Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2006/06/22 12:0 a.m.•40 views

aRts: Privilege escalation

Background aRts is a real time modular system for synthesizing audio used by KDE. artswrapper is a helper application used to start the aRts daemon. Description artswrapper fails to properly check whether it can drop privileges accordingly if setuid fails due to a user exceeding assigned resource...

7.8CVSS7.3AI score0.00385EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/15 12:0 a.m.•40 views

PAM-MySQL: Multiple vulnerabilities

Background PAM-MySQL is a PAM module used to authenticate users against a MySQL backend. Description A flaw in handling the result of pamgetitem as well as further unspecified flaws were discovered in PAM-MySQL. Impact By exploiting the mentioned flaws an attacker can cause a Denial of Service an...

7.5CVSS6.4AI score0.06324EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/05/06 12:0 a.m.•40 views

rsync: Potential integer overflow

Background rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. Description An integer overflow was found in the receivexattr function from the extended...

7.5CVSS7.1AI score0.03633EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/04/26 12:0 a.m.•40 views

xine-ui: Format string vulnerabilities

Background xine-ui is a skin-based user interface for xine. xine is a free multimedia player. It plays CDs, DVDs, and VCDs, and can also decode other common multimedia formats. Description Ludwig Nussel discovered that xine-ui incorrectly implements formatted printing. Impact By constructing a...

7.5CVSS7.5AI score0.14259EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/03/10 12:0 a.m.•40 views

GnuPG: Incorrect signature verification

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software that may be used without restriction, as it does not rely on any patented algorithms. GnuPG can be used to digitally sign messages, a method of ensuring the authenticity of a message using...

5CVSS6.6AI score0.02373EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/25 12:0 a.m.•40 views

Macromedia Flash Player: Remote arbitrary code execution

Background The Macromedia Flash Player is a renderer for the popular SWF filetype which is commonly used to provide interactive websites, digital experiences and mobile content. Description When handling a SWF file, the Macromedia Flash Player incorrectly validates the frame type identifier store...

5.1CVSS7.1AI score0.06756EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/09/26 12:0 a.m.•40 views

Qt: Buffer overflow in the included zlib library

Background Qt is a cross-platform GUI toolkit used by KDE. Description Qt links to a bundled vulnerable version of zlib when emerged with the zlib USE-flag disabled. This may lead to a buffer overflow. Impact By creating a specially crafted compressed data stream, attackers can overwrite data...

7.5CVSS9.8AI score0.05476EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2005/08/31 12:0 a.m.•40 views

phpWebSite: Arbitrary command execution through XML-RPC and SQL injection

Background phpWebSite is a web site content management system. Description phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, "matrixkiller" reported that phpWebSite is vulnerable to an SQL injection attack. Impact A...

7.5CVSS7.6AI score0.05091EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/01 12:0 a.m.•40 views

Compress::Zlib: Buffer overflow

Background The Compress::Zlib is a Perl module which provides an interface to the zlib compression library. Description Compress::Zlib 1.34 contains a local vulnerable version of zlib, which may lead to a buffer overflow. Impact By creating a specially crafted compressed data stream, attackers ca...

7.5CVSS9.7AI score0.05476EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2005/07/15 12:0 a.m.•40 views

PHP: Script injection through XML-RPC

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description James Bercegay has discovered that the XML-RPC implementation in PHP...

7.5CVSS7AI score0.79071EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2005/07/06 12:0 a.m.•40 views

zlib: Buffer overflow

Background zlib is a widely used free and patent unencumbered data compression library. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a buffer overflow in zlib. A bounds checking operation failed to take invalid data into account, allowing a specifically malformed...

7.5CVSS7.5AI score0.05476EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2005/06/11 12:0 a.m.•40 views

GNU shtool, ocaml-mysql: Insecure temporary file creation

Background GNU shtool is a compilation of small shell scripts into a single shell tool. The ocaml-mysql package includes the GNU shtool code. Description Eric Romang has discovered that GNU shtool insecurely creates temporary files with predictable filenames CAN-2005-1751. On closer inspection,...

3.7CVSS6.1AI score0.00387EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/05/27 12:0 a.m.•40 views

Mailutils: Multiple vulnerabilities in imap4d and mail

Background GNU Mailutils is a collection of mail-related utilities, including an IMAP4 server imap4d and a Mail User Agent mail. Description infamous41d discovered several vulnerabilities in GNU Mailutils. imap4d does not correctly implement formatted printing of command tags CAN-2005-1523, fails...

7.5CVSS7.7AI score0.09782EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/05/15 12:0 a.m.•40 views

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is a SQL compliant, open source object-relational database management system. Description PostgreSQL gives public EXECUTE access to a number of character conversion routines, but doesn't validate the given arguments CAN-2005-1409. It has also been reported that the...

7.5CVSS6.8AI score0.02045EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/22 12:0 a.m.•40 views

RealPlayer, Helix Player: Buffer overflow vulnerability

Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Helix Player is the Open Source version of RealPlayer. Description Piotr Bania has discovered a buffer overflow vulnerability in RealPlayer and Helix Player when processing malicious RAM files. Impa...

5.1CVSS7.5AI score0.03373EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/01 12:0 a.m.•40 views

telnet-bsd: Multiple buffer overflows

Background telnet-bsd provides a command line telnet client which is used for remote login using the telnet protocol. Description A buffer overflow has been identified in the envoptadd function of telnet-bsd, where a response requiring excessive escaping can cause a heap-based buffer overflow...

7.5CVSS7.5AI score0.27073EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/16 12:0 a.m.•40 views

wpa_supplicant: Buffer overflow vulnerability

Background wpasupplicant is a WPA Supplicant with support for WPA and WPA2 IEEE 802.11i / RSN. Description wpasupplicant contains a possible buffer overflow due to the lacking validation of received EAPOL-Key frames. Impact An attacker could cause the crash of wpasupplicant using a specially...

5CVSS6.7AI score0.02697EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/15 12:0 a.m.•40 views

lighttpd: Script source disclosure

Background lighttpd is a small-footprint, fast, compliant and very flexible web-server which is optimized for high-performance environments. Description lighttpd uses file extensions to determine which elements are programs that should be executed and which are static pages that should be sent...

5CVSS6.5AI score0.01716EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/08 12:0 a.m.•40 views

Python: Arbitrary code execution through SimpleXMLRPCServer

Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Graham Dumpleton discovered that XML-RPC servers making use of the SimpleXMLRPCServer library that use the registerinstance method to register an object without a dispatch method ar...

7.5CVSS7.2AI score0.05219EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/24 12:0 a.m.•40 views

Evolution: Integer overflow in camel-lock-helper

Background Evolution is a GNOME groupware application similar to Microsoft Outlook. Description Max Vozeler discovered an integer overflow in the camel-lock-helper application, which is installed as setgid mail by default. Impact A local attacker could exploit this vulnerability to execute...

9.8CVSS7.2AI score0.03179EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/23 12:0 a.m.•40 views

teTeX, pTeX, CSTeX: Multiple vulnerabilities

Background teTeX is a complete and open source TeX distribution. CSTeX is another TeX distribution including Czech and Slovak support. pTeX is another alternative that allows Japanese publishing with TeX. xdvizilla is an auxiliary script used to integrate DVI file viewing in Mozilla-based browser...

10CVSS6.9AI score0.09334EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/12/05 12:0 a.m.•40 views

PDFlib: Multiple overflows in the included TIFF library

Background PDFlib is a library providing functions to handle PDF files. It includes a modified TIFF library used to process TIFF images. Description The TIFF library is subject to several known vulnerabilities see GLSA 200410-11. Most of these overflows also apply to PDFlib. Impact A remote...

7.5CVSS7.1AI score0.08268EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/11/02 12:0 a.m.•40 views

Speedtouch USB driver: Privilege escalation vulnerability

Background The speedtouch package contains a driver for the ADSL SpeedTouch USB modem. Description The Speedtouch USB driver contains multiple format string vulnerabilities in modemrun, pppoa2 and pppoa3. This flaw is due to an improperly made syslog system call. Impact A malicious local user cou...

7.2CVSS7AI score0.00433EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/24 12:0 a.m.•40 views

MySQL: Multiple vulnerabilities

Background MySQL is a popular open-source, multi-threaded, multi-user SQL database server. Description The following vulnerabilities were found and fixed in MySQL: Oleksandr Byelkin found that ALTER TABLE ... RENAME checks CREATE/INSERT rights of the old table instead of the new one CAN-2004-0835...

10CVSS8AI score0.22352EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2004/07/29 12:0 a.m.•40 views

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a popular, web-based MySQL administration tool written in PHP. It allows users to administer a MySQL database from a web-browser. Description Two serious vulnerabilities exist in phpMyAdmin. The first allows any user to alter the server configuration variables including...

7.5CVSS2.9AI score0.09353EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2004/06/17 12:0 a.m.•40 views

aspell: Buffer overflow in word-list-compress

Background aspell is a popular spell-checker. Dictionaries are available for many languages. Description aspell includes a utility for handling wordlists called word-list-compress. This utility fails to do proper bounds checking when processing words longer than 256 bytes. Impact If an attacker...

7.2CVSS7AI score0.00919EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/04/06 12:0 a.m.•40 views

Multiple vulnerabilities in sysstat

Background sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools Description There are two vulnerabilities in the way sysstat handles symlinks: 1. The isag utility, which displays sysstat data in a graphical format,...

4.6CVSS6.6AI score0.00392EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2003/11/22 12:0 a.m.•40 views

glibc: getgrouplist buffer overflow vulnerability

Background glibc is the GNU C library. Description A bug in the getgrouplist function can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segmentation faults in user applications. This vulnerability exists only when an...

7.5CVSS6.7AI score0.02122EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/09/22 12:0 a.m.•39 views

calibre: Multiple Vulnerabilities

Background calibre is a powerful and easy to use e-book manager. Description Multiple vulnerabilities have been discovered in calibre. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

9.8CVSS7.6AI score0.83393EPSS
Exploits11
Gentoo Linux
Gentoo Linux
•added 2024/02/18 12:0 a.m.•39 views

QtNetwork: Multiple Vulnerabilities

Background QtNetwork provides a set of APIs for programming applications that use TCP/IP. It is part of the Qt framework. Description Multiple vulnerabilities have been discovered in QtNetwork. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.8CVSS7.6AI score0.00986EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2023/10/30 12:0 a.m.•39 views

Rack: Multiple Vulnerabilities

Background Rack is a modular Ruby web server interface. Description Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details. Impact A possible denial of service vulnerability was found in the multipart parsing component of Rack. A...

10CVSS7.4AI score0.02056EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2023/10/26 12:0 a.m.•39 views

libinput: format string vulnerability when using xf86-input-libinput

Background A library to handle input devices in Wayland and, via xf86-input-libinput, in X.org. Description An attacker may be able to run malicious code by exploiting a format string vulnerability. Please review the CVE identifier referenced below for details. Impact When a device is detected by...

7.8CVSS7.2AI score0.00364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2023/09/30 12:0 a.m.•39 views

wpa_supplicant, hostapd: Multiple Vulnerabilities

Background wpasupplicant is a WPA Supplicant with support for WPA and WPA2 IEEE 802.11i / RSN. hostapd is a user space daemon for access point and authentication servers. Description Multiple vulnerabilities have been discovered in hostapd and wpasupplicant. Please review the CVE identifiers...

9.8CVSS7.6AI score0.02944EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2023/05/21 12:0 a.m.•39 views

OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities

Background Modsecurity Core Rule Set is the OWASP ModSecurity Core Rule Set. Description Multiple vulnerabilities have been discovered in OWASP ModSecurity Core Rule Set. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...

9.8CVSS7.4AI score0.02542EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2023/05/03 12:0 a.m.•39 views

Vim, gVim: Multiple Vulnerabilities

Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description Multiple vulnerabilities have been discovered in Vim, gVim. Please review the CVE identifiers referenced below for details. Impact Please review the...

9.8CVSS8.8AI score0.03104EPSS
Exploits83
Gentoo Linux
Gentoo Linux
•added 2023/05/03 12:0 a.m.•39 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

9.8CVSS7.2AI score0.00921EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2022/10/31 12:0 a.m.•39 views

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

8.8CVSS3AI score0.0083EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2022/09/29 12:0 a.m.•39 views

Go: Multiple Vulnerabilities

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

7.5CVSS8.5AI score0.02607EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2022/09/07 12:0 a.m.•39 views

OpenSC: Multiple Vulnerabilities

Background OpenSC contains tools and libraries for smart cards. Description Multiple vulnerabilities have been discovered in OpenSC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

5.3CVSS2.9AI score0.02805EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/11/03 12:0 a.m.•39 views

Fossil: Multiple vulnerabilities

Background Fossil is a simple, high-reliability, distributed software configuration management system. Description Multiple vulnerabilities have been discovered in Fossil. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...

8.8CVSS3.8AI score0.03122EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/07/26 12:0 a.m.•39 views

NTP: Multiple vulnerabilities

Background NTP contains software for the Network Time Protocol. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaroun...

7.5CVSS2.5AI score0.04071EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/06/15 12:0 a.m.•39 views

PCRE2: Denial of service

Background PCRE2 is a project based on PCRE Perl Compatible Regular Expressions which has a new and revised API. Description PCRE2 has a flaw when handling JIT-compiled regex using the \X pattern. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known...

7.5CVSS2.5AI score0.01561EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2020/06/10 12:0 a.m.•39 views

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

9.6CVSS1.9AI score0.06414EPSS
Exploits13
Gentoo Linux
Gentoo Linux
•added 2020/05/14 12:0 a.m.•39 views

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

8.8CVSS3.3AI score0.00527EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2020/05/12 12:0 a.m.•39 views

Squid: Multiple vulnerabilities

Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Multiple vulnerabilities ha...

9.8CVSS0.4AI score0.27246EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2019/08/15 12:0 a.m.•39 views

LibreOffice: Multiple vulnerabilities

Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact...

9.8CVSS3.4AI score0.31215EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2019/08/15 12:0 a.m.•39 views

polkit: Multiple vulnerabilities

Background polkit is a toolkit for managing policies relating to unprivileged processes communicating with privileged processes. Description Multiple vulnerabilities have been discovered in polkit. Please review the CVE identifiers referenced below for details. Impact Please review the referenced...

9CVSS3.4AI score0.11483EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2017/01/01 12:0 a.m.•39 views

Open vSwitch: Remote execution of arbitrary code

Background Open vSwitch is a production quality multilayer virtual switch. Description A buffer overflow was discovered in lib/flow.c in ovs-vswitchd. Impact A remote attacker, using a specially crafted MPLS packet, could execute arbitrary code. Workaround There is no known workaround at this tim...

9.8CVSS5.9AI score0.06279EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2016/12/31 12:0 a.m.•39 views

libjpeg-turbo: User-assisted execution of arbitrary code

Background libjpeg-turbo is a JPEG image codec that uses SIMD instructions MMX, SSE2, NEON, AltiVec to accelerate baseline JPEG compression and decompression. Description The accelerated Huffman decoder was previously invoked if there were 128 bytes in the input buffer. However, it is possible to...

7.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2016/12/13 12:0 a.m.•39 views

GPL Ghostscript: User-assisted execution of arbitrary code

Background Ghostscript is an interpreter for the PostScript language and for PDF. Description An integer overflow flaw was discovered that leads to an out-of-bounds read and write in gsttf.ps. Impact A remote attacker could entice a user to open a specially crafted file, possibly resulting in the...

6.8CVSS7.1AI score0.03748EPSS
Exploits0
Total number of security vulnerabilities3816