Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2014/12/08 12:0 a.m.•34 views

Dovecot: Denial of service

Background Dovecot is an open source IMAP and POP3 email server. Description Dovecot does not properly close connections, allowing a resource exhaustion for incomplete SSL/TLS handshakes. Impact A remote attacker could possibly cause a Denial of Service condition. Workaround There is no known...

5CVSS6.4AI score0.03331EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/06/15 12:0 a.m.•34 views

KDirStat: Arbitrary command execution

Background KDirStat is a graphical disk usage utility for KDE. Description Missing escape of executable shell command in KDirStat can be used to insert malicious shell commands. Impact A local attacker could possibly execute arbitrary shell command with the privileges of the process. Workaround...

6.8CVSS6.9AI score0.03008EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2014/06/14 12:0 a.m.•34 views

libXfont: Multiple vulnerabilities

Background libXfont is an X11 font rasterisation library. Description Multiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could use a specially crafted file to gain privileges, cause a Denia...

7.5CVSS8.5AI score0.04362EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/05/18 12:0 a.m.•34 views

lib3ds: User-assisted execution of arbitrary code

Background lib3ds is a library for managing 3D-Studio Release 3 and 4 .3DS files. Description An array index error has been discovered in lib3ds. Impact A remote attacker could entice a user to open a specially crafted 3DS file using an application linked against lib3ds, possibly resulting in...

9.3CVSS7AI score0.06659EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2014/05/03 12:0 a.m.•34 views

libSRTP: Denial of service

Background libSRTP is an Open-source implementation of the Secure Real-time Transport Protocol. Description A flaw was found in how the cryptopolicysetfromprofileforrtp function applies cryptographic profiles to an srtppolicy in libSRTP. Impact A remote attacker could exploit this vulnerability t...

2.6CVSS7.3AI score0.0299EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/03/13 12:0 a.m.•34 views

file: Denial of service

Background file is a utility that guesses a file format by scanning binary data for patterns. Description A flaw was found in the way the file utility determines the type of a file. Impact A remote attacker could entice a user to open a specially crafted file, possibly resulting in a Denial of...

5CVSS7.5AI score0.0507EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/03/08 12:0 a.m.•34 views

LibYAML: Arbitrary code execution

Background LibYAML is a YAML 1.1 parser and emitter written in C. Description A heap-based buffer overflow flaw was found in the way libyaml parsed YAML tags. Impact A remote attacker could provide a specially-crafted YAML document which when parsed by LibYAML, would cause the application to cras...

6.8CVSS7.3AI score0.09312EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/02/21 12:0 a.m.•34 views

KVIrc: Multiple vulnerabilities

Background KVIrc is a free portable IRC client based on Qt. Description Multiple vulnerabilities have been discovered in KVIrc. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, cause ...

10CVSS7.6AI score0.07574EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/02/11 12:0 a.m.•34 views

FreeType: Multiple vulnerabilities

Background FreeType is a high-quality and portable font engine. Description Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could entice a user to open a specially crafted font, possibly...

4.3CVSS7.3AI score0.03857EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/11/20 12:0 a.m.•34 views

Open DC Hub: Arbitrary code execution

Background Open DC Hub is the hub software for the Direct Connect file sharing network. Description A stack-based buffer overflow flaw has been discovered in the way Open DC Hub sanitized content of a user’s MyINFO message. Impact A remote authenticated user may be able to execute arbitrary code ...

6CVSS7.6AI score0.08169EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2013/10/25 12:0 a.m.•34 views

GNU Automake: Multiple vulnerabilities

Background GNU Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. Description Multiple vulnerabilities have been discovered in GNU Automake. Please review the CVE identifiers referenced below for details. Impact A local attacker could execut...

4.4CVSS9.9AI score0.00477EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2013/09/26 12:0 a.m.•34 views

Dropbear: Multiple vulnerabilities

Background Dropbear is an SSH server and client designed with a small memory footprint. Description Multiple vulnerabilities have been discovered in Dropbear. Please review the CVE identifier and Gentoo bug referenced below for details. Impact A remote attacker could send a specially crafted...

7.1CVSS10AI score0.06489EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/01/09 12:0 a.m.•34 views

DokuWiki: Multiple vulnerabilities

Background DokuWiki is a simple to use Wiki aimed at a small company’s documentation needs. Description Multiple vulnerabilities have been discovered in DokuWiki. Please review the CVE identifiers referenced below for details. Impact The vulnerabilities might allow an attacker to disclose local...

7.5CVSS6.8AI score0.10612EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2012/09/27 12:0 a.m.•34 views

mod_rpaf: Denial of service

Background modrpaf is a reverse proxy add forward module for backend Apache servers. Description An error has been found in the way modrpaf handles X-Forwarded-For headers. Please review the CVE identifier referenced below for details. Impact A remote attacker could send a specially crafted HTTP...

5CVSS6.4AI score0.06952EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/06/25 12:0 a.m.•34 views

logrotate: Multiple vulnerabilities

Background logrotate rotates, compresses, and mails system logs. Description Multiple vulnerabilities have been discovered in logrotate. Please review the CVE identifiers referenced below for details. Impact A local attacker could use this flaw to truncate arbitrary system file, to change file...

6.9CVSS3.5AI score0.00412EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2012/06/23 12:0 a.m.•34 views

gdk-pixbuf: Denial of service

Background gdk-pixbuf is an image loading library for GTK+. Description Two vulnerabilities have been found in gdk-pixbuf: The "gdkpixbufgifimageload" function in io-gif.c fails to properly handle certain return values from subroutines CVE-2011-2485. The "readbitmapfiledata" function in io-xbm.c...

5CVSS8AI score0.04096EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2012/06/21 12:0 a.m.•34 views

Pidgin: Multiple vulnerabilities

Background Pidgin is an GTK Instant Messenger client. Description Multiple vulnerabilities have been discovered in Pidgin. Please review the CVE identifiers referenced below for details. Impact These vulnerabilities allow for arbitrary file retrieval, Denial of Service and arbitrary code executio...

7.5CVSS10.3AI score0.12496EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2012/02/22 12:0 a.m.•34 views

PowerDNS: Denial of service

Background The PowerDNS nameserver is an authoritative-only nameserver which uses a flexible backend architecture. Description A vulnerability has been found in PowerDNS which could cause a packet loop of DNS responses. Impact A remote attacker could send specially crafted DNS response packets,...

5CVSS6.4AI score0.05264EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2011/10/10 12:0 a.m.•34 views

vsftpd: Denial of service

Background vsftpd is a very secure FTP daemon written with speed, size and security in mind. Description A Denial of Service vulnerability was discovered in vsftpd. Please review the CVE identifier referenced below for details. Impact A remote authenticated attacker could cause a Denial of Servic...

4CVSS3.6AI score0.73946EPSS
Exploits9
Gentoo Linux
Gentoo Linux
•added 2010/06/01 12:0 a.m.•34 views

Fetchmail: Multiple vulnerabilities

Background Fetchmail is a remote mail retrieval and forwarding utility. Description Multiple vulnerabilities have been reported in Fetchmail: The sdump function might trigger a heap-based buffer overflow during the escaping of non-printable characters with the high bit set from an X.509 certifica...

6.8CVSS7.1AI score0.02508EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2010/06/01 12:0 a.m.•34 views

sudo: Privilege escalation

Background sudo allows a system administrator to give users the ability to run commands as other users. Description The command matching functionality does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH...

6.9CVSS6.8AI score0.00402EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/11/25 12:0 a.m.•34 views

UW IMAP toolkit: Multiple vulnerabilities

Background The UW IMAP toolkit is a daemon for the IMAP and POP3 network mail protocols. The c-client library provides an API for IMAP, POP3 and other protocols. Description Multiple vulnerabilities were found in the UW IMAP toolkit: Aron Andersson and Jan Sahlin of Bitsec reported boundary error...

10CVSS7.4AI score0.06355EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/09/09 12:0 a.m.•34 views

Apache Portable Runtime, APR Utility Library: Execution of arbitrary code

Background The Apache Portable Runtime aka APR provides a set of APIs for creating platform-independent applications. The Apache Portable Runtime Utility Library aka APR-Util provides an interface to functionality such as XML parsing, string matching and databases connections. Description Matt...

10CVSS7.3AI score0.13781EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/07/12 12:0 a.m.•34 views

ModPlug: User-assisted execution of arbitrary code

Background ModPlug is a library for playing MOD-like music. Description Two vulnerabilities have been reported in ModPlug: dummy reported an integer overflow in the CSoundFile::ReadMed function when processing a MED file with a crafted song comment or song name, which triggers a heap-based buffer...

7.5CVSS8.4AI score0.04667EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/05/24 12:0 a.m.•34 views

Cscope: User-assisted execution of arbitrary code

Background Cscope is a developer's tool for browsing source code. Description James Peach of Apple discovered a stack-based buffer overflow in cscope's handling of long file system paths CVE-2009-0148. Multiple stack-based buffer overflows were reported in the putstring function when processing a...

9.3CVSS7.4AI score0.07496EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/04/19 12:0 a.m.•34 views

LittleCMS: Multiple vulnerabilities

Background LittleCMS, or short lcms, is a color management system for working with ICC profiles. It is used by many applications including GIMP and Firefox. Description RedHat reported a null-pointer dereference flaw while processing monochrome ICC profiles CVE-2009-0793. Chris Evans of Google...

9.3CVSS8.3AI score0.05534EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2009/03/12 12:0 a.m.•34 views

TMSNC: Execution of arbitrary code

Background TMSNC is a Textbased client for the MSN instant messaging protocol. Description Nico Golde reported a stack-based buffer overflow when processing a MSN packet with a UBX command containing a large UBX payload length field. Impact A remote attacker could send a specially crafted message...

10CVSS7.2AI score0.04767EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/03/09 12:0 a.m.•34 views

OptiPNG: User-assisted execution of arbitrary code

Background OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Description Roy Tam reported a use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c leading to a memory corruption when reading a GIF...

9.3CVSS4.8AI score0.01553EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/01/21 12:0 a.m.•34 views

Net-SNMP: Denial of service

Background Net-SNMP is a collection of tools for generating and retrieving SNMP data. Description Oscar Mira-Sanchez reported an integer overflow in the netsnmpcreatesubtreecache function in agent/snmpagent.c when processing GETBULK requests. Impact A remote attacker could send a specially crafte...

5CVSS6.6AI score0.04926EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/01/12 12:0 a.m.•34 views

MPlayer: Multiple vulnerabilities

Background MPlayer is a media player including support for a wide range of audio and video formats. Description Multiple vulnerabilities have been reported in MPlayer: A stack-based buffer overflow was found in the strreadpacket function in libavformat/psxstr.c when processing crafted STR files...

10CVSS8AI score0.10852EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/12/16 12:0 a.m.•34 views

JasPer: User-assisted execution of arbitrary code

Background The JasPer Project is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 jpeg2k standard. Description Marc Espie and Christian Weisgerber have discovered multiple vulnerabilities in JasPer: Multiple integer...

10CVSS7.3AI score0.04509EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/08/08 12:0 a.m.•34 views

ClamAV: Multiple Denials of Service

Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Damian Put has discovered an out-of-bounds memory access while processing Petite files CVE-2008-2713, CVE-2008-3215. Also, please note that the 0.93 ClamAV branch...

5CVSS6.6AI score0.04708EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2008/04/17 12:0 a.m.•34 views

PHP Toolkit: Data disclosure and Denial of service

Background PHP Toolkit is a utility to manage parallel installations of PHP within Gentoo. It is executed by the PHP ebuilds at setup. Description Toni Arnold, David Sveningsson, Michal Bartoszkiewicz, and Joseph reported that php-select does not quote parameters passed to the "tr" command, which...

3.6CVSS6.6AI score0.00349EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/04/01 12:0 a.m.•34 views

CUPS: Multiple vulnerabilities

Background CUPS provides a portable printing layer for UNIX-based operating systems. Description Multiple vulnerabilities have been reported in CUPS: regenrecht VeriSign iDefense discovered that the cgiCompileSearch function used in several CGI scripts in CUPS' administration interface does not...

10CVSS8.9AI score0.08282EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2008/03/15 12:0 a.m.•34 views

Website META Language: Insecure temporary file usage

Background Website META Language is a free and extensible Webdesigner's off-line HTML generation toolkit for Unix. Description Temporary files are handled insecurely in the files wmlbackend/p1ipp/ipp.src, wmlcontrib/wmg.cgi, and wmlbackend/p3eperl/eperlsys.c, allowing users to overwrite or delete...

3.6CVSS6.7AI score0.00433EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/02/23 12:0 a.m.•34 views

Python: PCRE Integer overflow

Background Python is an interpreted, interactive, object-oriented programming language. Description Python 2.3 includes a copy of PCRE which is vulnerable to an integer overflow vulnerability, leading to a buffer overflow. Impact An attacker could exploit the vulnerability by tricking a vulnerabl...

6.8CVSS7AI score0.03661EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/12/13 12:0 a.m.•34 views

Portage: Information disclosure

Background Portage is the default Gentoo package management system. Description Mike Frysinger reported that the "etc-update" utility uses temporary files with the standard umask, which results in the files being world-readable when merging configuration files in a default setup. Impact A local...

2.1CVSS5.9AI score0.00434EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/12/13 12:0 a.m.•34 views

IRC Services: Denial of service

Background IRC Services is a system of services to be used with Internet Relay Chat networks. Description loverboy reported that the "defaultencrypt" function in file encrypt.c does not properly handle overly long passwords. Impact A remote attacker could provide an overly long password to the...

5CVSS6.5AI score0.02079EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/11/18 12:0 a.m.•34 views

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been reported in Mozilla Thunderbird's HTML browser engine CVE-2007-5339 and JavaScript engine CVE-2007-5340 that can be exploited to cause a memory corruption...

4.3CVSS7.1AI score0.0343EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/09/30 12:0 a.m.•34 views

Bugzilla: Multiple vulnerabilities

Background Bugzilla is a web application designed to help with managing software development. Description Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not properly sanitize the content of the "buildid" parameter when filing bugs CVE-2007-4543. The next two vulnerabilities onl...

5CVSS7.4AI score0.01921EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2007/09/20 12:0 a.m.•34 views

ClamAV: Multiple vulnerabilities

Background Clam AntiVirus is an open source GPL anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Nikolaos Rangos discovered a vulnerability in ClamAV which exists because the recipient address extracted from email messages is not properly sanitize...

7.6CVSS7.3AI score0.83539EPSS
Exploits12
Gentoo Linux
Gentoo Linux
•added 2007/06/15 12:0 a.m.•34 views

ClamAV: Multiple Denials of Service

Background ClamAV is a GPL virus scanner. Description Several vulnerabilities were discovered in ClamAV by various researchers: Victor Stinner INL discovered that the OLE2 parser may enter in an infinite loop CVE-2007-2650. A boundary error was also reported by an anonymous researcher in the file...

10CVSS6.9AI score0.03249EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/05/30 12:0 a.m.•34 views

FreeType: Buffer overflow

Background FreeType is a True Type Font rendering library. Description Victor Stinner discovered a heap-based buffer overflow in the function GetVMetrics in src/truetype/ttgload.c when processing TTF files with a negative npoints attribute. Impact A remote attacker could entice a user to open a...

6.8CVSS7.5AI score0.05833EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/04/03 12:0 a.m.•34 views

OpenPBS: Multiple vulnerabilities

Background OpenPBS is the original version of the Portable Batch System. It is a flexible batch queueing system developed for NASA in the early to mid-1990s. Description SUSE reported vulnerabilities due to unspecified errors in OpenPBS. Impact By unspecified attack vectors an attacker might be...

10CVSS7.4AI score0.03421EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/03/18 12:0 a.m.•34 views

LTSP: Authentication bypass in included LibVNCServer code

Background The Linux Terminal Server Project adds thin-client support to Linux servers. Description The LTSP server includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None" GLSA-200608-05...

7.5CVSS6.5AI score0.04283EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/02/13 12:0 a.m.•34 views

Samba: Multiple vulnerabilities

Background Samba is a suite of SMB and CIFS client/server programs for UNIX. Description A format string vulnerability exists in the VFS module when handling AFS file systems and an infinite loop has been discovered when handling file rename operations. Impact A user with permission to write to a...

7.5CVSS7.2AI score0.06412EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2007/01/29 12:0 a.m.•35 views

KSirc: Denial of Service vulnerability

Background KSirc is the default KDE IRC client. Description KSirc fails to check the size of an incoming PRIVMSG string sent from an IRC server during the connection process. Impact A malicious IRC server could send a long PRIVMSG string to the KSirc client causing an assertion failure and the...

6.5CVSS6.3AI score0.09993EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/01/26 12:0 a.m.•34 views

Cacti: Command execution and SQL injection

Background Cacti is a web-based network graphing and reporting tool. Description rgod discovered that the Cacti cmd.php and copycactiuser.php scripts do not properly control access to the command shell, and are remotely accessible by unauthenticated users. This allows SQL injection via cmd.php an...

7.5CVSS7.8AI score0.02443EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/27 12:0 a.m.•34 views

Ingo H3: Folder name shell command injection

Background Ingo H3 is a generic frontend for editing Sieve, procmail, maildrop and IMAP filter rules. Description Ingo H3 fails to properly escape shell metacharacters in procmail rules. Impact A remote authenticated attacker could craft a malicious rule which could lead to the execution of...

6.5CVSS6.6AI score0.01961EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/24 12:0 a.m.•34 views

ImageMagick: PALM and DCM buffer overflows

Background ImageMagick is a software suite to create, edit, and compose bitmap images, that can also read, write, and convert images in many other formats. Description M. Joonas Pihlaja has reported that a boundary error exists within the ReadDCMImage function of coders/dcm.c, causing the imprope...

5.1CVSS7AI score0.03481EPSS
Exploits0
Total number of security vulnerabilities3816