Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2022/11/19 12:0 a.m.34 views

PostgreSQL: Multiple Vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...

8.8CVSS2AI score0.12403EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/10/31 12:0 a.m.34 views

libjxl: Denial of Service

Background libjxl is the JPEG XL image format reference implementation. Description libjxl contains an unecessary assertion in jxl::LowMemoryRenderPipeline::Init. Impact An attacker can cause a denial of service of the libjxl process via a crafted input file. Workaround There is no known workarou...

6.5CVSS4.1AI score0.00836EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2022/10/31 12:0 a.m.34 views

Shadow: TOCTOU Race

Background Shadow contains utilities to deal with user accounts Description A TOCTOU race condition was discovered in shadow. A local attacker with write privileges in a directory removed or copied by usermod/userdel could potentially exploit this flaw when the administrator invokes...

4.7CVSS4.4AI score0.00308EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/01/26 12:0 a.m.34 views

Cacti: Remote code execution

Background Cacti is a complete frontend to rrdtool. Description The sideid parameter in datadebug.php does not properly verify input allowing SQL injection. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition...

8.8CVSS6.2AI score0.04599EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2020/09/13 12:0 a.m.34 views

Qt GUI: Buffer overflow

Background The GUI module and platform plugins for the Qt5 framework. Description It was discovered that Qt GUI’s XBM parser did not properly handle X BitMap files. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution Al...

5.3CVSS6AI score0.03915EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/08/26 12:0 a.m.34 views

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...

7.3CVSS2AI score0.02235EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/03/25 12:0 a.m.34 views

Zsh: Privilege escalation

Background A shell designed for interactive use, although it is also a powerful scripting language. Description It was discovered that Zsh was insecure dropping privileges when unsetting PRIVILEGED option. Impact An attacker could escalate privileges. Workaround There is no known workaround at th...

7.8CVSS4.2AI score0.00495EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/03/25 12:0 a.m.34 views

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact A local attacker could potentially gain privileges on the host system or cause a Denial of Service condition. Workaround...

9.8CVSS4.5AI score0.03133EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/06/22 12:0 a.m.34 views

Vim, gVim: Remote execution of arbitrary code

Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Impact A remote attacker...

9.8CVSS9AI score0.03389EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/01/11 12:0 a.m.34 views

vzctl: Security bypass

Background vzctl is a set of control tools for the OpenVZ server virtualization solution. Description It was discovered that vzctl determined the virtual environment VE layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory. This allows local simfs container CT ro...

3.6CVSS6.5AI score0.00502EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2016/10/10 12:0 a.m.34 views

libgcrypt: Multiple vulnerabilities

Background libgcrypt is a general purpose cryptographic library derived out of GnuPG. Description Multiple vulnerabilities have been discovered in libgcrypt. Please review the CVE identifiers referenced below for details. Impact Side-channel attacks can leak private key information. A separate...

5.9CVSS6.8AI score0.03597EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/07/22 12:0 a.m.34 views

libXfont: Multiple vulnerabilities

Background libXfont is an X11 font rasterisation library. Description Multiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition...

8.5CVSS6.2AI score0.04923EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/12/26 12:0 a.m.34 views

Xen: Denial of service

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A local user could possibly cause a Denial of Service condition. Workaround There is no known workaround at this time...

8.3CVSS7.8AI score0.00968EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/12/15 12:0 a.m.34 views

Varnish: Multiple vulnerabilities

Background Varnish is a web application accelerator. Description Multiple vulnerabilities have been discovered in Varnish. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a Denial of Service condition via a specially crafted GET request...

5CVSS6.4AI score0.0305EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2014/12/13 12:0 a.m.34 views

mod_wsgi: Privilege escalation

Background modwsgi is an Apache2 module for running Python WSGI applications. Description Two vulnerabilities have been found in modwsgi: Error codes returned by setuid are not properly handled CVE-2014-0240 A memory leak exists via the “Content-Type” header CVE-2014-0242 Impact A local attacker...

7.5CVSS8.2AI score0.08526EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/12/13 12:0 a.m.34 views

QtGui: Denial of service

Background QtGui is the GUI module and platform plugins for the Qt5 framework. Description A NULL pointer dereference has been found in QtGui. Impact A remote attacker could send a specially crafted GIF image, possibly resulting in a Denial of Service condition. Workaround There is no known...

4.3CVSS8.5AI score0.03957EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/09/01 12:0 a.m.34 views

Net-SNMP: Denial of service

Background Net-SNMP bundles software for generating and retrieving SNMP data. Description Multiple vulnerabilities have been discovered in Net-SNMP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could create a Denial of Service condition. Workaround Ther...

5CVSS9.7AI score0.09451EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/06/29 12:0 a.m.34 views

KDE Libraries: Multiple vulnerabilities

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like operating systems. KDE Libraries contains libraries needed by all KDE applications. Description Multiple vulnerabilities have been discovered in KDE Libraries. Please review the CVE identifiers referenced below...

5CVSS8.1AI score0.0198EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/06/15 12:0 a.m.34 views

FreeRADIUS: Arbitrary code execution

Background FreeRADIUS is an open source RADIUS authentication server. Description Large passwords can trigger a stack-based buffer overflow in FreeRADIUS’s rlmpap module when authenticating against an LDAP server. Impact An authenticated user could set a specially crafted long password, possibly...

7.5CVSS10AI score0.03912EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/06/15 12:0 a.m.34 views

KDirStat: Arbitrary command execution

Background KDirStat is a graphical disk usage utility for KDE. Description Missing escape of executable shell command in KDirStat can be used to insert malicious shell commands. Impact A local attacker could possibly execute arbitrary shell command with the privileges of the process. Workaround...

6.8CVSS6.9AI score0.03008EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/02/21 12:0 a.m.34 views

KVIrc: Multiple vulnerabilities

Background KVIrc is a free portable IRC client based on Qt. Description Multiple vulnerabilities have been discovered in KVIrc. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, cause ...

10CVSS7.6AI score0.07574EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2013/11/28 12:0 a.m.34 views

cpio: Arbitrary code execution

Background GNU cpio copies files into or out of a cpio or tar archive. Description Cpio contains a heap-based buffer overflow in the rmtread function in lib/rtapelib.c. Impact A remote server could sending more data than was requested, related to archive filenames that contain a : colon character...

6.8CVSS8.2AI score0.04747EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2013/11/20 12:0 a.m.34 views

Open DC Hub: Arbitrary code execution

Background Open DC Hub is the hub software for the Direct Connect file sharing network. Description A stack-based buffer overflow flaw has been discovered in the way Open DC Hub sanitized content of a user’s MyINFO message. Impact A remote authenticated user may be able to execute arbitrary code ...

6CVSS7.6AI score0.08169EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2013/09/15 12:0 a.m.34 views

FileZilla: Multiple vulnerabilities

Background FileZilla is an open source FTP client. Description Multiple vulnerabilities have been discovered in FileZilla. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to connect to a malicious server, resulting in possible arbitrary...

6.8CVSS7.4AI score0.03447EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2012/09/27 12:0 a.m.34 views

mod_rpaf: Denial of service

Background modrpaf is a reverse proxy add forward module for backend Apache servers. Description An error has been found in the way modrpaf handles X-Forwarded-For headers. Please review the CVE identifier referenced below for details. Impact A remote attacker could send a specially crafted HTTP...

5CVSS6.4AI score0.06952EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/07/09 12:0 a.m.34 views

libxml2: User-assisted execution of arbitrary code

Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description The "xmlXPtrEvalXPtrPart" function in xpointer.c contains an off-by-one error. Impact A remote attacker could entice a user or automated system to open a specially crafted XML document with an...

6.8CVSS6.9AI score0.0266EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/06/25 12:0 a.m.34 views

logrotate: Multiple vulnerabilities

Background logrotate rotates, compresses, and mails system logs. Description Multiple vulnerabilities have been discovered in logrotate. Please review the CVE identifiers referenced below for details. Impact A local attacker could use this flaw to truncate arbitrary system file, to change file...

6.9CVSS3.5AI score0.00412EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2012/06/23 12:0 a.m.34 views

gdk-pixbuf: Denial of service

Background gdk-pixbuf is an image loading library for GTK+. Description Two vulnerabilities have been found in gdk-pixbuf: The "gdkpixbufgifimageload" function in io-gif.c fails to properly handle certain return values from subroutines CVE-2011-2485. The "readbitmapfiledata" function in io-xbm.c...

5CVSS8AI score0.04096EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2012/06/21 12:0 a.m.34 views

Pidgin: Multiple vulnerabilities

Background Pidgin is an GTK Instant Messenger client. Description Multiple vulnerabilities have been discovered in Pidgin. Please review the CVE identifiers referenced below for details. Impact These vulnerabilities allow for arbitrary file retrieval, Denial of Service and arbitrary code executio...

7.5CVSS10.3AI score0.12496EPSS
Exploits8
Gentoo Linux
Gentoo Linux
added 2012/02/22 12:0 a.m.34 views

PowerDNS: Denial of service

Background The PowerDNS nameserver is an authoritative-only nameserver which uses a flexible backend architecture. Description A vulnerability has been found in PowerDNS which could cause a packet loop of DNS responses. Impact A remote attacker could send specially crafted DNS response packets,...

5CVSS6.4AI score0.05264EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2011/10/10 12:0 a.m.34 views

vsftpd: Denial of service

Background vsftpd is a very secure FTP daemon written with speed, size and security in mind. Description A Denial of Service vulnerability was discovered in vsftpd. Please review the CVE identifier referenced below for details. Impact A remote authenticated attacker could cause a Denial of Servic...

4CVSS3.6AI score0.73946EPSS
Exploits9
Gentoo Linux
Gentoo Linux
added 2010/06/03 12:0 a.m.34 views

lighttpd: Denial of service

Background lighttpd is a lightweight high-performance web server. Description Li Ming reported that lighttpd does not properly process packets that are sent overly slow. Impact A remote attacker might send specially crafted packets to a server running lighttpd, possibly resulting in a Denial of...

5CVSS6.4AI score0.12111EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2010/06/01 12:0 a.m.34 views

nano: Multiple vulnerabilities

Background nano is a GNU GPL'd Pico clone with more functionality. Description Multiple race condition vulnerabilities have been discovered in nano. For further information please consult the CVE entries referenced below. Impact Under certain conditions, a local, user-assisted attacker could...

3.7CVSS6.7AI score0.00368EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/10/25 12:0 a.m.34 views

Adobe Reader: Multiple vulnerabilities

Background Adobe Reader formerly Adobe Acrobat Reader is a closed-source PDF reader. Description Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletin referenced below. Impact A remote attacker might entice...

9.3CVSS7.3AI score0.86468EPSS
Exploits33
Gentoo Linux
Gentoo Linux
added 2009/07/12 12:0 a.m.34 views

ModPlug: User-assisted execution of arbitrary code

Background ModPlug is a library for playing MOD-like music. Description Two vulnerabilities have been reported in ModPlug: dummy reported an integer overflow in the CSoundFile::ReadMed function when processing a MED file with a crafted song comment or song name, which triggers a heap-based buffer...

7.5CVSS8.4AI score0.04667EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/03/09 12:0 a.m.34 views

OptiPNG: User-assisted execution of arbitrary code

Background OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Description Roy Tam reported a use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c leading to a memory corruption when reading a GIF...

9.3CVSS4.8AI score0.01553EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/03/07 12:0 a.m.34 views

Samba: Data disclosure

Background Samba is a suite of SMB and CIFS client/server programs. Description Samba does not properly check memory boundaries when handling trans, rans2, and nttrans requests. Impact A remote attacker could send specially crafted requests to a Samba daemon, leading to the disclosure of arbitrar...

8.5CVSS6.4AI score0.04331EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/02/12 12:0 a.m.34 views

OpenSSL: Certificate validation error

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description The Google Security Team reported that several functions incorrectly check the result after calling the...

5.8CVSS8.6AI score0.05146EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/01/21 12:0 a.m.34 views

Net-SNMP: Denial of service

Background Net-SNMP is a collection of tools for generating and retrieving SNMP data. Description Oscar Mira-Sanchez reported an integer overflow in the netsnmpcreatesubtreecache function in agent/snmpagent.c when processing GETBULK requests. Impact A remote attacker could send a specially crafte...

5CVSS6.6AI score0.04926EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/06/16 12:0 a.m.34 views

cbrPager: User-assisted execution of arbitrary code

Background cbrPager is a comic book pager. Description Mamoru Tasaka discovered that filenames of the image archives are not properly sanitized before being passed to decompression utilities like unrar and unzip, which use the system libc library call. Impact A remote attacker could entice a user...

6.8CVSS7.2AI score0.02645EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/04/17 12:0 a.m.34 views

PHP Toolkit: Data disclosure and Denial of service

Background PHP Toolkit is a utility to manage parallel installations of PHP within Gentoo. It is executed by the PHP ebuilds at setup. Description Toni Arnold, David Sveningsson, Michal Bartoszkiewicz, and Joseph reported that php-select does not quote parameters passed to the "tr" command, which...

3.6CVSS6.6AI score0.00349EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/03/15 12:0 a.m.34 views

Website META Language: Insecure temporary file usage

Background Website META Language is a free and extensible Webdesigner's off-line HTML generation toolkit for Unix. Description Temporary files are handled insecurely in the files wmlbackend/p1ipp/ipp.src, wmlcontrib/wmg.cgi, and wmlbackend/p3eperl/eperlsys.c, allowing users to overwrite or delete...

3.6CVSS6.7AI score0.00433EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2008/03/10 12:0 a.m.34 views

MPlayer: Multiple buffer overflows

Background MPlayer is a media player incuding support for a wide range of audio and video formats. Description The following errors have been discovered in MPlayer: Felipe Manzano and Anibal Sacco Core Security Technologies reported an array indexing error in the file libmpdemux/demuxmov.c when...

9.3CVSS7.2AI score0.08878EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2007/12/13 12:0 a.m.34 views

Portage: Information disclosure

Background Portage is the default Gentoo package management system. Description Mike Frysinger reported that the "etc-update" utility uses temporary files with the standard umask, which results in the files being world-readable when merging configuration files in a default setup. Impact A local...

2.1CVSS5.9AI score0.00434EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/12/13 12:0 a.m.34 views

IRC Services: Denial of service

Background IRC Services is a system of services to be used with Internet Relay Chat networks. Description loverboy reported that the "defaultencrypt" function in file encrypt.c does not properly handle overly long passwords. Impact A remote attacker could provide an overly long password to the...

5CVSS6.5AI score0.02079EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/10/18 12:0 a.m.34 views

The Sleuth Kit: Integer underflow

Background The Sleuth Kit is a collection of file system and media management forensic analysis tools. Description Jean-Sebastien Guay-Leroux reported an integer underflow in the fileprintf function of the "file" utility which is bundled with The Sleuth Kit CVE-2007-1536, GLSA 200703-26. Note tha...

9.3CVSS9.7AI score0.12226EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2007/09/30 12:0 a.m.34 views

Bugzilla: Multiple vulnerabilities

Background Bugzilla is a web application designed to help with managing software development. Description Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not properly sanitize the content of the "buildid" parameter when filing bugs CVE-2007-4543. The next two vulnerabilities onl...

5CVSS7.4AI score0.01921EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2007/06/15 12:0 a.m.34 views

ClamAV: Multiple Denials of Service

Background ClamAV is a GPL virus scanner. Description Several vulnerabilities were discovered in ClamAV by various researchers: Victor Stinner INL discovered that the OLE2 parser may enter in an infinite loop CVE-2007-2650. A boundary error was also reported by an anonymous researcher in the file...

10CVSS6.9AI score0.03249EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/05/30 12:0 a.m.34 views

MPlayer: Two buffer overflows

Background MPlayer is a media player incuding support for a wide range of audio and video formats. Description A buffer overflow has been reported in the DMOVideoDecoderOpen function in file loader/dmo/DMOVideoDecoder.c. Another buffer overflow has been reported in the DSVideoDecoderOpen function...

7.6CVSS7.3AI score0.05694EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/05/07 12:0 a.m.34 views

Lighttpd: Two Denials of Service

Background Lighttpd is a lightweight HTTP web server. Description Robert Jakabosky discovered an infinite loop triggered by a connection abort when Lighttpd processes carriage return and line feed sequences. Marcus Rueckert discovered a NULL pointer dereference when a server running Lighttpd trie...

7.8CVSS6.5AI score0.03377EPSS
Exploits0
Total number of security vulnerabilities3816