CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

80 matches found

Gentoo Linux•added 2024/09/28 12:0 a.m.•17 views

yt-dlp: Multiple Vulnerabilities

Background yt-dlp is a youtube-dl fork with additional features and fixes. Description Multiple vulnerabilities have been found in yt-dlp. Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

8.2CVSS7.6AI score0.00689EPSS

Exploits0

Gentoo Linux•added 2023/11/26 12:0 a.m.•25 views

Open vSwitch: Multiple Vulnerabilities

Background Open vSwitch is a production quality multilayer virtual switch. Description Multiple vulnerabilities have been discovered in Open vSwitch. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There i...

9.8CVSS7.7AI score0.05687EPSS

Exploits1

Tenable Nessus•added 2020/08/31 12:0 a.m.•26 views

GLSA-202008-23 : chrony: Symlink vulnerability

The remote host is affected by the vulnerability described in GLSA-202008-23 chrony: Symlink vulnerability It was found that chrony did not check whether its PID file was a symlink. Impact : A local attacker could perform symlink attacks to overwrite arbitrary files with root privileges. Workarou...

6CVSS6.7AI score0.00274EPSS

Exploits0References3

Tenable Nessus•added 2020/07/30 12:0 a.m.•40 views

GLSA-202007-54 : rsync: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202007-54 rsync: Multiple vulnerabilities Multiple vulnerabilities have been discovered in rsync within bundled zlib. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE...

9.8CVSS7.4AI score0.15071EPSS

Exploits0References5

Gentoo Linux•added 2019/11/07 12:0 a.m.•84 views

OpenSSH: Integer overflow

Background OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. Description OpenSSH, when built with “xmss” USE flag enabled, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. NOTE: This USE flag is...

7.8CVSS8.1AI score0.00271EPSS

Exploits2

Gentoo Linux•added 2019/08/15 12:0 a.m.•46 views

GNU Wget: Arbitrary code execution

Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description A buffer overflow was discovered in GNU’s Wget. Impact An attacker could possibly execute arbitrary code with the privileges of the process or cause ...

9.8CVSS10AI score0.01517EPSS

Exploits0

Gentoo Linux•added 2019/03/10 12:0 a.m.•130 views

GNU Wget: Password and metadata leak

Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description A vulnerability was discovered in GNU Wget’s filemetadata in xattr.c. Impact A local attacker could obtain sensitive information to include...

7.8CVSS8.6AI score0.00044EPSS

Exploits1

Tenable Nessus•added 2018/07/30 12:0 a.m.•38 views

GLSA-201807-04 : cURL: Heap-based buffer overflow

The remote host is affected by the vulnerability described in GLSA-201807-04 cURL: Heap-based buffer overflow A heap-based buffer overflow was discovered in cURLs Curlsmtpescapeeob function. Impact : An attacker could cause a Denial of Service condition or execute arbitrary code via SMTP...

9.8CVSS8.7AI score0.01242EPSS

Exploits1References2

Gentoo Linux•added 2018/06/13 12:0 a.m.•515 views

GNU Wget: Cookie injection

Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description A vulnerability was discovered in GNU Wget’s respnew function which does not validate \r\n sequences in continuation lines. Impact A remote attacker...

6.5CVSS7.1AI score0.65865EPSS

Exploits5

Tenable Nessus•added 2018/05/09 12:0 a.m.•21 views

GLSA-201805-04 : rsync: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-201805-04 rsync: Arbitrary command execution A vulnerability was discovered in rsyncs parsearguments function in options.c. Impact : Remote attackers could possibly execute arbitrary commands with the privilege of the process...

7.5CVSS7.5AI score0.13133EPSS

Exploits0References2

Gentoo Linux•added 2018/05/08 12:0 a.m.•377 views

rsync: Arbitrary command execution

Background File transfer program to keep remote files into sync. Description A vulnerability was discovered in rsync’s parsearguments function in options.c. Impact Remote attackers could possibly execute arbitrary commands with the privilege of the process. Workaround There is no known workaround...

7.5CVSS8.2AI score0.13133EPSS

Exploits0

Tenable Nessus•added 2018/04/23 12:0 a.m.•33 views

GLSA-201804-17 : Quagga: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201804-17 Quagga: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by sending specially crafted packets,...

9.8CVSS7.3AI score0.09304EPSS

Exploits0References5

Tenable Nessus•added 2018/01/12 12:0 a.m.•21 views

GLSA-201801-13 : TigerVNC: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201801-13 TigerVNC: Multiple vulnerabilities Multiple vulnerabilities have been discovered in TigerVNC. Please review the referenced CVE Identifiers for details. Impact : An attacker could execute arbitrary code or cause a Denial ...

8.8CVSS7.2AI score0.01142EPSS

Exploits1References7

Gentoo Linux•added 2018/01/11 12:0 a.m.•33 views

TigerVNC: Multiple vulnerabilities

Background TigerVNC is a high-performance VNC server/client. Description Multiple vulnerabilities have been discovered in TigerVNC. Please review the referenced CVE Identifiers for details. Impact An attacker could execute arbitrary code or cause a Denial of Service condition. Workaround There is...

8.8CVSS8.7AI score0.01142EPSS

Exploits1

Gentoo Linux•added 2018/01/07 12:0 a.m.•56 views

OpenSSH: Permission issue

Background OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. Description The processopen function in sftp-server.c in OpenSSH did not properly prevent write operations in readonly mode. Impact A remote attacker could cause the creation of zero-length...

5.3CVSS6.1AI score0.02659EPSS

Exploits0

Gentoo Linux•added 2017/11/12 12:0 a.m.•16 views

VDE: Privilege escalation

Background VDE is an ethernet compliant virtual network that can be spawned over a set of physical computer over the Internet. Description It was discovered that Gentoo’s default VDE installation suffered from a privilege escalation vulnerability in the init script. This script calls an unsafe...

10CVSS9.7AI score0.00248EPSS

Exploits0

CNVD•added 2017/11/07 12:0 a.m.•1 views

Gentoo net-misc/vde elevation of privilege vulnerability

The Gentoo net-misc/vde package is a set of distributed virtual networking frameworks from the Gentoo Foundation. A security vulnerability exists in versions of the Gentoo net-misc/vde package prior to 2.3.2-r4. An attacker can exploit this vulnerability to gain root privileges by creating hard...

10CVSS7AI score0.00248EPSS

Exploits0References1

Prion•added 2017/11/06 11:29 p.m.•10 views

Hardcoded credentials

The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script...

10CVSS9.5AI score0.00248EPSS

Exploits0References2Affected Software1