Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2014/05/03 12:0 a.m.•41 views

Asterisk: Denial of service

Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details. Impact A remote attacker could possibly cause a Denia...

7.5CVSS7.8AI score0.1639EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2012/09/25 12:0 a.m.•41 views

Opera: Multiple vulnerabilities

Background Opera is a fast web browser that is available free of charge. Description Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers and Opera Release Notes referenced below for details. Impact A remote attacker could entice a user to open a specially...

10CVSS6.7AI score0.02185EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/03/16 12:0 a.m.•41 views

HPLIP: Multiple vulnerabilities

Background The Hewlett-Packard Linux Imaging and Printing system HPLIP provides drivers for HP's inkjet and laser printers, scanners and fax machines. Description Two vulnerabilities have been found in HPLIP: The "hpmudgetpml" function in pml.c contains a boundary error which could cause a...

7.5CVSS9AI score0.10806EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/03/06 12:0 a.m.•41 views

Rack: Denial of service

Background Rack is a modular Ruby web server interface. Description Rack does not properly randomize hash functions to protect against hash collision attacks. Impact A remote attacker could send a specially crafted form post, possibly resulting in a Denial of Service condition. Workaround There i...

5CVSS6.3AI score0.04016EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2012/01/23 12:0 a.m.•41 views

JasPer: User-assisted execution of arbitrary code

Background The JasPer Project is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 jpeg2k standard. Description Two vulnerabilities have been found in JasPer: The jpccoxgetcompparms function in libjasper/jpc/jpccs.c...

6.8CVSS6.9AI score0.10618EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2011/11/20 12:0 a.m.•41 views

Evince: Multiple vulnerabilities

Background Evince is a document viewer for multiple document formats, including PostScript. Description Multiple vulnerabilities have been discovered in Evince. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to load a DVI file with a...

7.6CVSS8.4AI score0.1427EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2011/10/13 12:0 a.m.•41 views

feh: Multiple vulnerabilities

Background feh is a fast, lightweight imageviewer using imlib2. Description Multiple vulnerabilities have been discovered in feh. Please review the CVE identifiers referenced below for details. Impact A malicious entity might entice a user to visit a URL using the --wget-timestamp option, thus...

5.1CVSS6.9AI score0.06623EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2011/01/16 12:0 a.m.•42 views

IO::Socket::SSL: Certificate validation error

Background IO::Socket::SSL is a Perl class implementing an object oriented interface to SSL sockets. Description The vendor reported that IO::Socket::SSL does not properly handle Common Name CN fields. Impact A remote attacker might employ a specially crafted certificate to conduct...

4.3CVSS6.2AI score0.00996EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2011/01/16 12:0 a.m.•41 views

OpenAFS: Arbitrary code execution

Background OpenAFS is a distributed file system. Description Two vulnerabilities were discovered: Simon Wilkinson discovered from a bug report by Toby Blake that the cache manager of OpenAFS contains a heap-based buffer overflow which is related to the use of the ERRPTR macro CVE-2009-1250. A...

10CVSS8AI score0.06438EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/08/07 12:0 a.m.•41 views

libTIFF: User-assisted execution of arbitrary code

Background libTIFF provides support for reading and manipulating TIFF Tagged Image File Format images. Description Two vulnerabilities have been reported in libTIFF: wololo reported a buffer underflow in the LZWDecodeCompat function CVE-2009-2285. Tielei Wang of ICST-ERCIS, Peking University...

9.3CVSS8.7AI score0.07996EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/05/24 12:0 a.m.•41 views

GnuTLS: Multiple vulnerabilities

Background GnuTLS is an Open Source implementation of the TLS 1.0 and SSL 3.0 protocols. Description The following vulnerabilities were found in GnuTLS: Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free...

7.5CVSS6.9AI score0.07922EPSS
Exploits9
Gentoo Linux
Gentoo Linux
•added 2009/03/07 12:0 a.m.•41 views

OpenTTD: Execution of arbitrary code

Background OpenTTD is a clone of Transport Tycoon Deluxe. Description Multiple buffer overflows have been reported in OpenTTD, when storing long for client names CVE-2008-3547, in the TruncateString function in src/gfx.cpp CVE-2008-3576 and in src/openttd.cpp when processing a large filename...

10CVSS7.6AI score0.06272EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/06/23 12:0 a.m.•41 views

OpenSSL: Denial of service

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Ossi Herrala and Jukka Taimisto of Codenomicon discovered two vulnerabilities: A double free call in the...

4.3CVSS8.6AI score0.05EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/12/29 12:0 a.m.•41 views

exiftags: Multiple vulnerabilities

Background exiftags is a library and set of tools for parsing, editing and saving Exif metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered that Exif metadata i...

10CVSS7.3AI score0.0264EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/12/29 12:0 a.m.•41 views

Multi-Threaded DAAP Daemon: Multiple vulnerabilities

Background Multi-Threaded DAAP Daemon mt-daapd, also known as the Firefly Media Server, is a software to serve digital music to the Roku Soundbridge and Apple's iTunes. Description nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The wsaddarg function contai...

7.5CVSS7.4AI score0.05592EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/11/20 12:0 a.m.•41 views

Samba: Execution of arbitrary code

Background Samba is a suite of SMB and CIFS client/server programs for UNIX. Description Two vulnerabilities have been reported in nmbd. Alin Rad Pop Secunia Research discovered a boundary checking error in the replynetbiospacket function which could lead to a stack-based buffer overflow...

9.3CVSS9.7AI score0.1125EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2007/11/18 12:0 a.m.•41 views

Poppler, KDE: User-assisted execution of arbitrary code

Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. KOffice is an integrated office suite for KDE. KWord is the KOffice word processor. KPDF is a KDE-based PDF viewer included in the kdegraphics package. Description Alin Rad Pop Secunia Research discovered sever...

9.3CVSS7.7AI score0.0702EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/10/22 12:0 a.m.•41 views

Star: Directory traversal vulnerability

Background The Star program provides the ability to create and extract tar archives. Description Robert Buchholz of the Gentoo Security team discovered a directory traversal vulnerability in the hasdotdot function which does not identify //.. slash slash dot dot sequences in file names inside tar...

6.8CVSS6.4AI score0.03009EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/05/08 12:0 a.m.•41 views

LibXfont, TightVNC: Multiple vulnerabilities

Background LibXfont is the X.Org font library. TightVNC is a VNC client/server for X displays. Description The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList, bdfReadCharacters and FontFileInitTable. TightVNC contains a local copy of this code and is also...

9CVSS6.6AI score0.05586EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/03/10 12:0 a.m.•41 views

KHTML: Cross-site scripting (XSS) vulnerability

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KHTML is the HTML interpreter used in Konqueror and other parts of KDE. Description The KHTML code allows for the execution of JavaScript code located inside the "Title" HTML element, a relat...

4.3CVSS7AI score0.01796EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/01/23 12:0 a.m.•41 views

OpenLDAP: Insecure usage of /tmp during installation

Background OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. Description Tavis Ormandy of the Gentoo Linux Security Team has discovered that the file gencert.sh distributed with the Gentoo ebuild for OpenLDAP does not exit upon the existence of a...

4.6CVSS6.2AI score0.00347EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/01/04 12:0 a.m.•41 views

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description An anonymous researcher found evidence of memory corruption in the way Mozilla Firefox handles certain types of SVG comment DOM nodes. Additionally, Frederik Reiss discovered a heap-based buffer...

9.3CVSS7.5AI score0.08604EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/12/10 12:0 a.m.•41 views

KOffice shared libraries: Heap corruption

Background KOffice is an integrated office suite for KDE. koffice-libs is a package containing shared librares used by KOffice programs. Description Kees Cook of Ubuntu discovered that 'KLaola::readBigBlockDepot' in klaola.cc fills 'numofbbdblocks' while reading a .ppt PowerPoint file without...

6.8CVSS7.4AI score0.04135EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/28 12:0 a.m.•41 views

LHa: Multiple vulnerabilities

Background LHa is a console-based program for packing and unpacking LHarc archives. Description Tavis Ormandy of the Google Security Team discovered several vulnerabilities in the LZH decompression component used by LHa. The maketable function of unlzh.c contains an array index error and a buffer...

7.5CVSS7.6AI score0.05641EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/11/24 12:0 a.m.•41 views

GNU gv: Stack overflow

Background GNU gv is a viewer for PostScript and PDF documents. Description GNU gv does not properly boundary check user-supplied data before copying it into process buffers. Impact An attacker could entice a user to open a specially crafted document with GNU gv and execute arbitrary code with th...

5.1CVSS7.2AI score0.14838EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/10/24 12:0 a.m.•41 views

OpenSSL: Multiple vulnerabilities

Background OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Description Tavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSLgetsharedciphers function contains a buffer...

10CVSS9.7AI score0.48575EPSS
Exploits10
Gentoo Linux
Gentoo Linux
•added 2006/09/06 12:0 a.m.•41 views

Streamripper: Multiple remote buffer overflows

Background Streamripper extracts and records individual MP3 file tracks from SHOUTcast streams. Description Ulf Harnhammar, from the Debian Security Audit Project, has found that Streamripper is vulnerable to multiple stack based buffer overflows caused by improper bounds checking when processing...

7.5CVSS7.3AI score0.18678EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/09/06 12:0 a.m.•41 views

OpenTTD: Remote Denial of service

Background OpenTTD is a clone of Transport Tycoon Deluxe. Description OpenTTD is vulnerable to a Denial of Service attack due to a flaw in the manner the game server handles errors in command packets. Impact An authenticated attacker can cause a Denial of Service by sending an invalid error numbe...

5CVSS6.3AI score0.09147EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2006/06/09 12:0 a.m.•41 views

WordPress: Arbitrary command execution

Background WordPress is a PHP and MySQL based content management and publishing system. Description rgod discovered that WordPress insufficiently checks the format of cached username data. Impact An attacker could exploit this vulnerability to execute arbitrary commands by sending a specially...

7.5CVSS7.1AI score0.1453EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2006/05/08 12:0 a.m.•41 views

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description Several vulnerabilities were found and fixed in Mozilla Thunderbird. Impact A remote attacker could craft malicious emails that would leverage these issues to inject and execute arbitrary scrip...

10CVSS7.4AI score0.10487EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2006/03/10 12:0 a.m.•41 views

flex: Potential insecure code generation

Background flex is a programming tool used to generate scanners programs which recognize lexical patterns in text. Description Chris Moore discovered a buffer overflow in a special class of lexicographical scanners generated by flex. Only scanners generated by grammars which use either REJECT, or...

7.5CVSS7.1AI score0.04769EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/02/13 12:0 a.m.•41 views

ImageMagick: Format string vulnerability

Background ImageMagick is an application suite to manipulate and convert images. It is often used as a utility backend by web applications like forums, content management systems or picture galleries. Description The SetImageInfo function was found vulnerable to a format string mishandling. Danie...

5.1CVSS7.2AI score0.04344EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/11/06 12:0 a.m.•41 views

OpenVPN: Multiple vulnerabilities

Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description The OpenVPN client contains a format string bug in the handling of the foreignoption in options.c. Furthermore, when the OpenVPN server runs in TCP mode, it may dereference a NULL pointer under specific error...

7.5CVSS6.8AI score0.03478EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/06 12:0 a.m.•41 views

phpLDAPadmin: Authentication bypass

Background phpLDAPadmin is a web-based LDAP client allowing to easily manage LDAP servers. Description Alexander Gerasiov discovered a flaw in login.php preventing the application from validating whether anonymous bind has been disabled in the target LDAP server configuration. Impact Anonymous...

7.5CVSS6.4AI score0.01776EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/16 12:0 a.m.•41 views

AWStats: Arbitrary code execution using malicious Referrer information

Background AWStats is an advanced log file analyzer and statistics generator. In HTTP reports it parses Referrer information in order to display the most common Referrer values that caused users to visit the website. Description When using a URLPlugin, AWStats fails to sanitize Referrer URL data...

5CVSS6.7AI score0.02665EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/04 12:0 a.m.•41 views

WordPress: Multiple vulnerabilities

Background WordPress is a PHP and MySQL based content management and publishing system. Description James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several cross-site...

7.5CVSS7AI score0.79071EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2005/06/19 12:0 a.m.•41 views

PeerCast: Format string vulnerability

Background PeerCast is a media streaming system based on P2P technology. Description James Bercegay of the GulfTech Security Research Team discovered that PeerCast insecurely implements formatted printing when receiving a request with a malformed URL. Impact A remote attacker could exploit this...

7.5CVSS7.1AI score0.11939EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2005/06/06 12:0 a.m.•41 views

Mailutils: SQL Injection

Background GNU Mailutils is a collection of mail-related utilities. Description When GNU Mailutils is built with the "mysql" or "postgres" USE flag, the sqlescapestring function of the authentication module fails to properly escape the "" character, rendering it vulnerable to a SQL command...

7.5CVSS7.6AI score0.0108EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/05/10 12:0 a.m.•41 views

libTIFF: Buffer overflow

Background libTIFF provides support for reading and manipulating TIFF Tag Image File Format images. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag. Impac...

7.5CVSS7.1AI score0.14394EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/30 12:0 a.m.•41 views

Pound: Buffer overflow vulnerability

Background Pound is a reverse proxy, load balancer and HTTPS front-end. Description Steven Van Acker has discovered a buffer overflow vulnerability in the "addport" function in Pound. Impact A remote attacker could send a request for an overly long hostname parameter, which could lead to the remo...

7.5CVSS7.3AI score0.06073EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/02/15 12:0 a.m.•41 views

Emacs, XEmacs: Format string vulnerabilities in movemail

Background GNU Emacs and XEmacs are highly extensible and customizable text editors. movemail is an Emacs utility that can fetch mail on remote mail servers. Description Max Vozeler discovered that the movemail utility contains several format string errors. Impact An attacker could set up a...

7.5CVSS7AI score0.04364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/06 12:0 a.m.•41 views

LessTif: Multiple vulnerabilities in libXpm

Background LessTif is a clone of OSF/Motif, which is a standard user interface toolkit available on Unix and Linux. Description Multiple vulnerabilities, including buffer overflows, out of bounds memory access and directory traversals, have been discovered in libXpm, which is shipped as a part of...

10CVSS7.2AI score0.08698EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/26 12:0 a.m.•41 views

Perl: rmtree and DBI tmpfile vulnerabilities

Background Perl is a cross platform programming language. The DBI is the standard database interface module for Perl. Description Javier Fernandez-Sanguino Pena discovered that the DBI library creates temporary files in an insecure, predictable way CAN-2005-0077. Paul Szabo found out that...

2.6CVSS6.2AI score0.00412EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/04 12:0 a.m.•41 views

a2ps: Multiple vulnerabilities

Background a2ps is an Any to Postscript filter that can convert to Postscript from many filetypes. fixps is a script that fixes errors in Postscript files. psmandup produces a Postscript file for printing in manual duplex mode. Description Javier Fernandez-Sanguino Pena discovered that the a2ps...

10CVSS1.8AI score0.15981EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/11/29 12:0 a.m.•41 views

Sun and Blackdown Java: Applet privilege escalation

Background Sun and Blackdown both provide implementations of Java Development Kits JDK and Java Runtime Environments JRE. All these implementations provide a Java plug-in that can be used to execute Java applets in a restricted environment for web browsers. Description All Java plug-ins are subje...

9.3CVSS3.2AI score0.17018EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/03 12:0 a.m.•41 views

GD: Integer overflow

Background The GD graphics library is an open source library which allows programmers to easily generate PNG, JPEG, GIF and WBMP images from many different programming languages. Description infamous41md found an integer overflow in the memory allocation procedure of the GD routine that handles...

10CVSS7.1AI score0.28255EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/03 12:0 a.m.•41 views

xv: Buffer overflows in image handling

Background xv is a multi-format image manipulation utility. Description Multiple buffer overflow and integer handling vulnerabilities have been discovered in xv's image processing code. These vulnerabilities have been found in the xvbmp.c, xviris.c, xvpcx.c and xvpm.c source files. Impact An...

5.1CVSS7.7AI score0.0343EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/02 12:0 a.m.•41 views

Squid: Denial of service when using NTLM authentication

Background Squid is a full-featured Web Proxy Cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Squid 2.5.x versions contai...

5CVSS6.5AI score0.10655EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/07/04 12:0 a.m.•41 views

Apache 2: Remote denial of service attack

Background The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards. Description A bu...

6.4CVSS7.4AI score0.84784EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/06/16 12:0 a.m.•41 views

Webmin: Multiple vulnerabilities

Background Webmin is a web-based administration tool for Unix. It supports a wide range of applications including Apache, DNS, file sharing and others. Description Webmin contains two security vulnerabilities. One allows any user to view the configuration of any module and the other could allow a...

5CVSS6.5AI score0.02081EPSS
Exploits0
Total number of security vulnerabilities3816