Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2006/09/26 12:0 a.m.•36 views

ImageMagick: Multiple Vulnerabilities

Background ImageMagick is a free software suite to manipulate, convert, and create many image formats. Description Tavis Ormandy of the Google Security Team discovered a stack and heap buffer overflow in the GIMP XCF Image decoder and multiple heap and integer overflows in the SUN bitmap decoder...

5.1CVSS7.3AI score0.10211EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/09/14 12:0 a.m.•36 views

DokuWiki: Arbitrary command execution

Background DokuWiki is a wiki targeted at developer teams, workgroups and small companies. It does not use a database backend. Description "rgod" discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR HTTP header, allowing the injection of arbitrary contents - such as PHP commands - into a...

7.5CVSS7.5AI score0.01939EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2006/09/13 12:0 a.m.•36 views

LibXfont, monolithic X.org: Multiple integer overflows

Background libXfont is the X.Org Xfont library, some parts are based on the FreeType code base. Description Several integer overflows have been found in the CID font parser. Impact A remote attacker could exploit this vulnerability by enticing a user to load a malicious font file resulting in the...

7.2CVSS7.1AI score0.00576EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/29 12:0 a.m.•36 views

PHP: Arbitary code execution

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description The sscanf PHP function contains an array boundary error that can be exploited to dereference a null pointer. This can possibly allow the...

4.6CVSS7.1AI score0.02011EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/08/29 12:0 a.m.•36 views

Motor: Execution of arbitrary code

Background Motor is a text mode based programming environment for Linux, with a syntax highlighting feature, project manager, makefile generator, gcc and gdb front-end, and CVS integration. Description In November 2005, Zone-H Research reported a boundary error in the ktools library in the...

7.5CVSS7.2AI score0.05161EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/23 12:0 a.m.•36 views

fbida: Arbitrary command execution

Background fbida is a collection of image viewers and editors for the framebuffer console and X11. fbgs is a PostScript and PDF viewer for the linux framebuffer console. Description Toth Andras has discovered a typographic mistake in the "fbgs" script, shipped with fbida if the "fbcon" and "pdf"...

5.1CVSS6.7AI score0.01727EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/05/07 12:0 a.m.•36 views

Nagios: Buffer overflow

Background Nagios is an open source host, service and network monitoring program. Description Sebastian Krahmer of the SuSE security team discovered a buffer overflow vulnerability in the handling of a negative HTTP Content-Length header. Impact A buffer overflow in Nagios CGI scripts under certa...

7.5CVSS7.7AI score0.05431EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/04/21 12:0 a.m.•36 views

zgv, xzgv: Heap overflow

Background xzgv and zgv are picture viewing utilities with a thumbnail based file selector. Description Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space...

7.5CVSS6.9AI score0.04073EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/03/04 12:0 a.m.•36 views

WordPress: SQL injection vulnerability

Background WordPress is a PHP and MySQL based content management and publishing system. Description Patrik Karlsson reported that WordPress 1.5.2 makes use of an insufficiently filtered User Agent string in SQL queries related to comments posting. This vulnerability was already fixed in the...

7.5CVSS7.3AI score0.02907EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/01/13 12:0 a.m.•36 views

Blender: Heap-based buffer overflow

Background Blender is an open source software for 3D modeling, animation, rendering, post-production, interactive creation and playback. Description Damian Put has reported a flaw due to an integer overflow in the "getbhead" function, leading to a heap overflow when processing malformed ".blend"...

7.5CVSS7.2AI score0.05787EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/12/16 12:0 a.m.•36 views

Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities

Background Xpdf and GPdf are PDF file viewers that run under the X Window System. Poppler is a PDF rendering library based on Xpdf code. The Common UNIX Printing System CUPS is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. Description infamous41md discovered that...

7.5CVSS7.2AI score0.0614EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/28 12:0 a.m.•36 views

chmlib, KchmViewer: Stack-based buffer overflow

Background chmlib is a library for dealing with Microsoft ITSS and CHM format files. KchmViewer is a CHM viewer that includes its own copy of the chmlib library. Description Sven Tantau reported about a buffer overflow vulnerability in chmlib. The function "chmdecompressblock" does not properly...

5.1CVSS7.4AI score0.03778EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/08 12:0 a.m.•36 views

Weex: Format string vulnerability

Background Weex is a non-interactive FTP client typically used to update web pages. Description Ulf Harnhammar discovered a format string bug in Weex that can be triggered when it is first run or when its cache files are rebuilt, using the -r option. Impact An attacker could setup a malicious FTP...

7.5CVSS6.8AI score0.02635EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/27 12:0 a.m.•36 views

GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu library

Background GNU Gadu, CenterICQ, Kadu and EKG are instant messaging applications created to support Gadu Gadu instant messaging protocol. libgadu is a library that implements the client side of the Gadu-Gadu protocol. Description GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an...

7.5CVSS7.4AI score0.04703EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/25 12:0 a.m.•36 views

Kopete: Vulnerability in included Gadu library

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kopete also part of kdenetwork is the KDE Instant Messenger. Description Kopete contains an internal copy of libgadu and is therefore subject to several input validation vulnerabilities in...

7.5CVSS7.3AI score0.04703EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/11 12:0 a.m.•36 views

Adobe Acrobat Reader: Buffer overflow vulnerability

Background Adobe Acrobat Reader is a utility used to view PDF files. Description A buffer overflow has been discovered in the UnixAppOpenFilePerform function, which is called when Adobe Acrobat Reader tries to open a file with the "\Filespec" tag. Impact By enticing a user to open a specially...

5CVSS7.2AI score0.0458EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/06 12:0 a.m.•36 views

Wordpress: Multiple vulnerabilities

Background WordPress is a PHP and MySQL based content management and publishing system. Description Due to a lack of input validation, WordPress is vulnerable to SQL injection and XSS attacks. Impact An attacker could use the SQL injection vulnerabilities to gain information from the database...

7.5CVSS7.3AI score0.03139EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/30 12:0 a.m.•36 views

phpMyAdmin: Insecure SQL script installation

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. phpMyAdmin uses a pma MySQL user to control the linked-tables infrastructure. The SQL install script sets the initial password for the pma user. Description The phpMyAdmin...

4.6CVSS6.4AI score0.0036EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/28 12:0 a.m.•36 views

Heimdal: Buffer overflow vulnerabilities

Background Heimdal is a free implementation of Kerberos 5 that includes a telnet client program. Description Buffer overflow vulnerabilities in the slcaddreply and envoptadd functions have been discovered by Gael Delalleau in the telnet client in Heimdal. Impact Successful exploitation would...

7.5CVSS7.4AI score0.27073EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/25 12:0 a.m.•36 views

eGroupWare: XSS and SQL injection vulnerabilities

Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description Multiple SQL injection and cross-site scripting vulnerabilities have been found in several eGroupWare modules. Impact An attacker could possibly use the SQL injectio...

7.5CVSS7.8AI score0.03202EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2005/04/15 12:0 a.m.•36 views

monkeyd: Multiple vulnerabilities

Background monkeyd is a fast, efficient, small and easy to configure web server for Linux. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a double expansion error in monkeyd, resulting in a format string vulnerability. Ciaran McCreesh of Gentoo Linux discovered a...

7.5CVSS7AI score0.02688EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/31 12:0 a.m.•36 views

netkit-telnetd: Buffer overflow

Background netkit-telnetd provides standard Linux telnet client and server. Description A buffer overflow has been identified in the slcaddreply function of netkit-telnetd client, where a large number of SLC commands can overflow a fixed size buffer. Impact Successful explotation would require a...

7.5CVSS7.3AI score0.08635EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/12 12:0 a.m.•36 views

X.org: libXpm vulnerability

Background libXpm is a pixmap manipulation library for the X Window System, included in X.org. Description Chris Gilbert has discovered potentially exploitable buffer overflow cases in libXpm that weren't fixed in previous libXpm versions. Impact A carefully-crafted XPM file could crash X.org,...

7.5CVSS7.4AI score0.04507EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/07 12:0 a.m.•36 views

KDE dcopidlng: Insecure temporary file creation

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism. dcopidlng is a DCOP helper script. Description Davide Madrisan has discovered that the dcopidlng script creates temporary files in a world-writable...

2.1CVSS6.1AI score0.00412EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/25 12:0 a.m.•36 views

cmd5checkpw: Local password leak vulnerability

Background cmd5checkpw is a checkpassword compatible authentication program that uses CRAM-MD5 authentication mode. Description Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp, so the invoked program retains the...

2.1CVSS6.6AI score0.00318EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/14 12:0 a.m.•36 views

PostgreSQL: Buffer overflows in PL/PgSQL parser

Background PostgreSQL is a SQL compliant, open source object-relational database management system. Description PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser. Impact A remote attacker could send a malicious query resulting in the execution of arbitrary code with the...

6.5CVSS7.5AI score0.03512EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/22 12:0 a.m.•36 views

Mailman: Cross-site scripting vulnerability

Background Mailman is a Python-based mailing list server with an extensive web interface. Description Florian Weimer has discovered a cross-site scripting vulnerability in the error messages that are produced by Mailman. Impact By enticing a user to visiting a specially-crafted URL, an attacker c...

4.3CVSS3.6AI score0.01782EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/12 12:0 a.m.•36 views

Exim: Two buffer overflows

Background Exim is an highly configurable message transfer agent MTA developed at the University of Cambridge. Description Buffer overflows have been found in the hostaton function CAN-2005-0021 as well as in the spabase64tobits function CAN-2005-0022, which is part of the SPA authentication code...

7.2CVSS7.2AI score0.02618EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/01/10 12:0 a.m.•36 views

pdftohtml: Vulnerabilities in included Xpdf

Background pdftohtml is a utility to convert PDF files to HTML or XML formats. It makes use of Xpdf code to decode PDF files. Description Xpdf is vulnerable to integer overflows, as described in GLSA 200412-24. Impact An attacker could entice a user to convert a specially-crafted PDF file,...

9.3CVSS2.5AI score0.06576EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/24 12:0 a.m.•36 views

Gaim: Multiple vulnerabilities

Background Gaim is a full featured instant messaging client which handls a variety of instant messaging protocols. Description A possible buffer overflow exists in the code processing MSN SLP messages CAN-2004-0891. memcpy was used without validating the size of the buffer, and an incorrect buffe...

10CVSS7.6AI score0.06862EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/21 12:0 a.m.•36 views

GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities

Background GTK+ GIMP Toolkit + is a toolkit for creating graphical user interfaces. The GdkPixbuf library provides facilities for image handling. It is available as a standalone library as well as shipped with GTK+ 2. Description A vulnerability has been discovered in the BMP image preprocessor...

7.5CVSS7.1AI score0.09434EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/08/15 12:0 a.m.•36 views

Tomcat: Insecure installation

Background Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages. Description The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init scripts as tomcat:tomcat, but those scripts are executed with root privileges when the system is started...

7.2CVSS4AI score0.0044EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/06/10 12:0 a.m.•36 views

CVS: additional DoS and arbitrary code execution vulnerabilities

Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description A team audit of the CVS source code performed by Stefan Esser and Sebastian Krahmer resulted in the discovery of several remotely...

10CVSS7.4AI score0.13206EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/05/09 12:0 a.m.•36 views

Multiple format string vulnerabilities in neon 0.24.4 and earlier

Background neon provides an HTTP and WebDAV client library. Description There are multiple format string vulnerabilities in libneon which may allow a malicious WebDAV server to execute arbitrary code under the context of the process using libneon. Impact An attacker may be able to execute arbitra...

6.8CVSS7.3AI score0.11056EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/03/05 12:0 a.m.•36 views

Libxml2 URI Parsing Buffer Overflow Vulnerabilities

Background Description Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2 uses parsing routines that can overflow a buffer caused by improper bounds checking if they are passed a URL longer than 4096...

7.5CVSS7.3AI score0.24232EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/08/10 12:0 a.m.•35 views

GPAC: Multiple Vulnerabilities

Background GPAC is an implementation of the MPEG-4 Systems standard developed from scratch in ANSI C. Description Multiple vulnerabilities have been discovered in GPAC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.8CVSS7.7AI score0.04615EPSS
Exploits208
Gentoo Linux
Gentoo Linux
•added 2024/06/22 12:0 a.m.•35 views

Flatpak: Sandbox Escape

Background Flatpak is a Linux application sandboxing and distribution framework. Description A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details. Impact A malicious or compromised Flatpak app could execute arbitrary code outside its sandbo...

8.4CVSS7.7AI score0.00512EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/05/05 12:0 a.m.•35 views

QtWebEngine: Multiple Vulnerabilities

Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.8CVSS7.7AI score0.0152EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2023/12/22 12:0 a.m.•35 views

libssh: Multiple Vulnerabilities

Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

6.5CVSS7.7AI score0.04683EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2023/11/24 12:0 a.m.•35 views

LinuxCIFS utils: Multiple Vulnerabilities

Background The LinuxCIFS utils are a collection of tools for managing Linux CIFS Client Filesystems. Description Multiple vulnerabilities have been discovered in LinuxCIFS utils. Please review the CVE identifiers referenced below for details. Impact A stack-based buffer overflow when parsing the...

7.8CVSS7.6AI score0.01804EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2023/11/01 12:0 a.m.•35 views

GitPython: Code Execution via Crafted Input

Background GitPython is a Python library used to interact with Git repositories. Description Please review the CVE identifier referenced below for details. Impact An attacker may be able to trigger Remote Code Execution RCE due to improper user input validation, which makes it possible to inject ...

9.8CVSS9.8AI score0.05378EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2022/12/19 12:0 a.m.•35 views

LibreOffice: Arbitrary Code Execution

Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description LibreOffice links using the vnd.libreoffice.command scheme could be constructed to call internal macros with arbitrary arguments. Which...

6.3CVSS5AI score0.04354EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2022/11/22 12:0 a.m.•35 views

sudo: Heap-Based Buffer Overread

Background sudo allows a system administrator to give users the ability to run commands as other users. Description In certain password input handling, sudo incorrectly assumes the password input is at least nine bytes in size, leading to a heap buffer overread. Impact In the worst case, the heap...

7.1CVSS2.2AI score0.00271EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2022/10/31 12:0 a.m.•35 views

X.Org X server, XWayland: Multiple Vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

7.8CVSS3.2AI score0.00573EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2022/10/31 12:0 a.m.•35 views

Apptainer: Lack of Digital Signature Hash Verification

Background Apptainer is the container system for secure high-performance computing. Description The Go module "sif" version 2.8.0 and older, which is a statically linked dependency of Apptainer, does not verify that the hash algorithms used are cryptographically secure when verifying digital...

9.8CVSS1.3AI score0.00477EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2022/10/16 12:0 a.m.•35 views

Wireshark: Multiple Vulnerabilities

Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

9.8CVSS2.7AI score0.07885EPSS
Exploits21
Gentoo Linux
Gentoo Linux
•added 2022/09/29 12:0 a.m.•35 views

GraphicsMagick: Multiple Vulnerabilities

Background GraphicsMagick is a collection of tools and libraries which support reading, writing, and manipulating images in many major formats. Description Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details. Impact Pleas...

7.8CVSS2.5AI score0.02853EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2021/07/08 12:0 a.m.•35 views

BladeEnc: Buffer overflow

Background BladeEnc is an mp3 encoder. Description A crafted file could cause a buffer overflow in the iterationloop function in BladeEnc. Impact A remote attacker could entice a user to open a specially crafted using BladeEnc, possibly resulting in execution of arbitrary code with the privileges...

9.8CVSS2.9AI score0.03406EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/12/23 12:0 a.m.•35 views

libass: User-assisted execution of arbitrary code

Background libass is a portable subtitle renderer for the ASS/SSA Advanced Substation Alpha/Substation Alpha subtitle format. Description It was discovered that libass did not properly handle Advanced Substation Alpha/Substation Alpha subtitle format files. Impact A remote attacker could entice a...

8.8CVSS3.6AI score0.01789EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2020/07/26 12:0 a.m.•35 views

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

8.8CVSS3.3AI score0.00413EPSS
Exploits0
Total number of security vulnerabilities3816