Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2022/09/29 12:0 a.m.44 views

Poppler: Arbitrary Code Execution

Background Poppler is a PDF rendering library based on the xpdf-3.0 code base. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact Processing a specially crafted PDF file or JBIG2 image could lead to a crash ...

7.8CVSS8.4AI score0.75994EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2022/09/07 12:0 a.m.44 views

GNU Gzip, XZ Utils: Arbitrary file write

Background GNU Gzip is a popular data compression program. XZ Utils is free general-purpose data compression software with a high compression ratio. Description GNU Gzip and XZ Utils' grep helpers do not sufficiently validate certain multi-line file names. Impact In some cases, writing to arbitra...

8.8CVSS1.6AI score0.04271EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/08/14 12:0 a.m.44 views

Nokogiri: Multiple Vulnerabilities

Background Nokogiri is an HTML, XML, SAX, and Reader parser. Description Multiple vulnerabilities have been discovered in Nokogiri. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

8.2CVSS1.6AI score0.03549EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2022/08/10 12:0 a.m.44 views

mdbtools: Multiple Vulnerabilities

Background mdbtools is a set of libraries and utilities for reading Microsoft Access database MDB files. Description Multiple vulnerabilities have been discovered in mdbtools. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

7.8CVSS2.7AI score0.00431EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2022/08/04 12:0 a.m.44 views

3MF Consortium lib3mf: Remote code execution

Background lib3mf is an implementation of the 3D Manufacturing Format file standard. Description Incorrect memory handling within lib3mf could result in a use-after-free. Impact An attacker that can provide malicious input to an application using 3MF Consortium's lib3mf could achieve remote code...

8.1CVSS3.9AI score0.04339EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.44 views

ICU: Multiple vulnerabilities

Background ICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Multiple vulnerabilities have been discovered in ICU. Please review the upstream bugs referenced below for details. Impact Remote attackers...

4.3AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/12/23 12:0 a.m.44 views

PowerDNS: information disclosure

Background The PowerDNS nameserver is an authoritative-only nameserver which uses a flexible backend architecture. Description It was discovered that PowerDNS did not properly handle certain unknown records. Impact An authorized attacker with the ability to insert crafted records into a zone migh...

4.3CVSS3.3AI score0.02592EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/09/29 12:0 a.m.44 views

libuv: Buffer overflow

Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description libuv used an incorrect buffer size for paths, causing a buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of...

7.8CVSS4.5AI score0.00714EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/08/08 12:0 a.m.44 views

GNU GLOBAL: Arbitrary code execution

Background GNU GLOBAL is a source code tagging system that works the same way across diverse environments, such as Emacs editor, Vi editor, Less viewer, Bash shell, various web browsers, etc. Description A vulnerability was found in an undocumented function of gozilla. Impact A remote attacker...

8.8CVSS4.4AI score0.01228EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/07/26 12:0 a.m.44 views

cURL: Multiple vulnerabilities

Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

7.8CVSS2.6AI score0.03427EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2017/12/14 12:0 a.m.44 views

cURL: Multiple vulnerabilities

Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Remote attackers could cause a Denial of Service condition, disclose sensitive...

9.8CVSS9.5AI score0.11175EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/09/17 12:0 a.m.44 views

GIMPS: Root privilege escalation

Background GIMPS, the Great Internet Mersenne Prime Search, is a software capable of find Mersenne Primes, which are used in cryptography. GIMPS is also used for hardware testing. Description It was discovered that Gentoo’s default GIMPS installation suffered from a privilege escalation...

7.3CVSS7.6AI score0.00268EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/02/22 12:0 a.m.44 views

GPL Ghostscript: Multiple vulnerabilities

Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript and the bundled OpenJPEG. Please review the CVE identifiers and GLSA-201612-26 OpenJPEG referenced below for additional information. Note:...

9.8CVSS3.4AI score0.23453EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/02/20 12:0 a.m.44 views

Opus: User-assisted execution of arbitrary code

Background Opus is a totally open, royalty-free, highly versatile audio codec. Description A large NLSF values could cause the stabilization code in silk/NLSFstabilize.c to wrap-around and have the last value in NLSFQ15 to be negative, close to -32768. Under normal circumstances, the code will...

9.3CVSS8.1AI score0.00904EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/01/17 12:0 a.m.44 views

xdelta: User-assisted execution of arbitrary code

Background Xdelta is a C library and command-line tool for delta compression using VCDIFF/RFC 3284 streams. Description A buffer overflow can be triggered within xdelta when ran against a malicious input file. Impact A remote attacker could coerce the victim to run xdelta against a malicious inpu...

8.8CVSS9AI score0.04157EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/11/01 12:0 a.m.44 views

UnZip: Multiple vulnerabilities

Background Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP compressed files. Description Multiple vulnerabilities were found in UnZip. Please review the referenced CVE’s for additional information. Impact Remote attackers could execute arbitrary code or cause Denial of Service...

7.8CVSS8.9AI score0.11562EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/05/31 12:0 a.m.44 views

Linux-PAM: Multiple vulnerabilities

Background Linux-PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description Multiple vulnerabilities have been discovered in Linux-PAM. Please...

6.5CVSS7.6AI score0.04121EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2016/03/06 12:0 a.m.44 views

GIMP: Multiple vulnerabilities

Background GIMP is a cross-platform image editor available for GNU/Linux, OS X, Windows and more operating systems. Description GIMP’s network server, scriptfu, is vulnerable to the remote execution of arbitrary code via the python-fu-eval command due to not requiring authentication. Additionally...

6.8CVSS8.2AI score0.04509EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/12/19 12:0 a.m.44 views

GRUB: Authentication bypass

Background GNU GRUB is a multiboot boot loader used by most Linux systems. Description An integer underflow in GRUB’s username/password authentication code has been discovered. Impact An attacker with access to the system console may bypass the username prompt by entering a sequence of backspace...

7.4CVSS8.9AI score0.01104EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2015/10/31 12:0 a.m.44 views

Django: Multiple vulnerabilities

Background Django is a Python-based web framework. Description Multiple vulnerabilities have been found in Django: Session backends create a new record anytime request.session was accessed CVE-2015-5143 Built-in validators in Django do not properly sanitize input CVE-2015-5144 URL validation...

7.8CVSS9.5AI score0.07266EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/10/31 12:0 a.m.44 views

QEMU: Arbitrary code execution

Background QEMU is a generic and open source machine emulator and virtualizer. Description Heap-based buffer overflow has been found in QEMU’s PCNET controller. Impact A remote attacker could execute arbitrary code via a specially crafted packets. Workaround There is no known workaround at this...

7.5CVSS7.1AI score0.09668EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2015/07/18 12:0 a.m.44 views

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the...

9.8CVSS9.2AI score0.08565EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/07/07 12:0 a.m.44 views

International Components for Unicode: Multiple vulnerabilities

Background International Components for Unicode is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Multiple vulnerabilities have been discovered in International Components for Unicode. Please review the CVE identifiers referenc...

7.5CVSS9.1AI score0.2447EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2015/02/06 12:0 a.m.44 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

10CVSS7.7AI score0.8582EPSS
Exploits9
Gentoo Linux
Gentoo Linux
added 2014/12/26 12:0 a.m.44 views

FLAC: User-assisted execution of arbitrary code

Background The Free Lossless Audio Codec FLAC library is the reference implementation of the FLAC audio file format. Description A stack-based buffer overflow flaw has been discovered in FLAC. Impact A remote attacker could entice a user to open a specially crafted .flac file using an application...

7.5CVSS7.3AI score0.0986EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/12/13 12:0 a.m.44 views

GNUstep Base library: Denial of service

Background GNUstep Base library is a free software package implementing the API of the OpenStep Foundation Kit tm, including later additions. Description GNUstep Base library does not properly handle the file descriptor for logging, when run as a daemon. Impact A remote attacker could send a...

4.3CVSS6.4AI score0.0171EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/12/12 12:0 a.m.44 views

AMD64 x86 emulation base libraries: Multiple vulnerabilities

Background AMD64 x86 emulation base libraries provides pre-compiled 32-bit libraries. Description Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be able to...

9.8CVSS9AI score0.99999EPSS
Exploits107
Gentoo Linux
Gentoo Linux
added 2014/06/27 12:0 a.m.44 views

Konqueror: Multiple vulnerabilities

Background Konqueror is the KDE web browser and file manager. Description Multiple vulnerabilities have been discovered in Konqueror. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site using Konqueror,...

8.8CVSS9.3AI score0.12599EPSS
Exploits9
Gentoo Linux
Gentoo Linux
added 2014/05/17 12:0 a.m.44 views

Ettercap: Multiple vulnerabilities

Background Ettercap is a suite of tools for content filtering, sniffing and man in the middle attacks on a LAN. Description Multiple vulnerabilities have been discovered in Ettercap: Ettercap does not handle temporary files securely CVE-2010-3843. A format string flaw in Ettercap could cause a...

8.8CVSS8.8AI score0.01404EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/02/17 12:0 a.m.44 views

Xpdf: User-assisted execution of arbitrary code

Background Xpdf is an X viewer for PDF files. Description Multiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could execute arbitrary code or cause a Denial of Service condition. Workaround Ther...

9.3CVSS8.6AI score0.03785EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/02/02 12:0 a.m.44 views

GNU libmicrohttpd: Multiple vulnerabilities

Background GNU libmicrohttpd is a small C library that is supposed to make it easy to run an HTTP server as part of another application. Description Multiple vulnerabilities have been discovered in GNU libmicrohttpd. Please review the CVE identifiers referenced below for details. Impact A remote...

6.4CVSS7.6AI score0.03277EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/02/02 12:0 a.m.44 views

NVIDIA Drivers: Privilege Escalation

Background The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic boards. Description The vulnerability is caused due to the driver allowing unprivileged user-mode software to access the GPU. Impact A local attacker could gain escalated privileges. Workaround There is no known workarou...

10CVSS6.3AI score0.01797EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/01/29 12:0 a.m.44 views

Perl Digest-Base module: Arbitrary code execution

Background Digest-Base is a set of Perl modules that calculate message digests Description The vulnerability is caused due to the “Digest-new” function not properly sanitising input before using it in an “eval” call. Impact The vulnerability might allow an attacker to execute arbitrary code...

7.5CVSS9.5AI score0.13526EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/01/29 12:0 a.m.44 views

BIND: Denial of service

Background BIND is the Berkeley Internet Name Domain Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service condition. Workaround There is no known...

7.8CVSS8.3AI score0.42851EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2009/09/12 12:0 a.m.44 views

Horde: Multiple vulnerabilities

Background Horde is a web application framework written in PHP. Horde IMP, the "Internet Messaging Program", is a Webmail module and Horde Passwd is a password changing module for Horde. Description Multiple vulnerabilities have been discovered in Horde: Gunnar Wrobel reported an input sanitation...

6.4CVSS8.1AI score0.41263EPSS
Exploits11
Gentoo Linux
Gentoo Linux
added 2009/07/16 12:0 a.m.44 views

PulseAudio: Local privilege escalation

Background PulseAudio is a network-enabled sound server with an advanced plug-in system. Description Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerabili...

7.2CVSS7.2AI score0.00736EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2009/07/04 12:0 a.m.44 views

APR Utility Library: Multiple vulnerabilities

Background The Apache Portable Runtime Utility Library aka apr-util provides an interface to functionality such as XML parsing, string matching and databases connections. Description Multiple vulnerabilities have been discovered in the APR Utility Library: Matthew Palmer reported a heap-based...

7.5CVSS8.2AI score0.52988EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2009/07/02 12:0 a.m.44 views

ModSecurity: Denial of service

Background ModSecurity is a popular web application firewall for the Apache HTTP server. Description Multiple vulnerabilities were discovered in ModSecurity: Juan Galiana Lara of ISecAuditors discovered a NULL pointer dereference when processing multipart requests without a part header name...

5CVSS6.5AI score0.13735EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/06/29 12:0 a.m.44 views

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been reported in phpMyAdmin: Greg Ose discovered that the setup script does not sanitize input properly, leading to the injection of arbitrary PHP code into the configuration file...

9.8CVSS9.8AI score0.95438EPSS
Exploits16
Gentoo Linux
Gentoo Linux
added 2009/03/24 12:0 a.m.44 views

Squid: Multiple Denial of Service vulnerabilities

Background Squid is a full-featured web proxy cache. Description The arrayShrink function in lib/Array.c can cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239 CVE-2008-1612. An invalid version number in a HTTP...

5CVSS6.7AI score0.71986EPSS
Exploits11
Gentoo Linux
Gentoo Linux
added 2008/04/06 12:0 a.m.44 views

MySQL: Multiple vulnerabilities

Background MySQL is a popular multi-threaded, multi-user SQL server. Description Multiple vulnerabilities have been reported in MySQL: Mattias Jonsson reported that a "RENAME TABLE" command against a table with explicit "DATA DIRECTORY" and "INDEX DIRECTORY" options would overwrite the file to...

7.1CVSS10AI score0.1426EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2007/12/18 12:0 a.m.44 views

CUPS: Multiple vulnerabilities

Background CUPS provides a portable printing layer for UNIX-based operating systems. The alternate pdftops filter is a CUPS filter used to convert PDF files to the Postscript format via Poppler; the filter is installed by default in Gentoo Linux. Description Wei Wang McAfee AVERT Research...

9.3CVSS9.7AI score0.1361EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2007/11/14 12:0 a.m.44 views

TikiWiki: Multiple vulnerabilities

Background TikiWiki is an open source content management system written in PHP. Description Stefan Esser reported that a previous vulnerability CVE-2007-5423, GLSA 200710-21 was not properly fixed in TikiWiki 1.9.8.1 CVE-2007-5682. The TikiWiki development team also added several checks to avoid...

7.5CVSS7AI score0.76661EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2006/12/12 12:0 a.m.44 views

F-PROT Antivirus: Multiple vulnerabilities

Background F-Prot Antivirus is a FRISK Software antivirus program that can used with procmail. Description F-Prot Antivirus version 4.6.7 fixes a heap-based buffer overflow, an infinite loop, and other unspecified vulnerabilities. Impact Among other weaker impacts, a remote attacker could send an...

7.5CVSS7.6AI score0.15964EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2006/12/11 12:0 a.m.44 views

AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities

Background OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. The x86 emulation base libraries for AMD64 contain a vulnerable version of OpenSSL. Description Tavis Ormandy and Will Drewry, both of the Google...

10CVSS9.8AI score0.48575EPSS
Exploits10
Gentoo Linux
Gentoo Linux
added 2006/08/14 12:0 a.m.44 views

Ruby on Rails: Several vulnerabilities

Background Ruby on Rails is an open-source web framework. Description The Ruby on Rails developers have corrected some weaknesses in actioncontroller/, relative to the handling of the user input and the LOADPATH variable. A remote attacker could inject arbitrary entries into the LOADPATH variable...

7.5CVSS6.4AI score0.02883EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/05/30 12:0 a.m.44 views

CherryPy: Directory traversal vulnerability

Background CherryPy is a Python-based, object-oriented web development framework. Description Ivo van der Wijk discovered that the "staticfilter" component of CherryPy fails to sanitize input correctly. Impact An attacker could exploit this flaw to obtain arbitrary files from the web server...

5CVSS6.3AI score0.02327EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/01/13 12:0 a.m.44 views

Wine: Windows Metafile SETABORTPROC vulnerability

Background Wine is a free implementation of Windows APIs for Unix-like systems. Description H D Moore discovered that Wine implements the insecure-by-design SETABORTPROC GDI Escape function for Windows Metafile WMF files. Impact An attacker could entice a user to open a specially crafted Windows...

7.5CVSS7AI score0.04156EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/11/06 12:0 a.m.44 views

GNUMP3d: Directory traversal and XSS vulnerabilities

Background GNUMP3d is a streaming server for MP3s, OGG vorbis files, movies and other media formats. Description Steve Kemp reported about two cross-site scripting attacks that are related to the handling of files CVE-2005-3424, CVE-2005-3425. Also reported is a directory traversal vulnerability...

5CVSS5.9AI score0.02982EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/10/03 12:0 a.m.44 views

Berkeley MPEG Tools: Multiple insecure temporary files

Background The Berkeley MPEG Tools are a collection of utilities for manipulating MPEG video technology, including an encoder mpegencode and various conversion utilities. Description Mike Frysinger of the Gentoo Security Team discovered that mpegencode and the conversion utilities were creating...

2.1CVSS6.2AI score0.00333EPSS
Exploits0
Total number of security vulnerabilities3816