Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2009/07/16 12:0 a.m.44 views

PulseAudio: Local privilege escalation

Background PulseAudio is a network-enabled sound server with an advanced plug-in system. Description Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerabili...

7.2CVSS7.2AI score0.00736EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2009/07/04 12:0 a.m.44 views

APR Utility Library: Multiple vulnerabilities

Background The Apache Portable Runtime Utility Library aka apr-util provides an interface to functionality such as XML parsing, string matching and databases connections. Description Multiple vulnerabilities have been discovered in the APR Utility Library: Matthew Palmer reported a heap-based...

7.5CVSS8.2AI score0.52988EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2009/07/02 12:0 a.m.44 views

ModSecurity: Denial of service

Background ModSecurity is a popular web application firewall for the Apache HTTP server. Description Multiple vulnerabilities were discovered in ModSecurity: Juan Galiana Lara of ISecAuditors discovered a NULL pointer dereference when processing multipart requests without a part header name...

5CVSS6.5AI score0.13735EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/06/29 12:0 a.m.44 views

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been reported in phpMyAdmin: Greg Ose discovered that the setup script does not sanitize input properly, leading to the injection of arbitrary PHP code into the configuration file...

9.8CVSS9.8AI score0.95438EPSS
Exploits16
Gentoo Linux
Gentoo Linux
added 2009/03/24 12:0 a.m.44 views

Squid: Multiple Denial of Service vulnerabilities

Background Squid is a full-featured web proxy cache. Description The arrayShrink function in lib/Array.c can cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239 CVE-2008-1612. An invalid version number in a HTTP...

5CVSS6.7AI score0.71986EPSS
Exploits11
Gentoo Linux
Gentoo Linux
added 2008/05/14 12:0 a.m.44 views

OpenOffice.org: Multiple vulnerabilities

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description iDefense Labs reported multiple vulnerabilities in OpenOffice.org: multiple heap-based...

9.3CVSS8.7AI score0.57015EPSS
Exploits10
Gentoo Linux
Gentoo Linux
added 2007/12/18 12:0 a.m.44 views

CUPS: Multiple vulnerabilities

Background CUPS provides a portable printing layer for UNIX-based operating systems. The alternate pdftops filter is a CUPS filter used to convert PDF files to the Postscript format via Poppler; the filter is installed by default in Gentoo Linux. Description Wei Wang McAfee AVERT Research...

9.3CVSS9.7AI score0.1361EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2007/11/14 12:0 a.m.44 views

TikiWiki: Multiple vulnerabilities

Background TikiWiki is an open source content management system written in PHP. Description Stefan Esser reported that a previous vulnerability CVE-2007-5423, GLSA 200710-21 was not properly fixed in TikiWiki 1.9.8.1 CVE-2007-5682. The TikiWiki development team also added several checks to avoid...

7.5CVSS7AI score0.76661EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2007/07/25 12:0 a.m.44 views

MIT Kerberos 5: Arbitrary remote code execution

Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description kadmind is affected by multiple vulnerabilities in the RPC library shipped with MIT Kerberos 5. It fails to properly handle zero-length RPC credentials CVE-2007-2442 and the RPC library...

10CVSS7.9AI score0.11376EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/05/15 12:0 a.m.44 views

Samba: Multiple vulnerabilities

Background Samba is a suite of SMB and CIFS client/server programs for UNIX. Description Samba contains a logical error in the smbd daemon when translating local SID to user names CVE-2007-2444. Furthermore, Samba contains several bugs when parsing NDR encoded RPC parameters CVE-2007-2446. Lastly...

10CVSS6.9AI score0.77806EPSS
Exploits38
Gentoo Linux
Gentoo Linux
added 2006/12/12 12:0 a.m.44 views

F-PROT Antivirus: Multiple vulnerabilities

Background F-Prot Antivirus is a FRISK Software antivirus program that can used with procmail. Description F-Prot Antivirus version 4.6.7 fixes a heap-based buffer overflow, an infinite loop, and other unspecified vulnerabilities. Impact Among other weaker impacts, a remote attacker could send an...

7.5CVSS7.6AI score0.15964EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2006/12/11 12:0 a.m.44 views

AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities

Background OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. The x86 emulation base libraries for AMD64 contain a vulnerable version of OpenSSL. Description Tavis Ormandy and Will Drewry, both of the Google...

10CVSS9.8AI score0.48575EPSS
Exploits10
Gentoo Linux
Gentoo Linux
added 2006/08/14 12:0 a.m.44 views

Ruby on Rails: Several vulnerabilities

Background Ruby on Rails is an open-source web framework. Description The Ruby on Rails developers have corrected some weaknesses in actioncontroller/, relative to the handling of the user input and the LOADPATH variable. A remote attacker could inject arbitrary entries into the LOADPATH variable...

7.5CVSS6.4AI score0.02883EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/05/30 12:0 a.m.44 views

CherryPy: Directory traversal vulnerability

Background CherryPy is a Python-based, object-oriented web development framework. Description Ivo van der Wijk discovered that the "staticfilter" component of CherryPy fails to sanitize input correctly. Impact An attacker could exploit this flaw to obtain arbitrary files from the web server...

5CVSS6.3AI score0.02327EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/01/13 12:0 a.m.44 views

Wine: Windows Metafile SETABORTPROC vulnerability

Background Wine is a free implementation of Windows APIs for Unix-like systems. Description H D Moore discovered that Wine implements the insecure-by-design SETABORTPROC GDI Escape function for Windows Metafile WMF files. Impact An attacker could entice a user to open a specially crafted Windows...

7.5CVSS7AI score0.04156EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/12/29 12:0 a.m.44 views

scponly: Multiple privilege escalation issues

Background scponly is a restricted shell, allowing only a few predefined commands. It is often used as a complement to OpenSSH to provide access to remote users without providing any remote execution privileges. Description Max Vozeler discovered that the scponlyc command allows users to chroot...

7.5CVSS7.2AI score0.01456EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/11/06 12:0 a.m.44 views

GNUMP3d: Directory traversal and XSS vulnerabilities

Background GNUMP3d is a streaming server for MP3s, OGG vorbis files, movies and other media formats. Description Steve Kemp reported about two cross-site scripting attacks that are related to the handling of files CVE-2005-3424, CVE-2005-3425. Also reported is a directory traversal vulnerability...

5CVSS5.9AI score0.02982EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/10/03 12:0 a.m.44 views

Berkeley MPEG Tools: Multiple insecure temporary files

Background The Berkeley MPEG Tools are a collection of utilities for manipulating MPEG video technology, including an encoder mpegencode and various conversion utilities. Description Mike Frysinger of the Gentoo Security Team discovered that mpegencode and the conversion utilities were creating...

2.1CVSS6.2AI score0.00333EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/04/11 12:0 a.m.44 views

phpMyAdmin: Cross-site scripting vulnerability

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Oriol Torrent Santiago has discovered that phpMyAdmin fails to validate input to the "convcharset" variable, rendering it vulnerable to cross-site scripting...

4.3CVSS6.1AI score0.04504EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/02/17 12:0 a.m.44 views

Midnight Commander: Multiple vulnerabilities

Background Midnight Commander is a visual console file manager. Description Midnight Commander contains several format string vulnerabilities CAN-2004-1004, buffer overflows CAN-2004-1005, a memory deallocation error CAN-2004-1092 and a buffer underflow CAN-2004-1176. Impact An attacker could...

7.5CVSS7.5AI score0.03103EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/11/27 12:0 a.m.44 views

phpMyAdmin: Multiple XSS vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Cedric Cochin has discovered multiple cross-site scripting vulnerabilities in phpMyAdmin. These vulnerabilities can be exploited through the PmaAbsoluteUri...

6.8CVSS2AI score0.01475EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/08/10 12:0 a.m.44 views

Cfengine: RSA Authentication Heap Corruption

Background Cfengine is an agent/software robot and a high level policy language for building expert systems to administrate and configure large computer networks. Description Two vulnerabilities have been found in cfservd. One is a buffer overflow in the AuthenticationDialogue function and the...

10CVSS2.8AI score0.19508EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2004/08/01 12:0 a.m.44 views

MPlayer: GUI filename handling overflow

Background MPlayer is a media player capable of handling multiple multimedia file formats. Description The MPlayer GUI code contains several buffer overflow vulnerabilities, and at least one in the TranslateFilename function is exploitable. Impact By enticing a user to play a file with a carefull...

10CVSS7.5AI score0.15655EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/06/24 12:0 a.m.44 views

giFT-FastTrack: remote denial of service attack

Background giFT-FastTrack is a plugin for the giFT file-sharing application. It allows giFT users to connect to the fasttrack network to share files. Description Alan Fitton found a vulnerability in the giFT-FastTrack plugin in version 0.8.6 and earlier. It can be used to remotely crash the giFT...

5CVSS6.7AI score0.01752EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2003/11/19 12:0 a.m.44 views

Opera: buffer overflows in 7.11 and 7.20

Background Opera is a multi-platform web browser. Description The Opera browser can cause a buffer allocated on the heap to overflow under certain HREFs when rendering HTML. The mail system is also deemed vulnerable and an attacker can send an email containing a malformed HREF, or plant the...

7.5CVSS6.9AI score0.15064EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/01/31 12:0 a.m.43 views

Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...

9.6CVSS7.4AI score0.56192EPSS
Exploits23
Gentoo Linux
Gentoo Linux
added 2024/01/07 12:0 a.m.43 views

Apache Batik: Multiple Vulnerabilities

Background Apache Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as display, generation or manipulation. Description Multiple vulnerabilities have been discovered in Apache Batik. Please revie...

9.8CVSS7.7AI score0.19523EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2022/10/31 12:0 a.m.43 views

GDAL: Heap Buffer Overflow

Background GDAL is a geospatial data abstraction library. Description GDAL does not sufficiently sanitize input when loading PCIDSK binary segments. Impact Loading crafted PCIDSK data via GDAL could result in denial of service. Workaround There is no known workaround at this time. Resolution All...

5.5CVSS3.6AI score0.01491EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2022/10/31 12:0 a.m.43 views

hiredis, hiredis-py: Multiple Vulnerabilities

Background hiredis is a minimalistic C client library for the Redis database. hiredis-py is a Python extension that wraps hiredis. Description Hiredis is vulnerable to integer overflow if provided maliciously crafted or corrupted RESP mult-bulk protocol data. When parsing multi-bulk array-like...

8.8CVSS2.5AI score0.02045EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/09/29 12:0 a.m.43 views

Zutty: Arbitrary Code Execution

Background Zutty is an X terminal emulator rendering through OpenGL ES Compute Shaders. Description Zutty does not correctly handle invalid DECRQSS commands, which can be exploited to run arbitrary commands in the terminal. Impact Untrusted text written to the Zutty terminal can achieve arbitrary...

9.8CVSS2.6AI score0.01754EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2022/09/25 12:0 a.m.43 views

Smokeping: Multiple vulnerabilities

Background Smokeping is a powerful latency measurement tool Description Multiple vulnerabilities have been discovered in Smokeping. Please review the CVE identifiers referenced below for details. Impact A local attacker which gains access to the smokeping user could gain root privileges. Workarou...

6.5CVSS3.9AI score0.00855EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2022/09/25 12:0 a.m.44 views

Smarty: Multiple vulnerabilities

Background Smarty is a template engine for PHP. The "template security" feature of Smarty is designed to help reduce the risk of a system compromise when you have untrusted parties editing templates. Description Multiple vulnerabilities have been discovered in Smarty. Please review the CVE...

8.8CVSS1.1AI score0.0454EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2021/07/07 12:0 a.m.43 views

TCG TPM2 Software Stack: Information disclosure

Background TCG TPM2 Software Stack is a library to interface with trusted platform modules. Description TCG TPM2 Software Stack did not appropriately apply FAPI policies to protect data encrypted with the trusted platform module. Impact Data encrypted using TCG TPM2 Software Stack tpm2-tss may no...

6.7CVSS3.3AI score0.00588EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/11/03 12:0 a.m.43 views

libssh: Denial of service

Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description libssh was found to have a NULL pointer dereference in tftpserver.c if the function sshbuffernew returns NULL. Impact An attacker could cause a possible Denial of Service conditio...

5.9CVSS3AI score0.04105EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2020/03/19 12:0 a.m.43 views

libgit2: Multiple vulnerabilities

Background libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API. Description Multiple vulnerabilities have been discovered in libgit2. Please review the CVE identifiers referenced below for details. Impact An attacker coul...

9.3CVSS3.1AI score0.25666EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/10/29 12:0 a.m.43 views

Asterisk: Multiple vulnerabilities

Background A Modular Open Source PBX System. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the referenced CVE identifiers for details. Impact A remote attacker could execute arbitrary code, cause a denial of service condition, or cause an unauthorized data...

9.8CVSS8.4AI score0.50053EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/07/21 12:0 a.m.43 views

Adobe Flash Player: Multiple Vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

10CVSS9.6AI score0.30886EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2017/06/06 12:0 a.m.43 views

Wireshark: Multiple vulnerabilities

Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially crafted netwo...

7.8CVSS7.6AI score0.03284EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/05/26 12:0 a.m.43 views

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers and Xen Security Advisory referenced below for details. Impact A local attacker could potentially execute arbitrary code with privileges of Xen QEMU proce...

8.8CVSS3.9AI score0.0049EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/05/09 12:0 a.m.43 views

libav: Multiple vulnerabilities

Background Libav is a complete solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in libav. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted media...

8.8CVSS8.2AI score0.14621EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2017/02/10 12:0 a.m.43 views

GnuTLS: Multiple vulnerabilities

Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description Multiple heap and stack overflows and double free vulnerabilities have been discovered in GnuTLS by the OSS-Fuzz project. Please review the CVE identifiers referenced below for details. Impact A remote...

9.8CVSS9.6AI score0.32754EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/01/25 12:0 a.m.43 views

X.Org X Server: Multiple vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. Impact An authenticated attacker could possibly cause a Denia...

7.5CVSS7.9AI score0.02879EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/01/24 12:0 a.m.43 views

LibRaw: Multiple vulnerabilities

Background LibRaw is a library for reading RAW files obtained from digital photo cameras. Description Multiple vulnerabilities have been discovered in LibRaw. Please review the CVE identifiers referenced below for details. Impact An attacker could execute arbitrary code, cause a Denial of Service...

9.8CVSS8.9AI score0.05454EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/01/12 12:0 a.m.43 views

runC: Privilege escalation

Background RunC is a CLI tool for spawning and running containers according to the OCI specification. Description A vulnerability was discovered in runC that allows additional container processes via ‘runc exec’ to be ptraced by the pid 1 of the container. This allows the main processes of the...

6.4CVSS7.1AI score0.00377EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/01/11 12:0 a.m.43 views

BIND: Denial of service

Background BIND Berkeley Internet Name Domain is a Name Server. Description A defect in BIND’s handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c. Impact A remote attacker could send a specially crafted DNS...

7.5CVSS8AI score0.38733EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/12/13 12:0 a.m.43 views

Botan: Multiple vulnerabilities

Background Botan Japanese for peony is a cryptography library written in C++11. Description Multiple vulnerabilities have been discovered in Botan. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of...

10CVSS3.5AI score0.06677EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/12/04 12:0 a.m.43 views

dpkg: Arbitrary code execution

Background Debian package management system. Description Gentoo Linux developer, Hanno Böck, discovered an off-by-one error in the dpkg-deb component of dpkg, the Debian package management system, which triggers a stack-based buffer overflow. Impact An attacker could potentially execute arbitrary...

7.5CVSS9.7AI score0.05035EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/12/03 12:0 a.m.43 views

libsndfile: Multiple vulnerabilities

Background libsndfile is a C library for reading and writing files containing sampled sound. Description Multiple vulnerabilities have been discovered in libsndfile. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially...

9.3CVSS8.1AI score0.13294EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2016/12/02 12:0 a.m.43 views

DavFS2: Local privilege escalation

Background DavFS2 is a file system driver that allows you to mount a WebDAV server as a local disk drive. Description DavFS2 installs “/usr/sbin/mount.davfs” as setuid root. This utility uses “system” to call “/sbin/modprobe”. While the call to “modprobe” itself cannot be manipulated, a local...

7.2CVSS6.1AI score0.01168EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2016/11/22 12:0 a.m.43 views

Tar: Extract pathname bypass

Background The Tar program provides the ability to create and manipulate tar archives. Description Tar attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path names specifi...

7.5CVSS3.3AI score0.15155EPSS
Exploits3
Total number of security vulnerabilities3816