Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2017/01/12 12:0 a.m.43 views

runC: Privilege escalation

Background RunC is a CLI tool for spawning and running containers according to the OCI specification. Description A vulnerability was discovered in runC that allows additional container processes via ‘runc exec’ to be ptraced by the pid 1 of the container. This allows the main processes of the...

6.4CVSS7.1AI score0.00377EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/01/11 12:0 a.m.43 views

BIND: Denial of service

Background BIND Berkeley Internet Name Domain is a Name Server. Description A defect in BIND’s handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c. Impact A remote attacker could send a specially crafted DNS...

7.5CVSS8AI score0.38733EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/12/13 12:0 a.m.43 views

Botan: Multiple vulnerabilities

Background Botan Japanese for peony is a cryptography library written in C++11. Description Multiple vulnerabilities have been discovered in Botan. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of...

10CVSS3.5AI score0.06677EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/12/04 12:0 a.m.43 views

dpkg: Arbitrary code execution

Background Debian package management system. Description Gentoo Linux developer, Hanno Böck, discovered an off-by-one error in the dpkg-deb component of dpkg, the Debian package management system, which triggers a stack-based buffer overflow. Impact An attacker could potentially execute arbitrary...

7.5CVSS9.7AI score0.05035EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/12/03 12:0 a.m.43 views

libsndfile: Multiple vulnerabilities

Background libsndfile is a C library for reading and writing files containing sampled sound. Description Multiple vulnerabilities have been discovered in libsndfile. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially...

9.3CVSS8.1AI score0.13294EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2016/12/02 12:0 a.m.43 views

DavFS2: Local privilege escalation

Background DavFS2 is a file system driver that allows you to mount a WebDAV server as a local disk drive. Description DavFS2 installs “/usr/sbin/mount.davfs” as setuid root. This utility uses “system” to call “/sbin/modprobe”. While the call to “modprobe” itself cannot be manipulated, a local...

7.2CVSS6.1AI score0.01168EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2016/11/22 12:0 a.m.43 views

Tar: Extract pathname bypass

Background The Tar program provides the ability to create and manipulate tar archives. Description Tar attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path names specifi...

7.5CVSS3.3AI score0.15155EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2016/10/10 12:0 a.m.43 views

Quagga: Arbitrary code execution

Background Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Description A memcpy function in the VPNv4 NLRI parser of bgpmplsvpn.c does not properly check the upper-bound length of received Labeled-VPN SAFI routes data, which may allow for arbitrary code execution on...

8.1CVSS5.8AI score0.1211EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/05/02 12:0 a.m.43 views

Git: Multiple vulnerabilities

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Git is vulnerable to the remote execution of arbitrary code by cloning repositories with large filenames or a large...

10CVSS9.8AI score0.20144EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/12/30 12:0 a.m.43 views

InspIRCd: Multiple vulnerabilities

Background InspIRCd is a modular Internet Relay Chat IRC server written in C++ which was created from scratch to be stable, modern and lightweight. Description Multiple vulnerabilities have been discovered in InspIRCd. Please review the CVE identifiers referenced below for details. Impact A remot...

9.8CVSS9.1AI score0.02282EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2015/12/17 12:0 a.m.43 views

IPython: User-assisted execution of arbitrary code

Background IPython is an advanced interactive shell for Python. Description IPython does not properly check the MIME type of a file. Impact A remote attacker could entice a user to open a specially crafted text file using IPython, possibly resulting in execution of arbitrary JavaScript with the...

6.8CVSS6.6AI score0.01685EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/12/17 12:0 a.m.43 views

Dnsmasq: Denial of service

Background Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. Description An out-of-bounds read vulnerability has been found in the tcprequest function in Dnsmasq. Impact A remote attacker could send a specially crafted DNS request, possibly resulting in a Denial of Servic...

6.4CVSS9AI score0.04456EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2015/09/24 12:0 a.m.43 views

NetworkManager: Denial of service

Background NetworkManager is an universal network configuration daemon for laptops, desktops, servers and virtualization hosts. Description IPv6 Neighbour Discovery ICMP broadcast containing a non-route with a low hop limit causes a Denial of Service by lowering the hop limit on existing IPv6...

3.3CVSS6.3AI score0.01204EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/07/10 12:0 a.m.43 views

Chromium: Multiple vulnerabilities

Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker could bypass security restrictions. Workaround There is no known workaround at...

5CVSS9.7AI score0.02306EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2015/04/11 12:0 a.m.43 views

MySQL and MariaDB: Multiple vulnerabilities

Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details. Impact A remote attacker coul...

7.5CVSS8.4AI score0.10066EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/12/24 12:0 a.m.43 views

NTP: Multiple vulnerabilities

Background NTP is a protocol designed to synchronize the clocks of computers over a network. The net-misc/ntp package contains the official reference implementation by the NTP Project. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced...

7.5CVSS8.2AI score0.7809EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2014/12/10 12:0 a.m.43 views

libxml2: Denial of service

Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled. Impact A context-dependent attacker could entice a user to a specially craft...

5CVSS6.5AI score0.03988EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/03/20 12:0 a.m.43 views

GNU Emacs: Multiple vulnerabilities

Background GNU Emacs is a highly extensible and customizable text editor. Description Multiple vulnerabilities have been discovered in GNU Emacs: When ‘global-ede-mode’ is enabled, EDE in Emacs automatically loads a Project.ede file from the project directory CVE-2012-0035. When...

9.3CVSS8.2AI score0.03804EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/01/19 12:0 a.m.43 views

Perl, Locale Maketext Perl module: Multiple vulnerabilities

Background Perl is Larry Wall’s Practical Extraction and Report Language. Locale::Maketext is a Perl module - framework for localization. Description Multiple vulnerabilities have been discovered in Perl and Locale::Maketext Perl module. Please review the CVE identifiers referenced below for...

7.5CVSS9.2AI score0.04877EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2013/11/25 12:0 a.m.43 views

fcron: Information disclosure

Background fcron is a periodic command scheduler for Unix-based systems Description The fcrontab function contains a race condition relating to symlinks. Impact A local attacker could perform symlink attacks to read arbitrary files with the privileges of the user running the application. Workarou...

1.9CVSS6.3AI score0.00351EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/06/23 12:0 a.m.43 views

GnuTLS: Multiple vulnerabilities

Background GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. Description Multiple vulnerabilities have been found in GnuTLS: An error in libgnutls does not properly sanitize "\0" characters from certificate fields CVE-2009-2730. An error in the TLS and SSL protocols...

7.5CVSS9.1AI score0.87264EPSS
Exploits15
Gentoo Linux
Gentoo Linux
added 2012/05/27 12:0 a.m.43 views

Chromium, V8: Multiple vulnerabilities

Background Chromium is an open source web browser project. V8 is Google’s open source JavaScript engine. Description Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact A context-dependent...

10CVSS7.5AI score0.04272EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2012/01/30 12:0 a.m.43 views

Adobe Reader: Multiple vulnerabilities

Background Adobe Reader is a closed-source PDF reader. Description Multiple vulnerabilities have been discovered in Adobe Reader. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted PDF file using Adobe Reader,...

10CVSS9.6AI score0.86238EPSS
Exploits43
Gentoo Linux
Gentoo Linux
added 2011/10/26 12:0 a.m.44 views

libxml2: Multiple vulnerabilities

Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact A local or remote attacker may be able to execute arbitrary code with th...

9.3CVSS8.6AI score0.13727EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2011/10/24 12:0 a.m.43 views

Clam AntiVirus: Multiple vulnerabilities

Background Clam AntiVirus short: ClamAV is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities have been discovered in Clam AntiVirus. Please review the CVE identifiers referenced below for details. Impact An unauthenticat...

9.3CVSS7.4AI score0.06533EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/04/06 12:0 a.m.43 views

Eye of GNOME: Untrusted search path

Background The Eye of GNOME is the official image viewer for the GNOME Desktop environment. Description James Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in the Eye of GNOME, a vulnerabiliy related to CVE-2008-5983. Impact A local attacker could...

6.9CVSS9.3AI score0.0051EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/03/09 12:0 a.m.43 views

WebSVN: Multiple vulnerabilities

Background WebSVN is a web-based browsing tool for Subversion repositories written in PHP. Description James Bercegay of GulfTech Security reported a Cross-site scripting XSS vulnerability in the getParameterisedSelfUrl function in index.php CVE-2008-5918 and a directory traversal vulnerability i...

6.8CVSS6.2AI score0.06315EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2008/12/02 12:0 a.m.43 views

Mantis: Multiple vulnerabilities

Background Mantis is a PHP/MySQL/Web based bugtracking system. Description Multiple issues have been reported in Mantis: EgiX reported that manageprojpage.php does not correctly sanitize the sort parameter before passing it to createfunction in core/utilityapi.php CVE-2008-4687. Privileges of...

9CVSS7.5AI score0.67453EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2008/05/07 12:0 a.m.43 views

Multiple X11 terminals: Local privilege escalation

Background Aterm, Eterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are X11 terminal emulators. Description Bernhard R. Link discovered that RXVT opens a terminal on :0 if the "-display" option is not specified and the DISPLAY environment variable is not set. Further research by the Gentoo...

6.9CVSS8.4AI score0.00363EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/05/05 12:0 a.m.43 views

Horde Application Framework: Multiple vulnerabilities

Background The Horde Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME and more. Description Multiple vulnerabilities have been reported in the Horde Applicatio...

6CVSS7.3AI score0.01677EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/05/05 12:0 a.m.44 views

phpMyAdmin: Information disclosure

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Impact A remote attack...

3.5CVSS6.1AI score0.01626EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/04/02 12:0 a.m.43 views

bzip2: Denial of service

Background bzip2 is a free and open source lossless data compression program. Description The Oulu University discovered that bzip2 does not properly check offsets provided by the bzip2 file, leading to a buffer overread. Impact Remote attackers can entice a user or automated system to open a...

4.3CVSS6.7AI score0.04519EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2008/03/19 12:0 a.m.43 views

ViewVC: Multiple vulnerabilities

Background ViewVC is a browser interface for CVS and Subversion version control repositories. Description Multiple unspecified errors were reportedly fixed by the ViewVC development team. Impact A remote attacker could send a specially crafted URL to the server to list CVS or SVN commits on...

4.3CVSS6.5AI score0.0137EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/03/12 12:0 a.m.43 views

Sarg: Remote execution of arbitrary code

Background Sarg Squid Analysis Report Generator is a tool that provides many informations about the Squid web proxy server users activities: time, sites, traffic, etc. Description Sarg doesn't properly check its input for abnormal content when processing Squid log files. Impact A remote attacker...

10CVSS6.1AI score0.06681EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/08/18 12:0 a.m.43 views

BIND: Weak random number generation

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Amit Klein from Trusteer reported that the random number generator of ISC BIND leads, half the time, to predictable 1 chance to 8 query IDs in the resolver routine or in zone...

5.8CVSS7.8AI score0.1309EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/08/08 12:0 a.m.43 views

libarchive (formerly named as bsdtar): Multiple PaX Extension Header Vulnerabilities

Background libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Description CPNI, CERT-FI, Tim Kientzle, and Colin Percival reported a buffer overflow CVE-2007-3641, an infinite loop...

9.3CVSS7.3AI score0.07432EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/05/05 12:0 a.m.43 views

X.Org X11 library: Multiple integer overflows

Background X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files. Description Multiple integer overflows have been reported in the XGetPixel function of the X.Org X11 library. Impact By enticing a user to open a specially crafted image, a...

9.3CVSS7.1AI score0.04613EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/30 12:0 a.m.43 views

file: Integer underflow

Background file is a utility that guesses a file format by scanning binary data for patterns. Description Jean-Sebastien Guay-Leroux reported an integer underflow in fileprintf function. Impact A remote attacker could entice a user to run the "file" program on a specially crafted file that would...

9.3CVSS9.7AI score0.12226EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/02/17 12:0 a.m.43 views

AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities

Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. The x86 emulation Sun's J2SE Development Kit for AMD64 contains a vulnerable version of Sun's JDK. Description Chris Evans has discovered multiple buffer overflows in Sun JDK and Su...

9.3CVSS7.1AI score0.10994EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/05/10 12:0 a.m.43 views

Quake 3 engine based games: Buffer Overflow

Background Quake 3 is a multiplayer first person shooter. Description landser discovered a vulnerability within the "remapShader" command. Due to a boundary handling error in "remapShader", there is a possibility of a buffer overflow. Impact An attacker could set up a malicious game server and...

7.6CVSS7AI score0.0759EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/02/20 12:0 a.m.43 views

OpenSSH, Dropbear: Insecure use of system() call

Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Dropbear is an SSH server and client designed with a small memory footprint that includes OpenSSH scp...

4.6CVSS7.2AI score0.00474EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/01/30 12:0 a.m.43 views

Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows

Background Xpdf is a PDF file viewer that runs under the X Window System. Poppler is a PDF rendering library based on the Xpdf 3.0 code base. GPdf is a PDF file viewer for the GNOME 2 platform, also based on Xpdf. libextractor is a library which includes Xpdf code to extract arbitrary meta-data...

10CVSS9.2AI score0.05566EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2005/10/05 12:0 a.m.43 views

Texinfo: Insecure temporary file creation

Background Texinfo is the official documentation system created by the GNU project. Description Frank Lichtenheld has discovered that the "sortoffline" function in texindex insecurely creates temporary files with predictable filenames. Impact A local attacker could create symbolic links in the...

1.2CVSS6.1AI score0.00505EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2005/08/24 12:0 a.m.43 views

PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability

Background The PEAR XML-RPC and phpxmlrpc libraries are both PHP implementations of the XML-RPC protocol. Description Stefan Esser of the Hardened-PHP Project discovered that the PEAR XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC requests and responses with malformed nested tags...

7.5CVSS6.7AI score0.05091EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/08/15 12:0 a.m.43 views

Gaim: Remote execution of arbitrary code

Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Brandon Perry discovered that Gaim is vulnerable to a heap-based buffer overflow when handling away messages CAN-2005-2103. Furthermore, Daniel Atallah discovered a...

9.8CVSS7AI score0.16055EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/04/06 12:0 a.m.43 views

Gaim: Denial of Service issues

Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Multiple vulnerabilities have been addressed in the latest release of Gaim: A buffer overread in the gaimmarkupstriphtml function, which is used when logging conversatio...

6.4CVSS6.9AI score0.02505EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/03/25 12:0 a.m.43 views

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is the popular next-generation browser from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Firefox: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2...

5.1CVSS7.5AI score0.15116EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2004/10/28 12:0 a.m.43 views

GPdf, KPDF, KOffice: Vulnerabilities in included xpdf

Background GPdf is a Gnome-based PDF viewer. KPDF, part of the kdegraphics package, is a KDE-based PDF viewer. KOffice is an integrated office suite for KDE. Description GPdf, KPDF and KOffice all include xpdf code to handle PDF files. xpdf is vulnerable to multiple integer overflows, as describe...

10CVSS7.1AI score0.09334EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/10/21 12:0 a.m.43 views

Xpdf, CUPS: Multiple integer overflows

Background Xpdf is an open source viewer for Portable Document Format PDF files. The Common UNIX Printing System CUPS is a cross-platform print spooler that includes some Xpdf code. Description Chris Evans discovered multiple integer overflow issues in Xpdf. Impact An attacker could entice an use...

10CVSS7.6AI score0.09334EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/27 12:0 a.m.43 views

X.org, XFree86: Integer and stack overflows in libXpm

Background XFree86 and X.org are both implementations of the X Window System. Description Chris Evans has discovered multiple integer and stack overflow vulnerabilities in the X Pixmap library, libXpm, which is a part of the X Window System. These overflows can be exploited by the execution of a...

7.5CVSS8.1AI score0.08052EPSS
Exploits2
Total number of security vulnerabilities3816