Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2013/12/10 12:0 a.m.46 views

WebP: User-assisted execution of arbitrary code

Background WebP is a lossy image compression format. Description An integer overflow flaw has been found in WebP. Impact A remote attacker could entice a user to open a specially crafted image in an application linked against WebP, possibly resulting in execution of arbitrary code with the...

7.5CVSS7.1AI score0.01087EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2013/12/03 12:0 a.m.46 views

BusyBox: Multiple vulnerabilities

Background BusyBox is set of tools for embedded systems and is a replacement for GNU Coreutils. Description Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted DHCP reques...

7.5CVSS9.5AI score0.05422EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2013/01/09 12:0 a.m.46 views

bzip2: User-assisted execution of arbitrary code

Background bzip2 is a high-quality data compressor used extensively by Gentoo Linux. Description An integer overflow vulnerability has been discovered in bzip2. Please review the CVE identifier referenced below for details. Impact A remote attacker could entice a user to open a specially crafted...

5.1CVSS6.7AI score0.03297EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/09/24 12:0 a.m.46 views

LibreOffice: Multiple vulnerabilities

Background LibreOffice is a full office productivity suite. Description Multiple vulnerabilities have been found in LibreOffice: The Microsoft Word Document parser contains an out-of-bounds read error CVE-2011-2713. The Raptor RDF parser contains an XML External Entity expansion error...

7.5CVSS7.9AI score0.13734EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2011/11/20 12:0 a.m.46 views

GNU Tar: User-assisted execution of arbitrary code

Background GNU Tar is a utility to create archives as well as add and extract files from archives. Description GNU Tar is vulnerable to a boundary error in the rmtread function in lib/rtapelib.c, which could cause a heap-based buffer overflow. Impact A remote attacker could entice the user to loa...

6.8CVSS7.9AI score0.04747EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2010/06/04 12:0 a.m.46 views

Asterisk: Multiple vulnerabilities

Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been reported in Asterisk: Nick Baggott reported that Asterisk does not properly process overly long ASCII strings in various packets CVE-2009-2726. Noam Rathaus and Blake Cornell reporte...

7.8CVSS9.7AI score0.13355EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2009/01/11 12:0 a.m.46 views

pdnsd: Denial of Service and cache poisoning

Background pdnsd is a proxy DNS server with permanent caching that is designed to cope with unreachable DNS servers. Description Two issues have been reported in pdnsd: The pexecquery function in src/dnsquery.c does not properly handle many entries in the answer section of a DNS reply, related to...

6.8CVSS7.2AI score0.95182EPSS
Exploits20
Gentoo Linux
Gentoo Linux
added 2008/09/04 12:0 a.m.46 views

MySQL: Privilege bypass

Background MySQL is a popular multi-threaded, multi-user SQL server. Description Sergei Golubchik reported that MySQL imposes no restrictions on the specification of "DATA DIRECTORY" or "INDEX DIRECTORY" in SQL "CREATE TABLE" statements. Impact An authenticated remote attacker could create MyISAM...

4.6CVSS6.8AI score0.02588EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2008/06/03 12:0 a.m.46 views

libxslt: Execution of arbitrary code

Background Libxslt is the XSLT C library developed for the GNOME project. XSLT itself is an XML language to define transformations for XML. Description Anthony de Almeida Lopes reported a vulnerability in libxslt when handling XSL style-sheet files, which could be exploited to trigger the use of...

7.5CVSS7AI score0.1279EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2008/04/23 12:0 a.m.46 views

VLC: User-assisted execution of arbitrary code

Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities were found in VLC: Luigi Auriemma discovered that the stack-based buffer overflow when reading subtitles, which has been reported as CVE-2007-6681 in GLSA 200803-13, was not properly fixed...

7.5CVSS7.8AI score0.17358EPSS
Exploits15
Gentoo Linux
Gentoo Linux
added 2008/04/14 12:0 a.m.46 views

Opera: Multiple vulnerabilities

Background Opera is a fast web browser that is available free of charge. Description Michal Zalewski reported two vulnerabilities, memory corruption when adding news feed sources from a website CVE-2008-1761 as well as when processing HTML CANVAS elements to use scaled images CVE-2008-1762...

9.3CVSS7.5AI score0.07595EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/02/26 12:0 a.m.46 views

xine-lib: User-assisted execution of arbitrary code

Background xine-lib is the core library package for the xine media player. Description Damian Frizza and Alfredo Ortega Core Security Technologies discovered a stack-based buffer overflow within the openflacfile function in the file demuxflac.c when parsing tags within a FLAC file CVE-2008-0486. ...

7.5CVSS7.3AI score0.14637EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2007/09/27 12:0 a.m.46 views

teTeX: Multiple buffer overflows

Background teTeX is a complete TeX distribution for editing documents. Description Mark Richters discovered a buffer overflow in the opensty function in file mkind.c. Other vulnerabilities have also been discovered in the same file but might not be exploitable CVE-2007-0650. Tetex also includes...

6.8CVSS7.9AI score0.08565EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/07/02 12:0 a.m.46 views

OpenOffice.org: Two buffer overflows

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description John Heasman of NGSSoftware has discovered a heap-based buffer overflow when parsing th...

9.3CVSS7.5AI score0.06021EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/05/17 12:0 a.m.46 views

PhpWiki: Remote execution of arbitrary code

Background PhpWiki is an open source content management system written in PHP. Description Harold Hallikainen has reported that the Upload page fails to properly check the extension of a file. Impact A remote attacker could upload a specially crafted PHP file to the vulnerable server, resulting i...

7.5CVSS6.9AI score0.03279EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/05/02 12:0 a.m.46 views

Apache mod_perl: Denial of service

Background Modperl is an Apache module that embeds the Perl interpreter within the server, allowing Perl-based web-applications to be created. Description Alex Solvey discovered that the "pathinfo" variable used in file RegistryCooker.pm modperl 2.x or file PerlRun.pm modperl 1.x, is not properly...

5CVSS6.4AI score0.10111EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/20 12:0 a.m.46 views

WordPress: Multiple vulnerabilities

Background WordPress is a popular personal publishing platform with a web interface. Description WordPress contains cross-site scripting or cross-site scripting forgery vulnerabilities reported by: g30rg3x in the "year" parameter of the wptitle function Alexander Concha in the "demo" parameter of...

6.8CVSS6.5AI score0.07315EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2006/07/09 12:0 a.m.46 views

libTIFF: Multiple buffer overflows

Background libTIFF provides support for reading and manipulating TIFF images. Description A buffer overflow has been found in the t2pwritepdfstring function in tiff2pdf, which can been triggered with a TIFF file containing a DocumentName tag with UTF-8 characters. An additional buffer overflow ha...

7.5CVSS7AI score0.14415EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/05/30 12:0 a.m.46 views

libTIFF: Multiple vulnerabilities

Background libTIFF provides support for reading and manipulating TIFF images. Description Multiple vulnerabilities, ranging from integer overflows and NULL pointer dereferences to double frees, were reported in libTIFF. Impact An attacker could exploit these vulnerabilities by enticing a user to...

6.5CVSS7.1AI score0.10524EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2006/03/04 12:0 a.m.46 views

teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code

Background teTex is a complete TeX distribution. It is used for creating and manipulating LaTeX documents. CSTeX is a TeX distribution with Czech and Slovak support. pTeX is and ASCII publishing TeX distribution. Description CSTeX, teTex, and pTeX include XPdf code to handle PDF files. This XPdf...

5.1CVSS7.2AI score0.04082EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/01/16 12:0 a.m.46 views

Sun and Blackdown Java: Applet privilege escalation

Background Sun and Blackdown both provide implementations of the Java Development Kit JDK and Java Runtime Environment JRE. Description Adam Gowdiak discovered multiple vulnerabilities in the Java Runtime Environment's Reflection APIs that may allow untrusted applets to elevate privileges. Impact...

7.5CVSS6.9AI score0.05168EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/10/12 12:0 a.m.46 views

OpenSSL: SSL 2.0 protocol rollback

Background OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Description Applications setting the SSLOPMSIESSLV2RSAPADDING option or the SSLOPALL option, that implies it can be forced by a third-party to...

5CVSS5.8AI score0.04866EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/12 12:0 a.m.46 views

Ethereal: Multiple vulnerabilities

Background Ethereal is a feature rich network protocol analyzer. Description There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.10, including: The Etheric, 3GPP2 A11 and IAPP dissectors are vulnerable to buffer overflows CAN-2005-0704, CAN-2005-0699 and CAN-2005-0739. Th...

7.5CVSS7.4AI score0.07606EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/10/13 12:0 a.m.46 views

tiff: Buffer overflows in image decoding

Background The tiff library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE, to help in displaying TIFF images. xv is a multi-format image manipulation utility that is statically linked to the tiff library...

7.5CVSS7AI score0.08268EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/14 12:0 a.m.46 views

cdrtools: Local root vulnerability in cdrecord if set SUID root

Background The cdrtools package is a set of tools for CD recording, including the popular cdrecord command-line utility. Description Max Vozeler discovered that the cdrecord utility, when set to SUID root, fails to drop root privileges before executing a user-supplied RSH program. By default,...

7.2CVSS6.1AI score0.01725EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/09/06 12:0 a.m.46 views

MIT krb5: Multiple vulnerabilities

Background MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description The implementation of the Key Distribution Center KDC and the MIT krb5 library contain double-free vulnerabilities, making client programs as we...

9.8CVSS7.6AI score0.08257EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/19 12:0 a.m.46 views

courier-imap: Remote Format String Vulnerability

Background Courier-IMAP is an IMAP server which is part of the Courier mail system. It provides access only to maildirs. Description There is a format string vulnerability in the authdebug function which can be exploited remotely, potentially leading to arbitrary code execution as the user runnin...

7.5CVSS7.7AI score0.10906EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/06/25 12:0 a.m.46 views

FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling

Background FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN are Open Source implementations of IPsec for the Linux operating system. They are all based on the discontinued FreeS/WAN project. Description All these IPsec implementations have several bugs in the verifyx509cert function, which...

10CVSS6.3AI score0.02832EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/05/11 12:0 a.m.46 views

OpenOffice.org vulnerability when using DAV servers

Background OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. Description OpenOffice.org includes code from the Neon library in functions related to publication on WebDAV...

6.8CVSS7.4AI score0.11056EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/02/17 12:0 a.m.46 views

Updated kernel packages fix the AMD64 ptrace vulnerability

Background Description A vulnerability has been discovered by Andi Kleen in the ptrace emulation code for AMD64 platforms when eflags are processed, allowing a local user to obtain elevated priveleges. The Common Vulnerabilities and Exposures project, http://cve.mitre.org, has assigned...

7.2CVSS6.2AI score0.00436EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/05/07 12:0 a.m.45 views

Xpdf: Multiple Vulnerabilities

Background Xpdf is an X viewer for PDF files. Description Multiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

7.8CVSS7.7AI score0.02057EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2024/02/19 12:0 a.m.45 views

Samba: Multiple Vulnerabilities

Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

9.8CVSS7.7AI score0.62606EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2024/01/31 12:0 a.m.45 views

containerd: Multiple Vulnerabilities

Background containerd is a daemon with an API and a command line client, to manage containers on one machine. It uses runC to run containers according to the OCI specification. Description Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced...

7.8CVSS7.8AI score0.27392EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2024/01/24 12:0 a.m.45 views

Ruby: Multiple vulnerabilities

Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. It comes bundled with a HTTP server "WEBrick". Description Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details. Impact Please revi...

9.8CVSS7.5AI score0.04766EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2023/10/30 12:0 a.m.46 views

UnZip: Multiple Vulnerabilities

Background Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP compressed files. Description Multiple vulnerabilities have been discovered in UnZip. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

5.5CVSS6.7AI score0.02421EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2022/10/31 12:0 a.m.45 views

Sofia-SIP: Multiple Vulnerabilities

Background Sofia-SIP is an RFC3261 compliant SIP User-Agent library. Description Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...

9.8CVSS3.1AI score0.0366EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2022/10/31 12:0 a.m.45 views

OpenEXR: Multiple Vulnerabilities

Background OpenEXR is a high dynamic-range HDR image file format developed by Industrial Light & Magic for use in computer imaging applications. Description Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details. Impact Please revi...

8.8CVSS7.5AI score0.02291EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2022/09/25 12:0 a.m.45 views

libaacplus: Denial of Service

Background libaacplus is an HE-AAC+ v2 library, based on the reference implementation. Description Multiple vulnerabilities have been discovered in libaacplus. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...

7.8CVSS3.1AI score0.01506EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2022/08/21 12:0 a.m.45 views

Gnome Shell, gettext, libcroco: Multiple Vulnerabilities

Background GNOME Shell provides core user interface functions for the GNOME desktop, like switching to windows and launching applications. gettext contains the GNU locale utilities. libcroco is a standalone CSS2 parsing and manipulation library. Description The crparserparseanycore function in...

7.1CVSS3.7AI score0.02319EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2022/08/14 12:0 a.m.45 views

Nokogiri: Multiple Vulnerabilities

Background Nokogiri is an HTML, XML, SAX, and Reader parser. Description Multiple vulnerabilities have been discovered in Nokogiri. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

8.2CVSS1.6AI score0.03549EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2022/08/10 12:0 a.m.45 views

LibRaw: Stack buffer overread

Background LibRaw is a library for reading RAW files obtained from digital photo cameras. Description LibRaw incorrectly handles parsing DNG fields in some cases, potentially resulting in a buffer overread leading to denial of service. Impact An attacker capable of providing crafted input to LibR...

8.8CVSS2.7AI score0.01625EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/08/10 12:0 a.m.45 views

aiohttp: Open redirect vulnerability

Background aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Description A bug in aiohttp.webmiddlewares.normalizepathmiddleware creates an open redirect vulnerability. Impact An attacker use this vulnerability to craft a link that, while appearing to be a link to an...

6.1CVSS0.7AI score0.01905EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.45 views

Tcpreplay: Multiple vulnerabilities

Background Tcpreplay is a suite of utilities for UNIX systems for editing and replaying network traffic which was previously captured by tools like tcpdump and ethereal/wireshark. Description Multiple vulnerabilities have been discovered in Tcpreplay. Please review the CVE identifiers referenced...

7.5CVSS2.5AI score0.02531EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2021/04/30 12:0 a.m.45 views

libTIFF: Multiple vulnerabilities

Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description Multiple vulnerabilities have been discovered in LibTIFF. Please review the referenced...

7.8CVSS8.3AI score0.01922EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/01/22 12:0 a.m.45 views

Dnsmasq: Multiple vulnerabilities

Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Description Multiple vulnerabilities have been discovered in Dnsmasq. Please review the references below for details. Impact An attacker, by sending specially crafted DNS replies, could possibly execute...

8.3CVSS3.1AI score0.86692EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2020/09/29 12:0 a.m.45 views

libuv: Buffer overflow

Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description libuv used an incorrect buffer size for paths, causing a buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of...

7.8CVSS4.5AI score0.00714EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/08/30 12:0 a.m.45 views

OpenJDK: Multiple vulnerabilities

Background OpenJDK is a free and open-source implementation of the Java Platform, Standard Edition. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

8.3CVSS2.5AI score0.05166EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/08/08 12:0 a.m.45 views

gThumb: Arbitrary code execution

Background gThumb is an image viewer and browser for GNOME. Description A heap-based buffer overflow in gThumb’s cairoimagesurfacecreatefromjpeg function, located in extensions/cairoio/cairo-image-surface-jpeg.c was discovered. Impact A remote attacker could entice a user to open a specially...

7.8CVSS8.2AI score0.02149EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2020/06/15 12:0 a.m.45 views

Cyrus IMAP Server: Access restriction bypass

Background The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail server. Description An issue was discovered in Cyrus IMAP Server where sieve script uploading is excessively trusted. Impact A user can use a sieve script to create any mailbox with administrator privileges. Workaround...

6.5CVSS2.3AI score0.01655EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/03/25 12:0 a.m.45 views

Tor: Multiple vulnerabilities

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Multiple vulnerabilities have been discovered in Tor, and tor. Please review the CVE identifiers referenced below for details. Impact A remote attacker coul...

7.8CVSS2.5AI score0.03146EPSS
Exploits0
Total number of security vulnerabilities3816