Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2017/10/29 12:0 a.m.37 views

Jython: Arbitrary code execution

Background An implementation of Python written in Java. Description It was found that Jython is vulnerable to arbitrary code execution by sending a serialized function to the deserializer. Impact Remote execution of arbitrary code by enticing a user to execute malicious code. Workaround There is ...

9.8CVSS9.6AI score0.0657EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/10/13 12:0 a.m.37 views

WebKitGTK+: Multiple Vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, offers Webkit’s full functionality and is used on a wide range of systems. Description Multiple vulnerabilities have been discovered in WebkitGTK+. Please...

9.3CVSS9AI score0.095EPSS
Exploits25
Gentoo Linux
Gentoo Linux
added 2017/05/09 12:0 a.m.37 views

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code wi...

10CVSS9.5AI score0.17484EPSS
Exploits8
Gentoo Linux
Gentoo Linux
added 2015/07/10 12:0 a.m.37 views

OpenSSL: Alternate chains certificate forgery

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description During certificate verification, OpenSSL attempts to find an alternative certificate chain if the first...

6.5CVSS6.6AI score0.61798EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2015/06/22 12:0 a.m.37 views

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security as well as a general purpose cryptography library. Description Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details. Impac...

7.5CVSS6.1AI score0.9986EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2014/12/22 12:0 a.m.37 views

sendmail: Information disclosure

Background sendmail is a widely-used Mail Transport Agent MTA. Description The smcloseonexec function in conf.c has arguments in the wrong order. Impact A local attacker could get access to unintended high-numbered file descriptors via a specially crafted program. Workaround There is no known...

1.9CVSS6AI score0.0063EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/12/13 12:0 a.m.37 views

CouchDB: Denial of service

Background Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database. Description CouchDB does not properly sanitize the count parameter for Universally Unique Identifiers UUID requests. Impact A remote attacker could send a specially crafted request to CouchDB,...

5CVSS6.4AI score0.22289EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/08/29 12:0 a.m.37 views

Libgcrypt: Side-channel attack

Background Libgcrypt is a general purpose cryptographic library derived out of GnuPG. Description A vulnerability in the implementation of ElGamal decryption procedures of Libgcrypt leaks information to various side-channels. Impact A physical side-channel attack allows a remote attacker to fully...

2.1CVSS5.9AI score0.00531EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/08/14 12:0 a.m.37 views

libpng: Multiple vulnerabilities

Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several programs, including web browsers and potentially server processes. Description The pngpushreadchunk function in pngpread.c in the progressive decoder enters an infinite loop, when i...

6.5CVSS9.2AI score0.03321EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/06/16 12:0 a.m.37 views

cups-filters: Multiple vulnerabilities

Background cups-filters is an OpenPrinting CUPS Filters. Description Multiple vulnerabilities have been discovered in cups-filters. Please review the CVE identifiers referenced below for more details about the vulnerabilities. Impact A remote attackers could possibly execute arbitrary code...

8.3CVSS7.6AI score0.03429EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2014/02/21 12:0 a.m.37 views

GnuPG, Libgcrypt: Multiple vulnerabilities

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Libgcrypt is a cryptographic library based on GnuPG. Description Multiple vulnerabilities have been discovered in GnuPG and Libgcrypt. Please review the CVE identifiers referenced below for...

5.8CVSS9AI score0.0503EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2013/12/23 12:0 a.m.37 views

Tinyproxy: Denial of service

Background Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems. Description A vulnerability has been discovered in the way how Tinyproxy works with headers. Impact A remote attacker could send a specially crafted request with too many headers, possibly resulting in a...

5CVSS6.4AI score0.07349EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2013/12/16 12:0 a.m.37 views

MIT Kerberos 5: Multiple vulnerabilities

Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description Multiple vulnerabilities have been discovered in the Key Distribution Center in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact A remote attacker...

9.3CVSS7.4AI score0.06485EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2013/12/09 12:0 a.m.37 views

OpenEXR: Multiple Vulnerabilities

Background OpenEXR is a high dynamic-range HDR image file format developed by Industrial Light & Magic for use in computer imaging applications. Description Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details. Impact A...

7.5CVSS7.5AI score0.06437EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2013/11/20 12:0 a.m.37 views

OpenVPN: Multiple vulnerabilities

Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to recover plaintext from an encrypted communication...

5.8CVSS7.1AI score0.87264EPSS
Exploits15
Gentoo Linux
Gentoo Linux
added 2013/10/28 12:0 a.m.37 views

GnuTLS: Multiple vulnerabilities

Background GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers and Lucky Thirteen research paper referenced below for details. Impact A remote attacker could sent a...

5CVSS6.5AI score0.0644EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2013/09/15 12:0 a.m.37 views

Adobe Reader: Arbitrary Code Execution

Background Adobe Reader is a closed-source PDF reader. Description An unspecified vulnerability exists in Adobe Reader. Impact An attacker could execute arbitrary code or cause a Denial of Service condition. Workaround There is no known workaround at this time. Resolution All Adobe Reader users...

10CVSS7.1AI score0.78581EPSS
Exploits8
Gentoo Linux
Gentoo Linux
added 2013/08/23 12:0 a.m.37 views

Puppet: Multiple vulnerabilities

Background Puppet is a system configuration management tool written in Ruby. Description Multiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of t...

9CVSS8.3AI score0.05375EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/06/24 12:0 a.m.37 views

PyCrypto: Weak key generation

Background PyCrypto is the Python Cryptography Toolkit. Description An error in the generate function in ElGamal.py causes PyCrypto to generate weak ElGamal keys. Impact A remote attacker might be able to derive private keys. Workaround There is no known workaround at this time. Resolution All...

4.3CVSS9.1AI score0.02727EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2012/03/06 12:0 a.m.37 views

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been found in OpenSSL: Timing differences for decryption are exposed by CBC...

9.3CVSS7.9AI score0.17687EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/03/06 12:0 a.m.37 views

ImageMagick: User-assisted execution of arbitrary code

Background ImageMagick is a collection of tools and libraries for manipulating various image formats. Description Two vulnerabilities have been found in ImageMagick: Incorrect offset and count values in the ResolutionUnit tag in EXIF IFD could cause memory corruption CVE-2012-0247. IOP tag offset...

8.8CVSS8.6AI score0.03816EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/02/22 12:0 a.m.37 views

Heimdal: Arbitrary code execution

Background Heimdal is a free implementation of Kerberos 5. Description A boundary error in the "encryptkeyid" function in appl/telnet/libtelnet/encrypt.c of the telnet daemon and client could cause a buffer overflow. Impact An unauthenticated remote attacker may be able to execute arbitrary code...

10CVSS8.2AI score0.95104EPSS
Exploits19
Gentoo Linux
Gentoo Linux
added 2012/02/18 12:0 a.m.37 views

Chromium: Multiple vulnerabilities

Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...

9.3CVSS7.2AI score0.02348EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2011/11/20 12:0 a.m.37 views

Perl Safe module: Arbitrary Perl code injection

Background Safe is a Perl module to compile and execute code in restricted compartments. Description Unsafe code evaluation prevents the Safe module from properly restricting the code of implicitly called methods on implicitly blessed objects. Impact A remote attacker could entice a user to load ...

7.5CVSS6.9AI score0.03715EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2010/06/01 12:0 a.m.37 views

BIND: Multiple vulnerabilities

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Multiple cache poisoning vulnerabilities were discovered in BIND. For further information please consult the CVE entries and the ISC Security Bulletin referenced below. Note:...

7.6CVSS7.5AI score0.09363EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/08/01 12:0 a.m.37 views

BIND: Denial of service

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Matthias Urlichs reported that the dnsdbfindrdataset function fails when the prerequisite section of the dynamic update message contains a record of type "ANY" and where at...

4.3CVSS2.7AI score0.12649EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/03/09 12:0 a.m.37 views

Epiphany: Untrusted search path

Background Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko. Description James Vega reported an untrusted search path vulnerability in the Python interface. Impact A local attacker could entice a user to run Epiphany from a directory containing a specially crafted python...

6.9CVSS6.8AI score0.00374EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/01/11 12:0 a.m.37 views

D-Bus: Denial of service

Background D-Bus is a daemon providing a framework for applications to communicate with one another. Description schelte reported that the dbussignaturevalidate function can trigger a failed assertion when processing a message containing a malformed signature. Impact A local user could send a...

2.1CVSS5.6AI score0.04623EPSS
Exploits8
Gentoo Linux
Gentoo Linux
added 2008/12/12 12:0 a.m.37 views

OpenOffice.org: Multiple vulnerabilities

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description Two heap-based buffer overflows when processing WMF files CVE-2008-2237 and EMF files...

9.3CVSS6.6AI score0.06752EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2008/12/10 12:0 a.m.37 views

CUPS: Multiple vulnerabilities

Background CUPS is the Common Unix Printing System. Description Several buffer overflows were found in: The readrle16 function in imagetops CVE-2008-3639, found by regenrecht, reported via ZDI The WriteProlog function in texttops CVE-2008-3640, found by regenrecht, reported via ZDI The...

10CVSS8.2AI score0.24132EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/03/05 12:0 a.m.37 views

Vobcopy: Insecure temporary file creation

Background Vobcopy is a tool for decrypting and copying DVD .vob files to a hard disk. Description Joey Hess reported that vobcopy appends data to the file "/tmp/vobcopy.bla" in an insecure manner. Impact A local attacker could exploit this vulnerability to conduct symlink attacks and append data...

4.9CVSS6.3AI score0.0035EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/11/12 12:0 a.m.37 views

CUPS: Memory corruption

Background CUPS provides a portable printing layer for UNIX-based operating systems. Description Alin Rad Pop Secunia Research discovered an off-by-one error in the ippReadIO function when handling Internet Printing Protocol IPP tags that might allow to overwrite one byte on the stack. Impact A...

10CVSS9.3AI score0.07377EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/10/24 12:0 a.m.37 views

MLDonkey: Privilege escalation

Background MLDonkey is a peer-to-peer filesharing client that connects to several different peer-to-peer networks, including Overnet and BitTorrent. Description The Gentoo MLDonkey ebuild adds a user to the system named "p2p" so that the MLDonkey service can run under a user with low privileges...

6.8CVSS6.2AI score0.01801EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/10/14 12:0 a.m.37 views

X.Org X server: Composite local privilege escalation

Background The X Window System is a graphical windowing system based on a client/server model. Description Aaron Plattner discovered a buffer overflow in the compNewPixmap function when copying data from a large pixel depth pixmap into a smaller pixel depth pixmap. Impact A local attacker could...

4.3CVSS7.4AI score0.00511EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/08/08 12:0 a.m.37 views

Xvid: Array indexing vulnerabilities

Background Xvid is a popular open source video codec licensed under the GPL. Description Trixter Jack discovered an array indexing error in the getintrablock function in the file src/bitstream/mbcoding.c. The getinterblockh263 and getinterblockmpeg functions in the same file were also reported as...

6.8CVSS7.4AI score0.03156EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/05/26 12:0 a.m.37 views

Blackdown Java: Applet privilege escalation

Background Blackdown provides implementations of the Java Development Kit JDK and the Java Runtime Environment JRE. Description Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered ...

9.3CVSS7AI score0.03632EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/31 12:0 a.m.37 views

CUPS: Denial of service

Background CUPS provides a portable printing layer for UNIX-based operating systems. Description CUPS does not properly handle partially-negotiated SSL connections. Upon receiving a partially-negotiated SSL connection, CUPS no longer accepts further incoming connections, as the initial connection...

5CVSS9AI score0.05321EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/20 12:0 a.m.37 views

Mozilla Network Security Service: Remote execution of arbitrary code

Background The Mozilla Network Security Service is a library implementing security features like SSL v2/v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description iDefense has reported two potential buffer overflow vulnerabilities found by researcher "regenrecht" in the...

6.8CVSS7.5AI score0.5036EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/01/22 12:0 a.m.37 views

Fetchmail: Denial of Service and password disclosure

Background Fetchmail is a remote mail retrieval and forwarding utility. Description Neil Hoggarth has discovered that when delivering messages to a message delivery agent by means of the "mda" option, Fetchmail passes a NULL pointer to the ferror and fflush functions when refusing a message. Isaa...

7.8CVSS6.5AI score0.04255EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/01/12 12:0 a.m.37 views

OpenOffice.org: EMF/WMF file handling vulnerabilities

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description John Heasman of NGSSoftware has discovered integer overflows in the EMRPOLYPOLYGON and...

9.3CVSS7.4AI score0.0824EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/12/10 12:0 a.m.37 views

MadWifi: Kernel driver buffer overflow

Background MadWifi Multiband Atheros Driver for Wireless Fidelity provides a Linux kernel device driver for Atheros-based Wireless LAN devices. Description Laurent Butti, Jerome Raznieski and Julien Tinnes reported a buffer overflow in the encodeie and the giwscancb functions from...

7.5CVSS7.2AI score0.19817EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2006/11/23 12:0 a.m.37 views

fvwm: fvwm-menu-directory fvwm command injection

Background fvwm is a highly configurable virtual window manager for X11 desktops. fvwm-menu-directory allows fvwm users to browse directories from within fvwm. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that fvwm-menu-directory does not sufficiently sanitise...

4.6CVSS6.9AI score0.00418EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/09/19 12:0 a.m.37 views

Mailman: Multiple vulnerabilities

Background Mailman is a Python based mailing list server with an extensive web interface. Description Mailman fails to properly handle standards-breaking RFC 2231 formatted headers. Furthermore, Moritz Naumann discovered several XSS vulnerabilities and a log file injection. Impact An attacker cou...

6.8CVSS6.9AI score0.06425EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/04/17 12:0 a.m.37 views

libapreq2: Denial of Service vulnerability

Background libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Description A vulnerability has been reported in the apreqparseheaders and apreqparseurlencoded functions of Apache2::Request. Impact A remote attacker could possibly exploit t...

5CVSS6.4AI score0.06228EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/03/22 12:0 a.m.37 views

Sendmail: Race condition in the handling of asynchronous signals

Background Sendmail is a popular mail transfer agent MTA. Description ISS discovered that Sendmail is vulnerable to a race condition in the handling of asynchronous signals. Impact An attacker could exploit this via certain crafted timing conditions. Workaround There is no known workaround at thi...

7.6CVSS6.3AI score0.28144EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/02/12 12:0 a.m.37 views

KPdf: Heap based overflow

Background KPdf is a KDE-based PDF viewer included in the kdegraphics package. Description KPdf includes Xpdf code to handle PDF files. Dirk Mueller discovered that the Xpdf code is vulnerable a heap based overflow in the splash rasterizer engine. Impact An attacker could entice a user to open a...

7.5CVSS7.1AI score0.04403EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/01/07 12:0 a.m.37 views

VMware Workstation: Vulnerability in NAT networking

Background VMware Workstation is a powerful virtual machine for developers and system administrators. Description Tim Shelton discovered that vmnet-natd, the host module providing NAT-style networking for VMware guest operating systems, is unable to process incorrect 'EPRT' and 'PORT' FTP request...

10CVSS7.1AI score0.14123EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/12/30 12:0 a.m.37 views

XnView: Privilege escalation

Background XnView is an efficient multimedia viewer, browser and converter, distributed free for non-commercial use. Description Krzysiek Pawlik of Gentoo Linux discovered that the XnView package for IA32 used the DTRPATH field insecurely, causing the dynamic loader to search for shared libraries...

7.2CVSS7.1AI score0.00417EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/09/12 12:0 a.m.37 views

X.Org: Heap overflow in pixmap allocation

Background X.Org is X.Org Foundation's Public Implementation of the X Window System. Description X.Org is missing an integer overflow check during pixmap memory allocation. Impact An X.Org user could exploit this issue to make the X server execute arbitrary code with elevated privileges. Workarou...

5.1CVSS7.5AI score0.03923EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/08/30 12:0 a.m.37 views

phpGroupWare: Multiple vulnerabilities

Background phpGroupWare is a multi-user groupware suite written in PHP. Description phpGroupWare improperly validates the "mid" parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disables the use of a potentially...

7.5CVSS6.5AI score0.05091EPSS
Exploits0
Total number of security vulnerabilities3816