Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2006/10/17 12:0 a.m.35 views

Mozilla Network Security Service (NSS): RSA signature forgery

Background The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Daniel Bleichenbacher discovered that it might be possible to forge signatures signed by RSA keys with th...

4.3CVSS7.2AI score0.04894EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/08/29 12:0 a.m.35 views

Motor: Execution of arbitrary code

Background Motor is a text mode based programming environment for Linux, with a syntax highlighting feature, project manager, makefile generator, gcc and gdb front-end, and CVS integration. Description In November 2005, Zone-H Research reported a boundary error in the ktools library in the...

7.5CVSS7.2AI score0.05161EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/08/23 12:0 a.m.35 views

fbida: Arbitrary command execution

Background fbida is a collection of image viewers and editors for the framebuffer console and X11. fbgs is a PostScript and PDF viewer for the linux framebuffer console. Description Toth Andras has discovered a typographic mistake in the "fbgs" script, shipped with fbida if the "fbcon" and "pdf"...

5.1CVSS6.7AI score0.01727EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/06/15 12:0 a.m.35 views

OpenLDAP: Buffer overflow

Background OpenLDAP is a suite of LDAP-related applications and development tools. It includes slapd the standalone LDAP server, slurpd the standalone LDAP replication server, various LDAP libraries, utilities and example clients. Description slurpd contains a buffer overflow when reading very lo...

5CVSS7.3AI score0.04487EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/06/14 12:0 a.m.35 views

Asterisk: IAX2 video frame buffer overflow

Background Asterisk is an open source implementation of a telephone private branch exchange PBX. Description Asterisk fails to properly check the length of truncated video frames in the IAX2 channel driver which results in a buffer overflow. Impact An attacker could exploit this vulnerability by...

7.5CVSS7AI score0.04293EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/06/11 12:0 a.m.35 views

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description A number of vulnerabilities were found and fixed in Mozilla Firefox. For details please consult the references below. Impact By enticing the user to visit a malicious website, a remote attacker can...

9.3CVSS7.6AI score0.07251EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/03/16 12:0 a.m.35 views

zoo: Buffer overflow

Background zoo is a file archiving utility for maintaining collections of files, written by Rahul Dhesi. Description zoo is vulnerable to a new buffer overflow due to insecure use of the strcpy function when trying to create an archive from certain directories or filenames. Impact An attacker cou...

6.2CVSS7.3AI score0.00995EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2006/03/06 12:0 a.m.35 views

IMAP Proxy: Format string vulnerabilities

Background IMAP Proxy also known as up-imapproxy proxies IMAP transactions between an IMAP client and an IMAP server. Description Steve Kemp discovered two format string errors in IMAP Proxy. Impact A remote attacker could design a malicious IMAP server and entice someone to connect to it using...

7.5CVSS7AI score0.12112EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/12/16 12:0 a.m.35 views

cURL: Off-by-one errors in URL handling

Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description Stefan Esser from the Hardened-PHP Project has reported a vulnerability in cURL that allows for a local buffer overflow when cURL attempts to parse specially crafted URLs. The...

4.6CVSS7.5AI score0.00516EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/12/16 12:0 a.m.35 views

Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities

Background Xpdf and GPdf are PDF file viewers that run under the X Window System. Poppler is a PDF rendering library based on Xpdf code. The Common UNIX Printing System CUPS is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. Description infamous41md discovered that...

7.5CVSS7.2AI score0.0614EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/10/30 12:0 a.m.35 views

Ethereal: Multiple vulnerabilities in protocol dissectors

Background Ethereal is a feature-rich network protocol analyzer. Description There are numerous vulnerabilities in versions of Ethereal prior to 0.10.13, including: The SLIM3 and AgentX dissectors could overflow a buffer CVE-2005-3243. iDEFENSE discovered a buffer overflow in the SRVLOC dissector...

10CVSS7.8AI score0.10826EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/10/25 12:0 a.m.35 views

phpMyAdmin: Local file inclusion and XSS vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grabglobals.lib.php security model and overwrite the $cfg configuration...

5CVSS6.8AI score0.05617EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/09/06 12:0 a.m.35 views

Net-SNMP: Insecure RPATH

Background Net-SNMP is a suite of applications used to implement the Simple Network Management Protocol. Description James Cloos reported that Perl modules from the Net-SNMP package look for libraries in an untrusted location. This is due to a flaw in the Gentoo package, and not the Net-SNMP suit...

4.6CVSS6.7AI score0.00371EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/07/31 12:0 a.m.35 views

pstotext: Remote execution of arbitrary code

Background pstotext is a program that works with GhostScript to extract plain text from PostScript and PDF files. Description Max Vozeler reported that pstotext calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option. Impact An attacker could craft a...

7.5CVSS6.7AI score0.02336EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/07/25 12:0 a.m.35 views

Kopete: Vulnerability in included Gadu library

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kopete also part of kdenetwork is the KDE Instant Messenger. Description Kopete contains an internal copy of libgadu and is therefore subject to several input validation vulnerabilities in...

7.5CVSS7.3AI score0.04703EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/07/11 12:0 a.m.35 views

Ruby: Arbitrary command execution through XML-RPC

Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. XML-RPC is a remote procedure call protocol encoded in XML. Description Nobuhiro IMAI reported that an invalid default value in "utils.rb" causes the security protections of the XML-RPC server to...

7.5CVSS6.7AI score0.06565EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/06/17 12:0 a.m.35 views

webapp-config: Insecure temporary file handling

Background webapp-config is a Gentoo Linux utility to help manage the installation of web-based applications. Description Eric Romang discovered webapp-config uses a predictable temporary filename while processing certain options, resulting in a race condition. Impact Successful exploitation of t...

4.6CVSS6.9AI score0.00985EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/03/01 12:0 a.m.35 views

Gaim: Multiple Denial of Service issues

Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Specially crafted SNAC packets sent by other instant-messaging users can cause Gaim to loop endlessly CAN-2005-0472. Malformed HTML code could lead to invalid memory...

5CVSS6.4AI score0.05296EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/14 12:0 a.m.35 views

PostgreSQL: Buffer overflows in PL/PgSQL parser

Background PostgreSQL is a SQL compliant, open source object-relational database management system. Description PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser. Impact A remote attacker could send a malicious query resulting in the execution of arbitrary code with the...

6.5CVSS7.5AI score0.03512EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/28 12:0 a.m.35 views

SquirrelMail: Multiple vulnerabilities

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP and can optionally be installed with SQL support. Description SquirrelMail fails to properly sanitize certain strings when decoding specially-crafted strings, which can lead to PHP file inclusion and XSS...

7.5CVSS7.6AI score0.02342EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/22 12:0 a.m.35 views

Mailman: Cross-site scripting vulnerability

Background Mailman is a Python-based mailing list server with an extensive web interface. Description Florian Weimer has discovered a cross-site scripting vulnerability in the error messages that are produced by Mailman. Impact By enticing a user to visiting a specially-crafted URL, an attacker c...

4.3CVSS3.6AI score0.01782EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/11 12:0 a.m.35 views

KDE FTP KIOslave: Command injection

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KDE provided KIOslaves for many protocols in the kdelibs package, one of them being FTP. These are used by KDE applications such as Konqueror. Description The FTP KIOslave fails to properly...

7.5CVSS3.7AI score0.04437EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/12/03 12:0 a.m.35 views

rssh, scponly: Unrestricted command execution

Background rssh and scponly are two restricted shells, allowing only a few predefined commands. They are often used as a complement to OpenSSH to provide access to remote users without providing any remote execution privileges. Description Jason Wies discovered that when receiving an authorized...

7.5CVSS2.2AI score0.07327EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2004/09/29 12:0 a.m.35 views

Subversion: Metadata information leak

Background Subversion is a versioning system designed to be a replacement for CVS. modauthzsvn is an Apache module to do path-based authentication for Subversion repositories. Description There is a bug in modauthzsvn that causes it to reveal logged metadata regarding commits to protected areas...

5CVSS6.5AI score0.01457EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/21 12:0 a.m.35 views

GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities

Background GTK+ GIMP Toolkit + is a toolkit for creating graphical user interfaces. The GdkPixbuf library provides facilities for image handling. It is available as a standalone library as well as shipped with GTK+ 2. Description A vulnerability has been discovered in the BMP image preprocessor...

7.5CVSS7.1AI score0.09434EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/12 12:0 a.m.35 views

Gaim: MSN protocol parsing function buffer overflow

Background Gaim is a multi-protocol instant messaging client for Linux which supports many instant messaging protocols. Description Sebastian Krahmer of the SuSE Security Team has discovered a remotely exploitable buffer overflow vulnerability in the code handling MSN protocol parsing. Impact By...

7.5CVSS7.5AI score0.0495EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/11 12:0 a.m.35 views

Roundup: Filesystem access vulnerability

Background Roundup is a simple to use issue-tracking system with command-line, web, and e-mail interfaces. Description Improper handling of a specially crafted URL allows access to the server's filesystem, which could contain sensitive information. Impact An attacker could view files owned by the...

5CVSS2.4AI score0.08794EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/08/10 12:0 a.m.35 views

Horde-IMP: Input validation vulnerability for Internet Explorer users

Background Horde-IMP is the Internet Messaging Program. It is written in PHP and provides webmail access to IMAP and POP3 accounts. Description Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer when...

4.3CVSS0.5AI score0.01208EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/06/10 12:0 a.m.35 views

Subversion: Remote heap overflow

Background Subversion is a revision control system that aims to be a "compelling replacement for CVS". It enjoys wide use in the open source community. svnserve allows access to Subversion repositories using URIs with the svn://, svn+ssh://, and other tunelled svn+:// protocols. Description The s...

10CVSS7.8AI score0.05877EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/03/05 12:0 a.m.35 views

Libxml2 URI Parsing Buffer Overflow Vulnerabilities

Background Description Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2 uses parsing routines that can overflow a buffer caused by improper bounds checking if they are passed a URL longer than 4096...

7.5CVSS7.3AI score0.24232EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/08/12 12:0 a.m.34 views

PHP: Multiple Vulnerabilities

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact Please review th...

9.8CVSS7.4AI score0.99987EPSS
Exploits74
Gentoo Linux
Gentoo Linux
added 2024/05/08 12:0 a.m.34 views

rsync: Multiple Vulnerabilities

Background rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. Description Multiple vulnerabilities have been discovered in rsync. Please review the CVE...

7.5CVSS10AI score0.51733EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2024/05/05 12:0 a.m.34 views

Pillow: Multiple Vulnerabilities

Background The friendly PIL fork. Description Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution...

8.1CVSS8.7AI score0.01703EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/05/05 12:0 a.m.34 views

QtWebEngine: Multiple Vulnerabilities

Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.8CVSS7.7AI score0.0152EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2023/12/23 12:0 a.m.34 views

Gitea: Multiple Vulnerabilities

Background Gitea is a painless self-hosted Git service. Description Multiple vulnerabilities have been discovered in Gitea. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at...

4.4CVSS7.6AI score0.00485EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/11/27 12:0 a.m.34 views

GLib: Multiple Vulnerabilities

Background GLib is a library providing a number of GNOME's core objects and functions. Description Multiple vulnerabilities have been discovered in GLib. Please review the referenced CVEs for details. Impact GVariant deserialization is vulnerable to an exponential blowup issue where a crafted...

7.5CVSS7.6AI score0.00768EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2023/10/08 12:0 a.m.34 views

man-db: privilege escalation

Background man-db is a man replacement that utilizes BerkeleyDB instead of flat files. Description A root privilege escalation through setuid executable and cron job has been discovered in man-db. Please review the CVE identifier referenced below for details. Impact A local user with access to th...

7.8CVSS7.2AI score0.00383EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/05/21 12:0 a.m.34 views

LibreCAD: Multiple Vulnerabilities

Background LibreCAD is a generic 2D CAD program. Description Multiple vulnerabilities have been discovered in LibreCAD. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...

9.3CVSS9AI score0.06617EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.34 views

D-Bus: Multiple Vulnerabilities

Background D-Bus is a daemon providing a framework for applications to communicate with one another. Description Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

6.5CVSS7.2AI score0.0131EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.34 views

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.8CVSS7.3AI score0.00921EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/12/19 12:0 a.m.34 views

LibreOffice: Arbitrary Code Execution

Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description LibreOffice links using the vnd.libreoffice.command scheme could be constructed to call internal macros with arbitrary arguments. Which...

6.3CVSS5AI score0.04354EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/11/19 12:0 a.m.34 views

PostgreSQL: Multiple Vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...

8.8CVSS2AI score0.12403EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/10/31 12:0 a.m.34 views

Shadow: TOCTOU Race

Background Shadow contains utilities to deal with user accounts Description A TOCTOU race condition was discovered in shadow. A local attacker with write privileges in a directory removed or copied by usermod/userdel could potentially exploit this flaw when the administrator invokes...

4.7CVSS4.4AI score0.00308EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/10/31 12:0 a.m.34 views

Apptainer: Lack of Digital Signature Hash Verification

Background Apptainer is the container system for secure high-performance computing. Description The Go module "sif" version 2.8.0 and older, which is a statically linked dependency of Apptainer, does not verify that the hash algorithms used are cryptographically secure when verifying digital...

9.8CVSS1.3AI score0.00477EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/10/16 12:0 a.m.34 views

Wireshark: Multiple Vulnerabilities

Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

9.8CVSS2.7AI score0.07885EPSS
Exploits21
Gentoo Linux
Gentoo Linux
added 2021/01/26 12:0 a.m.34 views

Cacti: Remote code execution

Background Cacti is a complete frontend to rrdtool. Description The sideid parameter in datadebug.php does not properly verify input allowing SQL injection. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition...

8.8CVSS6.2AI score0.04599EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2020/12/23 12:0 a.m.34 views

GDK-PixBuf: Denial of service

Background GDK-PixBuf is an image loading library for GTK+. Description It was discovered that the GDK-PixBuf library did not properly handle certain GIF images. Impact A remote attacker could entice a user to open a specially crafted GIF image in an application linked against GDK-PixBuf library,...

5.5CVSS3.2AI score0.01477EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/09/13 12:0 a.m.34 views

Qt GUI: Buffer overflow

Background The GUI module and platform plugins for the Qt5 framework. Description It was discovered that Qt GUI’s XBM parser did not properly handle X BitMap files. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution Al...

5.3CVSS6AI score0.03915EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/08/26 12:0 a.m.34 views

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...

7.3CVSS2AI score0.02235EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/07/26 12:0 a.m.34 views

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

8.8CVSS3.3AI score0.00413EPSS
Exploits0
Total number of security vulnerabilities3816