Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2022/09/29 12:0 a.m.39 views

Go: Multiple Vulnerabilities

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

7.5CVSS8.5AI score0.02607EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/09/07 12:0 a.m.39 views

OpenSC: Multiple Vulnerabilities

Background OpenSC contains tools and libraries for smart cards. Description Multiple vulnerabilities have been discovered in OpenSC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

5.3CVSS2.9AI score0.02805EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/11/03 12:0 a.m.39 views

Fossil: Multiple vulnerabilities

Background Fossil is a simple, high-reliability, distributed software configuration management system. Description Multiple vulnerabilities have been discovered in Fossil. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...

8.8CVSS3.8AI score0.03122EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2019/11/07 12:0 a.m.39 views

pump: User-assisted execution of arbitrary code

Background BOOTP and DHCP client for automatic IP configuration. Description It was discovered that there was an arbitrary code execution vulnerability in the pump DHCP/BOOTP client. Impact A remote attacker, by enticing a user to connect to a malicious server, could cause the execution of...

2.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2019/04/17 12:0 a.m.39 views

Dovecot: Multiple vulnerabilities

Background Dovecot is an open source IMAP and POP3 email server. Description Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details Workaround There is no known...

8.8CVSS2.6AI score0.02462EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2018/04/17 12:0 a.m.39 views

Evince: Command injection

Background Evince is a document viewer for multiple document formats, including PostScript. Description A vulnerability was discovered in Evince’s handling of filenames while printing PDF files. Impact A remote attacker, by enticing the user to process a specially crafted file, could execute...

7.8CVSS7.9AI score0.01406EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2018/03/07 12:0 a.m.39 views

Go: User-assisted execution of arbitrary code

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description A command injection flaw was discovered in the source code build phase because of the “go get” command, which does not block -fplugin= and -plugin arguments. Impa...

7.8CVSS7.5AI score0.07768EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2017/06/06 12:0 a.m.39 views

minicom: Remote execution of arbitrary code

Background Minicom is a text-based serial port communications program. Description In minicom before version 2.7.1, the escparms buffer in vt100.c is vulnerable to an overflow. Impact A remote attacker, able to connect to a minicom port, could possibly execute arbitrary code with the privileges o...

9.8CVSS6.2AI score0.02757EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2017/06/06 12:0 a.m.39 views

Shadow: Multiple vulnerabilities

Background Shadow is a set of tools to deal with user accounts. Description Multiple vulnerabilities have been discovered in Shadow. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly cause a Denial of Service condition, gain privileges via...

7.8CVSS6.7AI score0.00409EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/12/31 12:0 a.m.39 views

libjpeg-turbo: User-assisted execution of arbitrary code

Background libjpeg-turbo is a JPEG image codec that uses SIMD instructions MMX, SSE2, NEON, AltiVec to accelerate baseline JPEG compression and decompression. Description The accelerated Huffman decoder was previously invoked if there were 128 bytes in the input buffer. However, it is possible to...

7.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/12/13 12:0 a.m.39 views

GPL Ghostscript: User-assisted execution of arbitrary code

Background Ghostscript is an interpreter for the PostScript language and for PDF. Description An integer overflow flaw was discovered that leads to an out-of-bounds read and write in gsttf.ps. Impact A remote attacker could entice a user to open a specially crafted file, possibly resulting in the...

6.8CVSS7.1AI score0.03748EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/12/12 12:0 a.m.39 views

exFAT: Multiple vulnerabilities

Background A full-featured exFAT file system implementation for Unix-like systems. Description Two vulnerabilities were found in exFAT. A malformed input can cause a write heap overflow or cause an endless loop. Impact Remote attackers could execute arbitrary code or cause Denial of Service...

7.8CVSS8.5AI score0.04451EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/07/20 12:0 a.m.39 views

libbsd: Arbitrary code execution

Background This library provides useful functions commonly found on BSD systems, and lacking on others like GNU systems, thus making it easier to port projects with strong BSD origins, without needing to embed the same code over and over again on each project. Description libbsd contains a buffer...

9.8CVSS4.3AI score0.03223EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/05/14 12:0 a.m.39 views

Chromium: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...

10CVSS1.4AI score0.4811EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2016/02/27 12:0 a.m.39 views

libwmf: Multiple vulnerabilities

Background libwmf is a library for converting WMF files. Description Multiple vulnerabilities have been discovered in libwmf. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause...

6.8CVSS8.1AI score0.09221EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2015/09/24 12:0 a.m.39 views

Git: Arbitrary command execution

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description A vulnerability in Git causing Git-compatible clients that access case-insensitive or case-normalizing filesystems to...

9.8CVSS9.6AI score0.63178EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2015/07/10 12:0 a.m.39 views

Perl: Denial of service

Background Perl is a highly capable, feature-rich programming language. Description Sregmatch function lacks proper checks before passing arguments to atoi Impact A remote attacker could send a specially crafted input, possibly resulting in a Denial of Service condition. Workaround There is no...

7.5CVSS7.6AI score0.03045EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/05/31 12:0 a.m.39 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

10CVSS7.9AI score0.87303EPSS
Exploits10
Gentoo Linux
Gentoo Linux
added 2015/03/16 12:0 a.m.39 views

file: Denial of service

Background The file utility attempts to identify a file’s format by scanning binary data for patterns. Description Multiple issues with the ELF parser used by the file utility have been detected and fixed. Impact A context-dependent attacker can cause Denial of Service. Workaround There is no kno...

5CVSS7.3AI score0.04683EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2015/03/07 12:0 a.m.39 views

D-Bus: Denial of service

Background D-Bus is a message bus system, a simple way for applications to talk to one another. Description D-Bus doesn’t validate the source of ActivationFailure signals. Impact A local attacker could possibly cause a Denial of Service condition. Workaround There is no known workaround at this...

1.9CVSS7.5AI score0.00273EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/03/06 12:0 a.m.39 views

JasPer: Multiple Vulnerabilities

Background JasPer is a software-based implementation of the codec specified in the JPEG-2000 Part-1 standard. Description Multiple vulnerabilities have been discovered in JasPer. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...

7.5CVSS7.6AI score0.18501EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/07/16 12:0 a.m.39 views

Xen: Multiple Vunlerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A remote attacker can utilize multiple vectors to execute arbitrary code, cause Denial of Service, or gain access to...

8.3CVSS8.1AI score0.01388EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/06/26 12:0 a.m.39 views

Django: Multiple vulnerabilities

Background Django is a Python-based web framework. Description Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute code with the privileges of the process, modify SQL queries, or disclose...

10CVSS7.6AI score0.0565EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2013/09/14 12:0 a.m.39 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple unspecified vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A...

10CVSS7.8AI score0.77597EPSS
Exploits16
Gentoo Linux
Gentoo Linux
added 2012/09/25 12:0 a.m.39 views

Calligra: User-assisted execution of arbitrary code

Background Calligra is an office suite by KDE. Description An error in the read function in styles.cpp could cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted ODF file, possibly resulting in execution of arbitrary code with the privileges...

7.5CVSS7.1AI score0.20073EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2012/02/27 12:0 a.m.39 views

libvirt: Multiple vulnerabilities

Background libvirt is a C toolkit to manipulate virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact These vulnerabilities allow a remote attacker to cause a Denial of Service condition on th...

6.9CVSS2.2AI score0.03536EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/01/28 12:0 a.m.39 views

Chromium: Multiple vulnerabilities

Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...

7.5CVSS7.4AI score0.01831EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2011/10/22 12:0 a.m.39 views

GnuPG: User-assisted execution of arbitrary code

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. The GPGSM utility in GnuPG is responsible for processing X.509 certificates, signatures and encryption as well as S/MIME messages. Description The GPGSM utility in GnuPG contains a...

8.1CVSS7.5AI score0.05342EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2011/01/16 12:0 a.m.39 views

Prewikka: password disclosure

Background Prewikka is a graphical front-end analysis console for the Prelude Hybrid IDS Framework. Description The permissions of the prewikka.conf file are set world readable. Impact A local attacker could obtain the SQL database password used by Prewikka. Workaround There is no known workaroun...

2.1CVSS6.6AI score0.0034EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2010/09/07 12:0 a.m.39 views

Clam AntiVirus: Multiple vulnerabilities

Background Clam AntiVirus short: ClamAV is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities were discovered in Clam AntiVirus. For further information, please consult the CVE entries referenced below. Impact A remote...

10CVSS9.5AI score0.04894EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2010/06/01 12:0 a.m.39 views

ImageMagick: User-assisted execution of arbitrary code

Background ImageMagick is a collection of tools and libraries for manipulating various image formats. Description Tielei Wang has discovered that the XMakeImage function in magick/xwindow.c is prone to an integer overflow, possibly leading to a buffer overflow. Impact A remote attacker could enti...

9.3CVSS7AI score0.07153EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/05/25 12:0 a.m.39 views

Pidgin: Multiple vulnerabilities

Background Pidgin formerly Gaim is an instant messaging client for a variety of instant messaging protocols. Description Multiple vulnerabilities have been discovered in Pidgin: Veracode reported a boundary error in the "XMPP SOCKS5 bytestream server" when initiating an outgoing file transfer...

9.3CVSS8.9AI score0.13294EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/04/05 12:0 a.m.39 views

ntp: Certificate validation error

Background ntp contains the client and daemon implementations for the Network Time Protocol. Description It has been reported that ntp incorrectly checks the return value of the EVPVerifyFinal, a vulnerability related to CVE-2008-5077 GLSA 200902-02. Impact A remote attacker could exploit this...

5.8CVSS8.7AI score0.05146EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/03/18 12:0 a.m.39 views

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been reported in phpMyAdmin: libraries/databaseinterface.lib.php in phpMyAdmin allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with ...

8.5CVSS7.8AI score0.11175EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2009/03/09 12:0 a.m.39 views

BIND: Incorrect signature verification

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description BIND does not properly check the return value from the OpenSSL functions to verify DSA CVE-2009-0025 and RSA CVE-2009-0265 certificates. Impact A remote attacker could bypass...

7.5CVSS2.6AI score0.0686EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/02/23 12:0 a.m.39 views

KTorrent: Multiple vulnerabilitites

Background KTorrent is a BitTorrent program for KDE. Description The web interface plugin does not restrict access to the torrent upload functionality CVE-2008-5905 and does not sanitize request parameters properly CVE-2008-5906 . Impact A remote attacker could send specially crafted parameters t...

6.8CVSS7.4AI score0.02456EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/08/14 12:0 a.m.39 views

Postfix: Local privilege escalation vulnerability

Background Postfix is Wietse Venema's mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program. Description Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail to root-owned symlinks in an insecure manner under...

6.2CVSS6.4AI score0.01001EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2008/04/14 12:0 a.m.39 views

Asterisk: Multiple vulnerabilities

Background Asterisk is an open source telephony engine and tool kit. Description Asterisk upstream developers reported multiple vulnerabilities: The Call Detail Record Postgres logging engine cdrpgsql does not correctly escape the ANI and DNIS arguments before using them in SQL statements...

8.8CVSS7.8AI score0.02811EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2008/01/09 12:0 a.m.39 views

Squid: Denial of service

Background Squid is a multi-protocol proxy server. Description The Wikimedia Foundation reported a memory leak vulnerability when performing cache updates. Impact A remote attacker could perform numerous specially crafted requests to the vulnerable server, resulting in a Denial of Service...

5CVSS6.3AI score0.26858EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2007/11/07 12:0 a.m.39 views

Python: User-assisted execution of arbitrary code

Background Python is an interpreted, interactive, object-oriented programming language. Description Slythers Bro discovered multiple integer overflows in the imageop module, one of them in the tovideo method, in various locations in files imageop.c, rbgimgmodule.c, and also in other files. Impact...

5.8CVSS5.8AI score0.12488EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/10/27 12:0 a.m.39 views

OpenSSL: Remote execution of arbitrary code

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is caused due to an unspecified...

9.3CVSS9.2AI score0.11164EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/10/18 12:0 a.m.39 views

PDFKit, ImageKits: Buffer overflow

Background PDFKit is a framework for rendering of PDF content in GNUstep applications. ImageKits is a collection of frameworks to support imaging in GNUstep applications. Description Maurycy Prodeus discovered an integer overflow vulnerability possibly leading to a stack-based buffer overflow in...

6.8CVSS7.5AI score0.08565EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/09/19 12:0 a.m.39 views

Poppler: Two buffer overflow vulnerabilities

Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. Description Poppler and Xpdf are vulnerable to an integer overflow in the StreamPredictor::StreamPredictor function, and a stack overflow in the StreamPredictor::getNextLine function. The original vulnerability...

6.8CVSS7.3AI score0.08565EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/09/14 12:0 a.m.39 views

flac123: Buffer overflow

Background flac123 is a command-line application for playing FLAC audio files. Description A possible buffer overflow vulnerability has been reported in the localvcentryparsevalue function in vorbiscomment.c. Impact An attacker could entice a user to play a specially crafted audio file, which cou...

9.3CVSS7.2AI score0.05538EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/08/19 12:0 a.m.39 views

Apache mod_jk: Directory traversal

Background Apache modjk is a connector for the Tomcat web server. Description Apache modjk decodes the URL within Apache before passing them to Tomcat, which decodes them a second time. Impact A remote attacker could browse a specially crafted URL on an Apache server running modjk, possibly gaini...

5CVSS6.4AI score0.12924EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/08/11 12:0 a.m.39 views

SquirrelMail G/PGP plugin: Arbitrary code execution

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description The functions deletekey, gpgchecksignpgpmime and gpgrecvkey used in the SquirrelMail G/PGP encryption plugin do not properly escape user-supplied data. Impact An authenticated user could...

9.3CVSS7.4AI score0.10263EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/04/17 12:0 a.m.39 views

File: Denial of service

Background file is a utility that identifies a file format by scanning binary data for patterns. Description Conor Edberg discovered an error in the way file processes a specific regular expression. Impact A remote attacker could entice a user to open a specially crafted file, using excessive CPU...

7.8CVSS9AI score0.02092EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/04/14 12:0 a.m.39 views

xine-lib: Heap-based buffer overflow

Background xine-lib is the core library package for the xine media player. Description xine-lib does not check boundaries on data being read into buffers from DMO video files in code that is shared with MPlayer DMOVideoDecoder.c. Impact An attacker could entice a user to play a specially crafted...

7.6CVSS6.8AI score0.05694EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/18 12:0 a.m.39 views

LSAT: Insecure temporary file creation

Background The Linux Security Auditing Tool LSAT is a post install security auditor which checks many system configurations and local network settings on the system for common security or configuration errors and for packages that are not needed. Description LSAT insecurely writes in /tmp with a...

4.3CVSS6.1AI score0.00324EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/02/23 12:0 a.m.39 views

Snort: Remote execution of arbitrary code

Background Snort is a widely deployed intrusion detection program. Description The Snort DCE/RPC preprocessor does not properly reassemble certain types of fragmented SMB and DCE/RPC packets. Impact A remote attacker could send specially crafted fragmented SMB or DCE/RPC packets, without the need...

10CVSS7.2AI score0.79319EPSS
Exploits15
Total number of security vulnerabilities3816