Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2007/05/07 12:0 a.m.•34 views

Lighttpd: Two Denials of Service

Background Lighttpd is a lightweight HTTP web server. Description Robert Jakabosky discovered an infinite loop triggered by a connection abort when Lighttpd processes carriage return and line feed sequences. Marcus Rueckert discovered a NULL pointer dereference when a server running Lighttpd trie...

7.8CVSS6.5AI score0.03377EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/05/01 12:0 a.m.•34 views

Ktorrent: Multiple vulnerabilities

Background Ktorrent is a Bittorrent client for KDE. Description Bryan Burns of Juniper Networks discovered a vulnerability in chunkcounter.cpp when processing large or negative idx values, and a directory traversal vulnerability in torrent.cpp. Impact A remote attacker could entice a user to...

7.5CVSS7.1AI score0.02483EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/04/03 12:0 a.m.•34 views

OpenPBS: Multiple vulnerabilities

Background OpenPBS is the original version of the Portable Batch System. It is a flexible batch queueing system developed for NASA in the early to mid-1990s. Description SUSE reported vulnerabilities due to unspecified errors in OpenPBS. Impact By unspecified attack vectors an attacker might be...

10CVSS7.4AI score0.03421EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/03/18 12:0 a.m.•34 views

LTSP: Authentication bypass in included LibVNCServer code

Background The Linux Terminal Server Project adds thin-client support to Linux servers. Description The LTSP server includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None" GLSA-200608-05...

7.5CVSS6.5AI score0.04283EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/02/13 12:0 a.m.•34 views

Samba: Multiple vulnerabilities

Background Samba is a suite of SMB and CIFS client/server programs for UNIX. Description A format string vulnerability exists in the VFS module when handling AFS file systems and an infinite loop has been discovered when handling file rename operations. Impact A user with permission to write to a...

7.5CVSS7.2AI score0.06412EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2007/01/29 12:0 a.m.•35 views

KSirc: Denial of Service vulnerability

Background KSirc is the default KDE IRC client. Description KSirc fails to check the size of an incoming PRIVMSG string sent from an IRC server during the connection process. Impact A malicious IRC server could send a long PRIVMSG string to the KSirc client causing an assertion failure and the...

6.5CVSS6.3AI score0.09993EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/01/26 12:0 a.m.•34 views

Cacti: Command execution and SQL injection

Background Cacti is a web-based network graphing and reporting tool. Description rgod discovered that the Cacti cmd.php and copycactiuser.php scripts do not properly control access to the command shell, and are remotely accessible by unauthenticated users. This allows SQL injection via cmd.php an...

7.5CVSS7.8AI score0.02443EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/27 12:0 a.m.•34 views

Ingo H3: Folder name shell command injection

Background Ingo H3 is a generic frontend for editing Sieve, procmail, maildrop and IMAP filter rules. Description Ingo H3 fails to properly escape shell metacharacters in procmail rules. Impact A remote authenticated attacker could craft a malicious rule which could lead to the execution of...

6.5CVSS6.6AI score0.01961EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/24 12:0 a.m.•34 views

ImageMagick: PALM and DCM buffer overflows

Background ImageMagick is a software suite to create, edit, and compose bitmap images, that can also read, write, and convert images in many other formats. Description M. Joonas Pihlaja has reported that a boundary error exists within the ReadDCMImage function of coders/dcm.c, causing the imprope...

5.1CVSS7AI score0.03481EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/07/25 12:0 a.m.•34 views

Samba: Denial of Service vulnerability

Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Description During an internal audit the Samba team discovered that a flaw in the way Samba stores share connection requests could lead to a...

5CVSS6.2AI score0.05503EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/07/09 12:0 a.m.•34 views

SHOUTcast server: Multiple vulnerabilities

Background SHOUTcast server is a streaming audio server. Description The SHOUTcast server is vulnerable to a file disclosure when the server receives a specially crafted GET request. Furthermore it also fails to sanitize the input passed to the "Description", "URL", "Genre", "AIM", and "ICQ"...

7.8CVSS6.8AI score0.03975EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2006/05/11 12:0 a.m.•34 views

MySQL: Information leakage

Background MySQL is a popular multi-threaded, multi-user SQL database server. Description The processing of the COMTABLEDUMP command by a MySQL server fails to properly validate packets that arrive from the client via a network socket. Impact By crafting specific malicious packets an attacker cou...

5CVSS7.8AI score0.33497EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/03/17 12:0 a.m.•34 views

PEAR-Auth: Potential authentication bypass

Background PEAR-Auth is a PEAR package that provides methods to create a PHP based authentication system. Description Matt Van Gundy discovered that PEAR-Auth did not correctly validate data passed to the DB and LDAP containers. Impact A remote attacker could possibly exploit this vulnerability t...

7.5CVSS6.7AI score0.02449EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/02/26 12:0 a.m.•34 views

noweb: Insecure temporary file creation

Background noweb is a simple, extensible, and language independent literate programming tool. Description Javier Fernandez-Sanguino has discovered that the lib/toascii.nw and shell/roff.mm scripts insecurely create temporary files with predictable filenames. Impact A local attacker could create...

1.2CVSS6.1AI score0.00346EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/01/10 12:0 a.m.•34 views

xine-lib, FFmpeg: Heap-based buffer overflow

Background xine is a GPL high-performance, portable and reusable multimedia playback engine. xine-lib is xine's core engine. FFmpeg is a very fast video and audio converter and is used in xine-lib. Description Simon Kilvington has reported a vulnerability in FFmpeg libavcodec. The flaw is due to ...

7.5CVSS7.3AI score0.05209EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/22 12:0 a.m.•34 views

FUSE: mtab corruption through fusermount

Background FUSE Filesystem in Userspace allows implementation of a fully functional filesystem in a userspace program. The fusermount utility is used to mount/unmount FUSE file systems. Description Thomas Biege discovered that fusermount fails to securely handle special characters specified in...

2.1CVSS6.1AI score0.00365EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/21 12:0 a.m.•34 views

GNUMP3d: Directory traversal and insecure temporary file creation

Background GNUMP3d is a streaming server for MP3s, OGG vorbis files, movies and other media formats. Description Ludwig Nussel from SUSE Linux has identified two vulnerabilities in GNUMP3d. GNUMP3d fails to properly check for the existence of /tmp/index.lok before writing to the file, allowing fo...

6.4CVSS6.4AI score0.02226EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/15 12:0 a.m.•34 views

SPE: Insecure file permissions

Background SPE is a cross-platform Python Integrated Development Environment IDE. Description It was reported that due to an oversight all SPE's files are set as world-writeable. Impact A local attacker could modify the executable files, causing arbitrary code to be executed with the permissions ...

4.6CVSS6.6AI score0.0033EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/11 12:0 a.m.•34 views

uw-imap: Remote buffer overflow

Background uw-imap is the University of Washington's IMAP and POP server daemons. Description Improper bounds checking of user supplied data while parsing IMAP mailbox names can lead to overflowing the stack buffer. Impact Successful exploitation requires an authenticated IMAP user to request a...

7.5CVSS7AI score0.08464EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/07 12:0 a.m.•34 views

RealPlayer, Helix Player: Format string vulnerability

Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Helix Player is an open source media player for Linux. Description "c0ntex" reported that RealPlayer and Helix Player suffer from a heap overflow. Impact By enticing a user to play a specially craft...

5.1CVSS7.3AI score0.13181EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/20 12:0 a.m.•34 views

Zebedee: Denial of Service vulnerability

Background Zebedee is an application that establishes an encrypted, compressed tunnel for TCP/IP or UDP data transfer between two systems. Description "Shiraishi.M" reported that Zebedee crashes when "0" is received as the port number in the protocol option header. Impact By performing malformed...

5CVSS6.4AI score0.07124EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/07/20 12:0 a.m.•34 views

MediaWiki: Cross-site scripting vulnerability

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to escape a parameter in the page move template correctly. Impact By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to...

4.3CVSS6.4AI score0.02043EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/21 12:0 a.m.•34 views

Tor: Information disclosure

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description A bug in Tor allows attackers to view arbitrary memory contents from an exit server's process space. Impact A remote attacker could exploit the memory...

5CVSS6.4AI score0.02223EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/11 12:0 a.m.•34 views

Ettercap: Format string vulnerability

Background Ettercap is a suite of tools for content filtering, sniffing and man in the middle attacks on a LAN. Description The cursesmsg function of Ettercap's Ncurses-based user interface insecurely implements formatted printing. Impact A remote attacker could craft a malicious network flow tha...

7.5CVSS6.8AI score0.05488EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/05/09 12:0 a.m.•34 views

GnuTLS: Denial of Service vulnerability

Background GnuTLS is a free TLS 1.0 and SSL 3.0 implementation for the GNU project. Description A vulnerability has been discovered in the record packet parsing in the GnuTLS library. Additionally, a flaw was also found in the RSA key export functionality. Impact A remote attacker could exploit...

5CVSS6.2AI score0.01931EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/05/05 12:0 a.m.•35 views

Oops!: Remote code execution

Background Oops! is an advanced, multithreaded caching web proxy. Description A format string flaw has been detected in the myxlog function of the Oops! proxy, which is called by the passwdmysql and passwdpgsql module's auth functions. Impact A remote attacker could send a specially crafted HTTP...

5CVSS6.7AI score0.02298EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/04/13 12:0 a.m.•34 views

Gld: Remote execution of arbitrary code

Background Gld is a standalone greylisting server for Postfix. Description dong-hun discovered several buffer overflows in server.c, as well as several format string vulnerabilities in cnf.c. Impact An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the...

10CVSS7.4AI score0.67658EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2005/03/04 12:0 a.m.•35 views

OpenMotif, LessTif: New libXpm buffer overflows

Background LessTif is a clone of OSF/Motif, which is a standard user interface toolkit available on Unix and Linux. OpenMotif also provides a free version of the Motif toolkit for open source applications. Description Chris Gilbert discovered potentially exploitable buffer overflow cases in libXp...

7.5CVSS7.4AI score0.04507EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/28 12:0 a.m.•34 views

uim: Privilege escalation vulnerability

Background uim is a simple, secure and flexible input method library. Description Takumi Asaki discovered that uim insufficiently checks environment variables. setuid/setgid applications linked against libuim could end up executing arbitrary code. This vulnerability only affects immodule-enabled ...

4.6CVSS7.2AI score0.0036EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/21 12:0 a.m.•34 views

PuTTY: Remote code execution

Background PuTTY is a popular SSH client, PSCP is a secure copy implementation, and PSFTP is a SSH File Transfer Protocol client. Description Two vulnerabilities have been discovered in the PSCP and PSFTP clients, which can be triggered by the SFTP server itself. These issues are caused by the...

7.5CVSS7.3AI score0.04041EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/18 12:0 a.m.•34 views

GProFTPD: gprostats format string vulnerability

Background GProFTPD is a GTK+ administration tool for the ProFTPD server. GProFTPD is distributed with gprostats, a utility to parse ProFTPD transfer logs. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a format string vulnerability in the gprostats utility. Impa...

7.5CVSS6.9AI score0.1085EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/02/13 12:0 a.m.•34 views

PowerDNS: Denial of Service vulnerability

Background The PowerDNS Nameserver is an authoritative-only nameserver which uses a flexible backend architecture. Description A vulnerability has been reported in the DNSPacket::expand method of dnspacket.cc. Impact An attacker could cause a temporary Denial of Service by sending a random stream...

5CVSS6.3AI score0.03271EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/30 12:0 a.m.•34 views

Gallery: Cross-site scripting vulnerability

Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Rafel Ivgi has discovered a cross-site scripting...

5CVSS6.2AI score0.01611EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/22 12:0 a.m.•34 views

CUPS: Stack overflow in included Xpdf code

Background The Common UNIX Printing System CUPS is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. Description The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc insufficiently checks boundaries when processing /Encrypt /Length tags in PDF files GLSA 200501-28...

7.5CVSS7.2AI score0.07217EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/01/20 12:0 a.m.•34 views

ImageMagick: PSD decoding heap overflow

Background ImageMagick is a collection of tools to read, write and manipulate images in many formats. Description Andrei Nigmatulin discovered that a Photoshop Document PSD file with more than 24 layers could trigger a heap overflow. Impact An attacker could potentially design a mailicous PSD ima...

7.5CVSS7.1AI score0.04378EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/01/11 12:0 a.m.•34 views

KPdf, KOffice: More vulnerabilities in included Xpdf

Background KPdf is a KDE-based PDF viewer included in the kdegraphics package. KOffice is an integrated office suite for KDE. Description KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to multiple new integer overflows, as described in GLSA 200412-24. Impact An...

9.3CVSS1.7AI score0.06576EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/12/28 12:0 a.m.•34 views

ViewCVS: Information leak and XSS vulnerabilities

Background ViewCVS is a browser interface for viewing CVS and Subversion version control repositories through a web browser. Description The tar export functions in ViewCVS bypass the 'hidecvsroot' and 'forbidden' settings and therefore expose information that should be kept secret CAN-2004-0915...

5CVSS6.1AI score0.01294EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/12/19 12:0 a.m.•34 views

kfax: Multiple overflows in the included TIFF library

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. kfax part of kdegraphics is the KDE fax file viewer. Description Than Ngo discovered that kfax contains a private copy of the TIFF library and is therefore subject to several known...

7.5CVSS7.1AI score0.08268EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/11/25 12:0 a.m.•34 views

Cyrus IMAP Server: Multiple remote vulnerabilities

Background The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail server. Description Multiple vulnerabilities have been discovered in the argument parsers of the 'partial' and 'fetch' commands of the Cyrus IMAP Server CAN-2004-1012, CAN-2004-1013. There are also buffer overflows in t...

10CVSS7.8AI score0.05951EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/17 12:0 a.m.•34 views

SquirrelMail: Encoded text XSS vulnerability

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP, and can optionally be installed with SQL support. Description SquirrelMail fails to properly sanitize certain strings when decoding specially-crafted headers. Impact By enticing a user to read a...

6.8CVSS1.4AI score0.02818EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/09 12:0 a.m.•34 views

zip: Path name buffer overflow

Background zip is a compression and file packaging utility. Description zip does not check the resulting path length when doing recursive folder compression. Impact An attacker could exploit this by enticing another user or web application to create an archive including a specially-crafted path...

10CVSS3.3AI score0.09246EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/07 12:0 a.m.•34 views

Portage, Gentoolkit: Temporary file vulnerabilities

Background Portage is Gentoo's package management tool. The dispatch-conf utility allows for easy rollback of configuration file changes and automatic updates of configurations files never modified by users. Gentoolkit is a collection of Gentoo specific administration scripts, one of which is the...

2.1CVSS0.2AI score0.00342EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/25 12:0 a.m.•34 views

Netatalk: Insecure tempfile handling in etc2ps.sh

Background Netatalk is a kernel level implementation of the AppleTalk Protocol Suite, which allows Unix hosts to act as file, print, and time servers for Apple computers. It includes several script utilities, including etc2ps.sh. Description The etc2ps.sh script creates temporary files in...

2.1CVSS6AI score0.00393EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/17 12:0 a.m.•34 views

SnipSnap: HTTP response splitting

Background SnipSnap is a user friendly content management system with features such as wiki and weblog. Description SnipSnap contains various HTTP response splitting vulnerabilities that could potentially compromise the sites data. Some of these attacks include web cache poisoning, cross-user...

5CVSS1.5AI score0.02437EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/09/16 12:0 a.m.•34 views

phpGroupWare: XSS vulnerability in wiki module

Background phpGroupWare is a web-based suite of group applications including calendar, todo-list, addressbook, email, wiki, news headlines, and a file manager. Description Due to an input validation error, the wiki module in the phpGroupWare suite is vulnerable to cross site scripting attacks...

6.8CVSS6.3AI score0.01326EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/08/04 12:0 a.m.•34 views

Courier: Cross-site scripting vulnerability in SqWebMail

Background Courier is an integrated mail and groupware server based on open protocols. It provides ESMTP, IMAP, POP3, webmail, and mailing list services within a single framework. The webmail functionality included in Courier called SqWebMail allows you to access mailboxes from a web browser...

6.8CVSS5.4AI score0.04973EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/07/14 12:0 a.m.•34 views

Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling

Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description An attacker can utili...

5CVSS6AI score0.02761EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/06/17 12:0 a.m.•34 views

Squid: NTLM authentication helper buffer overflow

Background Squid contains a bug in the function ntlmcheckauth. It fails to do proper bounds checking on the values copyied to the 'pass' variable. Description Squid is a full-featured Web Proxy Cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, a...

10CVSS7.1AI score0.7107EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2004/06/15 12:0 a.m.•35 views

Gallery: Privilege escalation vulnerability

Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description There is a vulnerability in the Gallery photo album...

10CVSS6.7AI score0.02831EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/05/19 12:0 a.m.•34 views

Icecast denial of service vulnerability

Background Icecast is a program that streams audio data to listeners over the Internet. Description There is an out-of-bounds read error in the web interface of Icecast when handling Basic Authorization requests. This vulnerability can theorically be exploited by sending a specially crafted...

5CVSS2.2AI score0.02085EPSS
Exploits0
Total number of security vulnerabilities3816