Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2008/07/31 12:0 a.m.50 views

Linux Audit: Buffer overflow

Background Linux Audit is a set of userspace utilities for storing and processing auditing records. Description A stack-based buffer overflow has been reported in the auditlogusercommand function in the file lib/auditlogging.c when processing overly long arguments. Impact A local attacker could...

4.1CVSS7.3AI score0.01047EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/03/04 12:0 a.m.50 views

Opera: Multiple vulnerabilities

Background Opera is a fast web browser that is available free of charge. Description Mozilla discovered that Opera does not handle input to file form fields properly, allowing scripts to manipulate the file path CVE-2008-1080. Max Leonov found out that image comments might be treated as scripts,...

6.8CVSS6.3AI score0.02501EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/10/18 12:0 a.m.50 views

util-linux: Local privilege escalation

Background util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems. Description Ludwig Nussel discovered that the checkspecialmountprog and checkspecialumountprog functions call setuid and setgid in the wrong order and do not check the...

7.2CVSS6.5AI score0.0044EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/14 12:0 a.m.50 views

SSH Communications Security's Secure Shell Server: SFTP privilege escalation

Background The SSH Secure Shell Server from SSH Communications Security www.ssh.com is a commercial SSH implementation available free for non-commercial use. Description The SSH Secure Shell Server contains a format string vulnerability in the SFTP code that handles file transfers scp2 and sftp2...

6.5CVSS6.6AI score0.10188EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/02/17 12:0 a.m.50 views

Sun JDK/JRE: Execution of arbitrary code

Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description A anonymous researcher discovered that an error in the handling of a GIF image with a zero width field block leads to a memory corruption flaw. Impact An attacker could...

6.8CVSS6.8AI score0.10994EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/03/22 12:0 a.m.50 views

PHP: Format string and XSS vulnerabilities

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run on a web server with the modphp module or the CGI version and also stand-alone in a CLI. Description Stefan Esser of the Hardened PHP project has reported a few vulnerabilities found i...

5CVSS6.8AI score0.04348EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/24 12:0 a.m.50 views

GnuPG: OpenPGP protocol attack

Background GnuPG is complete and free replacement for PGP, a tool for secure communication and data storage. Description A flaw has been identified in an integrity checking mechanism of the OpenPGP protocol. Impact An automated system using GnuPG that allows an attacker to repeatedly discover the...

5CVSS6.3AI score0.02946EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/16 12:0 a.m.50 views

glibc: Information leak with LD_DEBUG

Background The GNU C library defines various Unix-like "system calls" and other basic facilities needed for a standard POSIX-like application to operate. Description Silvio Cesare discovered a potential information leak in glibc. It allows LDDEBUG on SUID binaries where it should not be allowed...

2.1CVSS2AI score0.00364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/08/07 12:0 a.m.49 views

Cairo: Multiple Vulnerabilities

Background Cairo is a 2D vector graphics library with cross-device output support. Description Multiple vulnerabilities have been discovered in Cairo. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There ...

6.5CVSS7.3AI score0.02142EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/09/29 12:0 a.m.49 views

sudo: Multiple Vulnerabilities

Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...

7.2CVSS7.4AI score0.01664EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.49 views

sudo: Root Privilege Escalation

Background sudo allows a system administrator to give users the ability to run commands as other users. Description The sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrar...

7.8CVSS7.8AI score0.55367EPSS
Exploits20
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.49 views

Cairo: Buffer Overflow Vulnerability

Background Cairo is a 2D vector graphics library with cross-device output support. Description An attacker with the ability to provide input to Cairo's image-compositor can cause a buffer overwrite. Impact Malicious input to Cairo's image-compositor can result in denial of service of the...

7.8CVSS6.8AI score0.01112EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/12/19 12:0 a.m.49 views

Unbound: Multiple Vulnerabilities

Background Unbound is a validating, recursive, and caching DNS resolver. Description Multiple vulnerabilities have been discovered in Unbound. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

7.5CVSS7.8AI score0.01293EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/11/22 12:0 a.m.49 views

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.8CVSS7.9AI score0.01659EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/08/14 12:0 a.m.49 views

GStreamer, GStreamer Plugins: Multiple Vulnerabilities

Background GStreamer is an open source multimedia framework. Description Multiple vulnerabilities have been found in GStreamer and its plugins. Please review the CVE and GStreamer-SA identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.8CVSS2.3AI score0.05372EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/05/04 12:0 a.m.49 views

Exim: Multiple vulnerabilities

Background Exim is a message transfer agent MTA designed to be a a highly configurable, drop-in replacement for sendmail. Description Multiple vulnerabilities have been discovered in Exim. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by connecting to t...

9.8CVSS2.5AI score0.61061EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2020/11/03 12:0 a.m.49 views

OpenDMARC: Heap-based buffer overflow

Background OpenDMARC is an open source DMARC implementation. Description It was found that OpenDMARC did not properly handle DMARC aggregate reports. Impact A remote attacker, by sending a specially crafted DMARC aggregate report, could possibly cause a Denial of Service condition and depending o...

9.8CVSS4AI score0.03684EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2020/07/27 12:0 a.m.49 views

Mozilla Network Security Service (NSS): Information disclosure

Background The Mozilla Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description NSS was found to not always perform constant-time operations when working with DSA key material. Impa...

4.4CVSS2.2AI score0.00651EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/03/25 12:0 a.m.49 views

Pure-FTPd: Multiple vulnerabilities

Background Pure-FTPd is a fast, production-quality and standards-compliant FTP server. Description Multiple vulnerabilities have been discovered in Pure-FTPd. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service conditio...

7.5CVSS2.8AI score0.0694EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/09/17 12:0 a.m.49 views

Kpathsea: User-assisted execution of arbitrary code

Background Kpathsea is a library to do path searching. It is used by TeX Live and others TeX related software. Description It was discovered that the mpost program from the shellescapecommands list is capable of executing arbitrary external programs during the conversion of .tex files. The...

9.8CVSS9.6AI score0.07146EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2017/08/17 12:0 a.m.49 views

TNEF: Multiple vulnerabilities

Background TNEF is a program for unpacking MIME attachments of type “application/ms-tnef”. Description Multiple vulnerabilities have been discovered in TNEF. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially crafted...

9.8CVSS8.4AI score0.01934EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/01/29 12:0 a.m.49 views

libpng: Remote execution of arbitrary code

Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several programs, including web browsers and potentially server processes. Description A null pointer dereference was discovered in libpng in the pngpushsavebuffer function. In order to be...

7.5CVSS8.2AI score0.05517EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/01/11 12:0 a.m.49 views

Botan: Multiple vulnerabilities

Background Botan Japanese for peony is a cryptography library written in C++11. Description Multiple vulnerabilities have been discovered in Botan. Please review the CVE identifiers referenced below for details. Impact A remote attacker might obtain ECDSA secret keys via a timing side-channel...

7.5CVSS2AI score0.02443EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/12/13 12:0 a.m.49 views

XStream: Remote execution of arbitrary code

Background XStream is a simple library to serialize objects to XML and back again. Description It was found that XStream would deserialize arbitrary user-supplied XML content, thus representing objects of any type. Impact A remote attacker could pass a specially crafted XML document to XStream,...

9.8CVSS8.7AI score0.84362EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2016/12/04 12:0 a.m.49 views

Pygments: Arbitrary code execution

Background Pygments is a generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code. Description A vulnerability in FontManager’s getnixfontpath function allows shell metacharacters to be passed in a font name. Impact A remot...

9.3CVSS9.4AI score0.06664EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/12/04 12:0 a.m.49 views

nghttp2: Heap-use-after-free

Background Nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C. Description A heap-use-after-free vulnerability has been discovered in nghttp2. Please review the CVE identifier referenced below for details. Impact The impact of the vulnerability is still unknown...

10CVSS9.3AI score0.04073EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/11/20 12:0 a.m.49 views

imlib2: Multiple vulnerabilities

Background imlib2 is an advanced replacement for image manipulation libraries such as libXpm. It is utilized by numerous programs, including gkrellm and several window managers, to display images. Description Multiple vulnerabilities have been discovered in imlib2. Please review the CVE identifie...

9.8CVSS8.5AI score0.05839EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/09/25 12:0 a.m.49 views

QEMU: Multiple vulnerabilities

Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact Local users within a guest QEMU environment can execute arbitrary code within th...

9.8CVSS2AI score0.06336EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/07/09 12:0 a.m.49 views

Squid: Multiple vulnerabilities

Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Multiple vulnerabilities ha...

8.8CVSS8.6AI score0.79969EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/12/26 12:0 a.m.49 views

policycoreutils: Privilege escalation

Background policycoreutils is a collection of SELinux policy utilities. Description The seunshare utility is owned by root with 4755 permissions which can be exploited by a setuid system call. Impact A local attacker may be able to gain escalated privileges. Workaround There is no known workaroun...

6.9CVSS6.7AI score0.00357EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/12/13 12:0 a.m.49 views

Nagios: Multiple vulnerabilities

Background Nagios is an open source host, service and network monitoring program. Description Multiple vulnerabilities have been discovered in Nagios. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code, cause a Denial of...

7.5CVSS8.7AI score0.6645EPSS
Exploits15
Gentoo Linux
Gentoo Linux
added 2014/08/29 12:0 a.m.49 views

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact A remote authenticated attacker may be able to create a Denial of...

8.5CVSS7.9AI score0.54312EPSS
Exploits10
Gentoo Linux
Gentoo Linux
added 2014/06/13 12:0 a.m.49 views

GnuTLS: Multiple vulnerabilities

Background GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact A remote attacker could utilize multiple vectors to spoof arbitrary...

6.8CVSS8.4AI score0.29958EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2014/04/07 12:0 a.m.49 views

CUPS: Arbitrary file read/write

Background CUPS, the Common Unix Printing System, is a full-featured print server. Description Members of the lpadmin group have admin access to the web interface, where they can edit the config file and set some “dangerous” directives like the logfilenames, which enable them to read or write fil...

7.2CVSS9.3AI score0.02128EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2014/01/23 12:0 a.m.49 views

Zabbix: Shell command injection

Background Zabbix is software for monitoring applications, networks, and servers. Description If a flexible user parameter is configured in Zabbix agent, including a newline in the parameters will execute newline section as a separate command even if UnsafeUserParameters are disabled. Impact A...

7.5CVSS9.6AI score0.02754EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2013/10/25 12:0 a.m.49 views

MPlayer: Multiple vulnerabilities

Background MPlayer is a media player including support for a wide range of audio and video formats. Description Multiple vulnerabilities have been discovered in MPlayer and the bundled FFmpeg. Please review the CVE identifiers and FFmpeg GLSA referenced below for details. Impact A remote attacker...

9.3CVSS9.9AI score0.24105EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2012/10/20 12:0 a.m.49 views

Libav: Multiple vulnerabilities

Background Libav is a complete solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in Libav. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted media...

10CVSS9.9AI score0.04686EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2012/09/24 12:0 a.m.49 views

Expat: Multiple vulnerabilities

Background Expat is a set of XML parsing libraries. Description Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted XML file in an application linked agains...

5CVSS7.8AI score0.27924EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2012/06/21 12:0 a.m.49 views

MediaWiki: Multiple vulnerabilities

Background The MediaWiki wiki web application as used on wikipedia.org. Description Multiple vulnerabilities have been discovered in mediawiki. Please review the CVE identifiers referenced below for details. Impact MediaWiki allows remote attackers to bypass authentication, to perform imports fro...

7.5CVSS6.7AI score0.02922EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2011/10/25 12:0 a.m.49 views

Apache mod_authnz_external: SQL injection

Background modauthnzexternal is a tool for creating custom authentication backends for HTTP basic authentication. Description mysql/mysql-auth.pl in modauthnzexternal does not properly sanitize input before using it in an SQL query. Impact A remote attacker could exploit this vulnerability to...

7.5CVSS2.1AI score0.05659EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2011/10/24 12:0 a.m.49 views

Asterisk: Multiple vulnerabilities

Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact An unauthenticated remote attacker may execute code with the privileges of the Asterisk...

9CVSS7.5AI score0.04612EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/10/22 12:0 a.m.49 views

Pidgin: Multiple vulnerabilities

Background Pidgin is a client for a variety of instant messaging protocols. Description Multiple vulnerabilities were found in Pidgin: Yuriy Kaminskiy reported that the OSCAR protocol implementation in Pidgin misinterprets the ICQWebMessage message type as the ICQSMS message type, triggering an...

10CVSS8.5AI score0.20295EPSS
Exploits10
Gentoo Linux
Gentoo Linux
added 2009/07/19 12:0 a.m.49 views

Nagios: Execution of arbitrary code

Background Nagios is an open source host, service and network monitoring program. Description Multiple vulnerabilities have been reported in Nagios: Paul reported that statuswml.cgi does not properly sanitize shell metacharacters in the 1 ping and 2 traceroute parameters CVE-2009-2288. Nagios doe...

7.5CVSS8.6AI score0.83453EPSS
Exploits14
Gentoo Linux
Gentoo Linux
added 2009/04/18 12:0 a.m.49 views

Adobe Reader: User-assisted execution of arbitrary code

Background Adobe Reader formerly Adobe Acrobat Reader is a closed-source PDF reader. Description Multiple vulnerabilities have been discovered in Adobe Reader: Alin Rad Pop of Secunia Research reported a heap-based buffer overflow when processing PDF files containing a malformed JBIG2 symbol...

10CVSS8.8AI score0.96632EPSS
Exploits22
Gentoo Linux
Gentoo Linux
added 2009/03/16 12:0 a.m.49 views

Opera: Multiple vulnerabilities

Background Opera is a fast web browser that is available free of charge. Description Multiple vulnerabilities were discovered in Opera: Vitaly McLain reported a heap-based buffer overflow when processing host names in file:// URLs CVE-2008-5178. Alexios Fakos reported a vulnerability in the HTML...

9.3CVSS8.3AI score0.31509EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2009/03/09 12:0 a.m.49 views

git: Multiple vulnerabilties

Background GIT - the stupid content tracker, the revision control system used by the Linux kernel team. Description Multiple vulnerabilities have been reported in gitweb that is part of the git package: Shell metacharacters related to gitsearch are not properly sanitized CVE-2008-5516. Shell...

7.5CVSS7.6AI score0.1188EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2009/01/13 12:0 a.m.49 views

Adobe Reader: User-assisted execution of arbitrary code

Background Adobe Reader formerly Adobe Acrobat Reader is a closed-source PDF reader. Description An unspecified vulnerability can be triggered by a malformed PDF document, as demonstrated by 2008-HI2.pdf CVE-2008-2549. Peter Vreugdenhil, Dyon Balding, Will Dormann, Damian Frizza, and Greg MacManu...

9.3CVSS8.8AI score0.98482EPSS
Exploits21
Gentoo Linux
Gentoo Linux
added 2008/05/07 12:0 a.m.49 views

eGroupWare: Multiple vulnerabilities

Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description A vulnerability has been reported in FCKEditor due to the way that file uploads are handled in the file editor/filemanager/upload/php/upload.php when a filename has...

10CVSS6.7AI score0.10503EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2008/04/18 12:0 a.m.49 views

PowerDNS Recursor: DNS Cache Poisoning

Background The PowerDNS Recursor is an advanced recursing nameserver. Description Amit Klein of Trusteer reported that insufficient randomness is used to calculate the TRXID values and the UDP source port numbers CVE-2008-1637. Thomas Biege of SUSE pointed out that a prior fix to resolve this iss...

6.8CVSS6.3AI score0.03964EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/10/09 12:0 a.m.49 views

KOffice, KWord, KPDF, KDE Graphics Libraries: Stack-based buffer overflow

Background KOffice is an integrated office suite for KDE. KWord is the KOffice word processor. KPDF is a KDE-based PDF viewer included in the kdegraphics package. Description KPDF includes code from xpdf that is vulnerable to an integer overflow in the StreamPredictor::StreamPredictor function...

6.8CVSS7.5AI score0.08565EPSS
Exploits0
Total number of security vulnerabilities3816