Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2014/05/23 12:0 a.m.50 views

LibYAML: Arbitrary code execution

Background LibYAML is a YAML 1.1 parser and emitter written in C. Description The yamlparserscanuriescapes function does not properly expand strings passed as input, which can result in a heap-based buffer overflow. Impact An attacker could provide a specially-crafted YAML document, which, when...

6.8CVSS8.1AI score0.09264EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2014/04/08 12:0 a.m.50 views

OpenSSL: Information Disclosure

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been found in OpenSSL: OpenSSL incorrectly handles memory in the TLS...

7.5CVSS7.9AI score0.99999EPSS
Exploits89
Gentoo Linux
Gentoo Linux
added 2014/01/06 12:0 a.m.50 views

Python: Multiple vulnerabilities

Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition ...

5CVSS8.1AI score0.14643EPSS
Exploits7
Gentoo Linux
Gentoo Linux
added 2013/11/10 12:0 a.m.50 views

GIMP: Multiple vulnerabilities

Background GIMP is the GNU Image Manipulation Program. Description Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted KiSS palette, GIF image or XWD file...

7.5CVSS7.5AI score0.06813EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2013/10/28 12:0 a.m.50 views

MediaWiki: Multiple vulnerabilities

Background The MediaWiki wiki web application as used on wikipedia.org. Description Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code, perform man-in-the-middle...

7.5CVSS7.3AI score0.02683EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2013/10/17 12:0 a.m.50 views

PolarSSL: Multiple vulnerabilities

Background PolarSSL is a cryptographic library for embedded systems. Description Multiple vulnerabilities have been discovered in PolarSSL. Please review the CVE identifiers referenced below for details. Impact A remote attacker might be able to cause Denial of Service, conduct a man-in-the middl...

7.4CVSS7.5AI score0.35584EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2013/09/26 12:0 a.m.50 views

klibc: Command Injection

Background klibc is a minimalistic libc used for making an initramfs. Description The ipconfig utility in klibc writes DHCP options to /tmp/net-$DEVICE.conf, and this file is later sourced by other scripts to get defined variables. The options written to this file are not properly escaped. Impact...

10CVSS3AI score0.20533EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/04/17 12:0 a.m.50 views

PolicyKit: Multiple vulnerabilities

Background PolicyKit is a toolkit for controlling privileges for system-wide services. Description Multiple vulnerabilities have been found in PolicyKit: Error messages in the pkexec utility disclose the existence of local files CVE-2010-0750. The pkexec utility initially checks the effective use...

6.9CVSS7.3AI score0.05246EPSS
Exploits18
Gentoo Linux
Gentoo Linux
added 2011/11/01 12:0 a.m.50 views

Chromium, V8: Multiple vulnerabilities

Background Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Description Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact A local attacker could ga...

7.5CVSS9.2AI score0.0369EPSS
Exploits7
Gentoo Linux
Gentoo Linux
added 2011/10/13 12:0 a.m.50 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers and Adobe Security Advisories and Bulletins reference...

10CVSS4.1AI score0.9941EPSS
Exploits59
Gentoo Linux
Gentoo Linux
added 2011/10/10 12:0 a.m.50 views

Bugzilla: Multiple vulnerabilities

Background Bugzilla is the bug-tracking system from the Mozilla project. Description Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact A remote attacker could conduct cross-site scripting attacks, conduct script...

7.5CVSS9.5AI score0.02713EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2009/04/14 12:0 a.m.50 views

F-PROT Antivirus: Multiple Denial of Service vulnerabilities

Background F-PROT Antivirus is a multi-platform virus scanner for workstations and mail servers. Description The following vulnerabilities were found: Multiple errors when processing UPX, ASPack or Microsoft Office files CVE-2008-3243. Infinite Sergio Alvarez of n.runs AG reported an invalid memo...

5CVSS6.7AI score0.03059EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/07/31 12:0 a.m.50 views

Linux Audit: Buffer overflow

Background Linux Audit is a set of userspace utilities for storing and processing auditing records. Description A stack-based buffer overflow has been reported in the auditlogusercommand function in the file lib/auditlogging.c when processing overly long arguments. Impact A local attacker could...

4.1CVSS7.3AI score0.01047EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/03/04 12:0 a.m.50 views

Opera: Multiple vulnerabilities

Background Opera is a fast web browser that is available free of charge. Description Mozilla discovered that Opera does not handle input to file form fields properly, allowing scripts to manipulate the file path CVE-2008-1080. Max Leonov found out that image comments might be treated as scripts,...

6.8CVSS6.3AI score0.02501EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/10/18 12:0 a.m.50 views

util-linux: Local privilege escalation

Background util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems. Description Ludwig Nussel discovered that the checkspecialmountprog and checkspecialumountprog functions call setuid and setgid in the wrong order and do not check the...

7.2CVSS6.5AI score0.0044EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/14 12:0 a.m.50 views

SSH Communications Security's Secure Shell Server: SFTP privilege escalation

Background The SSH Secure Shell Server from SSH Communications Security www.ssh.com is a commercial SSH implementation available free for non-commercial use. Description The SSH Secure Shell Server contains a format string vulnerability in the SFTP code that handles file transfers scp2 and sftp2...

6.5CVSS6.6AI score0.10188EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/02/17 12:0 a.m.50 views

Sun JDK/JRE: Execution of arbitrary code

Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description A anonymous researcher discovered that an error in the handling of a GIF image with a zero width field block leads to a memory corruption flaw. Impact An attacker could...

6.8CVSS6.8AI score0.10994EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/03/22 12:0 a.m.50 views

PHP: Format string and XSS vulnerabilities

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run on a web server with the modphp module or the CGI version and also stand-alone in a CLI. Description Stefan Esser of the Hardened PHP project has reported a few vulnerabilities found i...

5CVSS6.8AI score0.04348EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/24 12:0 a.m.50 views

GnuPG: OpenPGP protocol attack

Background GnuPG is complete and free replacement for PGP, a tool for secure communication and data storage. Description A flaw has been identified in an integrity checking mechanism of the OpenPGP protocol. Impact An automated system using GnuPG that allows an attacker to repeatedly discover the...

5CVSS6.3AI score0.02946EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/16 12:0 a.m.50 views

glibc: Information leak with LD_DEBUG

Background The GNU C library defines various Unix-like "system calls" and other basic facilities needed for a standard POSIX-like application to operate. Description Silvio Cesare discovered a potential information leak in glibc. It allows LDDEBUG on SUID binaries where it should not be allowed...

2.1CVSS2AI score0.00364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2023/09/29 12:0 a.m.49 views

sudo: Multiple Vulnerabilities

Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...

7.2CVSS7.4AI score0.01664EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2022/12/19 12:0 a.m.49 views

Unbound: Multiple Vulnerabilities

Background Unbound is a validating, recursive, and caching DNS resolver. Description Multiple vulnerabilities have been discovered in Unbound. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

7.5CVSS7.8AI score0.01293EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/11/22 12:0 a.m.49 views

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.8CVSS7.9AI score0.01659EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/08/14 12:0 a.m.49 views

GStreamer, GStreamer Plugins: Multiple Vulnerabilities

Background GStreamer is an open source multimedia framework. Description Multiple vulnerabilities have been found in GStreamer and its plugins. Please review the CVE and GStreamer-SA identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.8CVSS2.3AI score0.05372EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/11/03 12:0 a.m.49 views

OpenDMARC: Heap-based buffer overflow

Background OpenDMARC is an open source DMARC implementation. Description It was found that OpenDMARC did not properly handle DMARC aggregate reports. Impact A remote attacker, by sending a specially crafted DMARC aggregate report, could possibly cause a Denial of Service condition and depending o...

9.8CVSS4AI score0.03684EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2020/07/27 12:0 a.m.49 views

Mozilla Network Security Service (NSS): Information disclosure

Background The Mozilla Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description NSS was found to not always perform constant-time operations when working with DSA key material. Impa...

4.4CVSS2.2AI score0.00651EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/07/27 12:0 a.m.49 views

ReportLab: Arbitrary code execution

Background ReportLab is an Open Source Python library for generating PDFs and graphics. Description ReportLab was found to be mishandling XML documents and may evaluate the contents without checking for their safety. Impact A remote attacker could possibly execute arbitrary code with the privileg...

9.8CVSS3.2AI score0.10231EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2019/08/15 12:0 a.m.49 views

ZeroMQ: Arbitrary code execution

Background Looks like an embeddable networking library but acts like a concurrency framework. Description A buffer overflow was discovered in ZeroMQ. Impact An attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround Ther...

9.8CVSS4.7AI score0.42464EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2019/04/24 12:0 a.m.49 views

QEMU: Multiple vulnerabilities

Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

9.8CVSS2.8AI score0.04428EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/12/14 12:0 a.m.49 views

OpenSSL: Multiple vulnerabilities

Background OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details. Impact A remote...

6.5CVSS7.5AI score0.78675EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2017/10/13 12:0 a.m.49 views

Graphite: Multiple vulnerabilities

Background Graphite is a “smart font” system developed specifically to handle the complexities of lesser-known languages of the world. Description Multiple vulnerabilities have been discovered in Graphite. Please review the referenced CVE identifiers for details. Impact A remote attacker could...

9.8CVSS10AI score0.05216EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2017/09/17 12:0 a.m.49 views

Kpathsea: User-assisted execution of arbitrary code

Background Kpathsea is a library to do path searching. It is used by TeX Live and others TeX related software. Description It was discovered that the mpost program from the shellescapecommands list is capable of executing arbitrary external programs during the conversion of .tex files. The...

9.8CVSS9.6AI score0.07146EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2017/01/29 12:0 a.m.49 views

libpng: Remote execution of arbitrary code

Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several programs, including web browsers and potentially server processes. Description A null pointer dereference was discovered in libpng in the pngpushsavebuffer function. In order to be...

7.5CVSS8.2AI score0.05517EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/01/11 12:0 a.m.49 views

Vim, gVim: Remote execution of arbitrary code

Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description Vim and gVim do not properly validate values for the ‘filetype’, ‘syntax’, and ‘keymap’ options. Impact A remote attacker could entice a user to open a...

7.8CVSS7.3AI score0.25314EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2017/01/11 12:0 a.m.49 views

Botan: Multiple vulnerabilities

Background Botan Japanese for peony is a cryptography library written in C++11. Description Multiple vulnerabilities have been discovered in Botan. Please review the CVE identifiers referenced below for details. Impact A remote attacker might obtain ECDSA secret keys via a timing side-channel...

7.5CVSS2AI score0.02443EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/12/13 12:0 a.m.49 views

XStream: Remote execution of arbitrary code

Background XStream is a simple library to serialize objects to XML and back again. Description It was found that XStream would deserialize arbitrary user-supplied XML content, thus representing objects of any type. Impact A remote attacker could pass a specially crafted XML document to XStream,...

9.8CVSS8.7AI score0.84362EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2016/12/04 12:0 a.m.49 views

Pygments: Arbitrary code execution

Background Pygments is a generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code. Description A vulnerability in FontManager’s getnixfontpath function allows shell metacharacters to be passed in a font name. Impact A remot...

9.3CVSS9.4AI score0.06664EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/12/04 12:0 a.m.49 views

nghttp2: Heap-use-after-free

Background Nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C. Description A heap-use-after-free vulnerability has been discovered in nghttp2. Please review the CVE identifier referenced below for details. Impact The impact of the vulnerability is still unknown...

10CVSS9.3AI score0.04073EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/11/20 12:0 a.m.49 views

imlib2: Multiple vulnerabilities

Background imlib2 is an advanced replacement for image manipulation libraries such as libXpm. It is utilized by numerous programs, including gkrellm and several window managers, to display images. Description Multiple vulnerabilities have been discovered in imlib2. Please review the CVE identifie...

9.8CVSS8.5AI score0.05839EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/09/25 12:0 a.m.49 views

QEMU: Multiple vulnerabilities

Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact Local users within a guest QEMU environment can execute arbitrary code within th...

9.8CVSS2AI score0.06336EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/07/09 12:0 a.m.49 views

Squid: Multiple vulnerabilities

Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Multiple vulnerabilities ha...

8.8CVSS8.6AI score0.79969EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/08/29 12:0 a.m.49 views

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact A remote authenticated attacker may be able to create a Denial of...

8.5CVSS7.9AI score0.54312EPSS
Exploits10
Gentoo Linux
Gentoo Linux
added 2014/06/13 12:0 a.m.49 views

GnuTLS: Multiple vulnerabilities

Background GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact A remote attacker could utilize multiple vectors to spoof arbitrary...

6.8CVSS8.4AI score0.29958EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2014/05/18 12:0 a.m.49 views

Pidgin: Multiple vulnerabilities

Background Pidgin is a GTK Instant Messenger client for a variety of instant messaging protocols. Description Multiple vulnerabilities have been discovered in Pidgin. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code wit...

10CVSS7.8AI score0.14809EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2014/04/07 12:0 a.m.49 views

CUPS: Arbitrary file read/write

Background CUPS, the Common Unix Printing System, is a full-featured print server. Description Members of the lpadmin group have admin access to the web interface, where they can edit the config file and set some “dangerous” directives like the logfilenames, which enable them to read or write fil...

7.2CVSS9.3AI score0.02128EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2014/01/23 12:0 a.m.49 views

Zabbix: Shell command injection

Background Zabbix is software for monitoring applications, networks, and servers. Description If a flexible user parameter is configured in Zabbix agent, including a newline in the parameters will execute newline section as a separate command even if UnsafeUserParameters are disabled. Impact A...

7.5CVSS9.6AI score0.02754EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2013/10/25 12:0 a.m.49 views

MPlayer: Multiple vulnerabilities

Background MPlayer is a media player including support for a wide range of audio and video formats. Description Multiple vulnerabilities have been discovered in MPlayer and the bundled FFmpeg. Please review the CVE identifiers and FFmpeg GLSA referenced below for details. Impact A remote attacker...

9.3CVSS9.9AI score0.24105EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2012/10/20 12:0 a.m.49 views

Libav: Multiple vulnerabilities

Background Libav is a complete solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in Libav. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted media...

10CVSS9.9AI score0.04686EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2012/09/24 12:0 a.m.49 views

Expat: Multiple vulnerabilities

Background Expat is a set of XML parsing libraries. Description Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted XML file in an application linked agains...

5CVSS7.8AI score0.27924EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2012/06/21 12:0 a.m.49 views

MediaWiki: Multiple vulnerabilities

Background The MediaWiki wiki web application as used on wikipedia.org. Description Multiple vulnerabilities have been discovered in mediawiki. Please review the CVE identifiers referenced below for details. Impact MediaWiki allows remote attackers to bypass authentication, to perform imports fro...

7.5CVSS6.7AI score0.02922EPSS
Exploits2
Total number of security vulnerabilities3816