Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2006/09/26 12:0 a.m.42 views

Tikiwiki: Arbitrary command execution

Background Tikiwiki is a web-based groupware and content management system, developed with PHP, ADOdb and Smarty. Description A vulnerability in jhot.php allows for an unrestricted file upload to the img/wiki/ directory. Additionally, an XSS exists in the highlight parameter of...

7.5CVSS6.9AI score0.42596EPSS
Exploits8
Gentoo Linux
Gentoo Linux
added 2006/06/11 12:0 a.m.42 views

MySQL: SQL Injection

Background MySQL is a popular multi-threaded, multi-user SQL server. Description MySQL is vulnerable to an injection flaw in mysqlrealescape when used with multi-byte characters. Impact Due to a flaw in the multi-byte character process, an attacker is still able to inject arbitary SQL statements...

7.5CVSS7.4AI score0.03536EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/02/20 12:0 a.m.42 views

OpenSSH, Dropbear: Insecure use of system() call

Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Dropbear is an SSH server and client designed with a small memory footprint that includes OpenSSH scp...

4.6CVSS7.2AI score0.00474EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/11/06 12:0 a.m.42 views

ClamAV: Multiple vulnerabilities

Background ClamAV is a GPL anti-virus toolkit, designed for integration with mail servers to perform attachment scanning. ClamAV also provides a command line scanner and a tool for fetching updates of the virus database. Description ClamAV has multiple security flaws: a boundary check was perform...

10CVSS7AI score0.06935EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/08/25 12:0 a.m.42 views

Apache 2.0: Denial of Service vulnerability

Background The Apache HTTP Server Project is a featureful, freely-available HTTP Web server. Description Filip Sneppe discovered that Apache improperly handles byterange requests to CGI scripts. Impact A remote attacker may access vulnerable scripts in a malicious way, exhausting all RAM and swap...

5CVSS9AI score0.10976EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/08/25 12:0 a.m.42 views

libpcre: Heap integer overflow

Background libpcre is a library providing functions for Perl-compatible regular expressions. Description libpcre fails to check certain quantifier values in regular expressions for sane values. Impact An attacker could possibly exploit this vulnerability to execute arbitrary code by sending...

7.5CVSS7.3AI score0.04344EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/08/19 12:0 a.m.42 views

Kismet: Multiple vulnerabilities

Background Kismet is an 802.11 Layer 2 wireless network detector, sniffer, and intrusion detection system. Description Kismet is vulnerable to a heap overflow when handling pcap captures and to an integer underflow in the CDP protocol dissector. Impact With a specially crafted packet an attacker...

10CVSS7.4AI score0.04733EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/06/22 12:0 a.m.42 views

Cacti: Several vulnerabilities

Background Cacti is a complete web-based frontend to rrdtool. Description Cacti fails to properly sanitize input which can lead to SQL injection, authentication bypass as well as PHP file inclusion. Impact An attacker could potentially exploit the file inclusion to execute arbitrary code with the...

7.5CVSS8.1AI score0.16552EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/01 12:0 a.m.42 views

phpBB: Multiple vulnerabilities

Background phpBB is an Open Source bulletin board package. Description It was discovered that phpBB contains a flaw in the session handling code and a path disclosure bug. AnthraX101 discovered that phpBB allows local users to read arbitrary files, if the "Enable remote avatars" and "Enable avata...

6.4CVSS6.6AI score0.02043EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/12/13 12:0 a.m.42 views

file: Arbitrary code execution

Background file is a utility used to identify the type of a file. Description A possible stack overflow has been found in the ELF header parsing code of file. Impact An attacker may be able to create a specially crafted ELF file which, when processed with file, may allow the execution of arbitrar...

10CVSS3AI score0.11396EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/10/09 12:0 a.m.42 views

LessTif: Integer and stack overflows in libXpm

Background LessTif is a clone of OSF/Motif, which is the standard user interface toolkit available on Unix and Linux. Description Chris Evans has discovered various integer and stack overflows in libXpm, which is shipped as a part of the X Window System. LessTif, an application that includes this...

7.5CVSS7.8AI score0.08052EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2004/08/23 12:0 a.m.42 views

Cacti: SQL injection vulnerability

Background Cacti is a complete web-based front end to rrdtool. Description Cacti is vulnerable to a SQL injection attack where an attacker may inject SQL into the Username field. Impact An attacker could compromise the Cacti service and potentially execute programs with the permissions of the use...

7.5CVSS3.9AI score0.02827EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/07/15 12:0 a.m.42 views

PHP: Multiple security vulnerabilities

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description Several security vulnerabilities were found and fixed in version 4.3...

6.8CVSS6.9AI score0.54856EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2004/04/27 12:0 a.m.42 views

Multiple vulnerabilities in xine

Background xine is a multimedia player allowing to play back CDs, DVDs, and VCDs and decoding multimedia files like AVI, MOV, WMV, and MP3 from local disk drives, and displays multimedia streamed over the Internet. It is available in Gentoo as a reusable library xine-lib with a standard user...

5CVSS6.7AI score0.08098EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/03/05 12:0 a.m.42 views

Linux kernel do_mremap local privilege escalation vulnerability

Background The Linux kernel is responsible for memory management in a working system - to allow this, processes are allowed to allocate and unallocate memory. Description The memory subsystem allows for shrinking, growing, and moving of chunks of memory along any of the allocated memory areas whi...

7.2CVSS7AI score0.02434EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2025/05/14 12:0 a.m.41 views

Node.js: Multiple Vulnerabilities

Background Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Description Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...

9.8CVSS7.6AI score0.99999EPSS
Exploits20
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.41 views

Xen: Multiple Vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

8.8CVSS7.6AI score0.17444EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/05/08 12:0 a.m.41 views

MariaDB: Multiple Vulnerabilities

Background MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MariaDB. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

7.8CVSS7.3AI score0.03726EPSS
Exploits40
Gentoo Linux
Gentoo Linux
added 2024/02/03 12:0 a.m.41 views

QtGui: Multiple Vulnerabilities

Background QtGui is a module for the Qt toolkit. Description Multiple vulnerabilities have been discovered in QtGui. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this tim...

7.5CVSS7.3AI score0.0306EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2023/10/31 12:0 a.m.41 views

Salt: Multiple Vulnerabilities

Background Salt is a fast, intelligent and scalable automation engine. Description Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

9.8CVSS7.3AI score0.92312EPSS
Exploits9
Gentoo Linux
Gentoo Linux
added 2022/12/28 12:0 a.m.41 views

libksba: Remote Code Execution

Background Libksba is a X.509 and CMS PKCS7 library. Description An integer overflow in parsing ASN.1 objects could lead to a buffer overflow. Impact Crafted ASN.1 objects could trigger an integer overflow and buffer overflow to result in remote code execution. Workaround There is no known...

9.8CVSS6.1AI score0.01635EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2022/11/22 12:0 a.m.41 views

Pillow: Multiple Vulnerabilities

Background The friendly PIL fork. Description Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution...

9.8CVSS3.7AI score0.03399EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2022/08/04 12:0 a.m.41 views

Babel: Remote code execution

Background Babel is a collection of tools for internationalizing Python applications. Description Babel does not properly restrict which sources a locale can be loaded from. If Babel loads an attacker-controlled .dat file, arbitrary code execution can be achieved via unsafe Pickle deserialization...

4.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/02/20 12:0 a.m.41 views

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one, fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

9.6CVSS2AI score0.23546EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2020/12/23 12:0 a.m.41 views

c-ares: Denial of service

Background c-ares is an asynchronous resolver library. Description It was discovered that c-ares incorrectly handled certain DNS requests. Impact A remote attacker, able to trigger a DNS request for a host of their choice by an application linked against c-ares, could possibly cause a Denial of...

7.5CVSS2.7AI score0.54164EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/09/13 12:0 a.m.41 views

PHP: Denial of service

Background PHP is an open source general-purpose scripting language that is especially suited for web development. Description It was discovered that PHP did not properly handle PHAR files. Impact A remote attacker could entice a user to open a specially crafted PHAR file using PHP, possibly...

4.8CVSS2.5AI score0.01661EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2019/04/17 12:0 a.m.41 views

libseccomp: Privilege escalation

Background A library that provides an easy to use, platform independent, interface to the Linux Kernel’s syscall filtering mechanism. Description Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no...

9.8CVSS9.6AI score0.03041EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2018/11/30 12:0 a.m.41 views

libsndfile: Multiple vulnerabilities

Background libsndfile is a C library for reading and writing files containing sampled sound. Description Multiple vulnerabilities have been discovered in libsndfile. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to open a specially...

9.8CVSS3.9AI score0.03978EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2018/01/07 12:0 a.m.41 views

Back In Time: Command injection

Background A simple backup tool for Linux, inspired by “flyback project”. Description ‘Back in Time’ did improper escaping/quoting of file paths used as arguments to the ‘notify-send’ command leading to some parts of file paths being executed as shell commands within an os.system call. Impact A...

9.3CVSS7.9AI score0.01462EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/12/14 12:0 a.m.41 views

WebKitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...

8.8CVSS9.2AI score0.06712EPSS
Exploits40
Gentoo Linux
Gentoo Linux
added 2017/11/10 12:0 a.m.41 views

X.Org Server: Multiple vulnerabilities

Background The X.Org project provides an open source implementation of the X Window System. Description Multiple vulnerabilities have been discovered in X.Org Server. Please review the referenced CVE identifiers for details. Impact Attackers could execute arbitrary code or cause a Denial of Servi...

9.8CVSS10AI score0.0437EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/06/06 12:0 a.m.41 views

PCRE library: Denial of service

Background PCRE library is a set of functions that implement regular expression pattern matching using the same syntax and semantics as Perl 5. Description It was found that the compilebracketmatchingpath function in pcrejitcompile.c in PCRE library is vulnerable to an out-of-bounds read. Impact ...

7.5CVSS7.5AI score0.04546EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/12/30 12:0 a.m.41 views

mod_wsgi: Privilege escalation

Background modwsgi is an Apache2 module for running Python WSGI applications. Description modwsgi, when creating a daemon process group, does not properly handle dropping group privileges. Impact Context-dependent attackers could escalate privileges due to the improper handling of group privilege...

6.9CVSS6.5AI score0.00403EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/12/11 12:0 a.m.41 views

libmms: Remote execution of arbitrary code

Background libmms is a library for downloading streaming media files using the mmst and mmsh protocols. Description A heap-based buffer overflow was discovered in the getanswer function within mmsh.c of libmms. Impact A remote attacker might send a specially crafted MMS over HTTP MMSH response,...

7.5CVSS7.4AI score0.06147EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2016/12/03 12:0 a.m.41 views

libsndfile: Multiple vulnerabilities

Background libsndfile is a C library for reading and writing files containing sampled sound. Description Multiple vulnerabilities have been discovered in libsndfile. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially...

9.3CVSS8.1AI score0.134EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2016/07/20 12:0 a.m.41 views

Exim: Arbitrary code execution

Background Exim is a message transfer agent MTA designed to be a a highly configurable, drop-in replacement for sendmail. Description Vulnerabilities have been discovered in Exim’s implementation of set-uid root and when using ‘perlstartup’. These vulnerabilities require a user account on the Exi...

4.6CVSS7.9AI score0.00487EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/07/16 12:0 a.m.41 views

CUPS: Buffer overflow

Background CUPS, the Common Unix Printing System, is a full-featured print server. Description A vulnerability has been discovered in CUPS concerning the handling of compressed raster files. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process...

6.8CVSS7.3AI score0.04633EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/07/16 12:0 a.m.41 views

Chromium: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...

8.8CVSS1.4AI score0.03094EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2016/04/02 12:0 a.m.41 views

QEMU: Multiple vulnerabilities

Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact Local users within a guest QEMU environment can execute arbitrary code within th...

8.1CVSS8.4AI score0.06085EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/12/30 12:0 a.m.41 views

GStreamer: User-assisted execution of arbitrary code

Background GStreamer is an open source multimedia framework. Description A buffer overflow vulnerability has been found in the parsing of H.264 formatted video. Impact A remote attacker could entice a user to open a specially crafted H.264 formatted video using an application linked against...

6.8CVSS8.1AI score0.0544EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/11/17 12:0 a.m.41 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

10CVSS9.8AI score0.68396EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2015/07/10 12:0 a.m.41 views

Chromium: Multiple vulnerabilities

Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker could bypass security restrictions. Workaround There is no known workaround at...

5CVSS9.7AI score0.02306EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/12/28 12:0 a.m.41 views

Asterisk: Multiple vulnerabilities

Background Asterisk is an open source telephony engine and toolkit. Description Multiple unspecified vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact Unauthenticated remote attackers can cause Denial of Service or bypass...

9CVSS7.1AI score0.09525EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/12/26 12:0 a.m.41 views

LittleCMS: Denial of service

Background LittleCMS, or short lcms, is a color management system for working with ICC profiles. It is used by many applications including GIMP and Firefox. Description Multiple stack-based buffer overflows and a profile parser error have been found in LittleCMS. Impact A remote attacker could...

4.3CVSS7.1AI score0.04097EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/12/09 12:0 a.m.41 views

Clam AntiVirus: Denial of service

Background Clam AntiVirus is an open source GPL anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description A heap-based buffer overflow exists in the cliscanpe function in libclamav/pe.c in ClamAV. Impact A remote attacker could possibly cause a Denial of...

5CVSS6.7AI score0.04878EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/11/27 12:0 a.m.41 views

Squid: Multiple vulnerabilities

Background Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Description An assertion failure in processing of SSL-Bump has been found in Squid. Heap based overflow is discovered when processing SNMP requests. Impact A remote attacker could send a specially crafted...

6.4CVSS7.1AI score0.76064EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/06/30 12:0 a.m.41 views

OpenLDAP: Multiple vulnerabilities

Background OpenLDAP is an LDAP suite of application and development tools. Description Multiple vulnerabilities have been discovered in OpenLDAP. Please review the CVE identifiers referenced below for details. Impact A remote attacker might employ a specially crafted certificate to conduct...

9.8CVSS9.2AI score0.29238EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2014/05/03 12:0 a.m.41 views

Asterisk: Denial of service

Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details. Impact A remote attacker could possibly cause a Denia...

7.5CVSS7.8AI score0.1639EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2012/09/25 12:0 a.m.41 views

Opera: Multiple vulnerabilities

Background Opera is a fast web browser that is available free of charge. Description Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers and Opera Release Notes referenced below for details. Impact A remote attacker could entice a user to open a specially...

10CVSS6.7AI score0.02185EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2011/11/20 12:0 a.m.41 views

Evince: Multiple vulnerabilities

Background Evince is a document viewer for multiple document formats, including PostScript. Description Multiple vulnerabilities have been discovered in Evince. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to load a DVI file with a...

7.6CVSS8.4AI score0.1427EPSS
Exploits0
Total number of security vulnerabilities3816