017-5088 CVE-2017-5089 Package : qt5-webengine Typ...

[ASA-201707-1] libgcrypt: private key recovery

Arch Linux Security Advisory ASA-201707-1 ========================================= Severity: High Date : 2017-07-03 CVE-ID : CVE-2017-7526 Package : libgcrypt Type : private key recovery Remote : No Link : https://security.archlinux.org/AVG-338 Summary ======= The package libgcrypt before versio...

[ASA-201706-33] poppler: arbitrary code execution

Arch Linux Security Advisory ASA-201706-33 ========================================== Severity: High Date : 2017-06-26 CVE-ID : CVE-2017-9775 CVE-2017-9776 Package : poppler Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-326 Summary ======= The package...

[ASA-201705-25] sudo: access restriction bypass

Arch Linux Security Advisory ASA-201705-25 ========================================== Severity: Medium Date : 2017-05-30 CVE-ID : CVE-2017-1000367 Package : sudo Type : access restriction bypass Remote : No Link : https://security.archlinux.org/AVG-282 Summary ======= The package sudo before...

[ASA-201705-1] dovecot: denial of service

Arch Linux Security Advisory ASA-201705-1 ========================================= Severity: Medium Date : 2017-05-01 CVE-ID : CVE-2017-2669 Package : dovecot Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-238 Summary ======= The package dovecot before version...

[ASA-201704-4] nss: arbitrary code execution

Arch Linux Security Advisory ASA-201704-4 ========================================= Severity: Critical Date : 2017-04-20 CVE-ID : CVE-2017-5461 Package : nss Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-247 Summary ======= The package nss before version...

[ASA-201702-13] vim: arbitrary code execution

Arch Linux Security Advisory ASA-201702-13 ========================================== Severity: Medium Date : 2017-02-15 CVE-ID : CVE-2017-5953 Package : vim Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-174 Summary ======= The package vim before version...

[ASA-201702-10] ffmpeg: arbitrary code execution

Arch Linux Security Advisory ASA-201702-10 ========================================== Severity: Critical Date : 2017-02-12 CVE-ID : CVE-2017-5024 CVE-2017-5025 Package : ffmpeg Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-172 Summary ======= The package...

[ASA-201702-9] webkit2gtk: multiple issues

Arch Linux Security Advisory ASA-201702-9 ========================================= Severity: Critical Date : 2017-02-11 CVE-ID : CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373...

[ASA-201610-15] chromium: multiple issues

Arch Linux Security Advisory ASA-201610-15 ========================================== Severity: Critical Date : 2016-10-23 CVE-ID : CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-51...

[ASA-201609-21] tomcat7: proxy injection

Arch Linux Security Advisory ASA-201609-21 ========================================== Severity: Medium Date : 2016-09-22 CVE-ID : CVE-2016-5388 Package : tomcat7 Type : proxy injection Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package tomcat7 before version...

chromium: multiple issues

CVE-2016-5139 arbitrary code execution Multiple integer overflows in the opjtcdinittile function in tcd.c in OpenJPEG, as used in PDFium, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have other unspecified impact via crafted JPEG 2000 data. -...

postgresql: multiple issues

CVE-2016-5423 arbitrary code execution It was discovered that certain SQL statements containing CASE/WHEN commands could crash the PostgreSQL server, or disclose a few bytes of server memory, potentially leading to arbitrary code execution. - CVE-2016-5424 privilege escalation It was found that...

roundcubemail: remote code execution

High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in Roundcube. Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to execute arbitrary code and totally compromise the vulnerable server. The vulnerability exists du...

python-django, python2-django: information leakage

If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, e.g. lastupdated|date:userdateformat , then a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a date format. e.g...

chromium: information leakage

The PDF viewer does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and outofprocessinstance.cc...

flashplugin: multiple issues

CVE-2015-5573 arbitrary code execution These updates resolve a type confusion vulnerability that could lead to code execution. - CVE-2015-5570 CVE-2015-5574 CVE-2015-5581 CVE-2015-5584 CVE-2015-6682 arbitrary code execution These updates resolve use-after-free vulnerabilities that could lead to...

jasper: denial of service

A double free issue has been discovered in the function jasperimagestopload. This vulnerability can be triggered by loading a specially crafted image through jasper...

icecast: denial of service

CVE-2015-3026 denial of service: The bug can only be triggered if "streamauth" is being used. This means, that all installations that use a default configuration are NOT affected.The default configuration only uses source-password. Neither are simple mountpoints affected that use password. A...

mutt: denial of service

The writeoneheader function does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service crash via a header with an empty body, which triggers a heap-based buffer overflow in the muttsubstrdup function...

elfutils: directory traversal

Directory traversal vulnerability in the readlongnames function in libelf/elfbegin.c allows remote attackers to write to arbitrary files to the root directory via a / slash in a crafted archive, as demonstrated using the ar program...

ntp: multiple issues

CVE-2014-9297 information disclosure, denial of service The vallen packet value is not validated in several code paths in ntpcrypto.c which can lead to information leakage or a possible crash. - CVE-2014-9298 access restriction bypass While available kernels will prevent 127.0.0.1 addresses from...

avr-binutils: multiple issues

CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...

[ASA-202204-10] powerdns-recursor: denial of service

Arch Linux Security Advisory ASA-202204-10 ========================================== Severity: Low Date : 2022-04-15 CVE-ID : CVE-2022-27227 Package : powerdns-recursor Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2656 Summary ======= The package...

[ASA-202111-7] kubectl-ingress-nginx: information disclosure

Arch Linux Security Advisory ASA-202111-7 ========================================= Severity: High Date : 2021-11-18 CVE-ID : CVE-2021-25742 Package : kubectl-ingress-nginx Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2490 Summary ======= The package...

[ASA-202111-3] thunderbird: multiple issues

Arch Linux Security Advisory ASA-202111-3 ========================================= Severity: High Date : 2021-11-05 CVE-ID : CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 Package : thunderbird Type : multiple issues Remote : Yes Link :...

[ASA-202009-9] chromium: multiple issues

Arch Linux Security Advisory ASA-202009-9 ========================================= Severity: High Date : 2020-09-23 CVE-ID : CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 Package : chromium Type : multiple issues Remote : Yes Link :...

[ASA-202006-8] python-django: multiple issues

Arch Linux Security Advisory ASA-202006-8 ========================================= Severity: Medium Date : 2020-06-06 CVE-ID : CVE-2020-13254 CVE-2020-13596 Package : python-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1176 Summary ======= The package...

[ASA-202004-18] openssl: denial of service

Arch Linux Security Advisory ASA-202004-18 ========================================== Severity: High Date : 2020-04-21 CVE-ID : CVE-2020-1967 Package : openssl Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1139 Summary ======= The package openssl before version...

[ASA-202004-17] webkit2gtk: arbitrary code execution

Arch Linux Security Advisory ASA-202004-17 ========================================== Severity: Critical Date : 2020-04-19 CVE-ID : CVE-2020-11793 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1137 Summary ======= The package webkit2gt...

[ASA-202003-7] mbedtls: private key recovery

Arch Linux Security Advisory ASA-202003-7 ========================================= Severity: High Date : 2020-03-11 CVE-ID : CVE-2019-18222 Package : mbedtls Type : private key recovery Remote : No Link : https://security.archlinux.org/AVG-1104 Summary ======= The package mbedtls before version...

[ASA-201910-7] chromium: multiple issues

Arch Linux Security Advisory ASA-201910-7 ========================================= Severity: High Date : 2019-10-11 CVE-ID : CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 Package : chromium Type : multiple issues Remote : Yes Link :...