Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2020/03/20 12:0 a.m.•37 views

Exim: Heap-based buffer overflow

Background Exim is a message transfer agent MTA designed to be a a highly configurable, drop-in replacement for sendmail. Description It was discovered that Exim incorrectly handled certain string operations. Impact A remote attacker, able to connect to a vulnerable Exim instance, could possibly...

9.8CVSS3.2AI score0.41589EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2019/11/07 12:0 a.m.•37 views

pump: User-assisted execution of arbitrary code

Background BOOTP and DHCP client for automatic IP configuration. Description It was discovered that there was an arbitrary code execution vulnerability in the pump DHCP/BOOTP client. Impact A remote attacker, by enticing a user to connect to a malicious server, could cause the execution of...

2.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2019/08/15 12:0 a.m.•37 views

KDE KConfig: User-assisted execution of arbitrary code

Background Provides an advanced configuration system. Description A vulnerability was discovered in KDE KConfig’s handling of .desktop and .directory files. Impact An attacker could entice a user to execute a specially crafted .desktop or .directory file possibly resulting in execution of arbitra...

7.8CVSS8AI score0.04069EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2019/04/08 12:0 a.m.•37 views

ClamAV: Multiple vulnerabilities

Background ClamAV is a GPL virus scanner. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

9.8CVSS2.9AI score0.01839EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2017/10/29 12:0 a.m.•37 views

Jython: Arbitrary code execution

Background An implementation of Python written in Java. Description It was found that Jython is vulnerable to arbitrary code execution by sending a serialized function to the deserializer. Impact Remote execution of arbitrary code by enticing a user to execute malicious code. Workaround There is ...

9.8CVSS9.6AI score0.0657EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2017/06/06 12:0 a.m.•37 views

Shadow: Multiple vulnerabilities

Background Shadow is a set of tools to deal with user accounts. Description Multiple vulnerabilities have been discovered in Shadow. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly cause a Denial of Service condition, gain privileges via...

7.8CVSS6.7AI score0.00409EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2017/05/09 12:0 a.m.•37 views

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code wi...

10CVSS9.5AI score0.17484EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2016/12/27 12:0 a.m.•37 views

Firejail: Multiple vulnerabilities

Background A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Description Multiple vulnerabilities have been discovered in Firejail. Please review upstream’s release notes below for...

7.9AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2015/09/24 12:0 a.m.•37 views

Git: Arbitrary command execution

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description A vulnerability in Git causing Git-compatible clients that access case-insensitive or case-normalizing filesystems to...

9.8CVSS9.6AI score0.63178EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2015/06/22 12:0 a.m.•37 views

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security as well as a general purpose cryptography library. Description Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details. Impac...

7.5CVSS6.1AI score0.9986EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2015/03/16 12:0 a.m.•37 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

10CVSS10.2AI score0.71536EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2014/06/16 12:0 a.m.•37 views

cups-filters: Multiple vulnerabilities

Background cups-filters is an OpenPrinting CUPS Filters. Description Multiple vulnerabilities have been discovered in cups-filters. Please review the CVE identifiers referenced below for more details about the vulnerabilities. Impact A remote attackers could possibly execute arbitrary code...

8.3CVSS7.6AI score0.03429EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2013/12/23 12:0 a.m.•37 views

Tinyproxy: Denial of service

Background Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems. Description A vulnerability has been discovered in the way how Tinyproxy works with headers. Impact A remote attacker could send a specially crafted request with too many headers, possibly resulting in a...

5CVSS6.4AI score0.07349EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/10/28 12:0 a.m.•37 views

GnuTLS: Multiple vulnerabilities

Background GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers and Lucky Thirteen research paper referenced below for details. Impact A remote attacker could sent a...

5CVSS6.5AI score0.0644EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2013/10/10 12:0 a.m.•37 views

Quagga: Multiple vulnerabilities

Background Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Description Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause arbitrary code execution or a...

5CVSS9.1AI score0.03493EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2013/08/23 12:0 a.m.•37 views

Puppet: Multiple vulnerabilities

Background Puppet is a system configuration management tool written in Ruby. Description Multiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of t...

9CVSS8.3AI score0.05375EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/06/25 12:0 a.m.•37 views

Linux-PAM: Multiple vulnerabilities

Background Linux-PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description Multiple vulnerabilities have been discovered in Linux-PAM. Please...

7.2CVSS7.5AI score0.00696EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/05/15 12:0 a.m.•37 views

Chromium: Multiple vulnerabilities

Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...

9.3CVSS7.4AI score0.03115EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2012/03/25 12:0 a.m.•37 views

Chromium: Multiple vulnerabilities

Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...

10CVSS7.5AI score0.04871EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2012/03/06 12:0 a.m.•37 views

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been found in OpenSSL: Timing differences for decryption are exposed by CBC...

9.3CVSS7.9AI score0.17687EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2011/10/22 12:0 a.m.•37 views

GnuPG: User-assisted execution of arbitrary code

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. The GPGSM utility in GnuPG is responsible for processing X.509 certificates, signatures and encryption as well as S/MIME messages. Description The GPGSM utility in GnuPG contains a...

8.1CVSS7.5AI score0.05342EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2011/01/21 12:0 a.m.•37 views

Adobe Reader: Multiple vulnerabilities

Background Adobe Reader formerly Adobe Acrobat Reader is a closed-source PDF reader. Description Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below. Impact A remote attacker might entic...

9.3CVSS9.9AI score0.82485EPSS
Exploits29
Gentoo Linux
Gentoo Linux
•added 2010/06/01 12:0 a.m.•37 views

xine-lib: User-assisted execution of arbitrary code

Background xine-lib is the core library package for the xine media player, and other players such as Amarok, Codeine/Dragon Player and Kaffeine. Description Multiple vulnerabilities have been reported in xine-lib. Please review the CVE identifiers referenced below for details. Impact A remote...

10CVSS7.4AI score0.05748EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2010/03/03 12:0 a.m.•37 views

sudo: Privilege escalation

Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been discovered in sudo: Glenn Waller and neonsignal reported that sudo does not properly handle access control of the "sudoedit" pseudo-command...

6.9CVSS8.8AI score0.01125EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2009/09/09 12:0 a.m.•37 views

Clam AntiVirus: Multiple vulnerabilities

Background Clam AntiVirus short: ClamAV is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities have been found in ClamAV: The vendor reported a Divide-by-zero error in the PE "Portable Executable"; Windows .exe file handli...

10CVSS8.5AI score0.0759EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/08/01 12:0 a.m.•37 views

BIND: Denial of service

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Matthias Urlichs reported that the dnsdbfindrdataset function fails when the prerequisite section of the dynamic update message contains a record of type "ANY" and where at...

4.3CVSS2.7AI score0.12649EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/04/05 12:0 a.m.•37 views

ntp: Certificate validation error

Background ntp contains the client and daemon implementations for the Network Time Protocol. Description It has been reported that ntp incorrectly checks the return value of the EVPVerifyFinal, a vulnerability related to CVE-2008-5077 GLSA 200902-02. Impact A remote attacker could exploit this...

5.8CVSS8.7AI score0.05146EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/03/09 12:0 a.m.•37 views

BIND: Incorrect signature verification

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description BIND does not properly check the return value from the OpenSSL functions to verify DSA CVE-2009-0025 and RSA CVE-2009-0265 certificates. Impact A remote attacker could bypass...

7.5CVSS2.6AI score0.0686EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/03/09 12:0 a.m.•37 views

Epiphany: Untrusted search path

Background Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko. Description James Vega reported an untrusted search path vulnerability in the Python interface. Impact A local attacker could entice a user to run Epiphany from a directory containing a specially crafted python...

6.9CVSS6.8AI score0.00374EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/01/14 12:0 a.m.•37 views

GnuTLS: Certificate validation error

Background GnuTLS is an open-source implementation of TLS 1.0 and SSL 3.0. Description Martin von Gagern reported that the gnutlsx509verifycertificate function in lib/x509/verify.c trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate. Impact A...

5.9CVSS6.4AI score0.01882EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/12/12 12:0 a.m.•37 views

OpenOffice.org: Multiple vulnerabilities

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description Two heap-based buffer overflows when processing WMF files CVE-2008-2237 and EMF files...

9.3CVSS6.6AI score0.06752EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/12/10 12:0 a.m.•37 views

CUPS: Multiple vulnerabilities

Background CUPS is the Common Unix Printing System. Description Several buffer overflows were found in: The readrle16 function in imagetops CVE-2008-3639, found by regenrecht, reported via ZDI The WriteProlog function in texttops CVE-2008-3640, found by regenrecht, reported via ZDI The...

10CVSS8.2AI score0.24132EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/09/25 12:0 a.m.•37 views

ClamAV: Multiple Denials of Service

Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Hanno boeck reported an error in libclamav/chmunpack.c when processing CHM files CVE-2008-1389. Other unspecified vulnerabilities were also reported, including a...

10CVSS6.7AI score0.03582EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/08/14 12:0 a.m.•37 views

Postfix: Local privilege escalation vulnerability

Background Postfix is Wietse Venema's mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program. Description Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail to root-owned symlinks in an insecure manner under...

6.2CVSS6.4AI score0.01001EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2008/07/09 12:0 a.m.•37 views

Apache: Denial of service

Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache: Dustin Kirkland reported that the modssl module can leak memory when the client reports support for a compression algorithm CVE-2008-1678...

5CVSS8.6AI score0.12714EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2008/03/05 12:0 a.m.•37 views

Vobcopy: Insecure temporary file creation

Background Vobcopy is a tool for decrypting and copying DVD .vob files to a hard disk. Description Joey Hess reported that vobcopy appends data to the file "/tmp/vobcopy.bla" in an insecure manner. Impact A local attacker could exploit this vulnerability to conduct symlink attacks and append data...

4.9CVSS6.3AI score0.0035EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/12/30 12:0 a.m.•37 views

OpenOffice.org: User-assisted arbitrary code execution

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description The HSQLDB engine, as used in Openoffice.org, does not properly enforce restrictions to...

9.3CVSS7.2AI score0.14347EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2007/11/18 12:0 a.m.•37 views

MySQL: Denial of service

Background MySQL is a popular multi-threaded, multi-user SQL server. Description Joe Gallo and Artem Russakovskii reported an error in the convertsearchmodetoinnobase function in hainnodb.cc in the InnoDB engine that is leading to a failed assertion when handling CONTAINS operations. Impact A...

4CVSS6.7AI score0.11351EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/10/24 12:0 a.m.•37 views

MLDonkey: Privilege escalation

Background MLDonkey is a peer-to-peer filesharing client that connects to several different peer-to-peer networks, including Overnet and BitTorrent. Description The Gentoo MLDonkey ebuild adds a user to the system named "p2p" so that the MLDonkey service can run under a user with low privileges...

6.8CVSS6.2AI score0.01801EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/10/14 12:0 a.m.•37 views

X.Org X server: Composite local privilege escalation

Background The X Window System is a graphical windowing system based on a client/server model. Description Aaron Plattner discovered a buffer overflow in the compNewPixmap function when copying data from a large pixel depth pixmap into a smaller pixel depth pixmap. Impact A local attacker could...

4.3CVSS7.4AI score0.00511EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/08/08 12:0 a.m.•37 views

Xvid: Array indexing vulnerabilities

Background Xvid is a popular open source video codec licensed under the GPL. Description Trixter Jack discovered an array indexing error in the getintrablock function in the file src/bitstream/mbcoding.c. The getinterblockh263 and getinterblockmpeg functions in the same file were also reported as...

6.8CVSS7.4AI score0.03156EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/05/26 12:0 a.m.•37 views

Blackdown Java: Applet privilege escalation

Background Blackdown provides implementations of the Java Development Kit JDK and the Java Runtime Environment JRE. Description Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered ...

9.3CVSS7AI score0.03632EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/03/31 12:0 a.m.•37 views

CUPS: Denial of service

Background CUPS provides a portable printing layer for UNIX-based operating systems. Description CUPS does not properly handle partially-negotiated SSL connections. Upon receiving a partially-negotiated SSL connection, CUPS no longer accepts further incoming connections, as the initial connection...

5CVSS9AI score0.05321EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/03/20 12:0 a.m.•37 views

Mozilla Network Security Service: Remote execution of arbitrary code

Background The Mozilla Network Security Service is a library implementing security features like SSL v2/v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description iDefense has reported two potential buffer overflow vulnerabilities found by researcher "regenrecht" in the...

6.8CVSS7.5AI score0.5036EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/02/25 12:0 a.m.•37 views

UFO2000: Multiple vulnerabilities

Background UFO2000 is a multi-player, turn-based tactical simulation. Description Five vulnerabilities were found: a buffer overflow in recvaddunit; a problem with improperly trusting user-supplied string information in decodestringmap; several issues with array manipulation via various commands...

7.5CVSS8.5AI score0.04741EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/01/12 12:0 a.m.•37 views

OpenOffice.org: EMF/WMF file handling vulnerabilities

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description John Heasman of NGSSoftware has discovered integer overflows in the EMRPOLYPOLYGON and...

9.3CVSS7.4AI score0.0824EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/12/10 12:0 a.m.•37 views

MadWifi: Kernel driver buffer overflow

Background MadWifi Multiband Atheros Driver for Wireless Fidelity provides a Linux kernel device driver for Atheros-based Wireless LAN devices. Description Laurent Butti, Jerome Raznieski and Julien Tinnes reported a buffer overflow in the encodeie and the giwscancb functions from...

7.5CVSS7.2AI score0.19817EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2006/11/23 12:0 a.m.•37 views

fvwm: fvwm-menu-directory fvwm command injection

Background fvwm is a highly configurable virtual window manager for X11 desktops. fvwm-menu-directory allows fvwm users to browse directories from within fvwm. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that fvwm-menu-directory does not sufficiently sanitise...

4.6CVSS6.9AI score0.00418EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/04/17 12:0 a.m.•37 views

libapreq2: Denial of Service vulnerability

Background libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Description A vulnerability has been reported in the apreqparseheaders and apreqparseurlencoded functions of Apache2::Request. Impact A remote attacker could possibly exploit t...

5CVSS6.4AI score0.06228EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/03/22 12:0 a.m.•37 views

Sendmail: Race condition in the handling of asynchronous signals

Background Sendmail is a popular mail transfer agent MTA. Description ISS discovered that Sendmail is vulnerable to a race condition in the handling of asynchronous signals. Impact An attacker could exploit this via certain crafted timing conditions. Workaround There is no known workaround at thi...

7.6CVSS6.3AI score0.28144EPSS
Exploits0
Total number of security vulnerabilities3816