Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2008/06/23 12:0 a.m.40 views

FreeType: User-assisted execution of arbitrary code

Background FreeType is a font rendering library for TrueType Font TTF and Printer Font Binary PFB. Description Regenrecht reported multiple vulnerabilities in FreeType via iDefense: An integer overflow when parsing values in the Private dictionary table in a PFB file, leading to a heap-based buff...

7.5CVSS7.8AI score0.04217EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/05/11 12:0 a.m.40 views

Pngcrush: User-assisted execution of arbitrary code

Background Pngcrush is a multi platform optimizer for PNG Portable Network Graphics files. Description It has been reported that Pngcrush includes a copy of libpng that is vulnerable to a memory corruption GLSA 200804-15. Impact A remote attacker could entice a user to process a specially crafted...

7.5CVSS7.8AI score0.05514EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/04/15 12:0 a.m.40 views

libpng: Execution of arbitrary code

Background libpng is a free ANSI C library used to process and manipulate PNG images. Description Tavis Ormandy of the Google Security Team discovered that libpng does not handle zero-length unknown chunks in PNG files correctly, which might lead to memory corruption in applications that call...

7.5CVSS7.9AI score0.05514EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/04/06 12:0 a.m.40 views

UnZip: User-assisted execution of arbitrary code

Background Info-ZIP's UnZip is a tool to list and extract files inside PKZIP compressed files. Description Tavis Ormandy of the Google Security Team discovered that the NEEDBITS macro in the inflatedynamic function in the file inflate.c can be invoked using invalid buffers, which can lead to a...

9.3CVSS5.6AI score0.0629EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/10/24 12:0 a.m.40 views

ImageMagick: Multiple vulnerabilities

Background ImageMagick is a collection of tools and libraries for manipulating various image formats. Description regenrecht reported multiple infinite loops in functions ReadDCMImage and ReadXCFImage CVE-2007-4985, multiple integer overflows when handling certain types of images CVE-2007-4986,...

9.3CVSS6.9AI score0.03819EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2007/08/22 12:0 a.m.40 views

Qt: Multiple format string vulnerabilities

Background Qt is a cross-platform GUI framework, which is used e.g. by KDE. Description Tim Brown of Portcullis Computer Security Ltd and Dirk Mueller of KDE reported multiple format string errors in qWarning calls in files qtextedit.cpp, qdatatable.cpp, qsqldatabase.cpp, qsqlindex.cpp,...

6.8CVSS6.8AI score0.04203EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/04/03 12:0 a.m.40 views

OpenAFS: Privilege escalation

Background OpenAFS is a distributed network filesystem. Description Benjamin Bennett discovered that the OpenAFS client contains a design flaw where cache managers do not use authenticated server connections when performing actions not requested by a user. Impact If setuid is enabled on the clien...

7.5CVSS6.5AI score0.02522EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/18 12:0 a.m.40 views

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla Project. Description Georgi Guninski reported a possible integer overflow in the code handling text/enhanced or text/richtext MIME emails. Additionally, various researchers reported errors in the JavaScript engi...

9.3CVSS7.3AI score0.5036EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/16 12:0 a.m.40 views

Apache JK Tomcat Connector: Remote execution of arbitrary code

Background The Apache HTTP server is a very widely used web server. modjk provides the JK module for connecting Tomcat and Apache using the ajp13 protocol. Description ZDI reported an unsafe memory copy in modjk that was discovered by an anonymous researcher in the mapuritoworker function of...

7.5CVSS7.1AI score0.81513EPSS
Exploits8
Gentoo Linux
Gentoo Linux
added 2007/03/02 12:0 a.m.40 views

ClamAV: Denial of service

Background ClamAV is a GPL virus scanner. Description An anonymous researcher discovered a file descriptor leak error in the processing of CAB archives and a lack of validation of the "id" parameter string used to create local files when parsing MIME headers. Impact A remote attacker can send...

7.5CVSS8.9AI score0.03758EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/01/31 12:0 a.m.40 views

thttpd: Unauthenticated remote file access

Background thttpd is a webserver designed to be simple, small, and fast. Description thttpd is vulnerable to an underlying change made to the start-stop-daemon command in the current stable Gentoo baselayout package version 1.12.6. In the new version, the start-stop-daemon command performs a "chd...

5CVSS6.6AI score0.02834EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/10/24 12:0 a.m.40 views

Apache mod_tcl: Format string vulnerability

Background Apache modtcl is a TCL interpreting module for the Apache 2.x web server. Description Sparfell discovered format string errors in calls to the setvar function in tclcmds.c and tclcore.c. Impact A remote attacker could exploit the vulnerability to execute arbitrary code with the rights ...

6.8CVSS7.3AI score0.15858EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/08/28 12:0 a.m.40 views

X.org and some X.org libraries: Local privilege escalations

Background X.org is an implementation of the X Window System. Description Several X.org libraries and X.org itself contain system calls to setuid functions, without checking their result. Impact Local users could deliberately exceed their assigned resource limits and elevate their privileges afte...

7.2CVSS6.6AI score0.00434EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/07/09 12:0 a.m.40 views

FreeType: Multiple integer overflows

Background FreeType is a portable font engine. Description Multiple integer overflows exist in a variety of files bdf/bdflib.c, sfnt/ttcmap.c, cff/cffgload.c, base/ftmac.c. Impact A remote attacker could exploit these buffer overflows by enticing a user to load a specially crafted font, which cou...

7.5CVSS6.8AI score0.04853EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/06/28 12:0 a.m.40 views

Mutt: Buffer overflow

Background Mutt is a small but very powerful text-based mail client. Description TAKAHASHI Tamotsu has discovered that Mutt contains a boundary error in the "browsegetnamespace" function in browse.c, which can be triggered when receiving an overly long namespace from an IMAP server. Impact A...

7.5CVSS7.3AI score0.05889EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/06/22 12:0 a.m.40 views

aRts: Privilege escalation

Background aRts is a real time modular system for synthesizing audio used by KDE. artswrapper is a helper application used to start the aRts daemon. Description artswrapper fails to properly check whether it can drop privileges accordingly if setuid fails due to a user exceeding assigned resource...

7.8CVSS7.3AI score0.00385EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/06/15 12:0 a.m.40 views

PAM-MySQL: Multiple vulnerabilities

Background PAM-MySQL is a PAM module used to authenticate users against a MySQL backend. Description A flaw in handling the result of pamgetitem as well as further unspecified flaws were discovered in PAM-MySQL. Impact By exploiting the mentioned flaws an attacker can cause a Denial of Service an...

7.5CVSS6.4AI score0.06324EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/05/06 12:0 a.m.40 views

rsync: Potential integer overflow

Background rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. Description An integer overflow was found in the receivexattr function from the extended...

7.5CVSS7.1AI score0.03633EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/04/26 12:0 a.m.40 views

xine-ui: Format string vulnerabilities

Background xine-ui is a skin-based user interface for xine. xine is a free multimedia player. It plays CDs, DVDs, and VCDs, and can also decode other common multimedia formats. Description Ludwig Nussel discovered that xine-ui incorrectly implements formatted printing. Impact By constructing a...

7.5CVSS7.5AI score0.14259EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/03/10 12:0 a.m.40 views

GnuPG: Incorrect signature verification

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software that may be used without restriction, as it does not rely on any patented algorithms. GnuPG can be used to digitally sign messages, a method of ensuring the authenticity of a message using...

5CVSS6.6AI score0.02373EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/11/25 12:0 a.m.40 views

Macromedia Flash Player: Remote arbitrary code execution

Background The Macromedia Flash Player is a renderer for the popular SWF filetype which is commonly used to provide interactive websites, digital experiences and mobile content. Description When handling a SWF file, the Macromedia Flash Player incorrectly validates the frame type identifier store...

5.1CVSS7.1AI score0.06756EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/09/26 12:0 a.m.40 views

Qt: Buffer overflow in the included zlib library

Background Qt is a cross-platform GUI toolkit used by KDE. Description Qt links to a bundled vulnerable version of zlib when emerged with the zlib USE-flag disabled. This may lead to a buffer overflow. Impact By creating a specially crafted compressed data stream, attackers can overwrite data...

7.5CVSS9.8AI score0.05476EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2005/08/31 12:0 a.m.40 views

phpWebSite: Arbitrary command execution through XML-RPC and SQL injection

Background phpWebSite is a web site content management system. Description phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, "matrixkiller" reported that phpWebSite is vulnerable to an SQL injection attack. Impact A...

7.5CVSS7.6AI score0.05091EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/08/01 12:0 a.m.40 views

Compress::Zlib: Buffer overflow

Background The Compress::Zlib is a Perl module which provides an interface to the zlib compression library. Description Compress::Zlib 1.34 contains a local vulnerable version of zlib, which may lead to a buffer overflow. Impact By creating a specially crafted compressed data stream, attackers ca...

7.5CVSS9.7AI score0.05476EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2005/07/15 12:0 a.m.40 views

PHP: Script injection through XML-RPC

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description James Bercegay has discovered that the XML-RPC implementation in PHP...

7.5CVSS7AI score0.79071EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2005/07/06 12:0 a.m.40 views

zlib: Buffer overflow

Background zlib is a widely used free and patent unencumbered data compression library. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a buffer overflow in zlib. A bounds checking operation failed to take invalid data into account, allowing a specifically malformed...

7.5CVSS7.5AI score0.05476EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2005/06/11 12:0 a.m.40 views

GNU shtool, ocaml-mysql: Insecure temporary file creation

Background GNU shtool is a compilation of small shell scripts into a single shell tool. The ocaml-mysql package includes the GNU shtool code. Description Eric Romang has discovered that GNU shtool insecurely creates temporary files with predictable filenames CAN-2005-1751. On closer inspection,...

3.7CVSS6.1AI score0.00387EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/05/27 12:0 a.m.40 views

Mailutils: Multiple vulnerabilities in imap4d and mail

Background GNU Mailutils is a collection of mail-related utilities, including an IMAP4 server imap4d and a Mail User Agent mail. Description infamous41d discovered several vulnerabilities in GNU Mailutils. imap4d does not correctly implement formatted printing of command tags CAN-2005-1523, fails...

7.5CVSS7.7AI score0.09782EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/05/15 12:0 a.m.40 views

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is a SQL compliant, open source object-relational database management system. Description PostgreSQL gives public EXECUTE access to a number of character conversion routines, but doesn't validate the given arguments CAN-2005-1409. It has also been reported that the...

7.5CVSS6.8AI score0.02045EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/04/22 12:0 a.m.40 views

RealPlayer, Helix Player: Buffer overflow vulnerability

Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Helix Player is the Open Source version of RealPlayer. Description Piotr Bania has discovered a buffer overflow vulnerability in RealPlayer and Helix Player when processing malicious RAM files. Impa...

5.1CVSS7.5AI score0.03373EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/04/01 12:0 a.m.40 views

telnet-bsd: Multiple buffer overflows

Background telnet-bsd provides a command line telnet client which is used for remote login using the telnet protocol. Description A buffer overflow has been identified in the envoptadd function of telnet-bsd, where a response requiring excessive escaping can cause a heap-based buffer overflow...

7.5CVSS7.5AI score0.27073EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/16 12:0 a.m.40 views

wpa_supplicant: Buffer overflow vulnerability

Background wpasupplicant is a WPA Supplicant with support for WPA and WPA2 IEEE 802.11i / RSN. Description wpasupplicant contains a possible buffer overflow due to the lacking validation of received EAPOL-Key frames. Impact An attacker could cause the crash of wpasupplicant using a specially...

5CVSS6.7AI score0.02697EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/15 12:0 a.m.40 views

lighttpd: Script source disclosure

Background lighttpd is a small-footprint, fast, compliant and very flexible web-server which is optimized for high-performance environments. Description lighttpd uses file extensions to determine which elements are programs that should be executed and which are static pages that should be sent...

5CVSS6.5AI score0.01716EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/08 12:0 a.m.40 views

Python: Arbitrary code execution through SimpleXMLRPCServer

Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Graham Dumpleton discovered that XML-RPC servers making use of the SimpleXMLRPCServer library that use the registerinstance method to register an object without a dispatch method ar...

7.5CVSS7.2AI score0.05219EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/24 12:0 a.m.40 views

Evolution: Integer overflow in camel-lock-helper

Background Evolution is a GNOME groupware application similar to Microsoft Outlook. Description Max Vozeler discovered an integer overflow in the camel-lock-helper application, which is installed as setgid mail by default. Impact A local attacker could exploit this vulnerability to execute...

9.8CVSS7.2AI score0.03179EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/23 12:0 a.m.40 views

teTeX, pTeX, CSTeX: Multiple vulnerabilities

Background teTeX is a complete and open source TeX distribution. CSTeX is another TeX distribution including Czech and Slovak support. pTeX is another alternative that allows Japanese publishing with TeX. xdvizilla is an auxiliary script used to integrate DVI file viewing in Mozilla-based browser...

10CVSS6.9AI score0.09334EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/11/02 12:0 a.m.40 views

Speedtouch USB driver: Privilege escalation vulnerability

Background The speedtouch package contains a driver for the ADSL SpeedTouch USB modem. Description The Speedtouch USB driver contains multiple format string vulnerabilities in modemrun, pppoa2 and pppoa3. This flaw is due to an improperly made syslog system call. Impact A malicious local user cou...

7.2CVSS7AI score0.00433EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/10/24 12:0 a.m.40 views

MySQL: Multiple vulnerabilities

Background MySQL is a popular open-source, multi-threaded, multi-user SQL database server. Description The following vulnerabilities were found and fixed in MySQL: Oleksandr Byelkin found that ALTER TABLE ... RENAME checks CREATE/INSERT rights of the old table instead of the new one CAN-2004-0835...

10CVSS8AI score0.22352EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2004/07/29 12:0 a.m.40 views

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a popular, web-based MySQL administration tool written in PHP. It allows users to administer a MySQL database from a web-browser. Description Two serious vulnerabilities exist in phpMyAdmin. The first allows any user to alter the server configuration variables including...

7.5CVSS2.9AI score0.09353EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2004/06/17 12:0 a.m.40 views

aspell: Buffer overflow in word-list-compress

Background aspell is a popular spell-checker. Dictionaries are available for many languages. Description aspell includes a utility for handling wordlists called word-list-compress. This utility fails to do proper bounds checking when processing words longer than 256 bytes. Impact If an attacker...

7.2CVSS7AI score0.00919EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/04/06 12:0 a.m.40 views

Multiple vulnerabilities in sysstat

Background sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools Description There are two vulnerabilities in the way sysstat handles symlinks: 1. The isag utility, which displays sysstat data in a graphical format,...

4.6CVSS6.6AI score0.00392EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/02/18 12:0 a.m.39 views

QtNetwork: Multiple Vulnerabilities

Background QtNetwork provides a set of APIs for programming applications that use TCP/IP. It is part of the Qt framework. Description Multiple vulnerabilities have been discovered in QtNetwork. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.8CVSS7.6AI score0.00986EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2023/10/30 12:0 a.m.39 views

Rack: Multiple Vulnerabilities

Background Rack is a modular Ruby web server interface. Description Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details. Impact A possible denial of service vulnerability was found in the multipart parsing component of Rack. A...

10CVSS7.4AI score0.02056EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2023/10/26 12:0 a.m.39 views

libinput: format string vulnerability when using xf86-input-libinput

Background A library to handle input devices in Wayland and, via xf86-input-libinput, in X.org. Description An attacker may be able to run malicious code by exploiting a format string vulnerability. Please review the CVE identifier referenced below for details. Impact When a device is detected by...

7.8CVSS7.2AI score0.00364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2023/05/21 12:0 a.m.39 views

OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities

Background Modsecurity Core Rule Set is the OWASP ModSecurity Core Rule Set. Description Multiple vulnerabilities have been discovered in OWASP ModSecurity Core Rule Set. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...

9.8CVSS7.4AI score0.02542EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.39 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

9.8CVSS7.2AI score0.00921EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.39 views

Vim, gVim: Multiple Vulnerabilities

Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description Multiple vulnerabilities have been discovered in Vim, gVim. Please review the CVE identifiers referenced below for details. Impact Please review the...

9.8CVSS8.8AI score0.03104EPSS
Exploits83
Gentoo Linux
Gentoo Linux
added 2022/10/31 12:0 a.m.39 views

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

8.8CVSS3AI score0.0083EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/09/29 12:0 a.m.39 views

Go: Multiple Vulnerabilities

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

7.5CVSS8.5AI score0.02607EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/09/07 12:0 a.m.39 views

OpenSC: Multiple Vulnerabilities

Background OpenSC contains tools and libraries for smart cards. Description Multiple vulnerabilities have been discovered in OpenSC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

5.3CVSS2.9AI score0.02805EPSS
Exploits0
Total number of security vulnerabilities3816