80 matches found
CVE-2017-16638
CVE-2017-16638 affects Gentoo net-misc/vde up to version 2.3.2-r4. A privilege-escalation exists where members of the qemu group can gain root privileges by a hard link operation in a directory on which the OpenRC init script calls chown recursively. The issue is fixed by upgrading to >= net-m...
GLSA-201702-19 : TigerVNC: Buffer overflow
The remote host is affected by the vulnerability described in GLSA-201702-19 TigerVNC: Buffer overflow A buffer overflow vulnerability in ModifiablePixelBuffer::fillRect in vncviewer was found. Impact : A remote attacker, utilizing a malicious VNC server, could execute arbitrary code with the...
OpenSSH: Multiple vulnerabilities
Background OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact Workaround There is no known workaround at thi...
NTP: Multiple vulnerablities
Background NTP contains software for the Network Time Protocol. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or...
GLSA-201507-01 : chrony: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201507-01 chrony: Multiple vulnerabilities Multiple vulnerabilities have been discovered in chrony. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can cause arbitrary remote code executi...
OpenVPN: Denial of service
Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description OpenVPN does not properly handle control channel packets that are too small. Impact A remote authenticated attacker could send a specially crafted control channel packet, possibly resulting in a Denial of Service...
TigerVNC: User-assisted execution of arbitrary code
Background TigerVNC is a high-performance VNC server/client. Description Two boundary errors in TigerVNC could lead to a heap-based buffer overflow. Impact A remote attacker could entice a user to connect to a malicious VNC server using TigerVNC, possibly resulting in execution of arbitrary code...
cURL: Multiple vulnerabilities
Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a man-in-the-middle...
stunnel: Arbitrary code execution
Background The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server. Description A buffer overflow vulnerability has been discovered in stunnel. Please review the CVE identifier referenced below for details. Impact A remote attacker could...
Openswan: User-assisted execution of arbitrary code
Background Openswan is an implementation of IPsec for Linux. Description A buffer overflow flaw has been discovered in Openswan when using Opportunistic Encryption. Impact A remote attacker could send a specially crafted DNS TXT record, possibly resulting in execution of arbitrary code with the...
GLSA-201310-08 : Quagga: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201310-08 Quagga: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause arbitrary code...
Dropbear: Multiple vulnerabilities
Background Dropbear is an SSH server and client designed with a small memory footprint. Description Multiple vulnerabilities have been discovered in Dropbear. Please review the CVE identifier and Gentoo bug referenced below for details. Impact A remote attacker could send a specially crafted...
ISC DHCP: Denial of service
Background ISC DHCP is a Dynamic Host Configuration Protocol DHCP client/server. Description Multiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details. Impact The vulnerabilities might allow remote attackers to execute arbitrary code...
Gentoo Security Advisory GLSA 201209-15 (asterisk)
The remote host is missing updates announced in advisory GLSA 201209-15. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...
socat: Arbitrary code execution
Background socat is a multipurpose bidirectional relay, similar to netcat. Description A vulnerability in the "xioscanreadline" function in xio-readline.c could cause a heap-based buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the socat...
Gentoo Security Advisory GLSA 201206-08 (wicd)
The remote host is missing updates announced in advisory GLSA 201206-08. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Wicd: Multiple vulnerabilities
Background Wicd is an open source wired and wireless network manager for Linux. Description Two vulnerabilities have been found in Wicd: Passwords and passphrases are written to /var/log/wicd CVE-2012-0813. Input from the daemon's D-Bus interface is not properly sanitized CVE-2012-2095. Impact A...
Gentoo Security Advisory GLSA 201203-13 (Openswan)
The remote host is missing updates announced in advisory GLSA 201203-13. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...
Gentoo Security Advisory GLSA 201201-07 (NX Server NX Node)
The remote host is missing updates announced in advisory GLSA 201201-07. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 201111-08 (radvd)
The remote host is missing updates announced in advisory GLSA 201111-08. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...