1854 matches found
[ASA-202102-13] cups: information disclosure
Arch Linux Security Advisory ASA-202102-13 ========================================== Severity: Medium Date : 2021-02-06 CVE-ID : CVE-2020-10001 Package : cups Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-1529 Summary ======= The package cups before version...
[ASA-202102-11] gitlab: information disclosure
Arch Linux Security Advisory ASA-202102-11 ========================================== Severity: Medium Date : 2021-02-06 CVE-ID : CVE-2021-22172 Package : gitlab Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-1521 Summary ======= The package gitlab before...
[ASA-202011-13] wireshark-cli: denial of service
Arch Linux Security Advisory ASA-202011-13 ========================================== Severity: Low Date : 2020-11-17 CVE-ID : CVE-2020-28030 Package : wireshark-cli Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1258 Summary ======= The package wireshark-cli befo...
openssl: multiple issues
CVE-2014-3571 denial of service A remote attacker is able to cause a denial of service NULL pointer dereference and application crash via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1getrecord...
[ASA-202012-15] minidlna: arbitrary code execution
Arch Linux Security Advisory ASA-202012-15 ========================================== Severity: High Date : 2020-12-09 CVE-ID : CVE-2020-28926 Package : minidlna Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1321 Summary ======= The package minidlna before...
[ASA-202011-9] chromium: arbitrary code execution
Arch Linux Security Advisory ASA-202011-9 ========================================= Severity: High Date : 2020-11-10 CVE-ID : CVE-2020-16016 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1267 Summary ======= The package chromium before...
[ASA-201904-11] openssh: multiple issues
Arch Linux Security Advisory ASA-201904-11 ========================================== Severity: High Date : 2019-04-24 CVE-ID : CVE-2018-20685 CVE-2019-6109 CVE-2019-6111 Package : openssh Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-951 Summary ======= The packag...
flashplugin: remote code execution
A critical vulnerability use-after-free in the AS3 ByteArray class has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adob...
php: multiple issues
CVE-2015-1351 denial of service Use-after-free vulnerability in the zendsharedmemdup function in zendsharedalloc.c in the OPcache extension allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. - CVE-2015-1352 denial of service The...
[ASA-202011-11] chromium: multiple issues
Arch Linux Security Advisory ASA-202011-11 ========================================== Severity: High Date : 2020-11-17 CVE-ID : CVE-2020-16012 CVE-2020-16014 CVE-2020-16015 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025...
[ASA-202011-10] linux-hardened: multiple issues
Arch Linux Security Advisory ASA-202011-10 ========================================== Severity: Medium Date : 2020-11-10 CVE-ID : CVE-2020-8694 CVE-2020-25704 Package : linux-hardened Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1269 Summary ======= The package...
[ASA-202110-5] nodejs-lts-fermium: multiple issues
Arch Linux Security Advisory ASA-202110-5 ========================================= Severity: High Date : 2021-10-21 CVE-ID : CVE-2021-22939 CVE-2021-22940 CVE-2021-22959 CVE-2021-22960 Package : nodejs-lts-fermium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2284...
[ASA-201910-2] ruby: multiple issues
Arch Linux Security Advisory ASA-201910-2 ========================================= Severity: Medium Date : 2019-10-02 CVE-ID : CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 Package : ruby Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1039 Summary...
bind: denial of service
CVE-2016-1285: Testing by ISC has uncovered a defect in control channel input handling which can cause named to exit due to an assertion failure in sexpr.c or alist.c when a malformed packet is sent to named's control channel the interface which allows named to be controlled using the 'rndc"...
[ASA-202110-1] apache: directory traversal
Arch Linux Security Advisory ASA-202110-1 ========================================= Severity: Critical Date : 2021-10-21 CVE-ID : CVE-2021-42013 Package : apache Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-2450 Summary ======= The package apache before versio...
jenkins: multiple issues
CVE-2015-5317 information leakage The Jenkins UI allowed users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages if those shared file fingerprints with fingerprinted files in accessible jobs. - CVE-2015-5318 cross-side request forgery The salt used to...
[ASA-202012-26] qemu: multiple issues
Arch Linux Security Advisory ASA-202012-26 ========================================== Severity: Medium Date : 2020-12-16 CVE-ID : CVE-2020-14364 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-28916 Package : qemu Type : multiple issues Remote : No Link :...
[ASA-202012-20] lib32-gdk-pixbuf2: denial of service
Arch Linux Security Advisory ASA-202012-20 ========================================== Severity: Medium Date : 2020-12-09 CVE-ID : CVE-2020-29385 Package : lib32-gdk-pixbuf2 Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-1329 Summary ======= The package...
lib32-openssl: multiple issues
CVE-2016-2105 buffer overflow: An overflow can occur in the EVPEncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. Internally to OpenSSL the...
[ASA-202012-17] unbound: denial of service
Arch Linux Security Advisory ASA-202012-17 ========================================== Severity: Low Date : 2020-12-09 CVE-ID : CVE-2020-28935 Package : unbound Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-1326 Summary ======= The package unbound before version...
[ASA-202012-12] blueman: privilege escalation
Arch Linux Security Advisory ASA-202012-12 ========================================== Severity: High Date : 2020-12-09 CVE-ID : CVE-2020-15238 Package : blueman Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1259 Summary ======= The package blueman before versio...
[ASA-202011-16] go: multiple issues
Arch Linux Security Advisory ASA-202011-16 ========================================== Severity: High Date : 2020-11-17 CVE-ID : CVE-2020-28362 CVE-2020-28366 CVE-2020-28367 Package : go Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1278 Summary ======= The package ...
[ASA-202006-7] tomcat9: arbitrary code execution
Arch Linux Security Advisory ASA-202006-7 ========================================= Severity: High Date : 2020-06-06 CVE-ID : CVE-2020-9484 Package : tomcat9 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1171 Summary ======= The package tomcat9 before...
[ASA-201910-4] ruby-rdoc: cross-site scripting
Arch Linux Security Advisory ASA-201910-4 ========================================= Severity: Medium Date : 2019-10-02 CVE-ID : CVE-2012-6708 CVE-2015-9251 Package : ruby-rdoc Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-1041 Summary ======= The package...
[ASA-202204-3] zlib: arbitrary code execution
Arch Linux Security Advisory ASA-202204-3 ========================================= Severity: High Date : 2022-04-04 CVE-ID : CVE-2018-25032 Package : zlib Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2657 Summary ======= The package zlib before version...
[ASA-202012-18] nsd: denial of service
Arch Linux Security Advisory ASA-202012-18 ========================================== Severity: Low Date : 2020-12-09 CVE-ID : CVE-2020-28935 Package : nsd Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-1327 Summary ======= The package nsd before version 4.3.4-1 is...
[ASA-202012-19] gdk-pixbuf2: denial of service
Arch Linux Security Advisory ASA-202012-19 ========================================== Severity: Medium Date : 2020-12-09 CVE-ID : CVE-2020-29385 Package : gdk-pixbuf2 Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-1328 Summary ======= The package gdk-pixbuf2 before...
[ASA-201911-7] electron: arbitrary code execution
Arch Linux Security Advisory ASA-201911-7 ========================================= Severity: Critical Date : 2019-11-04 CVE-ID : CVE-2019-13720 Package : electron Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1061 Summary ======= The package electron befo...
lib32-openssl: multiple issues
CVE-2016-0702 private key extraction A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing...
lib32-expat: multiple issues
CVE-2012-6702 predictable random numbers It was found that when calling XMLParse ahead of rand, it causes the pseudo random generator to generate non-random predictable numbers. - CVE-2016-5300 denial of service It was found that original fix for CVE-2012-0876 used too little entropy for the hash...
[ASA-202005-3] firefox: multiple issues
Arch Linux Security Advisory ASA-202005-3 ========================================= Severity: Critical Date : 2020-05-06 CVE-ID : CVE-2020-6831 CVE-2020-12387 CVE-2020-12390 CVE-2020-12391 CVE-2020-12392 CVE-2020-12394 CVE-2020-12395 CVE-2020-12396 Package : firefox Type : multiple issues Remote ...
[ASA-201701-37] openssl: multiple issues
Arch Linux Security Advisory ASA-201701-37 ========================================== Severity: Medium Date : 2017-01-28 CVE-ID : CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 Package : openssl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-154 Summary ======= The packa...
[ASA-202012-22] tensorflow: multiple issues
Arch Linux Security Advisory ASA-202012-22 ========================================== Severity: Critical Date : 2020-12-16 CVE-ID : CVE-2020-26266 CVE-2020-26267 CVE-2020-26268 CVE-2020-26269 CVE-2020-26270 CVE-2020-26271 Package : tensorflow Type : multiple issues Remote : No Link :...
[ASA-201711-34] libcurl-gnutls: information disclosure
Arch Linux Security Advisory ASA-201711-34 ========================================== Severity: Medium Date : 2017-11-30 CVE-ID : CVE-2017-8817 Package : libcurl-gnutls Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-525 Summary ======= The package...
jdk8-openjdk: sandbox escape
It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...
[ASA-202012-13] pam: authentication bypass
Arch Linux Security Advisory ASA-202012-13 ========================================== Severity: High Date : 2020-12-09 CVE-ID : CVE-2020-27780 Package : pam Type : authentication bypass Remote : No Link : https://security.archlinux.org/AVG-1297 Summary ======= The package pam before version 1.5.0...
[ASA-201803-1] busybox: arbitrary code execution
Arch Linux Security Advisory ASA-201803-1 ========================================= Severity: High Date : 2018-03-01 CVE-ID : CVE-2017-16544 Package : busybox Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-512 Summary ======= The package busybox before versi...
openssl: denial of service / man-in-the-middle / poodle mitigation
SRTP Memory Leak CVE-2014-3513 -------------------------------- A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of...
[ASA-201911-3] glibc: information disclosure
Arch Linux Security Advisory ASA-201911-3 ========================================= Severity: High Date : 2019-11-03 CVE-ID : CVE-2019-9169 Package : glibc Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-855 Summary ======= The package glibc before version 2.30...
[ASA-201801-4] linux-hardened: multiple issues
Arch Linux Security Advisory ASA-201801-4 ========================================= Severity: High Date : 2018-01-05 CVE-ID : CVE-2017-16995 CVE-2017-16996 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-17558 CVE-2017-17712 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-17852...
[ASA-201903-3] gdm: access restriction bypass
Arch Linux Security Advisory ASA-201903-3 ========================================= Severity: High Date : 2019-03-03 CVE-ID : CVE-2019-3820 CVE-2019-3825 Package : gdm Type : access restriction bypass Remote : No Link : https://security.archlinux.org/AVG-879 Summary ======= The package gdm before...
lib32-openssl: man-in-the-middle
CVE-2015-3197 man-in-the-middle A flaw was found in the way malicious SSL/TLS clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSL/TLS connections, making them vulnerable to man-in-the-middle attacks. -...
flashplugin, lib32-flashplugin: multiple issues
CVE-2015-8459: Memory corruption vulnerabilities that could lead to code execution. Credited to Kai Kang of Tencent's Xuanwu LAB. - CVE-2015-8460: Memory corruption vulnerabilities that could lead to code execution. Credited to Jie Zeng of Qihoo 360. - CVE-2015-8634, CVE-2015-8635: Use-after-free...
jre7-openjdk-headless: multiple issues
CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6587 privilege escalation MulticastSocket NULL pointer dereference allows local users to...
[ASA-202010-9] linux-hardened: multiple issues
Arch Linux Security Advisory ASA-202010-9 ========================================= Severity: High Date : 2020-10-18 CVE-ID : CVE-2020-12351 CVE-2020-12352 CVE-2020-24490 Package : linux-hardened Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1251 Summary ======= Th...
[ASA-201811-4] curl: multiple issues
Arch Linux Security Advisory ASA-201811-4 ========================================= Severity: High Date : 2018-11-06 CVE-ID : CVE-2018-16840 CVE-2018-16842 Package : curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-795 Summary ======= The package curl before...
mariadb: multiple issues
CVE-2016-6662 arbitrary code execution Researcher Dawid Golunski discovered several security issues in the mariadb DBMS, including a vulnerability flaw that can be exploited by a remote attacker to inject malicious settings into my.cnf configuration files. The flaw can be triggered to fully...
openssh: information leakage
Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. Reported by EddieEzra.Harari at verint.com...
[ASA-202112-1] vivaldi: multiple issues
Arch Linux Security Advisory ASA-202112-1 ========================================= Severity: High Date : 2021-12-03 CVE-ID : CVE-2021-37981 CVE-2021-37982 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992...
[ASA-201906-17] python: information disclosure
Arch Linux Security Advisory ASA-201906-17 ========================================== Severity: High Date : 2019-06-18 CVE-ID : CVE-2019-9636 Package : python Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-977 Summary ======= The package python before version...