Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2006/06/11 12:0 a.m.35 views

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description A number of vulnerabilities were found and fixed in Mozilla Firefox. For details please consult the references below. Impact By enticing the user to visit a malicious website, a remote attacker can...

9.3CVSS7.6AI score0.07251EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/03/16 12:0 a.m.35 views

zoo: Buffer overflow

Background zoo is a file archiving utility for maintaining collections of files, written by Rahul Dhesi. Description zoo is vulnerable to a new buffer overflow due to insecure use of the strcpy function when trying to create an archive from certain directories or filenames. Impact An attacker cou...

6.2CVSS7.3AI score0.00995EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2006/03/06 12:0 a.m.35 views

IMAP Proxy: Format string vulnerabilities

Background IMAP Proxy also known as up-imapproxy proxies IMAP transactions between an IMAP client and an IMAP server. Description Steve Kemp discovered two format string errors in IMAP Proxy. Impact A remote attacker could design a malicious IMAP server and entice someone to connect to it using...

7.5CVSS7AI score0.12112EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/12/16 12:0 a.m.35 views

cURL: Off-by-one errors in URL handling

Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description Stefan Esser from the Hardened-PHP Project has reported a vulnerability in cURL that allows for a local buffer overflow when cURL attempts to parse specially crafted URLs. The...

4.6CVSS7.5AI score0.00516EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/10/30 12:0 a.m.35 views

Ethereal: Multiple vulnerabilities in protocol dissectors

Background Ethereal is a feature-rich network protocol analyzer. Description There are numerous vulnerabilities in versions of Ethereal prior to 0.10.13, including: The SLIM3 and AgentX dissectors could overflow a buffer CVE-2005-3243. iDEFENSE discovered a buffer overflow in the SRVLOC dissector...

10CVSS7.8AI score0.10826EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/10/25 12:0 a.m.35 views

phpMyAdmin: Local file inclusion and XSS vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grabglobals.lib.php security model and overwrite the $cfg configuration...

5CVSS6.8AI score0.05617EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/09/06 12:0 a.m.35 views

Net-SNMP: Insecure RPATH

Background Net-SNMP is a suite of applications used to implement the Simple Network Management Protocol. Description James Cloos reported that Perl modules from the Net-SNMP package look for libraries in an untrusted location. This is due to a flaw in the Gentoo package, and not the Net-SNMP suit...

4.6CVSS6.7AI score0.00371EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/07/31 12:0 a.m.35 views

pstotext: Remote execution of arbitrary code

Background pstotext is a program that works with GhostScript to extract plain text from PostScript and PDF files. Description Max Vozeler reported that pstotext calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option. Impact An attacker could craft a...

7.5CVSS6.7AI score0.02336EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/07/11 12:0 a.m.35 views

Ruby: Arbitrary command execution through XML-RPC

Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. XML-RPC is a remote procedure call protocol encoded in XML. Description Nobuhiro IMAI reported that an invalid default value in "utils.rb" causes the security protections of the XML-RPC server to...

7.5CVSS6.7AI score0.06565EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/06/17 12:0 a.m.35 views

webapp-config: Insecure temporary file handling

Background webapp-config is a Gentoo Linux utility to help manage the installation of web-based applications. Description Eric Romang discovered webapp-config uses a predictable temporary filename while processing certain options, resulting in a race condition. Impact Successful exploitation of t...

4.6CVSS6.9AI score0.00985EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/03/01 12:0 a.m.35 views

Gaim: Multiple Denial of Service issues

Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Specially crafted SNAC packets sent by other instant-messaging users can cause Gaim to loop endlessly CAN-2005-0472. Malformed HTML code could lead to invalid memory...

5CVSS6.4AI score0.05296EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/14 12:0 a.m.35 views

PostgreSQL: Buffer overflows in PL/PgSQL parser

Background PostgreSQL is a SQL compliant, open source object-relational database management system. Description PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser. Impact A remote attacker could send a malicious query resulting in the execution of arbitrary code with the...

6.5CVSS7.5AI score0.03512EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/28 12:0 a.m.35 views

SquirrelMail: Multiple vulnerabilities

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP and can optionally be installed with SQL support. Description SquirrelMail fails to properly sanitize certain strings when decoding specially-crafted strings, which can lead to PHP file inclusion and XSS...

7.5CVSS7.6AI score0.02342EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/20 12:0 a.m.35 views

ImageMagick: PSD decoding heap overflow

Background ImageMagick is a collection of tools to read, write and manipulate images in many formats. Description Andrei Nigmatulin discovered that a Photoshop Document PSD file with more than 24 layers could trigger a heap overflow. Impact An attacker could potentially design a mailicous PSD ima...

7.5CVSS7.1AI score0.04378EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/01/11 12:0 a.m.35 views

KDE FTP KIOslave: Command injection

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KDE provided KIOslaves for many protocols in the kdelibs package, one of them being FTP. These are used by KDE applications such as Konqueror. Description The FTP KIOslave fails to properly...

7.5CVSS3.7AI score0.04437EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/12/03 12:0 a.m.35 views

rssh, scponly: Unrestricted command execution

Background rssh and scponly are two restricted shells, allowing only a few predefined commands. They are often used as a complement to OpenSSH to provide access to remote users without providing any remote execution privileges. Description Jason Wies discovered that when receiving an authorized...

7.5CVSS2.2AI score0.07327EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2004/11/17 12:0 a.m.35 views

SquirrelMail: Encoded text XSS vulnerability

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP, and can optionally be installed with SQL support. Description SquirrelMail fails to properly sanitize certain strings when decoding specially-crafted headers. Impact By enticing a user to read a...

6.8CVSS1.4AI score0.02818EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/29 12:0 a.m.35 views

Subversion: Metadata information leak

Background Subversion is a versioning system designed to be a replacement for CVS. modauthzsvn is an Apache module to do path-based authentication for Subversion repositories. Description There is a bug in modauthzsvn that causes it to reveal logged metadata regarding commits to protected areas...

5CVSS6.5AI score0.01457EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/12 12:0 a.m.35 views

Gaim: MSN protocol parsing function buffer overflow

Background Gaim is a multi-protocol instant messaging client for Linux which supports many instant messaging protocols. Description Sebastian Krahmer of the SuSE Security Team has discovered a remotely exploitable buffer overflow vulnerability in the code handling MSN protocol parsing. Impact By...

7.5CVSS7.5AI score0.0495EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/11 12:0 a.m.35 views

Roundup: Filesystem access vulnerability

Background Roundup is a simple to use issue-tracking system with command-line, web, and e-mail interfaces. Description Improper handling of a specially crafted URL allows access to the server's filesystem, which could contain sensitive information. Impact An attacker could view files owned by the...

5CVSS2.4AI score0.08794EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/08/10 12:0 a.m.35 views

Horde-IMP: Input validation vulnerability for Internet Explorer users

Background Horde-IMP is the Internet Messaging Program. It is written in PHP and provides webmail access to IMAP and POP3 accounts. Description Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer when...

4.3CVSS0.5AI score0.01208EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/06/10 12:0 a.m.35 views

Subversion: Remote heap overflow

Background Subversion is a revision control system that aims to be a "compelling replacement for CVS". It enjoys wide use in the open source community. svnserve allows access to Subversion repositories using URIs with the svn://, svn+ssh://, and other tunelled svn+:// protocols. Description The s...

10CVSS7.8AI score0.05877EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/03/05 12:0 a.m.35 views

Libxml2 URI Parsing Buffer Overflow Vulnerabilities

Background Description Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2 uses parsing routines that can overflow a buffer caused by improper bounds checking if they are passed a URL longer than 4096...

7.5CVSS7.3AI score0.24232EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2003/12/14 12:0 a.m.35 views

XChat: malformed dcc send request denial of service

Background XChat is a multiplatform IRC client. Description There is a remotely exploitable bug in XChat 2.0.6 that could lead to a denial of service attack. Gentoo wishes to thank lloydbates for discovering this bug, as well as jcdutton and rac for submitting patches to fix the bug. Impact A...

1.3AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/05/08 12:0 a.m.34 views

rsync: Multiple Vulnerabilities

Background rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. Description Multiple vulnerabilities have been discovered in rsync. Please review the CVE...

7.5CVSS10AI score0.51733EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2024/05/05 12:0 a.m.34 views

Pillow: Multiple Vulnerabilities

Background The friendly PIL fork. Description Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution...

8.1CVSS8.7AI score0.01703EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/05/05 12:0 a.m.34 views

QtWebEngine: Multiple Vulnerabilities

Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.8CVSS7.7AI score0.0152EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/02/04 12:0 a.m.34 views

Wireshark: Multiple Vulnerabilities

Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

6.5CVSS7.6AI score0.00746EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/11/27 12:0 a.m.34 views

GLib: Multiple Vulnerabilities

Background GLib is a library providing a number of GNOME's core objects and functions. Description Multiple vulnerabilities have been discovered in GLib. Please review the referenced CVEs for details. Impact GVariant deserialization is vulnerable to an exponential blowup issue where a crafted...

7.5CVSS7.6AI score0.00768EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2023/10/08 12:0 a.m.34 views

man-db: privilege escalation

Background man-db is a man replacement that utilizes BerkeleyDB instead of flat files. Description A root privilege escalation through setuid executable and cron job has been discovered in man-db. Please review the CVE identifier referenced below for details. Impact A local user with access to th...

7.8CVSS7.2AI score0.00383EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/05/21 12:0 a.m.34 views

LibreCAD: Multiple Vulnerabilities

Background LibreCAD is a generic 2D CAD program. Description Multiple vulnerabilities have been discovered in LibreCAD. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...

9.3CVSS9AI score0.06617EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.34 views

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.8CVSS7.3AI score0.00921EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.34 views

D-Bus: Multiple Vulnerabilities

Background D-Bus is a daemon providing a framework for applications to communicate with one another. Description Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

6.5CVSS7.2AI score0.0131EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2022/11/19 12:0 a.m.34 views

PostgreSQL: Multiple Vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...

8.8CVSS2AI score0.12403EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/10/31 12:0 a.m.34 views

libjxl: Denial of Service

Background libjxl is the JPEG XL image format reference implementation. Description libjxl contains an unecessary assertion in jxl::LowMemoryRenderPipeline::Init. Impact An attacker can cause a denial of service of the libjxl process via a crafted input file. Workaround There is no known workarou...

6.5CVSS4.1AI score0.00836EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2021/01/26 12:0 a.m.34 views

Cacti: Remote code execution

Background Cacti is a complete frontend to rrdtool. Description The sideid parameter in datadebug.php does not properly verify input allowing SQL injection. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition...

8.8CVSS6.2AI score0.04599EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2020/09/13 12:0 a.m.34 views

Qt GUI: Buffer overflow

Background The GUI module and platform plugins for the Qt5 framework. Description It was discovered that Qt GUI’s XBM parser did not properly handle X BitMap files. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution Al...

5.3CVSS6AI score0.03915EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/08/26 12:0 a.m.34 views

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...

7.3CVSS2AI score0.02235EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/07/28 12:0 a.m.34 views

libetpan: Improper STARTTLS handling

Background libetpan is a portable, efficient middleware for different kinds of mail access. Description It was discovered that libetpan was not properly handling state within the STARTTLS protocol handshake. Impact There may be a breach of integrity or confidentiality in connections made using...

7.4CVSS1.3AI score0.02393EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2020/06/15 12:0 a.m.34 views

Bubblewrap: Arbitrary code execution

Background Bubblewrap is an unprivileged sandboxing tool namespaces-powered chroot-like solution. Description Bubblewrap misuses temporary directories in /tmp as a mount point. Impact This flaw may allow possible execution of code or prevention of running Bubblewrap. Workaround There is no known...

7.8CVSS3.8AI score0.00494EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/04/02 12:0 a.m.34 views

GnuTLS: DTLS protocol regression

Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description It was discovered that DTLS client did not contribute any randomness to the DTLS negotiation. Impact Please review the referenced advisory for details. Workaround There is no known workaround at this time...

2.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2018/12/06 12:0 a.m.34 views

EDE: Privilege escalation

Background A package that simplifies the task of creating, building, and debugging large programs with Emacs. It provides some of the features of an IDE, or Integrated Development Environment, in Emacs. Description An untrusted search path vulnerability was discovered in EDE. Impact A local...

9.3CVSS3.3AI score0.02733EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2018/01/07 12:0 a.m.34 views

WebkitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine. Description Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the referenced CVE Identifiers for details. Impact An attacker, by enticing a user to visit maliciously crafted web content, may be...

8.8CVSS9.1AI score0.024EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/10/13 12:0 a.m.34 views

elfutils: Multiple vulnerabilities

Background Elfutils provides a library and utilities to access, modify and analyse ELF objects. Description Multiple vulnerabilities have been discovered in elfutils. Please review the referenced CVE identifiers for details. Impact A remote attacker could possibly cause a Denial of Service...

5.5CVSS6.7AI score0.02126EPSS
Exploits7
Gentoo Linux
Gentoo Linux
added 2017/06/22 12:0 a.m.34 views

nettle: Information disclosure

Background Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Description It was found that nettle’s RSA and DSA...

7.5CVSS7.5AI score0.05007EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/06/22 12:0 a.m.34 views

jbig2dec: Multiple vulnerabilities

Background jbig2dec is a decoder implementation of the JBIG2 image compression format. Description Multiple vulnerabilities have been discovered in jbig2dec. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user or automated system to process...

5.5CVSS4.5AI score0.01813EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/01/11 12:0 a.m.34 views

vzctl: Security bypass

Background vzctl is a set of control tools for the OpenVZ server virtualization solution. Description It was discovered that vzctl determined the virtual environment VE layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory. This allows local simfs container CT ro...

3.6CVSS6.5AI score0.00502EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2015/07/10 12:0 a.m.34 views

SNMP: Denial of service

Background SNMP is a widely used protocol for monitoring the health and welfare of network equipment. Description A specially crafted trap message triggers a conversion to an erroneous variable type when the -OQ option is used. Impact A remote attacker could possibly cause a Denial of Service...

5CVSS8.6AI score0.04619EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2015/07/07 12:0 a.m.34 views

libxml2: Denial of service

Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description libxml2 returns the empty string when the allocation limit is encountered while constructing the attribute value string. Impact A remote attacker may be able to cause Denial of Service via a specially...

5CVSS9.1AI score0.0634EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/12/13 12:0 a.m.34 views

mod_wsgi: Privilege escalation

Background modwsgi is an Apache2 module for running Python WSGI applications. Description Two vulnerabilities have been found in modwsgi: Error codes returned by setuid are not properly handled CVE-2014-0240 A memory leak exists via the “Content-Type” header CVE-2014-0242 Impact A local attacker...

7.5CVSS8.2AI score0.08526EPSS
Exploits0
Total number of security vulnerabilities3816