Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2016/12/13 12:0 a.m.40 views

SQUASHFS: Multiple vulnerabilities

Background Squashfs is a compressed read-only filesystem for Linux. Squashfs is intended for general read-only filesystem use, for archival use i.e. in cases where a .tar.gz file may be used, and in constrained block device/memory systems e.g. embedded systems where low overhead is needed...

6.8CVSS7.3AI score0.04047EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/10/29 12:0 a.m.40 views

GNU Wget: Multiple vulnerabilities

Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description Multiple vulnerabilities have been discovered in Wget. Please review the CVE identifier and bug reports referenced for details. Impact A remote...

8.8CVSS1AI score0.45935EPSS
Exploits8
Gentoo Linux
Gentoo Linux
added 2016/10/11 12:0 a.m.40 views

MySQL and MariaDB: Multiple vulnerabilities

Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details. Impact A remote attacker coul...

6.5CVSS7.1AI score0.06964EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/07/16 12:0 a.m.40 views

Cacti: Multiple vulnerabilities

Background Cacti is a complete frontend to rrdtool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or remote...

8.8CVSS9.5AI score0.10773EPSS
Exploits11
Gentoo Linux
Gentoo Linux
added 2016/04/26 12:0 a.m.40 views

Wireshark: Multiple vulnerabilities

Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Remote attackers could cause Denial of Service and local attackers could...

7.8CVSS6.7AI score0.07142EPSS
Exploits15
Gentoo Linux
Gentoo Linux
added 2016/03/12 12:0 a.m.40 views

Libreswan: Multiple Vulnerabilities

Background Libreswan is a free software implementation of the most widely supported and standarized VPN protocol based on “IPsec” and the Internet Key Exchange “IKE”. Description The pluto IKE daemon in Libreswan, when built with NSS, allows remote attackers to cause a Denial of Service assertion...

5CVSS7.6AI score0.02765EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/03/09 12:0 a.m.40 views

Roundcube: Multiple Vulnerabilities

Background Free and open source webmail software for the masses, written in PHP. Description Remote authenticated users with certain permissions can read arbitrary files or possibly execute arbitrary code via .. in the skin parameter to index.php. Additionally, a cross-site scripting XSS...

7.5CVSS7.3AI score0.22212EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2016/01/26 12:0 a.m.40 views

WebKitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact A remote attack can use multiple vectors to execute arbitrary code or cause...

6.8CVSS8.8AI score0.02762EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/08/15 12:0 a.m.40 views

libgadu: Multiple vulnerabilities

Background libgadu is a library that implements the client side of the Gadu-Gadu protocol. Description libgadu contains multiple vulnerabilities: X.509 certificates are not properly validated CVE-2013-4488 A integer overflow error could lead to a buffer overflow CVE-2013-6487 Malformed responses...

7.5CVSS7.2AI score0.08174EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/12/31 12:0 a.m.40 views

MIT Kerberos 5: User-assisted execution of arbitrary code

Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code wit...

8.5CVSS8.2AI score0.08085EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/12/22 12:0 a.m.40 views

PowerDNS Recursor: Multiple vulnerabilities

Background PowerDNS Recursor is a high-end, high-performance resolving name server Description Multiple vulnerabilities have been discovered in PowerDNS Recursor. Please review the CVE identifiers and PowerDNS blog post referenced below for details. Impact A remote attacker may be able to send...

10CVSS7.6AI score0.73532EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/08/29 12:0 a.m.40 views

stunnel: Information disclosure

Background The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server. Description stunnel does not properly update the state of the pseudo-random generator after fork-threading which causes subsequent children with the same process ID to us...

4.3CVSS7.3AI score0.02155EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/05/17 12:0 a.m.40 views

Pango: Multiple vulnerabilities

Background Pango is an internationalized text layout and rendering library Description Multiple vulnerabilities have been discovered in Pango. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could entice a user to load specially crafted text usi...

10CVSS7.5AI score0.18944EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2014/02/21 12:0 a.m.40 views

libTIFF: Multiple vulnerabilities

Background libTIFF provides support for reading and manipulating TIFF Tagged Image File Format images. Description Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...

9.3CVSS9.9AI score0.13521EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/01/21 12:0 a.m.40 views

Poppler: Multiple vulnerabilities

Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted PDF...

7.5CVSS8.3AI score0.10483EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/01/10 12:0 a.m.40 views

libxslt: Denial of service

Background libxslt is the XSLT C library developed for the GNOME project. XSLT is an XML language to define transformations for XML. Description Multiple vulnerabilities have been found in libxslt: Multiple errors exist in pattern.c and functions.c CVE-2012-2870, CVE-2012-6139. A double-free erro...

6.8CVSS8.8AI score0.04286EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2013/09/25 12:0 a.m.40 views

Monkey HTTP Daemon: Multiple vulnerabilities

Background Monkey HTTP Daemon is a lightweight and powerful web server for GNU/Linux. Description Multiple vulnerabilities have been discovered in Monkey HTTP Daemon. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted request,...

6.8CVSS7.5AI score0.20179EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2013/01/08 12:0 a.m.40 views

Tor: Multiple vulnerabilities

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a...

5CVSS6.7AI score0.03146EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/09/26 12:0 a.m.40 views

SQLAlchemy: SQL injection

Background SQLAlchemy is a Python SQL toolkit and Object Relational Mapper. Description SQLAlchemy does not properly sanitize input passed from the “limit” and “offset” keywords to the select function before using it in an SQL query. Impact A remote attacker could exploit this vulnerability to...

7.5CVSS7.2AI score0.02862EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2012/09/26 12:0 a.m.40 views

file: Denial of service

Background file is a utility that guesses a file format by scanning binary data for patterns. Description Multiple out-of-bounds read errors and invalid pointer dereference errors have been found in cdf.c. Impact A remote attacker could entice a user to open a specially crafted Composite Document...

4.3CVSS6.5AI score0.04117EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2012/06/25 12:0 a.m.40 views

mount-cifs: Multiple vulnerabilites

Background mount-cifs is the cifs filesystem mount helper split from Samba. Description Multiple vulnerabilities have been discovered in mount-cifs. Please review the CVE identifiers referenced below for details. Impact The vulnerabilities allow local users to cause a denial of service mtab...

4.4CVSS6.3AI score0.00522EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2012/06/25 12:0 a.m.40 views

Postfix: Multiple vulnerabilities

Background Postfix is Wietse Venema’s mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program. Description A vulnerability have been discovered in Postfix. Please review the CVE identifier referenced below for details. Impact An...

6.8CVSS9.9AI score0.21646EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2012/06/22 12:0 a.m.40 views

virtualenv: Insecure temporary file usage

Background virtualenv is a virtual Python environment builder. Description The virtualenv.py script in virtualenv does not handle temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application...

1.2CVSS6.2AI score0.00324EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/03/06 12:0 a.m.40 views

Puppet: Multiple vulnerabilities

Background Puppet is a system configuration management tool written in Ruby. Description Multiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details. Impact A local attacker could gain elevated privileges, or access and modify arbitrary...

6.9CVSS7.1AI score0.02454EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2012/01/23 12:0 a.m.40 views

MIT Kerberos 5 Applications: Multiple vulnerabilities

Background A suite of applications that implement the Kerberos 5 network protocol from MIT. Description Multiple vulnerabilities have been discovered in MIT Kerberos 5 Applications: An error in the FTP daemon prevents it from dropping its initial effective group identifier CVE-2011-1526. A bounda...

10CVSS8.4AI score0.95104EPSS
Exploits19
Gentoo Linux
Gentoo Linux
added 2012/01/23 12:0 a.m.40 views

FreeType: Multiple vulnerabilities

Background FreeType is a high-quality and portable font engine. Description Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted font, possibly resulting ...

9.3CVSS8.4AI score0.30653EPSS
Exploits15
Gentoo Linux
Gentoo Linux
added 2012/01/23 12:0 a.m.40 views

Firewall Builder: Privilege escalation

Background Firewall Builder is a GUI for easy management of multiple firewall platforms. Description Two vulnerabilities in Firewall Builder allow the iptables and fwbinstall scripts to use temporary files insecurely. Impact A local attacker could possibly overwrite arbitrary files with the...

6.9CVSS6.5AI score0.00411EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2012/01/08 12:0 a.m.40 views

Chromium, V8: Multiple vulnerabilities

Background Chromium is an open source web browser project. V8 is Google's open source JavaScript engine. Description Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact A context-dependent...

7.5CVSS7.5AI score0.01874EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2010/06/01 12:0 a.m.40 views

Wireshark: Multiple vulnerabilities

Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities were found in the Daintree SNA file parser, the SMB, SMB2, IPMI, and DOCSIS dissectors. For further information please consult the CVE entries referenced below. Impact A remote attacker could cause...

9.3CVSS7.4AI score0.06768EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2009/07/12 12:0 a.m.40 views

Adobe Reader: User-assisted execution of arbitrary code

Background Adobe Reader is a PDF reader released by Adobe. Description Multiple vulnerabilities have been reported in Adobe Reader: Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in the JBIG2 filter CVE-2009-0198. Mark Dowd of the IBM Internet Security Systems X-Force and...

10CVSS8.7AI score0.25522EPSS
Exploits11
Gentoo Linux
Gentoo Linux
added 2009/05/02 12:0 a.m.40 views

Asterisk: Multiple vulnerabilities

Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in the IAX2 channel driver when performing the 3-way handshake CVE-2008-1897, when handling a large number of POKE requests CVE-2008-3263, when handling authentication...

7.8CVSS7.2AI score0.28EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2009/04/14 12:0 a.m.40 views

Ventrilo: Denial of service

Background Ventrilo is a Voice over IP group communication server. Description Luigi Auriemma reported a NULL pointer dereference in Ventrilo when processing packets with an invalid version number followed by another packet. Impact A remote attacker could send specially crafted packets to the...

5CVSS6.3AI score0.09812EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/04/03 12:0 a.m.40 views

Gnumeric: Untrusted search path

Background The Gnumeric spreadsheet is a versatile application developed as part of the GNOME Office project. Description James Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric. Impact A local attacker could entice a user to run Gnumeric...

6.9CVSS2.9AI score0.00388EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/04/03 12:0 a.m.40 views

GLib: Execution of arbitrary code

Background The GLib is a library of C routines that is used by a multitude of programs. Description Diego E. Petteno reported multiple integer overflows in glib/gbase64.c when converting a long string from or to a base64 representation. Impact A remote attacker could entice a user or automated...

4.6CVSS7AI score0.00494EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/08/06 12:0 a.m.40 views

Mozilla products: Multiple vulnerabilities

Background Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla...

10CVSS9.9AI score0.13949EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2008/04/15 12:0 a.m.40 views

libpng: Execution of arbitrary code

Background libpng is a free ANSI C library used to process and manipulate PNG images. Description Tavis Ormandy of the Google Security Team discovered that libpng does not handle zero-length unknown chunks in PNG files correctly, which might lead to memory corruption in applications that call...

7.5CVSS7.9AI score0.05514EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/04/06 12:0 a.m.40 views

UnZip: User-assisted execution of arbitrary code

Background Info-ZIP's UnZip is a tool to list and extract files inside PKZIP compressed files. Description Tavis Ormandy of the Google Security Team discovered that the NEEDBITS macro in the inflatedynamic function in the file inflate.c can be invoked using invalid buffers, which can lead to a...

9.3CVSS5.6AI score0.0629EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/02/06 12:0 a.m.40 views

SDL_image: Two buffer overflow vulnerabilities

Background SDLimage is an image file library that loads images as SDL surfaces, and supports various formats like BMP, GIF, JPEG, LBM, PCX, PNG, PNM, TGA, TIFF, XCF, XPM, and XV. Description The LWZReadByte function in file IMGgif.c and the IMGLoadLBMRW function in file IMGlbm.c each contain a...

10CVSS7.5AI score0.10731EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2007/10/24 12:0 a.m.40 views

ImageMagick: Multiple vulnerabilities

Background ImageMagick is a collection of tools and libraries for manipulating various image formats. Description regenrecht reported multiple infinite loops in functions ReadDCMImage and ReadXCFImage CVE-2007-4985, multiple integer overflows when handling certain types of images CVE-2007-4986,...

9.3CVSS6.9AI score0.03819EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2007/09/27 12:0 a.m.40 views

Lighttpd: Buffer overflow

Background Lighttpd is a lightweight HTTP web server. Description Mattias Bengtsson and Philip Olausson have discovered a buffer overflow vulnerability in the function fcgienvadd in the file modfastcgi.c when processing overly long HTTP headers. Impact A remote attacker could send a specially...

6.8CVSS7.3AI score0.12895EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/08/22 12:0 a.m.40 views

Qt: Multiple format string vulnerabilities

Background Qt is a cross-platform GUI framework, which is used e.g. by KDE. Description Tim Brown of Portcullis Computer Security Ltd and Dirk Mueller of KDE reported multiple format string errors in qWarning calls in files qtextedit.cpp, qdatatable.cpp, qsqldatabase.cpp, qsqlindex.cpp,...

6.8CVSS6.8AI score0.04203EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/08/09 12:0 a.m.40 views

GD: Multiple vulnerabilities

Background GD is a graphic library for fast image creation. Description Xavier Roche discovered an infinite loop in the gdPngReadData function when processing a truncated PNG file CVE-2007-2756. An integer overflow has been discovered in the gdImageCreateTrueColor function CVE-2007-3472. An error...

5CVSS8.6AI score0.13311EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/04/03 12:0 a.m.40 views

OpenAFS: Privilege escalation

Background OpenAFS is a distributed network filesystem. Description Benjamin Bennett discovered that the OpenAFS client contains a design flaw where cache managers do not use authenticated server connections when performing actions not requested by a user. Impact If setuid is enabled on the clien...

7.5CVSS6.5AI score0.02522EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/18 12:0 a.m.40 views

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla Project. Description Georgi Guninski reported a possible integer overflow in the code handling text/enhanced or text/richtext MIME emails. Additionally, various researchers reported errors in the JavaScript engi...

9.3CVSS7.3AI score0.5036EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/16 12:0 a.m.40 views

Apache JK Tomcat Connector: Remote execution of arbitrary code

Background The Apache HTTP server is a very widely used web server. modjk provides the JK module for connecting Tomcat and Apache using the ajp13 protocol. Description ZDI reported an unsafe memory copy in modjk that was discovered by an anonymous researcher in the mapuritoworker function of...

7.5CVSS7.1AI score0.81513EPSS
Exploits8
Gentoo Linux
Gentoo Linux
added 2007/03/02 12:0 a.m.40 views

ClamAV: Denial of service

Background ClamAV is a GPL virus scanner. Description An anonymous researcher discovered a file descriptor leak error in the processing of CAB archives and a lack of validation of the "id" parameter string used to create local files when parsing MIME headers. Impact A remote attacker can send...

7.5CVSS8.9AI score0.03758EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/01/31 12:0 a.m.40 views

thttpd: Unauthenticated remote file access

Background thttpd is a webserver designed to be simple, small, and fast. Description thttpd is vulnerable to an underlying change made to the start-stop-daemon command in the current stable Gentoo baselayout package version 1.12.6. In the new version, the start-stop-daemon command performs a "chd...

5CVSS6.6AI score0.02834EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/10/24 12:0 a.m.40 views

Apache mod_tcl: Format string vulnerability

Background Apache modtcl is a TCL interpreting module for the Apache 2.x web server. Description Sparfell discovered format string errors in calls to the setvar function in tclcmds.c and tclcore.c. Impact A remote attacker could exploit the vulnerability to execute arbitrary code with the rights ...

6.8CVSS7.3AI score0.15858EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/08/28 12:0 a.m.40 views

X.org and some X.org libraries: Local privilege escalations

Background X.org is an implementation of the X Window System. Description Several X.org libraries and X.org itself contain system calls to setuid functions, without checking their result. Impact Local users could deliberately exceed their assigned resource limits and elevate their privileges afte...

7.2CVSS6.6AI score0.00434EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/07/09 12:0 a.m.40 views

FreeType: Multiple integer overflows

Background FreeType is a portable font engine. Description Multiple integer overflows exist in a variety of files bdf/bdflib.c, sfnt/ttcmap.c, cff/cffgload.c, base/ftmac.c. Impact A remote attacker could exploit these buffer overflows by enticing a user to load a specially crafted font, which cou...

7.5CVSS6.8AI score0.04853EPSS
Exploits0
Total number of security vulnerabilities3816