Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2013/12/16 12:0 a.m.•37 views

MIT Kerberos 5: Multiple vulnerabilities

Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description Multiple vulnerabilities have been discovered in the Key Distribution Center in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact A remote attacker...

9.3CVSS7.4AI score0.06485EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2013/12/09 12:0 a.m.•37 views

OpenEXR: Multiple Vulnerabilities

Background OpenEXR is a high dynamic-range HDR image file format developed by Industrial Light & Magic for use in computer imaging applications. Description Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details. Impact A...

7.5CVSS7.5AI score0.06437EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2013/11/20 12:0 a.m.•37 views

OpenVPN: Multiple vulnerabilities

Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to recover plaintext from an encrypted communication...

5.8CVSS7.1AI score0.87264EPSS
Exploits15
Gentoo Linux
Gentoo Linux
•added 2013/10/28 12:0 a.m.•37 views

GnuTLS: Multiple vulnerabilities

Background GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers and Lucky Thirteen research paper referenced below for details. Impact A remote attacker could sent a...

5CVSS6.5AI score0.0644EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2013/09/15 12:0 a.m.•37 views

Adobe Reader: Arbitrary Code Execution

Background Adobe Reader is a closed-source PDF reader. Description An unspecified vulnerability exists in Adobe Reader. Impact An attacker could execute arbitrary code or cause a Denial of Service condition. Workaround There is no known workaround at this time. Resolution All Adobe Reader users...

10CVSS7.1AI score0.78581EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2013/08/23 12:0 a.m.•37 views

Puppet: Multiple vulnerabilities

Background Puppet is a system configuration management tool written in Ruby. Description Multiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of t...

9CVSS8.3AI score0.05375EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/06/24 12:0 a.m.•37 views

PyCrypto: Weak key generation

Background PyCrypto is the Python Cryptography Toolkit. Description An error in the generate function in ElGamal.py causes PyCrypto to generate weak ElGamal keys. Impact A remote attacker might be able to derive private keys. Workaround There is no known workaround at this time. Resolution All...

4.3CVSS9.1AI score0.02727EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2012/03/06 12:0 a.m.•37 views

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been found in OpenSSL: Timing differences for decryption are exposed by CBC...

9.3CVSS7.9AI score0.17687EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/03/06 12:0 a.m.•37 views

ImageMagick: User-assisted execution of arbitrary code

Background ImageMagick is a collection of tools and libraries for manipulating various image formats. Description Two vulnerabilities have been found in ImageMagick: Incorrect offset and count values in the ResolutionUnit tag in EXIF IFD could cause memory corruption CVE-2012-0247. IOP tag offset...

8.8CVSS8.6AI score0.03816EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/02/22 12:0 a.m.•37 views

Heimdal: Arbitrary code execution

Background Heimdal is a free implementation of Kerberos 5. Description A boundary error in the "encryptkeyid" function in appl/telnet/libtelnet/encrypt.c of the telnet daemon and client could cause a buffer overflow. Impact An unauthenticated remote attacker may be able to execute arbitrary code...

10CVSS8.2AI score0.95104EPSS
Exploits19
Gentoo Linux
Gentoo Linux
•added 2012/02/18 12:0 a.m.•37 views

Chromium: Multiple vulnerabilities

Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...

9.3CVSS7.2AI score0.02348EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2011/11/20 12:0 a.m.•37 views

Perl Safe module: Arbitrary Perl code injection

Background Safe is a Perl module to compile and execute code in restricted compartments. Description Unsafe code evaluation prevents the Safe module from properly restricting the code of implicitly called methods on implicitly blessed objects. Impact A remote attacker could entice a user to load ...

7.5CVSS6.9AI score0.03715EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2010/06/01 12:0 a.m.•37 views

xine-lib: User-assisted execution of arbitrary code

Background xine-lib is the core library package for the xine media player, and other players such as Amarok, Codeine/Dragon Player and Kaffeine. Description Multiple vulnerabilities have been reported in xine-lib. Please review the CVE identifiers referenced below for details. Impact A remote...

10CVSS7.4AI score0.05748EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/08/01 12:0 a.m.•37 views

BIND: Denial of service

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Matthias Urlichs reported that the dnsdbfindrdataset function fails when the prerequisite section of the dynamic update message contains a record of type "ANY" and where at...

4.3CVSS2.7AI score0.12649EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/03/09 12:0 a.m.•37 views

Epiphany: Untrusted search path

Background Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko. Description James Vega reported an untrusted search path vulnerability in the Python interface. Impact A local attacker could entice a user to run Epiphany from a directory containing a specially crafted python...

6.9CVSS6.8AI score0.00374EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/01/11 12:0 a.m.•37 views

D-Bus: Denial of service

Background D-Bus is a daemon providing a framework for applications to communicate with one another. Description schelte reported that the dbussignaturevalidate function can trigger a failed assertion when processing a message containing a malformed signature. Impact A local user could send a...

2.1CVSS5.6AI score0.04623EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2008/12/12 12:0 a.m.•37 views

OpenOffice.org: Multiple vulnerabilities

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description Two heap-based buffer overflows when processing WMF files CVE-2008-2237 and EMF files...

9.3CVSS6.6AI score0.06752EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/12/10 12:0 a.m.•37 views

CUPS: Multiple vulnerabilities

Background CUPS is the Common Unix Printing System. Description Several buffer overflows were found in: The readrle16 function in imagetops CVE-2008-3639, found by regenrecht, reported via ZDI The WriteProlog function in texttops CVE-2008-3640, found by regenrecht, reported via ZDI The...

10CVSS8.2AI score0.24132EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/03/05 12:0 a.m.•37 views

Vobcopy: Insecure temporary file creation

Background Vobcopy is a tool for decrypting and copying DVD .vob files to a hard disk. Description Joey Hess reported that vobcopy appends data to the file "/tmp/vobcopy.bla" in an insecure manner. Impact A local attacker could exploit this vulnerability to conduct symlink attacks and append data...

4.9CVSS6.3AI score0.0035EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/11/12 12:0 a.m.•37 views

CUPS: Memory corruption

Background CUPS provides a portable printing layer for UNIX-based operating systems. Description Alin Rad Pop Secunia Research discovered an off-by-one error in the ippReadIO function when handling Internet Printing Protocol IPP tags that might allow to overwrite one byte on the stack. Impact A...

10CVSS9.3AI score0.07377EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/10/24 12:0 a.m.•37 views

MLDonkey: Privilege escalation

Background MLDonkey is a peer-to-peer filesharing client that connects to several different peer-to-peer networks, including Overnet and BitTorrent. Description The Gentoo MLDonkey ebuild adds a user to the system named "p2p" so that the MLDonkey service can run under a user with low privileges...

6.8CVSS6.2AI score0.01801EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/10/14 12:0 a.m.•37 views

X.Org X server: Composite local privilege escalation

Background The X Window System is a graphical windowing system based on a client/server model. Description Aaron Plattner discovered a buffer overflow in the compNewPixmap function when copying data from a large pixel depth pixmap into a smaller pixel depth pixmap. Impact A local attacker could...

4.3CVSS7.4AI score0.00511EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/08/08 12:0 a.m.•37 views

Xvid: Array indexing vulnerabilities

Background Xvid is a popular open source video codec licensed under the GPL. Description Trixter Jack discovered an array indexing error in the getintrablock function in the file src/bitstream/mbcoding.c. The getinterblockh263 and getinterblockmpeg functions in the same file were also reported as...

6.8CVSS7.4AI score0.03156EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/05/26 12:0 a.m.•37 views

Blackdown Java: Applet privilege escalation

Background Blackdown provides implementations of the Java Development Kit JDK and the Java Runtime Environment JRE. Description Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered ...

9.3CVSS7AI score0.03632EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/03/31 12:0 a.m.•37 views

CUPS: Denial of service

Background CUPS provides a portable printing layer for UNIX-based operating systems. Description CUPS does not properly handle partially-negotiated SSL connections. Upon receiving a partially-negotiated SSL connection, CUPS no longer accepts further incoming connections, as the initial connection...

5CVSS9AI score0.05321EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/03/20 12:0 a.m.•37 views

Mozilla Network Security Service: Remote execution of arbitrary code

Background The Mozilla Network Security Service is a library implementing security features like SSL v2/v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description iDefense has reported two potential buffer overflow vulnerabilities found by researcher "regenrecht" in the...

6.8CVSS7.5AI score0.5036EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/01/22 12:0 a.m.•37 views

Fetchmail: Denial of Service and password disclosure

Background Fetchmail is a remote mail retrieval and forwarding utility. Description Neil Hoggarth has discovered that when delivering messages to a message delivery agent by means of the "mda" option, Fetchmail passes a NULL pointer to the ferror and fflush functions when refusing a message. Isaa...

7.8CVSS6.5AI score0.04255EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/01/12 12:0 a.m.•37 views

OpenOffice.org: EMF/WMF file handling vulnerabilities

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description John Heasman of NGSSoftware has discovered integer overflows in the EMRPOLYPOLYGON and...

9.3CVSS7.4AI score0.0824EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/12/10 12:0 a.m.•37 views

MadWifi: Kernel driver buffer overflow

Background MadWifi Multiband Atheros Driver for Wireless Fidelity provides a Linux kernel device driver for Atheros-based Wireless LAN devices. Description Laurent Butti, Jerome Raznieski and Julien Tinnes reported a buffer overflow in the encodeie and the giwscancb functions from...

7.5CVSS7.2AI score0.19817EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2006/11/23 12:0 a.m.•37 views

fvwm: fvwm-menu-directory fvwm command injection

Background fvwm is a highly configurable virtual window manager for X11 desktops. fvwm-menu-directory allows fvwm users to browse directories from within fvwm. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that fvwm-menu-directory does not sufficiently sanitise...

4.6CVSS6.9AI score0.00418EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/09/19 12:0 a.m.•37 views

Mailman: Multiple vulnerabilities

Background Mailman is a Python based mailing list server with an extensive web interface. Description Mailman fails to properly handle standards-breaking RFC 2231 formatted headers. Furthermore, Moritz Naumann discovered several XSS vulnerabilities and a log file injection. Impact An attacker cou...

6.8CVSS6.9AI score0.06425EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/04/17 12:0 a.m.•37 views

libapreq2: Denial of Service vulnerability

Background libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Description A vulnerability has been reported in the apreqparseheaders and apreqparseurlencoded functions of Apache2::Request. Impact A remote attacker could possibly exploit t...

5CVSS6.4AI score0.06228EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/03/22 12:0 a.m.•37 views

Sendmail: Race condition in the handling of asynchronous signals

Background Sendmail is a popular mail transfer agent MTA. Description ISS discovered that Sendmail is vulnerable to a race condition in the handling of asynchronous signals. Impact An attacker could exploit this via certain crafted timing conditions. Workaround There is no known workaround at thi...

7.6CVSS6.3AI score0.28144EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/02/12 12:0 a.m.•37 views

KPdf: Heap based overflow

Background KPdf is a KDE-based PDF viewer included in the kdegraphics package. Description KPdf includes Xpdf code to handle PDF files. Dirk Mueller discovered that the Xpdf code is vulnerable a heap based overflow in the splash rasterizer engine. Impact An attacker could entice a user to open a...

7.5CVSS7.1AI score0.04403EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/01/07 12:0 a.m.•37 views

VMware Workstation: Vulnerability in NAT networking

Background VMware Workstation is a powerful virtual machine for developers and system administrators. Description Tim Shelton discovered that vmnet-natd, the host module providing NAT-style networking for VMware guest operating systems, is unable to process incorrect 'EPRT' and 'PORT' FTP request...

10CVSS7.1AI score0.14123EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/12/30 12:0 a.m.•37 views

XnView: Privilege escalation

Background XnView is an efficient multimedia viewer, browser and converter, distributed free for non-commercial use. Description Krzysiek Pawlik of Gentoo Linux discovered that the XnView package for IA32 used the DTRPATH field insecurely, causing the dynamic loader to search for shared libraries...

7.2CVSS7.1AI score0.00417EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/12 12:0 a.m.•37 views

X.Org: Heap overflow in pixmap allocation

Background X.Org is X.Org Foundation's Public Implementation of the X Window System. Description X.Org is missing an integer overflow check during pixmap memory allocation. Impact An X.Org user could exploit this issue to make the X server execute arbitrary code with elevated privileges. Workarou...

5.1CVSS7.5AI score0.03923EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/03 12:0 a.m.•37 views

Gnumeric: Heap overflow in the included PCRE library

Background The Gnumeric spreadsheet is a versatile application developed as part of the GNOME Office project. libpcre is a library providing functions for Perl-compatible regular expressions. Description Gnumeric contains a private copy of libpcre which is subject to an integer overflow leading t...

7.5CVSS7.3AI score0.04344EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/30 12:0 a.m.•37 views

phpGroupWare: Multiple vulnerabilities

Background phpGroupWare is a multi-user groupware suite written in PHP. Description phpGroupWare improperly validates the "mid" parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disables the use of a potentially...

7.5CVSS6.5AI score0.05091EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/05/10 12:0 a.m.•37 views

HT Editor: Multiple buffer overflows

Background HT is a hex editor, designed to help analyse and modify executable files. Description Tavis Ormandy of the Gentoo Linux Security Team discovered an integer overflow in the ELF parser, leading to a heap-based buffer overflow. The vendor has reported that an unrelated buffer overflow has...

5.1CVSS7.4AI score0.02824EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/26 12:0 a.m.•37 views

Convert-UUlib: Buffer overflow

Background Convert-UUlib provides a Perl interface to the uulib library, allowing Perl applications to access data encoded in a variety of formats. Description A vulnerability has been reported in Convert-UUlib where a malformed parameter can be provided by an attacker allowing a read operation t...

7.5CVSS7AI score0.12836EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/19 12:0 a.m.•37 views

Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities

Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project. Description The following vulnerabilities were found and fixed in the Mozilla Suite and Mozilla Firefox: Vladimir V...

7.5CVSS7.5AI score0.10036EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2005/02/18 12:0 a.m.•37 views

Squid: Denial of Service through DNS responses

Background Squid is a full-featured Web proxy cache designed to run on Unix-like systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Handling of certa...

5CVSS6.3AI score0.41109EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/11 12:0 a.m.•37 views

HylaFAX: hfaxd unauthorized login vulnerability

Background HylaFAX is a software package for sending and receiving facsimile messages. Description The code used by hfaxd to match a given username and hostname with an entry in the hosts.hfaxd file is insufficiently protected against malicious entries. Impact If the HylaFAX installation uses a...

7.5CVSS1.2AI score0.01779EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/12/19 12:0 a.m.•37 views

Ethereal: Multiple vulnerabilities

Background Ethereal is a feature rich network protocol analyzer. Description There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.8, including: Bug in DICOM dissection discovered by Bing could make Ethereal crash CAN 2004-1139. An invalid RTP timestamp could make Ethereal...

5CVSS7.3AI score0.02495EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/26 12:0 a.m.•37 views

phpWebSite: HTTP response splitting vulnerability

Background phpWebSite is a web site content management system. Description Due to lack of proper input validation, phpWebSite has been found to be vulnerable to HTTP response splitting attacks. Impact A malicious user could inject arbitrary response data, leading to content spoofing, web cache...

5CVSS0.7AI score0.01604EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/10/20 12:0 a.m.•37 views

Ghostscript: Insecure temporary file use in multiple scripts

Background Ghostscript is a software package providing an interpreter for the PostScript language and the PDF file format. It also provides output drivers for various file formats and printers. Description The pj-gs.sh, ps2epsi, pv.sh and sysvlp.sh scripts create temporary files in world-writeabl...

7.2CVSS6.1AI score0.00474EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/18 12:0 a.m.•37 views

Squid: Remote DoS vulnerability

Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description A parsing error exists in t...

5CVSS6.1AI score0.1603EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/08 12:0 a.m.•37 views

ImageMagick, imlib, imlib2: BMP decoding buffer overflows

Background ImageMagick is a suite of image manipulation utilities and libraries used for a wide variety of image formats. imlib is a general image loading and rendering library. Description Due to improper bounds checking, ImageMagick and imlib are vulnerable to a buffer overflow when decoding...

7.5CVSS8AI score0.04871EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/08/22 12:0 a.m.•37 views

Qt: Image loader overflows

Background Qt is a cross-platform GUI toolkit used by KDE. Description There are several unspecified bugs in the QImage class which may cause crashes or allow execution of arbitrary code as the user running the Qt application. These bugs affect the PNG, XPM, BMP, GIF and JPEG image types. Impact ...

7.5CVSS7AI score0.14694EPSS
Exploits0
Total number of security vulnerabilities3816