Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2006/08/29 12:0 a.m.•36 views

PHP: Arbitary code execution

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description The sscanf PHP function contains an array boundary error that can be exploited to dereference a null pointer. This can possibly allow the...

4.6CVSS7.1AI score0.02011EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/08/29 12:0 a.m.•36 views

Motor: Execution of arbitrary code

Background Motor is a text mode based programming environment for Linux, with a syntax highlighting feature, project manager, makefile generator, gcc and gdb front-end, and CVS integration. Description In November 2005, Zone-H Research reported a boundary error in the ktools library in the...

7.5CVSS7.2AI score0.05161EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/03 12:0 a.m.•36 views

Mozilla SeaMonkey: Multiple vulnerabilities

Background The Mozilla SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as "Mozilla Application Suite". Description The following vulnerabilities have been reported: Benjamin Smedberg discovered that chrome URL's...

7.5CVSS7.5AI score0.78359EPSS
Exploits11
Gentoo Linux
Gentoo Linux
•added 2006/05/07 12:0 a.m.•36 views

Nagios: Buffer overflow

Background Nagios is an open source host, service and network monitoring program. Description Sebastian Krahmer of the SuSE security team discovered a buffer overflow vulnerability in the handling of a negative HTTP Content-Length header. Impact A buffer overflow in Nagios CGI scripts under certa...

7.5CVSS7.7AI score0.05431EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/04/21 12:0 a.m.•36 views

zgv, xzgv: Heap overflow

Background xzgv and zgv are picture viewing utilities with a thumbnail based file selector. Description Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space...

7.5CVSS6.9AI score0.04073EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/03/04 12:0 a.m.•36 views

WordPress: SQL injection vulnerability

Background WordPress is a PHP and MySQL based content management and publishing system. Description Patrik Karlsson reported that WordPress 1.5.2 makes use of an insufficiently filtered User Agent string in SQL queries related to comments posting. This vulnerability was already fixed in the...

7.5CVSS7.3AI score0.02907EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/01/13 12:0 a.m.•36 views

Blender: Heap-based buffer overflow

Background Blender is an open source software for 3D modeling, animation, rendering, post-production, interactive creation and playback. Description Damian Put has reported a flaw due to an integer overflow in the "getbhead" function, leading to a heap overflow when processing malformed ".blend"...

7.5CVSS7.2AI score0.05787EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/12/16 12:0 a.m.•36 views

Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities

Background Xpdf and GPdf are PDF file viewers that run under the X Window System. Poppler is a PDF rendering library based on Xpdf code. The Common UNIX Printing System CUPS is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. Description infamous41md discovered that...

7.5CVSS7.2AI score0.0614EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/28 12:0 a.m.•36 views

chmlib, KchmViewer: Stack-based buffer overflow

Background chmlib is a library for dealing with Microsoft ITSS and CHM format files. KchmViewer is a CHM viewer that includes its own copy of the chmlib library. Description Sven Tantau reported about a buffer overflow vulnerability in chmlib. The function "chmdecompressblock" does not properly...

5.1CVSS7.4AI score0.03778EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/08 12:0 a.m.•36 views

Weex: Format string vulnerability

Background Weex is a non-interactive FTP client typically used to update web pages. Description Ulf Harnhammar discovered a format string bug in Weex that can be triggered when it is first run or when its cache files are rebuilt, using the -r option. Impact An attacker could setup a malicious FTP...

7.5CVSS6.8AI score0.02635EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/12 12:0 a.m.•36 views

Python: Heap overflow in the included PCRE library

Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. The "re" Python module provides regular expression functions. Description The "re" Python module makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap...

7.5CVSS7.3AI score0.04344EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/27 12:0 a.m.•36 views

GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu library

Background GNU Gadu, CenterICQ, Kadu and EKG are instant messaging applications created to support Gadu Gadu instant messaging protocol. libgadu is a library that implements the client side of the Gadu-Gadu protocol. Description GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an...

7.5CVSS7.4AI score0.04703EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/11 12:0 a.m.•36 views

Adobe Acrobat Reader: Buffer overflow vulnerability

Background Adobe Acrobat Reader is a utility used to view PDF files. Description A buffer overflow has been discovered in the UnixAppOpenFilePerform function, which is called when Adobe Acrobat Reader tries to open a file with the "\Filespec" tag. Impact By enticing a user to open a specially...

5CVSS7.2AI score0.0458EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/20 12:0 a.m.•36 views

cpio: Directory traversal vulnerability

Background cpio is a file archival tool which can also read and write tar files. Description A vulnerability has been found in cpio that can potentially allow a cpio archive to extract its files to an arbitrary directory of the creator's choice. Impact An attacker could create a malicious cpio...

4.7CVSS6.3AI score0.00311EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/06 12:0 a.m.•36 views

Wordpress: Multiple vulnerabilities

Background WordPress is a PHP and MySQL based content management and publishing system. Description Due to a lack of input validation, WordPress is vulnerable to SQL injection and XSS attacks. Impact An attacker could use the SQL injection vulnerabilities to gain information from the database...

7.5CVSS7.3AI score0.03139EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/30 12:0 a.m.•36 views

phpMyAdmin: Insecure SQL script installation

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. phpMyAdmin uses a pma MySQL user to control the linked-tables infrastructure. The SQL install script sets the initial password for the pma user. Description The phpMyAdmin...

4.6CVSS6.4AI score0.0036EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/28 12:0 a.m.•36 views

Heimdal: Buffer overflow vulnerabilities

Background Heimdal is a free implementation of Kerberos 5 that includes a telnet client program. Description Buffer overflow vulnerabilities in the slcaddreply and envoptadd functions have been discovered by Gael Delalleau in the telnet client in Heimdal. Impact Successful exploitation would...

7.5CVSS7.4AI score0.27073EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/25 12:0 a.m.•36 views

eGroupWare: XSS and SQL injection vulnerabilities

Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description Multiple SQL injection and cross-site scripting vulnerabilities have been found in several eGroupWare modules. Impact An attacker could possibly use the SQL injectio...

7.5CVSS7.8AI score0.03202EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2005/04/19 12:0 a.m.•36 views

Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities

Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project. Description The following vulnerabilities were found and fixed in the Mozilla Suite and Mozilla Firefox: Vladimir V...

7.5CVSS7.5AI score0.10036EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2005/04/15 12:0 a.m.•36 views

monkeyd: Multiple vulnerabilities

Background monkeyd is a fast, efficient, small and easy to configure web server for Linux. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a double expansion error in monkeyd, resulting in a format string vulnerability. Ciaran McCreesh of Gentoo Linux discovered a...

7.5CVSS7AI score0.02688EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/31 12:0 a.m.•36 views

netkit-telnetd: Buffer overflow

Background netkit-telnetd provides standard Linux telnet client and server. Description A buffer overflow has been identified in the slcaddreply function of netkit-telnetd client, where a large number of SLC commands can overflow a fixed size buffer. Impact Successful explotation would require a...

7.5CVSS7.3AI score0.08635EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/12 12:0 a.m.•36 views

X.org: libXpm vulnerability

Background libXpm is a pixmap manipulation library for the X Window System, included in X.org. Description Chris Gilbert has discovered potentially exploitable buffer overflow cases in libXpm that weren't fixed in previous libXpm versions. Impact A carefully-crafted XPM file could crash X.org,...

7.5CVSS7.4AI score0.04507EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/07 12:0 a.m.•36 views

KDE dcopidlng: Insecure temporary file creation

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism. dcopidlng is a DCOP helper script. Description Davide Madrisan has discovered that the dcopidlng script creates temporary files in a world-writable...

2.1CVSS6.1AI score0.00412EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/25 12:0 a.m.•36 views

cmd5checkpw: Local password leak vulnerability

Background cmd5checkpw is a checkpassword compatible authentication program that uses CRAM-MD5 authentication mode. Description Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp, so the invoked program retains the...

2.1CVSS6.6AI score0.00318EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/22 12:0 a.m.•36 views

Mailman: Cross-site scripting vulnerability

Background Mailman is a Python-based mailing list server with an extensive web interface. Description Florian Weimer has discovered a cross-site scripting vulnerability in the error messages that are produced by Mailman. Impact By enticing a user to visiting a specially-crafted URL, an attacker c...

4.3CVSS3.6AI score0.01782EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/12 12:0 a.m.•36 views

Exim: Two buffer overflows

Background Exim is an highly configurable message transfer agent MTA developed at the University of Cambridge. Description Buffer overflows have been found in the hostaton function CAN-2005-0021 as well as in the spabase64tobits function CAN-2005-0022, which is part of the SPA authentication code...

7.2CVSS7.2AI score0.02618EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/01/10 12:0 a.m.•36 views

pdftohtml: Vulnerabilities in included Xpdf

Background pdftohtml is a utility to convert PDF files to HTML or XML formats. It makes use of Xpdf code to decode PDF files. Description Xpdf is vulnerable to integer overflows, as described in GLSA 200412-24. Impact An attacker could entice a user to convert a specially-crafted PDF file,...

9.3CVSS2.5AI score0.06576EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/24 12:0 a.m.•36 views

Gaim: Multiple vulnerabilities

Background Gaim is a full featured instant messaging client which handls a variety of instant messaging protocols. Description A possible buffer overflow exists in the code processing MSN SLP messages CAN-2004-0891. memcpy was used without validating the size of the buffer, and an incorrect buffe...

10CVSS7.6AI score0.06862EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/20 12:0 a.m.•36 views

Ghostscript: Insecure temporary file use in multiple scripts

Background Ghostscript is a software package providing an interpreter for the PostScript language and the PDF file format. It also provides output drivers for various file formats and printers. Description The pj-gs.sh, ps2epsi, pv.sh and sysvlp.sh scripts create temporary files in world-writeabl...

7.2CVSS6.1AI score0.00474EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/18 12:0 a.m.•36 views

Squid: Remote DoS vulnerability

Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description A parsing error exists in t...

5CVSS6.1AI score0.1603EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/21 12:0 a.m.•36 views

GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities

Background GTK+ GIMP Toolkit + is a toolkit for creating graphical user interfaces. The GdkPixbuf library provides facilities for image handling. It is available as a standalone library as well as shipped with GTK+ 2. Description A vulnerability has been discovered in the BMP image preprocessor...

7.5CVSS7.1AI score0.09434EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/08/15 12:0 a.m.•36 views

Tomcat: Insecure installation

Background Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages. Description The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init scripts as tomcat:tomcat, but those scripts are executed with root privileges when the system is started...

7.2CVSS4AI score0.0044EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/06/10 12:0 a.m.•36 views

CVS: additional DoS and arbitrary code execution vulnerabilities

Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description A team audit of the CVS source code performed by Stefan Esser and Sebastian Krahmer resulted in the discovery of several remotely...

10CVSS7.4AI score0.13206EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/05/09 12:0 a.m.•36 views

Multiple format string vulnerabilities in neon 0.24.4 and earlier

Background neon provides an HTTP and WebDAV client library. Description There are multiple format string vulnerabilities in libneon which may allow a malicious WebDAV server to execute arbitrary code under the context of the process using libneon. Impact An attacker may be able to execute arbitra...

6.8CVSS7.3AI score0.11056EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/08/12 12:0 a.m.•35 views

PHP: Multiple Vulnerabilities

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact Please review th...

9.8CVSS7.4AI score0.99987EPSS
Exploits74
Gentoo Linux
Gentoo Linux
•added 2024/08/10 12:0 a.m.•35 views

GPAC: Multiple Vulnerabilities

Background GPAC is an implementation of the MPEG-4 Systems standard developed from scratch in ANSI C. Description Multiple vulnerabilities have been discovered in GPAC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.8CVSS7.7AI score0.04615EPSS
Exploits208
Gentoo Linux
Gentoo Linux
•added 2024/06/22 12:0 a.m.•35 views

Flatpak: Sandbox Escape

Background Flatpak is a Linux application sandboxing and distribution framework. Description A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details. Impact A malicious or compromised Flatpak app could execute arbitrary code outside its sandbo...

8.4CVSS7.7AI score0.00512EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/02/19 12:0 a.m.•35 views

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

8.8CVSS10AI score0.02155EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2023/12/22 12:0 a.m.•35 views

libssh: Multiple Vulnerabilities

Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

6.5CVSS7.7AI score0.04683EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2023/11/26 12:0 a.m.•35 views

Open vSwitch: Multiple Vulnerabilities

Background Open vSwitch is a production quality multilayer virtual switch. Description Multiple vulnerabilities have been discovered in Open vSwitch. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There i...

9.8CVSS7.7AI score0.08026EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2023/11/26 12:0 a.m.•35 views

phpMyAdmin: Multiple Vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers...

7.5CVSS7.4AI score0.07936EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2023/11/25 12:0 a.m.•35 views

AIDE: Root Privilege Escalation

Background AIDE Advanced Intrusion Detection Environment is a file and directory integrity checker. It creates a database from the regular expression rules that it finds from the config files. Once this database is initialized it can be used to verify the integrity of the files. It has several...

7.8CVSS6.9AI score0.00493EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2023/11/01 12:0 a.m.•35 views

GitPython: Code Execution via Crafted Input

Background GitPython is a Python library used to interact with Git repositories. Description Please review the CVE identifier referenced below for details. Impact An attacker may be able to trigger Remote Code Execution RCE due to improper user input validation, which makes it possible to inject ...

9.8CVSS9.8AI score0.05378EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2023/09/29 12:0 a.m.•35 views

Fish: User-assisted execution of arbitrary code

Background Smart and user-friendly command line shell for macOS, Linux, and the rest of the family. It includes features like syntax highlighting, autosuggest-as-you-type, and fancy tab completions that just work, with no configuration required. Description A vulnerability have been discovered in...

7.8CVSS7.7AI score0.01417EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2023/05/30 12:0 a.m.•35 views

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

8.8CVSS7.5AI score0.00952EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2022/12/19 12:0 a.m.•35 views

LibreOffice: Arbitrary Code Execution

Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description LibreOffice links using the vnd.libreoffice.command scheme could be constructed to call internal macros with arbitrary arguments. Which...

6.3CVSS5AI score0.04354EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2022/11/22 12:0 a.m.•35 views

sudo: Heap-Based Buffer Overread

Background sudo allows a system administrator to give users the ability to run commands as other users. Description In certain password input handling, sudo incorrectly assumes the password input is at least nine bytes in size, leading to a heap buffer overread. Impact In the worst case, the heap...

7.1CVSS2.2AI score0.00271EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2022/10/31 12:0 a.m.•35 views

Net-SNMP: Multiple Vulnerabilities

Background Net-SNMP is a suite of applications used to implement the Simple Network Management Protocol. Description Multiple vulnerabilities have been discovered in Net-SNMP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

8.8CVSS2.8AI score0.01299EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2022/10/31 12:0 a.m.•35 views

X.Org X server, XWayland: Multiple Vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

7.8CVSS3.2AI score0.00573EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2022/10/31 12:0 a.m.•35 views

Apptainer: Lack of Digital Signature Hash Verification

Background Apptainer is the container system for secure high-performance computing. Description The Go module "sif" version 2.8.0 and older, which is a statically linked dependency of Apptainer, does not verify that the hash algorithms used are cryptographically secure when verifying digital...

9.8CVSS1.3AI score0.00477EPSS
Exploits0
Total number of security vulnerabilities3816