Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2022/10/16 12:0 a.m.•35 views

Wireshark: Multiple Vulnerabilities

Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

9.8CVSS2.7AI score0.07885EPSS
Exploits21
Gentoo Linux
Gentoo Linux
•added 2022/09/29 12:0 a.m.•35 views

GraphicsMagick: Multiple Vulnerabilities

Background GraphicsMagick is a collection of tools and libraries which support reading, writing, and manipulating images in many major formats. Description Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details. Impact Pleas...

7.8CVSS2.5AI score0.02853EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2021/07/08 12:0 a.m.•35 views

BladeEnc: Buffer overflow

Background BladeEnc is an mp3 encoder. Description A crafted file could cause a buffer overflow in the iterationloop function in BladeEnc. Impact A remote attacker could entice a user to open a specially crafted using BladeEnc, possibly resulting in execution of arbitrary code with the privileges...

9.8CVSS2.9AI score0.03406EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/12/23 12:0 a.m.•35 views

PowerDNS Recursor: Denial of service

Background PowerDNS Recursor is a high-end, high-performance resolving name server. Description It was discovered that it was possible to update the DNSSEC validation state to a bogus state for a cached record via DNS ANY query. Impact A remote attacker could send specially crafted DNS queries to...

7.5CVSS4.9AI score0.06465EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/12/23 12:0 a.m.•35 views

libass: User-assisted execution of arbitrary code

Background libass is a portable subtitle renderer for the ASS/SSA Advanced Substation Alpha/Substation Alpha subtitle format. Description It was discovered that libass did not properly handle Advanced Substation Alpha/Substation Alpha subtitle format files. Impact A remote attacker could entice a...

8.8CVSS3.6AI score0.01789EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2020/07/27 12:0 a.m.•35 views

Thin: Privilege escalation

Background Thin is a small and fast Ruby web server. Description It was discovered that Gentoo’s Thin ebuild does not properly handle its temporary runtime directories. This only affects OpenRC systems, as the flaw was exploitable via the init script. Impact A local attacker could cause denial of...

7.2AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/07/26 12:0 a.m.•35 views

libexif: Multiple vulnerabilities

Background libexif is a library for parsing, editing and saving Exif metadata from images. Description Multiple vulnerabilities have been discovered in libexif. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.1CVSS3.1AI score0.04059EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/07/26 12:0 a.m.•35 views

fwupd, libjcat: Multiple vulnerabilities

Background fwupd aims to make updating firmware on Linux automatic, safe and reliable. libjcat is a library and tool for reading and writing Jcat files. Description Multiple vulnerabilities have been discovered in fwupd and libjcat. Please review the CVE identifiers referenced below for details...

6CVSS2.1AI score0.0049EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2020/03/25 12:0 a.m.•35 views

WeeChat: Multiple vulnerabilities

Background Wee Enhanced Environment for Chat WeeChat is a light and extensible console IRC client. Description Multiple vulnerabilities have been discovered in WeeChat. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by sending a specially crafted IRC...

9.8CVSS3.1AI score0.03684EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2019/08/15 12:0 a.m.•35 views

glibc: Multiple vulnerabilities

Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...

7.5CVSS7.5AI score0.05532EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2018/11/30 12:0 a.m.•35 views

PostgreSQL: SQL injection

Background PostgreSQL is an open source object-relational database management system. Description A vulnerability was discovered in PostgreSQL’s pgupgrade and pgdump. Impact An attacker, by enticing a user to process a specially crafted trigger definition, can execute arbitrary SQL statements wit...

9.8CVSS9.2AI score0.0515EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2018/01/11 12:0 a.m.•35 views

TigerVNC: Multiple vulnerabilities

Background TigerVNC is a high-performance VNC server/client. Description Multiple vulnerabilities have been discovered in TigerVNC. Please review the referenced CVE Identifiers for details. Impact An attacker could execute arbitrary code or cause a Denial of Service condition. Workaround There is...

8.8CVSS8.7AI score0.03179EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2018/01/11 12:0 a.m.•35 views

PySAML2: Security bypass

Background PySAML2 is a pure python implementation of SAML2 Description It was found that the PySAML2 relies on an assert statement to check the user’s password. A python optimizations might remove this assertion. Impact A remote attacker could bypass security restrictions and access any...

8.1CVSS8.1AI score0.0252EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2017/11/10 12:0 a.m.•35 views

MariaDB, MySQL: Root privilege escalation

Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description The Gentoo installation scripts before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging...

7.8CVSS7.9AI score0.00366EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2017/10/13 12:0 a.m.•35 views

Puppet Agent: Multiple vulnerabilities

Background Puppet Agent contains Puppet’s main code and all of the dependencies needed to run it, including Facter, Hiera, and bundled versions of Ruby and OpenSSL. Description Multiple vulnerabilities have been discovered in Puppet Agent. Please review the references for details. Impact A remote...

7.2CVSS7.9AI score0.02241EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2017/09/26 12:0 a.m.•35 views

libsoup: Arbitrary remote code execution

Background libsoup is an HTTP client/server library for GNOME. Description A stack based buffer overflow vulnerability was discovered in libsoup. Impact A remote attacker, by using specially crafted HTTP requests, could execute arbitrary code with the privileges of the process. Workaround There i...

9.8CVSS9.9AI score0.24337EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2016/07/20 12:0 a.m.•35 views

Bugzilla: Multiple vulnerabilities

Background Bugzilla is the bug-tracking system from the Mozilla project. Description Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact Privileged account holders could execute system level commands, and the new user...

6.5CVSS6.9AI score0.02326EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2016/03/12 12:0 a.m.•35 views

QtGui: Multiple vulnerabilities

Background QtGui is the GUI module and platform plugins for the Qt framework Description Multiple buffer overflow vulnerabilities have been discovered in QtGui. It is possible for remote attackers to construct specially crafted BMP, ICO, or GIF images that lead to buffer overflows. After...

6.8CVSS9.7AI score0.08736EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2015/06/22 12:0 a.m.•35 views

GnuTLS: Multiple vulnerabilities

Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers and external references below for details. Impact A context-dependent attacker can cause a denial of service...

7.5CVSS6.6AI score0.03921EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2015/02/25 12:0 a.m.•35 views

grep: Denial of service

Background grep is the GNU regular expression matcher. Description A heap buffer overrun has been fixed in the bmexectrans function in kwset.c. Impact A local user can cause Denial of Service. Workaround There is no known workaround at this time. Resolution All grep users should upgrade to the...

2.1CVSS9.1AI score0.00486EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2015/02/07 12:0 a.m.•35 views

nginx: Information disclosure

Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description An SSL session fixation vulnerability has been found in nginx when multiple servers use the same shared sslsessioncache or sslsessionticketkey. Impact A remote attacker may be able to obtain...

4.3CVSS6.2AI score0.05654EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/12/22 12:0 a.m.•35 views

sendmail: Information disclosure

Background sendmail is a widely-used Mail Transport Agent MTA. Description The smcloseonexec function in conf.c has arguments in the wrong order. Impact A local attacker could get access to unintended high-numbered file descriptors via a specially crafted program. Workaround There is no known...

1.9CVSS6AI score0.0063EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/12/13 12:0 a.m.•35 views

Xfig: User-assisted execution of arbitrary code

Background Xfig is an interactive drawing tool. Description A stack-based buffer overflow and a stack consumption vulnerability have been found in Xfig. Impact A remote attacker could entice a user to open a specially-crafted file, potentially resulting in arbitrary code execution or a Denial of...

6.8CVSS7.6AI score0.10603EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2014/08/29 12:0 a.m.•35 views

GNU Libtasn1: Multiple vulnerabilities

Background The ASN.1 library used in GNUTLS. Description Multiple vulnerabilities have been discovered in GNU Libtasn1. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly cause a Denial of Service condition. Workaround There is no...

7.5CVSS6.3AI score0.068EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/08/04 12:0 a.m.•35 views

Zend Framework: SQL injection

Background Zend Framework is a high quality and open source framework for developing Web Applications. Description Developers using non-ASCII-compatible encodings in conjunction with the MySQL PDO driver of PHP may be vulnerable to SQL injection attacks. Impact A remote attacker could use special...

9.8CVSS0.7AI score0.03858EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2014/07/09 12:0 a.m.•35 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

7.5CVSS7.7AI score0.23024EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2013/09/15 12:0 a.m.•35 views

Adobe Reader: Arbitrary Code Execution

Background Adobe Reader is a closed-source PDF reader. Description An unspecified vulnerability exists in Adobe Reader. Impact An attacker could execute arbitrary code or cause a Denial of Service condition. Workaround There is no known workaround at this time. Resolution All Adobe Reader users...

10CVSS7.1AI score0.78581EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2013/09/02 12:0 a.m.•35 views

Xlockmore: Denial of service

Background Xlockmore is just another screensaver application for X. Description A Denial of Service flaw was found in the way Xlockmore performed the passing of arguments to the underlying localtime call, when the ‘dlock’ mode was used. Impact A local attacker could possibly cause a Denial of...

7.5CVSS7.4AI score0.02897EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/10/18 12:0 a.m.•35 views

w3m: SSL spoofing vulnerability

Background w3m is a text based WWW browser. Description A SSL spoofing vulnerability has been discovered in w3m. Please review the CVE identifier referenced below for details. Impact A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL...

6.8CVSS6.2AI score0.01491EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/09/27 12:0 a.m.•35 views

Postfixadmin: Multiple vulnerabilities

Background Postfixadmin is a web-based management tool for Postfix-style virtual domains and users. Description Multiple SQL injection vulnerabilities CVE-2012-0811 and cross-site scripting vulnerabilities CVE-2012-0812 have been found in Postfixadmin. Impact A remote attacker could exploit these...

6.5CVSS8AI score0.01683EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2012/06/25 12:0 a.m.•35 views

sendmail: X.509 NULL spoofing vulnerability

Background sendmail is a widely-used Mail Transport Agent MTA. Description A vulnerability has been discovered in sendmail. Please review the CVE identifier referenced below for details. Impact A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on...

7.5CVSS6.2AI score0.02374EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2012/06/23 12:0 a.m.•35 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

9.3CVSS7.5AI score0.85698EPSS
Exploits11
Gentoo Linux
Gentoo Linux
•added 2012/06/21 12:0 a.m.•35 views

tftp-hpa: Remote buffer overflow

Background tftp-hpa is the port of the OpenBSD TFTP server. Description A vulnerability has been discovered in tftp-hpa. Please review the CVE identifier referenced below for details. Impact The vulnerability might allow remote attackers to execute arbitrary code. Workaround There is no known...

7.5CVSS4.1AI score0.05246EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/06/18 12:0 a.m.•35 views

ArgyllCMS: User-assisted execution of arbitrary code

Background ArgyllCMS is an ICC compatible color management system that supports accurate ICC profile creation for scanners, cameras and film recorders. Description ArgyllCMS does not properly handle ICC profiles causing a use-after-free vulnerability. Impact A remote attacker could entice a user ...

9.3CVSS7.1AI score0.04788EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/01/23 12:0 a.m.•35 views

Tor: Multiple vulnerabilities

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Multiple vulnerabilities have been discovered in Tor: When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing...

7.6CVSS8.3AI score0.03823EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2011/11/11 12:0 a.m.•35 views

phpDocumentor: Function call injection

Background The phpDocumentor package provides automatic documenting of PHP API directly from the source. Description phpDocumentor bundles Smarty with the modifier.regexreplace.php plug-in which does not properly sanitize input related to the ASCII NUL character in a search string. Impact A remot...

7.5CVSS6.4AI score0.01954EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2011/10/22 12:0 a.m.•35 views

X.Org X Server: Multiple vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description vladz reported the following vulnerabilities in the X.Org X server: The X.Org X server follows symbolic links when trying to access the lock file for a X display, showing a predictable...

1.9CVSS6.5AI score0.00605EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2010/06/01 12:0 a.m.•35 views

BIND: Multiple vulnerabilities

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Multiple cache poisoning vulnerabilities were discovered in BIND. For further information please consult the CVE entries and the ISC Security Bulletin referenced below. Note:...

7.6CVSS7.5AI score0.09363EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2010/01/14 12:0 a.m.•35 views

Ruby: Terminal Control Character Injection

Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. It comes bundled with a HTTP server "WEBrick". Description Giovanni Pellerano, Alessandro Tanasi and Francesco Ongaro reported that WEBrick does not filter terminal control characters, for instanc...

7.5CVSS6.6AI score0.15684EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/03/09 12:0 a.m.•35 views

Xerces-C++: Denial of service

Background Xerces-C++ is a validating XML parser written in a portable subset of C++. Description Frank Rast reported that the XML parser in Xerces-C++ does not correctly handle an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during the validatio...

7.8CVSS6.2AI score0.04183EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/03/09 12:0 a.m.•35 views

cURL: Arbitrary file access

Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description David Kierznowski reported that the redirect implementation accepts arbitrary Location values when CURLOPTFOLLOWLOCATION is enabled. Impact A remote attacker could possibly...

6.8CVSS2.3AI score0.07812EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/03/09 12:0 a.m.•35 views

Real VNC: User-assisted execution of arbitrary code

Background Real VNC is a remote desktop viewer display system. Description An unspecified vulnerability has been discovered int the CMsgReader::readRect function in the VNC Viewer component, related to the encoding type of RFB protocol data. Impact A remote attacker could entice a user to connect...

10CVSS7AI score0.04052EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/01/20 12:0 a.m.•35 views

Pidgin: Multiple vulnerabilities

Background Pidgin formerly Gaim is an instant messaging client for a variety of instant messaging protocols. It is based on the libpurple instant messaging library. Description Multiple vulnerabilities have been discovered in Pidgin and the libpurple library: A participant to the TippingPoint ZDI...

6.8CVSS8.6AI score0.07258EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/01/11 12:0 a.m.•35 views

D-Bus: Denial of service

Background D-Bus is a daemon providing a framework for applications to communicate with one another. Description schelte reported that the dbussignaturevalidate function can trigger a failed assertion when processing a message containing a malformed signature. Impact A local user could send a...

2.1CVSS5.6AI score0.04623EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2008/12/02 12:0 a.m.•35 views

enscript: User-assisted execution of arbitrary code

Background enscript is a powerful ASCII to PostScript file converter. Description Two stack-based buffer overflows in the readspecialescape function in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research discovered a vulnerability related to the "setfilename" command CVE-2008-3863,...

9.3CVSS7.1AI score0.08358EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/12/02 12:0 a.m.•35 views

OptiPNG: User-assisted execution of arbitrary code

Background OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Description A buffer overflow in the BMP reader in OptiPNG has been reported. Impact A remote attacker could entice a user to process a specially crafted BMP image, possibly...

9.3CVSS7.3AI score0.04023EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/07/07 12:0 a.m.•35 views

PCRE: Buffer overflow

Background PCRE is a Perl-compatible regular expression library. GLib includes a copy of PCRE. Description Tavis Ormandy of the Google Security team reported a heap-based buffer overflow when compiling regular expression patterns containing "Internal Option Settings" such as "?i ". Impact A remot...

7.5CVSS9.2AI score0.06726EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2008/06/14 12:0 a.m.•35 views

rdesktop: Multiple vulnerabilities

Background rdesktop is an open source Remote Desktop Protocol RDP client. Description An anonymous researcher reported multiple vulnerabilities in rdesktop via iDefense Labs: An integer underflow error exists in the function isorecvmsg in the file iso.c which can be triggered via a specially...

9.3CVSS10AI score0.13128EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2008/05/29 12:0 a.m.•35 views

Samba: Heap-based buffer overflow

Background Samba is a suite of SMB and CIFS client/server programs. Description Alin Rad Pop Secunia Research reported a vulnerability in Samba within the receivesmbraw function in the file lib/utilsock.c when parsing SMB packets, possibly leading to a heap-based buffer overflow via an overly lar...

7.5CVSS7AI score0.69085EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/05/20 12:0 a.m.•35 views

ClamAV: Multiple vulnerabilities

Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities have been reported: Damian Put reported a heap-based buffer overflow when processing PeSpin packed PE binaries CVE-2008-0314. Alin Rad Po...

10CVSS8.2AI score0.10858EPSS
Exploits6
Total number of security vulnerabilities3816