1854 matches found
[ASA-201910-17] chromium: multiple issues
Arch Linux Security Advisory ASA-201910-17 ========================================== Severity: High Date : 2019-10-26 CVE-ID : CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708 CVE-2019-13709...
[ASA-201905-2] linux: arbitrary code execution
Arch Linux Security Advisory ASA-201905-2 ========================================= Severity: High Date : 2019-05-06 CVE-ID : CVE-2019-11683 Package : linux Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-955 Summary ======= The package linux before version...
[ASA-201904-5] ghostscript: sandbox escape
Arch Linux Security Advisory ASA-201904-5 ========================================= Severity: High Date : 2019-04-11 CVE-ID : CVE-2019-3835 CVE-2019-3838 Package : ghostscript Type : sandbox escape Remote : Yes Link : https://security.archlinux.org/AVG-929 Summary ======= The package ghostscript...
[ASA-201902-27] elasticsearch: privilege escalation
Arch Linux Security Advisory ASA-201902-27 ========================================== Severity: High Date : 2019-02-25 CVE-ID : CVE-2019-7611 Package : elasticsearch Type : privilege escalation Remote : Yes Link : https://security.archlinux.org/AVG-912 Summary ======= The package elasticsearch...
[ASA-201902-12] lib32-libcurl-compat: arbitrary code execution
Arch Linux Security Advisory ASA-201902-12 ========================================== Severity: High Date : 2019-02-12 CVE-ID : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Package : lib32-libcurl-compat Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-875...
[ASA-201902-5] rdesktop: multiple issues
Arch Linux Security Advisory ASA-201902-5 ========================================= Severity: High Date : 2019-02-11 CVE-ID : CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20175...
[ASA-201901-18] ghostscript: sandbox escape
Arch Linux Security Advisory ASA-201901-18 ========================================== Severity: High Date : 2019-01-29 CVE-ID : CVE-2019-6116 Package : ghostscript Type : sandbox escape Remote : Yes Link : https://security.archlinux.org/AVG-860 Summary ======= The package ghostscript before versi...
[ASA-201811-21] powerdns-recursor: denial of service
Arch Linux Security Advisory ASA-201811-21 ========================================== Severity: Medium Date : 2018-11-28 CVE-ID : CVE-2018-16855 Package : powerdns-recursor Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-821 Summary ======= The package...
[ASA-201811-2] linux-lts: denial of service
Arch Linux Security Advisory ASA-201811-2 ========================================= Severity: Low Date : 2018-11-01 CVE-ID : CVE-2018-18445 Package : linux-lts Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-801 Summary ======= The package linux-lts before version...
[ASA-201805-14] lib32-curl: multiple issues
Arch Linux Security Advisory ASA-201805-14 ========================================== Severity: Critical Date : 2018-05-18 CVE-ID : CVE-2018-1000300 CVE-2018-1000301 Package : lib32-curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-695 Summary ======= The package...
[ASA-201804-10] drupal: arbitrary command execution
Arch Linux Security Advisory ASA-201804-10 ========================================== Severity: Critical Date : 2018-04-27 CVE-ID : CVE-2018-7602 Package : drupal Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-679 Summary ======= The package drupal befor...
[ASA-201802-15] mbedtls: arbitrary code execution
Arch Linux Security Advisory ASA-201802-15 ========================================== Severity: High Date : 2018-02-24 CVE-ID : CVE-2018-0487 CVE-2018-0488 Package : mbedtls Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-617 Summary ======= The package...
[ASA-201801-24] libcurl-gnutls: multiple issues
Arch Linux Security Advisory ASA-201801-24 ========================================== Severity: Medium Date : 2018-01-29 CVE-ID : CVE-2018-1000005 CVE-2018-1000007 Package : libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-596 Summary ======= The packag...
[ASA-201801-22] lib32-curl: multiple issues
Arch Linux Security Advisory ASA-201801-22 ========================================== Severity: Medium Date : 2018-01-29 CVE-ID : CVE-2018-1000005 CVE-2018-1000007 Package : lib32-curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-594 Summary ======= The package...
[ASA-201801-13] transmission-cli: arbitrary command execution
Arch Linux Security Advisory ASA-201801-13 ========================================== Severity: High Date : 2018-01-17 CVE-ID : CVE-2018-5702 Package : transmission-cli Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-588 Summary ======= The package...
[ASA-201712-7] quagga: denial of service
Arch Linux Security Advisory ASA-201712-7 ========================================= Severity: Medium Date : 2017-12-13 CVE-ID : CVE-2017-16227 Package : quagga Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-481 Summary ======= The package quagga before version...
[ASA-201711-42] lib32-libxcursor: arbitrary code execution
Arch Linux Security Advisory ASA-201711-42 ========================================== Severity: High Date : 2017-11-30 CVE-ID : CVE-2017-16612 Package : lib32-libxcursor Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-532 Summary ======= The package...
[ASA-201711-13] libzip: arbitrary code execution
Arch Linux Security Advisory ASA-201711-13 ========================================== Severity: High Date : 2017-11-07 CVE-ID : CVE-2017-12858 Package : libzip Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-390 Summary ======= The package libzip before...
[ASA-201710-32] apr: information disclosure
Arch Linux Security Advisory ASA-201710-32 ========================================== Severity: Medium Date : 2017-10-27 CVE-ID : CVE-2017-12613 Package : apr Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-469 Summary ======= The package apr before version...
[ASA-201710-28] musl: arbitrary code execution
Arch Linux Security Advisory ASA-201710-28 ========================================== Severity: Critical Date : 2017-10-21 CVE-ID : CVE-2017-15650 Package : musl Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-457 Summary ======= The package musl before...
[ASA-201710-26] linux: privilege escalation
Arch Linux Security Advisory ASA-201710-26 ========================================== Severity: High Date : 2017-10-17 CVE-ID : CVE-2017-5123 Package : linux Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-444 Summary ======= The package linux before version...
[ASA-201710-20] flashplugin: arbitrary code execution
Arch Linux Security Advisory ASA-201710-20 ========================================== Severity: Critical Date : 2017-10-16 CVE-ID : CVE-2017-11292 Package : flashplugin Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-449 Summary ======= The package flashplug...
[ASA-201710-21] lib32-flashplugin: arbitrary code execution
Arch Linux Security Advisory ASA-201710-21 ========================================== Severity: Critical Date : 2017-10-16 CVE-ID : CVE-2017-11292 Package : lib32-flashplugin Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-450 Summary ======= The package...
[ASA-201709-9] linux: arbitrary code execution
Arch Linux Security Advisory ASA-201709-9 ========================================= Severity: High Date : 2017-09-15 CVE-ID : CVE-2017-1000251 Package : linux Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-392 Summary ======= The package linux before versio...
[ASA-201709-3] bluez: information disclosure
Arch Linux Security Advisory ASA-201709-3 ========================================= Severity: High Date : 2017-09-12 CVE-ID : CVE-2017-1000250 Package : bluez Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-396 Summary ======= The package bluez before version...
[ASA-201709-1] chromium: multiple issues
Arch Linux Security Advisory ASA-201709-1 ========================================= Severity: Critical Date : 2017-09-06 CVE-ID : CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 Package : chromium Type :...
[ASA-201707-29] chromium: multiple issues
Arch Linux Security Advisory ASA-201707-29 ========================================== Severity: Critical Date : 2017-07-27 CVE-ID : CVE-2017-5091 CVE-2017-5092 CVE-2017-5093 CVE-2017-5094 CVE-2017-5095 CVE-2017-5097 CVE-2017-5098 CVE-2017-5099 CVE-2017-5100 CVE-2017-5101 CVE-2017-5102 CVE-2017-51...
[ASA-201707-10] flashplugin: multiple issues
Arch Linux Security Advisory ASA-201707-10 ========================================== Severity: Critical Date : 2017-07-11 CVE-ID : CVE-2017-3080 CVE-2017-3099 CVE-2017-3100 Package : flashplugin Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-344 Summary ======= The...
[ASA-201706-15] lib32-flashplugin: arbitrary code execution
Arch Linux Security Advisory ASA-201706-15 ========================================== Severity: Critical Date : 2017-06-14 CVE-ID : CVE-2017-3075 CVE-2017-3076 CVE-2017-3077 CVE-2017-3078 CVE-2017-3079 CVE-2017-3081 CVE-2017-3082 CVE-2017-3083 CVE-2017-3084 Package : lib32-flashplugin Type :...
[ASA-201705-3] ghostscript: arbitrary command execution
Arch Linux Security Advisory ASA-201705-3 ========================================= Severity: High Date : 2017-05-07 CVE-ID : CVE-2017-8291 Package : ghostscript Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-256 Summary ======= The package ghostscript...
[ASA-201704-1] python2-django: multiple issues
Arch Linux Security Advisory ASA-201704-1 ========================================= Severity: Medium Date : 2017-04-06 CVE-ID : CVE-2017-7233 CVE-2017-7234 Package : python2-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-233 Summary ======= The package...
[ASA-201703-9] jasper: multiple issues
Arch Linux Security Advisory ASA-201703-9 ========================================= Severity: High Date : 2017-03-14 CVE-ID : CVE-2016-8886 CVE-2016-9591 Package : jasper Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-69 Summary ======= The package jasper before...
[ASA-201703-1] curl: insufficient validation
Arch Linux Security Advisory ASA-201703-1 ========================================= Severity: Low Date : 2017-03-03 CVE-ID : CVE-2017-2629 Package : curl Type : insufficient validation Remote : Yes Link : https://security.archlinux.org/AVG-179 Summary ======= The package curl before version...
[ASA-201701-40] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201701-40 ========================================== Severity: Critical Date : 2017-01-29 CVE-ID : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 Package : thunderbird Type : multiple issues Remote :...
[ASA-201701-29] powerdns: multiple issues
Arch Linux Security Advisory ASA-201701-29 ========================================== Severity: Medium Date : 2017-01-19 CVE-ID : CVE-2016-2120 CVE-2016-7068 CVE-2016-7072 CVE-2016-7073 CVE-2016-7074 Package : powerdns Type : multiple issues Remote : Yes Link :...
[ASA-201701-24] nginx-mainline: privilege escalation
Arch Linux Security Advisory ASA-201701-24 ========================================== Severity: High Date : 2017-01-15 CVE-ID : CVE-2016-1247 Package : nginx-mainline Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-139 Summary ======= The package nginx-mainline...
bind: denial of service
Although not commonly used, the BIND package contains provisions to allow systems to resolve names using the lightweight resolver protocol, a protocol similar to but distinct from the normal DNS protocols. The lightweight resolver protocol can be used either by running the lwresd utility installe...
lib32-flashplugin: multiple issues
CVE-2016-4175 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235...
haproxy: denial of service
A problem has been discovered with the new field "ruledenystatus" into struct httptxn, which is filled only by actions "http-request deny" and "http-request tarpit". It's then used in the deny code path to emit the proper error message, but is used uninitialized when the deny comes from a "reqden...
latex2rtf: arbitrary code execution
A format string vulnerability was found in the CmdKeywords function, where the user-controlled variable 'keywords' is passed as a format argument to vnsprintf, when processing the \keywords command in a TeX file...
pidgin-otr: arbitrary code execution
The pidgin-otr plugin fixes a heap use after free error. The bug is triggered when a user tries to authenticate a buddy and happens in the function createsmpdialog. This issue is leading to denial of service or possibly remote code execution...
libgcrypt: secret key extraction
A vulnerability was found in a way the ECDH encryption algorithm decrypts data. An attacker with a specialized setup can extract the secret decryption key from a target located in an adjacent room within seconds. This is done by measuring the target's electromagnetic emanations...
nghttp2: use-after-free
nghttp2 1.6.0 fixes a heap-based use-after-free bug in idle stream handling code, where an idle/closed stream could possibly be destroyed while it was still referenced...
gdk-pixbuf2: multiple issues
CVE-2015-7673 denial of service It has been discovered that under certain circumstances while scaling a tga file a heap memory allocation may fail which is later used and leads to a denial of service. - CVE-2015-7673 heap buffer overflow It has been discovered that under certain circumstances...
glibc: denial of service
It was found that the files backend of Name Service Switch NSS did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service...
tcpdump: denial of service
A vulnerability was discovered in print-wb.c that is leading to a segmentation fault triggered through feeding into tcpdump a crafted packet, either from a live network interface or from a .pcap file...
e2fsprogs: arbitrary code execution
If corrupted file system didn't trip over some corruption check, and then the file system was modified via tune2fs or debugfs, such that the superblock was marked dirty and then written out via the closefs path, it's possible that the buffer overrun could be triggered when the file system is...
dbus: denial of service
Systemd sends back an ActivationFailure D-Bus signal if the activation fails. However, when it receives these signals, dbus-daemon does not verify that the signal actually came from systemd. A malicious local user could send repeated ActivationFailure signals in the hope that it would "win the...
postgresql: multiple issues
CVE-2014-8161 information leak Some server error messages show the values of columns that violate a constraint, such as a unique constraint. If the user does not have SELECT privilege on all columns of the table, this could mean exposing values that the user should not be able to see. Adjust the...
rsyslog: remote denial of service
The rsyslog fix shipped in 8.4.1 for an invalid PRI value see ASA-201410-1 was incomplete, as it did not cover cases where PRI values MAXINT. These values caused an integer overflow, resulting in negative values. Sending a syslog message containing an invalid PRI value to a vulnerable rsyslog...