Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2012/01/27 12:0 a.m.38 views

X.Org X Server/X Keyboard Configuration Database: Screen lock bypass

Background The X Keyboard Configuration Database provides keyboard configuration for various X server implementations. Description Starting with the =x11-base/xorg-server-1.11 package, the X.Org X Server again provides debugging functionality that can be used terminate an application that...

4.6CVSS6.5AI score0.0039EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2011/01/21 12:0 a.m.38 views

Adobe Reader: Multiple vulnerabilities

Background Adobe Reader formerly Adobe Acrobat Reader is a closed-source PDF reader. Description Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below. Impact A remote attacker might entic...

9.3CVSS9.9AI score0.82485EPSS
Exploits29
Gentoo Linux
Gentoo Linux
added 2010/03/03 12:0 a.m.38 views

sudo: Privilege escalation

Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been discovered in sudo: Glenn Waller and neonsignal reported that sudo does not properly handle access control of the "sudoedit" pseudo-command...

6.9CVSS8.8AI score0.01125EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2009/09/09 12:0 a.m.38 views

Clam AntiVirus: Multiple vulnerabilities

Background Clam AntiVirus short: ClamAV is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities have been found in ClamAV: The vendor reported a Divide-by-zero error in the PE "Portable Executable"; Windows .exe file handli...

10CVSS8.5AI score0.0759EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/08/18 12:0 a.m.38 views

CDF: User-assisted execution of arbitrary code

Background CDF is a library for the Common Data Format which is a self-describing data format for the storage and manipulation of scalar and multidimensional data. It is developed by the NASA. Description Leon Juranic reported multiple heap-based buffer overflows for instance in the ReadAEDRList6...

9.3CVSS7.2AI score0.0286EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/08/01 12:0 a.m.38 views

OpenSC: Multiple vulnerabilities

Background OpenSC provides a set of libraries and utilities to access smart cards. Description Multiple vulnerabilities were found in OpenSC: b.badrignans discovered that OpenSC incorrectly initialises private data objects CVE-2009-0368. Miquel Comas Marti discovered that src/tools/pkcs11-tool.c ...

7.5CVSS8AI score0.01215EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/04/08 12:0 a.m.38 views

MIT Kerberos 5: Multiple vulnerabilities

Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon, KDC is the Key Distribution Center. Description Multiple vulnerabilities have been reported in MIT Kerberos 5: A free call on an uninitialized...

10CVSS8.1AI score0.08898EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2009/03/19 12:0 a.m.38 views

FFmpeg: Multiple vulnerabilities

Background FFmpeg is a complete solution to record, convert and stream audio and video. gst-plugins-ffmpeg is a FFmpeg based gstreamer plugin which includes a vulnerable copy of FFmpeg code. Mplayer is a multimedia player which also includes a vulnerable copy of the code. Description Multiple...

10CVSS7.5AI score0.09251EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2009/01/14 12:0 a.m.38 views

GnuTLS: Certificate validation error

Background GnuTLS is an open-source implementation of TLS 1.0 and SSL 3.0. Description Martin von Gagern reported that the gnutlsx509verifycertificate function in lib/x509/verify.c trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate. Impact A...

5.9CVSS6.4AI score0.01882EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/09/25 12:0 a.m.38 views

ClamAV: Multiple Denials of Service

Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Hanno boeck reported an error in libclamav/chmunpack.c when processing CHM files CVE-2008-1389. Other unspecified vulnerabilities were also reported, including a...

10CVSS6.7AI score0.03582EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2008/07/09 12:0 a.m.38 views

Apache: Denial of service

Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache: Dustin Kirkland reported that the modssl module can leak memory when the client reports support for a compression algorithm CVE-2008-1678...

5CVSS8.6AI score0.12714EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2008/06/23 12:0 a.m.38 views

FreeType: User-assisted execution of arbitrary code

Background FreeType is a font rendering library for TrueType Font TTF and Printer Font Binary PFB. Description Regenrecht reported multiple vulnerabilities in FreeType via iDefense: An integer overflow when parsing values in the Private dictionary table in a PFB file, leading to a heap-based buff...

7.5CVSS7.8AI score0.04217EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/05/11 12:0 a.m.38 views

Pngcrush: User-assisted execution of arbitrary code

Background Pngcrush is a multi platform optimizer for PNG Portable Network Graphics files. Description It has been reported that Pngcrush includes a copy of libpng that is vulnerable to a memory corruption GLSA 200804-15. Impact A remote attacker could entice a user to process a specially crafted...

7.5CVSS7.8AI score0.05514EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/04/11 12:0 a.m.38 views

gnome-screensaver: Privilege escalation

Background gnome-screensaver is a screensaver, designed to integrate with the Gnome desktop, that can replace xscreensaver. Description gnome-screensaver incorrectly handles the results of the getpwuid function in the file src/setuid.c when using directory servers like NIS during a network outage...

4.7CVSS6.2AI score0.01336EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2008/03/09 12:0 a.m.38 views

phpMyAdmin: SQL injection vulnerability

Background phpMyAdmin is a free web-based database administration tool. Description Richard Cunningham reported that phpMyAdmin uses the $REQUEST variable of $GET and $POST as a source for its parameters. Impact An attacker could entice a user to visit a malicious web application that sets an...

5.1CVSS7.3AI score0.00912EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/01/20 12:0 a.m.38 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Flash contains a copy of PCRE which is vulnerable to a heap-based buffer overflow GLSA 200711-30,...

9.3CVSS10AI score0.30065EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2008/01/09 12:0 a.m.38 views

Xfce: Multiple vulnerabilities

Background Xfce is a GTK+ 2 based desktop environment that allows to run a modern desktop environment on modest hardware. Description Gregory Andersen reported that the Xfce4 panel does not correctly calculate memory boundaries, leading to a stack-based buffer overflow in the...

10CVSS7.6AI score0.03983EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/12/30 12:0 a.m.38 views

OpenOffice.org: User-assisted arbitrary code execution

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description The HSQLDB engine, as used in Openoffice.org, does not properly enforce restrictions to...

9.3CVSS7.2AI score0.14347EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2007/11/18 12:0 a.m.38 views

MySQL: Denial of service

Background MySQL is a popular multi-threaded, multi-user SQL server. Description Joe Gallo and Artem Russakovskii reported an error in the convertsearchmodetoinnobase function in hainnodb.cc in the InnoDB engine that is leading to a failed assertion when handling CONTAINS operations. Impact A...

4CVSS6.7AI score0.11351EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/11/12 12:0 a.m.38 views

Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities

Background Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey is a free, cross-platform Internet suite. Description Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey. Various errors in the browser engine and the Javascript engine can be exploited to...

9.3CVSS8.2AI score0.12736EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2007/10/27 12:0 a.m.38 views

OpenSSL: Remote execution of arbitrary code

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is caused due to an unspecified...

9.3CVSS9.2AI score0.11164EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/10/13 12:0 a.m.38 views

Ampache: Multiple vulnerabilities

Background Ampache is a PHP-based tool for managing, updating and playing audio files via a web interface. Description LT discovered that the "match" parameter in albums.php is not properly sanitized before being processed. The Ampache development team also reported an error when handling user...

6.8CVSS7.1AI score0.01474EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/08/08 12:0 a.m.38 views

Macromedia Flash Player: Remote arbitrary code execution

Background The Macromedia Flash Player is a renderer for the popular SWF file type which is commonly used to provide interactive websites, digital experiences and mobile content. Description Mark Hills discovered some errors when interacting with a browser for keystrokes handling CVE-2007-2022...

9.3CVSS7AI score0.56309EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/07/01 12:0 a.m.38 views

Firebird: Buffer overflow

Background Firebird is an open source relational database that runs on Linux, Windows, and various UNIX systems. Description Cody Pierce from TippingPoint DVLabs has discovered a buffer overflow when processing "connect" requests with an overly large "pcnctcount" value. Impact An unauthenticated...

10CVSS7.5AI score0.13206EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/06/19 12:0 a.m.38 views

PHProjekt: Multiple vulnerabilities

Background PHProjekt is a project management and coordination tool written in PHP. Description Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in PHProjekt, including the execution of arbitrary SQL commands using unknown vectors CVE-2007-1575, the execution of arbitrary PHP...

7.5CVSS7.3AI score0.02021EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/05/01 12:0 a.m.38 views

Tomcat: Information disclosure

Background Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages. Description Tomcat allows special characters like slash, backslash or URL-encoded backslash as a separator, while Apache does not. Impact A remote attacker could send a specially...

5CVSS6.4AI score0.90768EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2007/04/06 12:0 a.m.38 views

libwpd: Multiple vulnerabilities

Background libwpd is a library used to convert Wordperfect documents into other formats. Description libwpd contains heap-based overflows in two functions that convert WordPerfect document tables. In addition, it contains an integer overflow in a text-conversion function. Impact An attacker could...

9.3CVSS7.3AI score0.06722EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/04/02 12:0 a.m.38 views

Asterisk: Two SIP Denial of Service vulnerabilities

Background Asterisk is an open source implementation of a telephone private branch exchange PBX. Description The Madynes research team at INRIA has discovered that Asterisk contains a null pointer dereferencing error in the SIP channel when handling INVITE messages. Furthermore qwerty1979...

7.8CVSS6.5AI score0.14486EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/01/15 12:0 a.m.38 views

WordPress: Multiple vulnerabilities

Background WordPress is a popular personal publishing platform with a web interface. Description When decoding trackbacks with alternate character sets, WordPress does not correctly sanitize the entries before further modifying a SQL query. WordPress also displays different error messages in...

6.8CVSS6.5AI score0.07357EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2006/10/06 12:0 a.m.38 views

ncompress: Buffer Underflow

Background ncompress is a suite of utilities to create and extract Lempel-Ziff-Welch LZW compressed archives. Description Tavis Ormandy of the Google Security Team discovered a static buffer underflow in ncompress. Impact An attacker could create a specially crafted LZW archive, that when...

7.5CVSS7.6AI score0.05422EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/05/10 12:0 a.m.38 views

Ruby: Denial of service

Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. It comes bundled with HTTP "WEBrick" and XMLRPC server objects. Description Ruby uses blocking sockets for WEBrick and XMLRPC servers. Impact An attacker could send large amounts of data to an...

5CVSS6.2AI score0.10192EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/03/17 12:0 a.m.38 views

Metamail: Buffer overflow

Background Metamail is a program that decodes MIME encoded mail. Description Ulf Harnhammar discovered a buffer overflow in Metamail when processing mime boundraries. Impact By sending a specially crafted email, attackers could potentially exploit this vulnerability to crash Metamail or to execut...

7.5CVSS7.4AI score0.06267EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/03/12 12:0 a.m.38 views

SquirrelMail: Cross-site scripting and IMAP command injection

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description SquirrelMail does not validate the rightframe parameter in webmail.php, possibly allowing frame replacement or cross-site scripting CVE-2006-0188. Martijn Brinkers and Scott Hughes...

5CVSS7.1AI score0.02296EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/03/04 12:0 a.m.38 views

MPlayer: Multiple integer overflows

Background MPlayer is a media player capable of handling multiple multimedia file formats. Description MPlayer makes use of the FFmpeg library, which is vulnerable to a heap overflow in the avcodecdefaultgetbuffer function discovered by Simon Kilvington see GLSA 200601-06. Furthermore, AFI Securi...

7.5CVSS7.3AI score0.05209EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/02/12 12:0 a.m.38 views

Xpdf, Poppler: Heap overflow

Background Xpdf is a PDF file viewer that runs under the X Window System. Poppler is a PDF rendering library based on the Xpdf 3.0 code base. Description Dirk Mueller has reported a vulnerability in Xpdf. It is caused by a missing boundary check in the splash rasterizer engine when handling PDF...

7.5CVSS6.8AI score0.04403EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/25 12:0 a.m.38 views

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Thunderbird: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2...

7.5CVSS7.2AI score0.15116EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2005/03/03 12:0 a.m.38 views

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description phpMyAdmin contains several security issues: Maksymilian Arciemowicz has discovered multiple variable injection vulnerabilities that can be exploited through...

5CVSS6.7AI score0.03964EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/02/28 12:0 a.m.38 views

UnAce: Buffer overflow and directory traversal vulnerabilities

Background UnAce is an utility to extract, view and test the contents of an ACE archive. Description Ulf Harnhammar discovered that UnAce suffers from buffer overflows when testing, unpacking or listing specially crafted ACE archives CAN-2005-0160. He also found out that UnAce is vulnerable to...

5.1CVSS6.9AI score0.03243EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/23 12:0 a.m.38 views

KPdf, KOffice: Stack overflow in included Xpdf code

Background KPdf is a KDE-based PDF viewer included in the kdegraphics package. KOffice is an integrated office suite for KDE. Description KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to a new stack overflow, as described in GLSA 200501-28. Impact An attacker cou...

7.5CVSS6.9AI score0.07217EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/01/05 12:0 a.m.38 views

tiff: New overflows in image decoding

Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description infamous41md found a potential integer overflow in the directory entry count routines o...

10CVSS2.8AI score0.14972EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/11/07 12:0 a.m.38 views

Kaffeine, gxine: Remotely exploitable buffer overflow

Background Kaffeine and gxine are graphical front-ends for xine-lib multimedia library. Description KF of Secure Network Operations has discovered an overflow that occurs during the Content-Type header processing of Kaffeine. The vulnerable code in Kaffeine is reused from gxine, making gxine...

10CVSS7AI score0.05693EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/10/09 12:0 a.m.38 views

CUPS: Leakage of sensitive information

Background The Common UNIX Printing System CUPS is a cross-platform print spooler. Description When printing to a SMB-shared printer requiring authentication, CUPS leaks the user name and password to a logfile. Impact A local user could gain knowledge of sensitive authentication data. Workaround...

2.1CVSS6.6AI score0.00445EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/20 12:0 a.m.38 views

CUPS: Denial of service vulnerability

Background The Common UNIX Printing System CUPS is a cross-platform print spooler. Description Alvaro Martinez Echevarria discovered a hole in the CUPS Internet Printing Protocol IPP implementation that allows remote attackers to cause CUPS to stop listening on the IPP port. Impact A remote user...

5CVSS6.3AI score0.26794EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/07/26 12:0 a.m.38 views

Subversion: Vulnerability in mod_authz_svn

Background Subversion is an advanced version control system, similar to CVS, which supports additional functionality such as the ability to move, copy and delete files and directories. A Subversion server may be run as an Apache module, a standalone server svnserve, or on-demand over ssh a la CVS...

2.1CVSS1.8AI score0.00701EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/07/22 12:0 a.m.38 views

l2tpd: Buffer overflow

Background l2tpd is a GPL implentation of the Layer 2 Tunneling Protocol. Description Thomas Walpuski discovered a buffer overflow that may be exploitable by sending a specially crafted packet. In order to exploit the vulnerable code, an attacker would need to fake the establishment of an L2TP...

10CVSS7.7AI score0.05172EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/05/19 12:0 a.m.38 views

KDE URI Handler Vulnerabilities

Background The K Desktop Environment KDE is a powerful Free Software graphical desktop environment. KDE makes use of URI handlers to trigger various programs when specific URLs are received. Description The telnet, rlogin, ssh and mailto URI handlers in KDE do not check for '-' at the beginning o...

7.5CVSS6.4AI score0.07778EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/03/31 12:0 a.m.38 views

Tcpdump Vulnerabilities in ISAKMP Parsing

Background Tcpdump is a program for monitoring IP network traffic. Libpcap is a supporting library which is responsibile for capturing packets off a network interface. Description There are two specific vulnerabilities in tcpdump, outlined in reference 1 . In the first scenario, an attacker may...

7.5CVSS7.2AI score0.05257EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/03/31 12:0 a.m.38 views

OpenLDAP DoS Vulnerability

Background OpenLDAP is a suite of LDAP-related application and development tools. It includes slapd the standalone LDAP server, slurpd the standalone LDAP replication server, and various LDAP libraries, utilities and example clients. Description A password extended operation password EXOP which...

5CVSS0.7AI score0.026EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/06/22 12:0 a.m.37 views

JHead: Multiple Vulnerabilities

Background JHead is an EXIF JPEG header manipulation tool. Description Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...

9.8CVSS7.7AI score0.01435EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2024/05/04 12:0 a.m.37 views

Python, PyPy3: Multiple Vulnerabilities

Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Multiple vulnerabilities have been discovered in Python, PyPy3. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers f...

7.8CVSS7.7AI score0.20459EPSS
Exploits3
Total number of security vulnerabilities3816