Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2010/06/02 12:0 a.m.•36 views

Smarty: Multiple vulnerabilities

Background Smarty is a template engine for PHP. Description Multiple vulnerabilities have been discovered in Smarty: The vendor reported that the modifier.regexreplace.php plug-in contains an input sanitation flaw related to the ASCII NUL character CVE-2008-1066. The vendor reported that the...

10CVSS8.3AI score0.14117EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2010/06/01 12:0 a.m.•36 views

BIND: Multiple vulnerabilities

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Multiple cache poisoning vulnerabilities were discovered in BIND. For further information please consult the CVE entries and the ISC Security Bulletin referenced below. Note:...

7.6CVSS7.5AI score0.09363EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2010/01/14 12:0 a.m.•36 views

Ruby: Terminal Control Character Injection

Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. It comes bundled with a HTTP server "WEBrick". Description Giovanni Pellerano, Alessandro Tanasi and Francesco Ongaro reported that WEBrick does not filter terminal control characters, for instanc...

7.5CVSS6.6AI score0.15684EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/03/09 12:0 a.m.•36 views

PyCrypto: Execution of arbitrary code

Background PyCrypto is the Python Cryptography Toolkit. Description Mike Wiacek of the Google Security Team reported a buffer overflow in the ARC2 module when processing a large ARC2 key length. Impact A remote attacker could entice a user or automated system to decrypt an ARC2 stream in an...

10CVSS5.6AI score0.11523EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/03/09 12:0 a.m.•36 views

Real VNC: User-assisted execution of arbitrary code

Background Real VNC is a remote desktop viewer display system. Description An unspecified vulnerability has been discovered int the CMsgReader::readRect function in the VNC Viewer component, related to the encoding type of RFB protocol data. Impact A remote attacker could entice a user to connect...

10CVSS7AI score0.04052EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/03/09 12:0 a.m.•36 views

cURL: Arbitrary file access

Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description David Kierznowski reported that the redirect implementation accepts arbitrary Location values when CURLOPTFOLLOWLOCATION is enabled. Impact A remote attacker could possibly...

6.8CVSS2.3AI score0.07812EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/01/11 12:0 a.m.•36 views

D-Bus: Denial of service

Background D-Bus is a daemon providing a framework for applications to communicate with one another. Description schelte reported that the dbussignaturevalidate function can trigger a failed assertion when processing a message containing a malformed signature. Impact A local user could send a...

2.1CVSS5.6AI score0.04623EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2008/08/09 12:0 a.m.•36 views

Adobe Reader: User-assisted execution of arbitrary code

Background Adobe Reader formerly Adobe Acrobat Reader is a closed-source PDF reader. Description The Johns Hopkins University Applied Physics Laboratory reported that input to an unspecified JavaScript method is not properly validated. Impact A remote attacker could entice a user to open a...

10CVSS6.9AI score0.2219EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/06/23 12:0 a.m.•36 views

libvorbis: Multiple vulnerabilities

Background libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Description Will Drewry of the Google Security Team reported multiple vulnerabilities in libvorbis: A zero value for "codebook.dim" ...

9.3CVSS10AI score0.08126EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/06/14 12:0 a.m.•36 views

rdesktop: Multiple vulnerabilities

Background rdesktop is an open source Remote Desktop Protocol RDP client. Description An anonymous researcher reported multiple vulnerabilities in rdesktop via iDefense Labs: An integer underflow error exists in the function isorecvmsg in the file iso.c which can be triggered via a specially...

9.3CVSS10AI score0.13128EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2008/05/29 12:0 a.m.•36 views

Samba: Heap-based buffer overflow

Background Samba is a suite of SMB and CIFS client/server programs. Description Alin Rad Pop Secunia Research reported a vulnerability in Samba within the receivesmbraw function in the file lib/utilsock.c when parsing SMB packets, possibly leading to a heap-based buffer overflow via an overly lar...

7.5CVSS7AI score0.69085EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/05/20 12:0 a.m.•36 views

ClamAV: Multiple vulnerabilities

Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities have been reported: Damian Put reported a heap-based buffer overflow when processing PeSpin packed PE binaries CVE-2008-0314. Alin Rad Po...

10CVSS8.2AI score0.10858EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2008/04/10 12:0 a.m.•36 views

am-utils: Insecure temporary file creation

Background am-utils is a collection of utilities for use with the Berkeley Automounter. Description Tavis Ormandy discovered that, when creating temporary files, the 'expn' utility does not check whether the file already exists. Impact A local attacker could exploit the vulnerability via a symlin...

7.2CVSS6.3AI score0.00514EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/03/18 12:0 a.m.•36 views

Dovecot: Multiple vulnerabilities

Background Dovecot is a lightweight, fast and easy to configure IMAP and POP3 mail server. Description Dovecot uses the group configured via the "mailextragroups" setting, which should be used to create lockfiles in the /var/mail directory, when accessing arbitrary files CVE-2008-1199. Dovecot do...

6.8CVSS6.7AI score0.07342EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2008/03/13 12:0 a.m.•36 views

LIVE555 Media Server: Denial of service

Background LIVE555 Media Server is a set of libraries for multimedia streaming. Description Luigi Auriemma reported a signedness error in the parseRTSPRequestString function when processing short RTSP queries. Impact A remote attacker could send a specially crafted RTSP query to the vulnerable...

7.1CVSS6.3AI score0.04412EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/03/05 12:0 a.m.•37 views

lighttpd: Multiple vulnerabilities

Background lighttpd is a lightweight high-performance web server. Description lighttpd contains a calculation error when allocating the global file descriptor array CVE-2008-0983. Furthermore, it sends the source of a CGI script instead of returning a 500 error Internal Server Error when the fork...

5CVSS6.7AI score0.02312EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/03/03 12:0 a.m.•36 views

SWORD: Shell command injection

Background SWORD is a library for Bible study software. Description Dan Dennison reported that the diatheke.pl script used in SWORD does not properly sanitize shell meta-characters in the "range" parameter before processing it. Impact A remote attacker could provide specially crafted input to a...

7.5CVSS6.8AI score0.02901EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/11/12 12:0 a.m.•36 views

CUPS: Memory corruption

Background CUPS provides a portable printing layer for UNIX-based operating systems. Description Alin Rad Pop Secunia Research discovered an off-by-one error in the ippReadIO function when handling Internet Printing Protocol IPP tags that might allow to overwrite one byte on the stack. Impact A...

10CVSS9.3AI score0.07377EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/08/19 12:0 a.m.•36 views

NVIDIA drivers: Denial of service

Background The NVIDIA drivers provide support for NVIDIA graphic boards. Description Gregory Shikhman discovered that the default Gentoo setup of NVIDIA drivers creates the /dev/nvidia with insecure file permissions. Impact A local attacker could send arbitrary values into the devices, possibly...

7.2CVSS6.4AI score0.00376EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/06/26 12:0 a.m.•36 views

emul-linux-x86-java: Multiple vulnerabilities

Background emul-linux-x86-java is the 32 bit version of the Sun's J2SE Development Kit. Description Chris Evans of the Google Security Team has discovered an integer overflow in the ICC parser, and another vulnerability in the BMP parser. An unspecified vulnerability involving an "incorrect use o...

10CVSS7.3AI score0.18185EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/03/16 12:0 a.m.•36 views

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description PostgreSQL does not correctly check the data types of the SQL function arguments under unspecified circumstances nor the format of the provided tables in the query planner. Impact A remote...

8.5CVSS6.8AI score0.04693EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/03/02 12:0 a.m.•36 views

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects Mozilla Firefox 2 only. Various researchers reported some errors in the JavaScript engine potentiall...

9.3CVSS7.1AI score0.12144EPSS
Exploits10
Gentoo Linux
Gentoo Linux
•added 2007/01/22 12:0 a.m.•36 views

Fetchmail: Denial of Service and password disclosure

Background Fetchmail is a remote mail retrieval and forwarding utility. Description Neil Hoggarth has discovered that when delivering messages to a message delivery agent by means of the "mda" option, Fetchmail passes a NULL pointer to the ferror and fflush functions when refusing a message. Isaa...

7.8CVSS6.5AI score0.04255EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/01/04 12:0 a.m.•36 views

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla Project. Description Georgi Guninski and David Bienvenu discovered buffer overflows in the processing of long "Content-Type:" and long non-ASCII MIME headers. Additionally, Frederik Reiss discovered a heap-based...

7.1CVSS7.5AI score0.08288EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/12/20 12:0 a.m.•36 views

imlib2: Multiple vulnerabilities

Background imlib2 is an advanced replacement for image manipulation libraries such as libXpm. It is utilized by numerous programs, including gkrellm and several window managers, to display images. Description M. Joonas Pihlaja discovered several buffer overflows in loaderargb.c, loaderpng.c,...

5.1CVSS7AI score0.04205EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/12/10 12:0 a.m.•36 views

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Mozilla Firefox improperly handles Script objects while they are being executed. Mozilla Firefox has also been found to be vulnerable to various possible buffer overflows. Lastly, the binary...

7.5CVSS7.7AI score0.05531EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/10/17 12:0 a.m.•36 views

Mozilla Network Security Service (NSS): RSA signature forgery

Background The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Daniel Bleichenbacher discovered that it might be possible to forge signatures signed by RSA keys with th...

4.3CVSS7.2AI score0.04894EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/09/26 12:0 a.m.•36 views

ImageMagick: Multiple Vulnerabilities

Background ImageMagick is a free software suite to manipulate, convert, and create many image formats. Description Tavis Ormandy of the Google Security Team discovered a stack and heap buffer overflow in the GIMP XCF Image decoder and multiple heap and integer overflows in the SUN bitmap decoder...

5.1CVSS7.3AI score0.10211EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/09/19 12:0 a.m.•36 views

Mailman: Multiple vulnerabilities

Background Mailman is a Python based mailing list server with an extensive web interface. Description Mailman fails to properly handle standards-breaking RFC 2231 formatted headers. Furthermore, Moritz Naumann discovered several XSS vulnerabilities and a log file injection. Impact An attacker cou...

6.8CVSS6.9AI score0.06425EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/09/14 12:0 a.m.•36 views

DokuWiki: Arbitrary command execution

Background DokuWiki is a wiki targeted at developer teams, workgroups and small companies. It does not use a database backend. Description "rgod" discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR HTTP header, allowing the injection of arbitrary contents - such as PHP commands - into a...

7.5CVSS7.5AI score0.01939EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2006/09/13 12:0 a.m.•36 views

LibXfont, monolithic X.org: Multiple integer overflows

Background libXfont is the X.Org Xfont library, some parts are based on the FreeType code base. Description Several integer overflows have been found in the CID font parser. Impact A remote attacker could exploit this vulnerability by enticing a user to load a malicious font file resulting in the...

7.2CVSS7.1AI score0.00576EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/29 12:0 a.m.•36 views

PHP: Arbitary code execution

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description The sscanf PHP function contains an array boundary error that can be exploited to dereference a null pointer. This can possibly allow the...

4.6CVSS7.1AI score0.02011EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/08/29 12:0 a.m.•36 views

Motor: Execution of arbitrary code

Background Motor is a text mode based programming environment for Linux, with a syntax highlighting feature, project manager, makefile generator, gcc and gdb front-end, and CVS integration. Description In November 2005, Zone-H Research reported a boundary error in the ktools library in the...

7.5CVSS7.2AI score0.05161EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/03 12:0 a.m.•36 views

Mozilla SeaMonkey: Multiple vulnerabilities

Background The Mozilla SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as "Mozilla Application Suite". Description The following vulnerabilities have been reported: Benjamin Smedberg discovered that chrome URL's...

7.5CVSS7.5AI score0.78359EPSS
Exploits11
Gentoo Linux
Gentoo Linux
•added 2006/05/07 12:0 a.m.•36 views

Nagios: Buffer overflow

Background Nagios is an open source host, service and network monitoring program. Description Sebastian Krahmer of the SuSE security team discovered a buffer overflow vulnerability in the handling of a negative HTTP Content-Length header. Impact A buffer overflow in Nagios CGI scripts under certa...

7.5CVSS7.7AI score0.05431EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/04/21 12:0 a.m.•36 views

zgv, xzgv: Heap overflow

Background xzgv and zgv are picture viewing utilities with a thumbnail based file selector. Description Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space...

7.5CVSS6.9AI score0.04073EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/03/04 12:0 a.m.•36 views

WordPress: SQL injection vulnerability

Background WordPress is a PHP and MySQL based content management and publishing system. Description Patrik Karlsson reported that WordPress 1.5.2 makes use of an insufficiently filtered User Agent string in SQL queries related to comments posting. This vulnerability was already fixed in the...

7.5CVSS7.3AI score0.02907EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/01/13 12:0 a.m.•36 views

Blender: Heap-based buffer overflow

Background Blender is an open source software for 3D modeling, animation, rendering, post-production, interactive creation and playback. Description Damian Put has reported a flaw due to an integer overflow in the "getbhead" function, leading to a heap overflow when processing malformed ".blend"...

7.5CVSS7.2AI score0.05787EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/12/16 12:0 a.m.•36 views

Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities

Background Xpdf and GPdf are PDF file viewers that run under the X Window System. Poppler is a PDF rendering library based on Xpdf code. The Common UNIX Printing System CUPS is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. Description infamous41md discovered that...

7.5CVSS7.2AI score0.0614EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/28 12:0 a.m.•36 views

chmlib, KchmViewer: Stack-based buffer overflow

Background chmlib is a library for dealing with Microsoft ITSS and CHM format files. KchmViewer is a CHM viewer that includes its own copy of the chmlib library. Description Sven Tantau reported about a buffer overflow vulnerability in chmlib. The function "chmdecompressblock" does not properly...

5.1CVSS7.4AI score0.03778EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/08 12:0 a.m.•36 views

Weex: Format string vulnerability

Background Weex is a non-interactive FTP client typically used to update web pages. Description Ulf Harnhammar discovered a format string bug in Weex that can be triggered when it is first run or when its cache files are rebuilt, using the -r option. Impact An attacker could setup a malicious FTP...

7.5CVSS6.8AI score0.02635EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/12 12:0 a.m.•36 views

Python: Heap overflow in the included PCRE library

Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. The "re" Python module provides regular expression functions. Description The "re" Python module makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap...

7.5CVSS7.3AI score0.04344EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/27 12:0 a.m.•36 views

GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu library

Background GNU Gadu, CenterICQ, Kadu and EKG are instant messaging applications created to support Gadu Gadu instant messaging protocol. libgadu is a library that implements the client side of the Gadu-Gadu protocol. Description GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an...

7.5CVSS7.4AI score0.04703EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/25 12:0 a.m.•36 views

Kopete: Vulnerability in included Gadu library

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kopete also part of kdenetwork is the KDE Instant Messenger. Description Kopete contains an internal copy of libgadu and is therefore subject to several input validation vulnerabilities in...

7.5CVSS7.3AI score0.04703EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/11 12:0 a.m.•36 views

Adobe Acrobat Reader: Buffer overflow vulnerability

Background Adobe Acrobat Reader is a utility used to view PDF files. Description A buffer overflow has been discovered in the UnixAppOpenFilePerform function, which is called when Adobe Acrobat Reader tries to open a file with the "\Filespec" tag. Impact By enticing a user to open a specially...

5CVSS7.2AI score0.0458EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/20 12:0 a.m.•36 views

cpio: Directory traversal vulnerability

Background cpio is a file archival tool which can also read and write tar files. Description A vulnerability has been found in cpio that can potentially allow a cpio archive to extract its files to an arbitrary directory of the creator's choice. Impact An attacker could create a malicious cpio...

4.7CVSS6.3AI score0.00311EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/06 12:0 a.m.•36 views

Wordpress: Multiple vulnerabilities

Background WordPress is a PHP and MySQL based content management and publishing system. Description Due to a lack of input validation, WordPress is vulnerable to SQL injection and XSS attacks. Impact An attacker could use the SQL injection vulnerabilities to gain information from the database...

7.5CVSS7.3AI score0.03139EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/30 12:0 a.m.•36 views

phpMyAdmin: Insecure SQL script installation

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. phpMyAdmin uses a pma MySQL user to control the linked-tables infrastructure. The SQL install script sets the initial password for the pma user. Description The phpMyAdmin...

4.6CVSS6.4AI score0.0036EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/28 12:0 a.m.•36 views

Heimdal: Buffer overflow vulnerabilities

Background Heimdal is a free implementation of Kerberos 5 that includes a telnet client program. Description Buffer overflow vulnerabilities in the slcaddreply and envoptadd functions have been discovered by Gael Delalleau in the telnet client in Heimdal. Impact Successful exploitation would...

7.5CVSS7.4AI score0.27073EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/25 12:0 a.m.•36 views

eGroupWare: XSS and SQL injection vulnerabilities

Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description Multiple SQL injection and cross-site scripting vulnerabilities have been found in several eGroupWare modules. Impact An attacker could possibly use the SQL injectio...

7.5CVSS7.8AI score0.03202EPSS
Exploits2
Total number of security vulnerabilities3816