Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2014/12/22 12:0 a.m.39 views

PowerDNS Recursor: Multiple vulnerabilities

Background PowerDNS Recursor is a high-end, high-performance resolving name server Description Multiple vulnerabilities have been discovered in PowerDNS Recursor. Please review the CVE identifiers and PowerDNS blog post referenced below for details. Impact A remote attacker may be able to send...

10CVSS7.6AI score0.73532EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/07/16 12:0 a.m.39 views

Xen: Multiple Vunlerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A remote attacker can utilize multiple vectors to execute arbitrary code, cause Denial of Service, or gain access to...

8.3CVSS8.1AI score0.01388EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/05/17 12:0 a.m.39 views

Pango: Multiple vulnerabilities

Background Pango is an internationalized text layout and rendering library Description Multiple vulnerabilities have been discovered in Pango. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could entice a user to load specially crafted text usi...

10CVSS7.5AI score0.18944EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2014/02/21 12:0 a.m.39 views

libTIFF: Multiple vulnerabilities

Background libTIFF provides support for reading and manipulating TIFF Tagged Image File Format images. Description Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...

9.3CVSS9.9AI score0.13521EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2013/09/14 12:0 a.m.39 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple unspecified vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A...

10CVSS7.8AI score0.77597EPSS
Exploits16
Gentoo Linux
Gentoo Linux
added 2012/09/25 12:0 a.m.39 views

Calligra: User-assisted execution of arbitrary code

Background Calligra is an office suite by KDE. Description An error in the read function in styles.cpp could cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted ODF file, possibly resulting in execution of arbitrary code with the privileges...

7.5CVSS7.1AI score0.20073EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2012/02/27 12:0 a.m.39 views

libvirt: Multiple vulnerabilities

Background libvirt is a C toolkit to manipulate virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact These vulnerabilities allow a remote attacker to cause a Denial of Service condition on th...

6.9CVSS2.2AI score0.03536EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/01/28 12:0 a.m.39 views

Chromium: Multiple vulnerabilities

Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...

7.5CVSS7.4AI score0.01831EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2011/10/22 12:0 a.m.39 views

GnuPG: User-assisted execution of arbitrary code

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. The GPGSM utility in GnuPG is responsible for processing X.509 certificates, signatures and encryption as well as S/MIME messages. Description The GPGSM utility in GnuPG contains a...

8.1CVSS7.5AI score0.05342EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2011/01/16 12:0 a.m.39 views

Prewikka: password disclosure

Background Prewikka is a graphical front-end analysis console for the Prelude Hybrid IDS Framework. Description The permissions of the prewikka.conf file are set world readable. Impact A local attacker could obtain the SQL database password used by Prewikka. Workaround There is no known workaroun...

2.1CVSS6.6AI score0.0034EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2010/09/07 12:0 a.m.39 views

Clam AntiVirus: Multiple vulnerabilities

Background Clam AntiVirus short: ClamAV is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities were discovered in Clam AntiVirus. For further information, please consult the CVE entries referenced below. Impact A remote...

10CVSS9.5AI score0.04894EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2010/06/01 12:0 a.m.39 views

ImageMagick: User-assisted execution of arbitrary code

Background ImageMagick is a collection of tools and libraries for manipulating various image formats. Description Tielei Wang has discovered that the XMakeImage function in magick/xwindow.c is prone to an integer overflow, possibly leading to a buffer overflow. Impact A remote attacker could enti...

9.3CVSS7AI score0.07153EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/05/25 12:0 a.m.39 views

Pidgin: Multiple vulnerabilities

Background Pidgin formerly Gaim is an instant messaging client for a variety of instant messaging protocols. Description Multiple vulnerabilities have been discovered in Pidgin: Veracode reported a boundary error in the "XMPP SOCKS5 bytestream server" when initiating an outgoing file transfer...

9.3CVSS8.9AI score0.13294EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/03/18 12:0 a.m.39 views

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been reported in phpMyAdmin: libraries/databaseinterface.lib.php in phpMyAdmin allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with ...

8.5CVSS7.8AI score0.11175EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2009/02/23 12:0 a.m.39 views

KTorrent: Multiple vulnerabilitites

Background KTorrent is a BitTorrent program for KDE. Description The web interface plugin does not restrict access to the torrent upload functionality CVE-2008-5905 and does not sanitize request parameters properly CVE-2008-5906 . Impact A remote attacker could send specially crafted parameters t...

6.8CVSS7.4AI score0.02456EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/08/06 12:0 a.m.39 views

Mozilla products: Multiple vulnerabilities

Background Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla...

10CVSS9.9AI score0.13949EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2008/04/14 12:0 a.m.39 views

Asterisk: Multiple vulnerabilities

Background Asterisk is an open source telephony engine and tool kit. Description Asterisk upstream developers reported multiple vulnerabilities: The Call Detail Record Postgres logging engine cdrpgsql does not correctly escape the ANI and DNIS arguments before using them in SQL statements...

8.8CVSS7.8AI score0.02811EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2008/04/06 12:0 a.m.39 views

UnZip: User-assisted execution of arbitrary code

Background Info-ZIP's UnZip is a tool to list and extract files inside PKZIP compressed files. Description Tavis Ormandy of the Google Security Team discovered that the NEEDBITS macro in the inflatedynamic function in the file inflate.c can be invoked using invalid buffers, which can lead to a...

9.3CVSS5.6AI score0.0629EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/01/09 12:0 a.m.39 views

Squid: Denial of service

Background Squid is a multi-protocol proxy server. Description The Wikimedia Foundation reported a memory leak vulnerability when performing cache updates. Impact A remote attacker could perform numerous specially crafted requests to the vulnerable server, resulting in a Denial of Service...

5CVSS6.3AI score0.26858EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2007/11/07 12:0 a.m.39 views

Python: User-assisted execution of arbitrary code

Background Python is an interpreted, interactive, object-oriented programming language. Description Slythers Bro discovered multiple integer overflows in the imageop module, one of them in the tovideo method, in various locations in files imageop.c, rbgimgmodule.c, and also in other files. Impact...

5.8CVSS5.8AI score0.12488EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/10/18 12:0 a.m.39 views

PDFKit, ImageKits: Buffer overflow

Background PDFKit is a framework for rendering of PDF content in GNUstep applications. ImageKits is a collection of frameworks to support imaging in GNUstep applications. Description Maurycy Prodeus discovered an integer overflow vulnerability possibly leading to a stack-based buffer overflow in...

6.8CVSS7.5AI score0.08565EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/09/19 12:0 a.m.39 views

Poppler: Two buffer overflow vulnerabilities

Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. Description Poppler and Xpdf are vulnerable to an integer overflow in the StreamPredictor::StreamPredictor function, and a stack overflow in the StreamPredictor::getNextLine function. The original vulnerability...

6.8CVSS7.3AI score0.08565EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/09/14 12:0 a.m.39 views

flac123: Buffer overflow

Background flac123 is a command-line application for playing FLAC audio files. Description A possible buffer overflow vulnerability has been reported in the localvcentryparsevalue function in vorbiscomment.c. Impact An attacker could entice a user to play a specially crafted audio file, which cou...

9.3CVSS7.2AI score0.05538EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/08/22 12:0 a.m.39 views

Qt: Multiple format string vulnerabilities

Background Qt is a cross-platform GUI framework, which is used e.g. by KDE. Description Tim Brown of Portcullis Computer Security Ltd and Dirk Mueller of KDE reported multiple format string errors in qWarning calls in files qtextedit.cpp, qdatatable.cpp, qsqldatabase.cpp, qsqlindex.cpp,...

6.8CVSS6.8AI score0.04203EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/08/19 12:0 a.m.39 views

Apache mod_jk: Directory traversal

Background Apache modjk is a connector for the Tomcat web server. Description Apache modjk decodes the URL within Apache before passing them to Tomcat, which decodes them a second time. Impact A remote attacker could browse a specially crafted URL on an Apache server running modjk, possibly gaini...

5CVSS6.4AI score0.12924EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/08/11 12:0 a.m.39 views

SquirrelMail G/PGP plugin: Arbitrary code execution

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description The functions deletekey, gpgchecksignpgpmime and gpgrecvkey used in the SquirrelMail G/PGP encryption plugin do not properly escape user-supplied data. Impact An authenticated user could...

9.3CVSS7.4AI score0.10263EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/04/17 12:0 a.m.39 views

File: Denial of service

Background file is a utility that identifies a file format by scanning binary data for patterns. Description Conor Edberg discovered an error in the way file processes a specific regular expression. Impact A remote attacker could entice a user to open a specially crafted file, using excessive CPU...

7.8CVSS9AI score0.02092EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/04/14 12:0 a.m.39 views

xine-lib: Heap-based buffer overflow

Background xine-lib is the core library package for the xine media player. Description xine-lib does not check boundaries on data being read into buffers from DMO video files in code that is shared with MPlayer DMOVideoDecoder.c. Impact An attacker could entice a user to play a specially crafted...

7.6CVSS6.8AI score0.05694EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/18 12:0 a.m.39 views

LSAT: Insecure temporary file creation

Background The Linux Security Auditing Tool LSAT is a post install security auditor which checks many system configurations and local network settings on the system for common security or configuration errors and for packages that are not needed. Description LSAT insecurely writes in /tmp with a...

4.3CVSS6.1AI score0.00324EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/02/23 12:0 a.m.39 views

Snort: Remote execution of arbitrary code

Background Snort is a widely deployed intrusion detection program. Description The Snort DCE/RPC preprocessor does not properly reassemble certain types of fragmented SMB and DCE/RPC packets. Impact A remote attacker could send specially crafted fragmented SMB or DCE/RPC packets, without the need...

10CVSS7.2AI score0.79319EPSS
Exploits15
Gentoo Linux
Gentoo Linux
added 2006/09/13 12:0 a.m.39 views

FFmpeg: Buffer overflows

Background FFmpeg is a very fast video and audio converter. Description FFmpeg contains buffer overflows in the AVI processing code. Impact An attacker could trigger the buffer overflows by enticing a user to load a specially crafted AVI file in an application using the FFmpeg library. This might...

7.5CVSS7AI score0.04901EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/08/07 12:0 a.m.39 views

x11vnc: Authentication bypass in included LibVNCServer code

Background x11vnc provides VNC servers for X displays. Description x11vnc includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None" GLSA-200608-05. x11vnc will accept this security type, ev...

7.5CVSS6.5AI score0.04283EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/06/30 12:0 a.m.39 views

Kiax: Arbitrary code execution

Background Kiax is a graphical softphone supporting the IAX protocol Inter Asterisk eXchange, which allows PC users to make VoIP calls to Asterisk servers. Description The iaxnetread function in the iaxclient library fails to properly handle IAX2 packets with truncated full frames or mini-frames...

6.4CVSS7.2AI score0.0438EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/06/28 12:0 a.m.39 views

Mutt: Buffer overflow

Background Mutt is a small but very powerful text-based mail client. Description TAKAHASHI Tamotsu has discovered that Mutt contains a boundary error in the "browsegetnamespace" function in browse.c, which can be triggered when receiving an overly long namespace from an IMAP server. Impact A...

7.5CVSS7.3AI score0.05889EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/03/29 12:0 a.m.39 views

bsd-games: Local privilege escalation in tetris-bsd

Background bsd-games is a collection of NetBSD games ported to Linux. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that the checkscores function in scores.c reads in the data from the /var/games/tetris-bsd.scores file without validation, rendering it vulnerable to...

7.5CVSS6.9AI score0.02039EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/01/06 12:0 a.m.39 views

HylaFAX: Multiple vulnerabilities

Background HylaFAX is an enterprise-class system for sending and receiving facsimile messages and for sending alpha-numeric pages. Description Patrice Fournier discovered that HylaFAX runs the notify script on untrusted user input. Furthermore, users can log in without a password when HylaFAX is...

7.5CVSS6.9AI score0.1265EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/11/25 12:0 a.m.39 views

Macromedia Flash Player: Remote arbitrary code execution

Background The Macromedia Flash Player is a renderer for the popular SWF filetype which is commonly used to provide interactive websites, digital experiences and mobile content. Description When handling a SWF file, the Macromedia Flash Player incorrectly validates the frame type identifier store...

5.1CVSS7.1AI score0.06756EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/11/22 12:0 a.m.39 views

phpSysInfo: Multiple vulnerabilities

Background phpSysInfo displays various system stats via PHP scripts. Description Christopher Kunz from the Hardened-PHP Project discovered that phpSysInfo is vulnerable to local file inclusion, cross-site scripting and a HTTP Response Splitting attacks. Impact A local attacker may exploit the fil...

6.8CVSS6.7AI score0.03548EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/11/02 12:0 a.m.39 views

QDBM, ImageMagick, GDAL: RUNPATH issues

Background QDBM is a library of routines for managing a database. ImageMagick is a collection of tools to read, write and manipulate images. GDAL is a geospatial data abstraction library. Description Some packages may introduce insecure paths into the list of directories that are searched for...

7.2CVSS6.2AI score0.00401EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/10/28 12:0 a.m.39 views

Mantis: Multiple vulnerabilities

Background Mantis is a web-based bugtracking system written in PHP. Description Mantis contains several vulnerabilities, including: a remote file inclusion vulnerability an SQL injection vulnerability multiple cross site scripting vulnerabilities multiple information disclosure vulnerabilities...

7.5CVSS7.2AI score0.06619EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/10/17 12:0 a.m.39 views

Perl, Qt-UnixODBC, CMake: RUNPATH issues

Background Perl is a stable, cross-platform programming language created by Larry Wall. Qt-UnixODBC is an ODBC library for Qt. CMake is a cross-platform build environment. Description Some packages may introduce insecure paths into the list of directories that are searched for libraries at runtim...

7.2CVSS6.3AI score0.00521EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/09/26 12:0 a.m.39 views

Qt: Buffer overflow in the included zlib library

Background Qt is a cross-platform GUI toolkit used by KDE. Description Qt links to a bundled vulnerable version of zlib when emerged with the zlib USE-flag disabled. This may lead to a buffer overflow. Impact By creating a specially crafted compressed data stream, attackers can overwrite data...

7.5CVSS9.8AI score0.05476EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2005/07/03 12:0 a.m.39 views

PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability

Background The PEAR XML-RPC and phpxmlrpc libraries are both PHP implementations of the XML-RPC protocol. Description James Bercegay of GulfTech Security Research discovered that the PEAR XML-RPC and phpxmlrpc libraries fail to sanatize input sent using the "POST" method. Impact A remote attacker...

7.5CVSS7.2AI score0.79071EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2005/05/26 12:0 a.m.39 views

gxine: Format string vulnerability

Background gxine is a GTK+ and xine-lib based media player. Description Exworm discovered that gxine insecurely implements formatted printing in the hostname decoding function. Impact A remote attacker could entice a user to open a carefully crafted file with gxine, possibly leading to the...

7.5CVSS6.7AI score0.03259EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/05/17 12:0 a.m.39 views

FreeRADIUS: SQL injection and Denial of Service vulnerability

Background FreeRADIUS is an open source RADIUS authentication server implementation. Description Primoz Bratanic discovered that the sqlescapefunc function of FreeRADIUS may be vulnerable to a buffer overflow BID 13541. He also discovered that FreeRADIUS fails to sanitize user-input before using ...

7.5CVSS7.9AI score0.0252EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/05/12 12:0 a.m.39 views

Gaim: Denial of Service and buffer overflow vulnerabilties

Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Stu Tomlinson discovered that Gaim is vulnerable to a remote stack based buffer overflow when receiving messages in certain protocols, like Jabber and SILC, with a very...

7.5CVSS6.8AI score0.12396EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/25 12:0 a.m.39 views

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Thunderbird: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2...

7.5CVSS7.2AI score0.15116EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2005/02/13 12:0 a.m.39 views

mod_python: Publisher Handler vulnerability

Background modpython is an Apache module that embeds the Python interpreter within the server allowing Python-based web-applications to be created. Description Graham Dumpleton discovered a vulnerability in modpython's Publisher Handler. Impact By requesting a specially crafted URL for a publishe...

7.5CVSS6.1AI score0.06465EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/11 12:0 a.m.39 views

Webmin: Information leak in Gentoo binary package

Background Webmin is a web-based system administration console allowing an administrator to easily configure servers and other features. Using the 'buildpkg' FEATURE, or the -b/-B emerge options, Portage can build reusable binary packages for any of the packages available through the Portage tree...

5CVSS6.3AI score0.02204EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/08 12:0 a.m.39 views

Python: Arbitrary code execution through SimpleXMLRPCServer

Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Graham Dumpleton discovered that XML-RPC servers making use of the SimpleXMLRPCServer library that use the registerinstance method to register an object without a dispatch method ar...

7.5CVSS7.2AI score0.05219EPSS
Exploits0
Total number of security vulnerabilities3816