Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2006/11/09 12:0 a.m.•34 views

Bugzilla: Multiple Vulnerabilities

Background Bugzilla is a bug tracking system used to allow developers to more easily track outstanding bugs in products. Description The vulnerabilities identified in Bugzilla are as follows: Frederic Buclin and Gervase Markham discovered that input passed to various fields throughout Bugzilla we...

5CVSS6.2AI score0.01909EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/07/25 12:0 a.m.•34 views

Samba: Denial of Service vulnerability

Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Description During an internal audit the Samba team discovered that a flaw in the way Samba stores share connection requests could lead to a...

5CVSS6.2AI score0.05503EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/07/09 12:0 a.m.•34 views

SHOUTcast server: Multiple vulnerabilities

Background SHOUTcast server is a streaming audio server. Description The SHOUTcast server is vulnerable to a file disclosure when the server receives a specially crafted GET request. Furthermore it also fails to sanitize the input passed to the "Description", "URL", "Genre", "AIM", and "ICQ"...

7.8CVSS6.8AI score0.03975EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2006/05/11 12:0 a.m.•34 views

MySQL: Information leakage

Background MySQL is a popular multi-threaded, multi-user SQL database server. Description The processing of the COMTABLEDUMP command by a MySQL server fails to properly validate packets that arrive from the client via a network socket. Impact By crafting specific malicious packets an attacker cou...

5CVSS7.8AI score0.33497EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/03/17 12:0 a.m.•34 views

PEAR-Auth: Potential authentication bypass

Background PEAR-Auth is a PEAR package that provides methods to create a PHP based authentication system. Description Matt Van Gundy discovered that PEAR-Auth did not correctly validate data passed to the DB and LDAP containers. Impact A remote attacker could possibly exploit this vulnerability t...

7.5CVSS6.7AI score0.02449EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/02/26 12:0 a.m.•34 views

noweb: Insecure temporary file creation

Background noweb is a simple, extensible, and language independent literate programming tool. Description Javier Fernandez-Sanguino has discovered that the lib/toascii.nw and shell/roff.mm scripts insecurely create temporary files with predictable filenames. Impact A local attacker could create...

1.2CVSS6.1AI score0.00346EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/01/10 12:0 a.m.•34 views

xine-lib, FFmpeg: Heap-based buffer overflow

Background xine is a GPL high-performance, portable and reusable multimedia playback engine. xine-lib is xine's core engine. FFmpeg is a very fast video and audio converter and is used in xine-lib. Description Simon Kilvington has reported a vulnerability in FFmpeg libavcodec. The flaw is due to ...

7.5CVSS7.3AI score0.05209EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/22 12:0 a.m.•34 views

FUSE: mtab corruption through fusermount

Background FUSE Filesystem in Userspace allows implementation of a fully functional filesystem in a userspace program. The fusermount utility is used to mount/unmount FUSE file systems. Description Thomas Biege discovered that fusermount fails to securely handle special characters specified in...

2.1CVSS6.1AI score0.00365EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/21 12:0 a.m.•34 views

GNUMP3d: Directory traversal and insecure temporary file creation

Background GNUMP3d is a streaming server for MP3s, OGG vorbis files, movies and other media formats. Description Ludwig Nussel from SUSE Linux has identified two vulnerabilities in GNUMP3d. GNUMP3d fails to properly check for the existence of /tmp/index.lok before writing to the file, allowing fo...

6.4CVSS6.4AI score0.02226EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/15 12:0 a.m.•34 views

SPE: Insecure file permissions

Background SPE is a cross-platform Python Integrated Development Environment IDE. Description It was reported that due to an oversight all SPE's files are set as world-writeable. Impact A local attacker could modify the executable files, causing arbitrary code to be executed with the permissions ...

4.6CVSS6.6AI score0.0033EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/11 12:0 a.m.•34 views

uw-imap: Remote buffer overflow

Background uw-imap is the University of Washington's IMAP and POP server daemons. Description Improper bounds checking of user supplied data while parsing IMAP mailbox names can lead to overflowing the stack buffer. Impact Successful exploitation requires an authenticated IMAP user to request a...

7.5CVSS7AI score0.08464EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/07 12:0 a.m.•34 views

RealPlayer, Helix Player: Format string vulnerability

Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Helix Player is an open source media player for Linux. Description "c0ntex" reported that RealPlayer and Helix Player suffer from a heap overflow. Impact By enticing a user to play a specially craft...

5.1CVSS7.3AI score0.13181EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/24 12:0 a.m.•34 views

Webmin, Usermin: Remote code execution through PAM authentication

Background Webmin and Usermin are web-based system administration consoles. Webmin allows an administrator to easily configure servers and other features. Usermin allows users to configure their own accounts, execute commands, and read e-mails. Description Keigo Yamazaki discovered that the...

7.5CVSS7AI score0.04127EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/20 12:0 a.m.•34 views

Zebedee: Denial of Service vulnerability

Background Zebedee is an application that establishes an encrypted, compressed tunnel for TCP/IP or UDP data transfer between two systems. Description "Shiraishi.M" reported that Zebedee crashes when "0" is received as the port number in the protocol option header. Impact By performing malformed...

5CVSS6.4AI score0.07124EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/07/20 12:0 a.m.•34 views

MediaWiki: Cross-site scripting vulnerability

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to escape a parameter in the page move template correctly. Impact By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to...

4.3CVSS6.4AI score0.02043EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/21 12:0 a.m.•34 views

Tor: Information disclosure

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description A bug in Tor allows attackers to view arbitrary memory contents from an exit server's process space. Impact A remote attacker could exploit the memory...

5CVSS6.4AI score0.02223EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/11 12:0 a.m.•34 views

Ettercap: Format string vulnerability

Background Ettercap is a suite of tools for content filtering, sniffing and man in the middle attacks on a LAN. Description The cursesmsg function of Ettercap's Ncurses-based user interface insecurely implements formatted printing. Impact A remote attacker could craft a malicious network flow tha...

7.5CVSS6.8AI score0.05488EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/05/09 12:0 a.m.•34 views

GnuTLS: Denial of Service vulnerability

Background GnuTLS is a free TLS 1.0 and SSL 3.0 implementation for the GNU project. Description A vulnerability has been discovered in the record packet parsing in the GnuTLS library. Additionally, a flaw was also found in the RSA key export functionality. Impact A remote attacker could exploit...

5CVSS6.2AI score0.01931EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/05/05 12:0 a.m.•35 views

Oops!: Remote code execution

Background Oops! is an advanced, multithreaded caching web proxy. Description A format string flaw has been detected in the myxlog function of the Oops! proxy, which is called by the passwdmysql and passwdpgsql module's auth functions. Impact A remote attacker could send a specially crafted HTTP...

5CVSS6.7AI score0.02298EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/04/13 12:0 a.m.•34 views

Gld: Remote execution of arbitrary code

Background Gld is a standalone greylisting server for Postfix. Description dong-hun discovered several buffer overflows in server.c, as well as several format string vulnerabilities in cnf.c. Impact An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the...

10CVSS7.4AI score0.67658EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2005/03/04 12:0 a.m.•35 views

OpenMotif, LessTif: New libXpm buffer overflows

Background LessTif is a clone of OSF/Motif, which is a standard user interface toolkit available on Unix and Linux. OpenMotif also provides a free version of the Motif toolkit for open source applications. Description Chris Gilbert discovered potentially exploitable buffer overflow cases in libXp...

7.5CVSS7.4AI score0.04507EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/28 12:0 a.m.•34 views

uim: Privilege escalation vulnerability

Background uim is a simple, secure and flexible input method library. Description Takumi Asaki discovered that uim insufficiently checks environment variables. setuid/setgid applications linked against libuim could end up executing arbitrary code. This vulnerability only affects immodule-enabled ...

4.6CVSS7.2AI score0.0036EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/21 12:0 a.m.•34 views

PuTTY: Remote code execution

Background PuTTY is a popular SSH client, PSCP is a secure copy implementation, and PSFTP is a SSH File Transfer Protocol client. Description Two vulnerabilities have been discovered in the PSCP and PSFTP clients, which can be triggered by the SFTP server itself. These issues are caused by the...

7.5CVSS7.3AI score0.04041EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/18 12:0 a.m.•34 views

GProFTPD: gprostats format string vulnerability

Background GProFTPD is a GTK+ administration tool for the ProFTPD server. GProFTPD is distributed with gprostats, a utility to parse ProFTPD transfer logs. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a format string vulnerability in the gprostats utility. Impa...

7.5CVSS6.9AI score0.1085EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/02/13 12:0 a.m.•34 views

PowerDNS: Denial of Service vulnerability

Background The PowerDNS Nameserver is an authoritative-only nameserver which uses a flexible backend architecture. Description A vulnerability has been reported in the DNSPacket::expand method of dnspacket.cc. Impact An attacker could cause a temporary Denial of Service by sending a random stream...

5CVSS6.3AI score0.03271EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/30 12:0 a.m.•34 views

Gallery: Cross-site scripting vulnerability

Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Rafel Ivgi has discovered a cross-site scripting...

5CVSS6.2AI score0.01611EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/22 12:0 a.m.•34 views

CUPS: Stack overflow in included Xpdf code

Background The Common UNIX Printing System CUPS is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. Description The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc insufficiently checks boundaries when processing /Encrypt /Length tags in PDF files GLSA 200501-28...

7.5CVSS7.2AI score0.07217EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/01/11 12:0 a.m.•34 views

KPdf, KOffice: More vulnerabilities in included Xpdf

Background KPdf is a KDE-based PDF viewer included in the kdegraphics package. KOffice is an integrated office suite for KDE. Description KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to multiple new integer overflows, as described in GLSA 200412-24. Impact An...

9.3CVSS1.7AI score0.06576EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/12/28 12:0 a.m.•34 views

ViewCVS: Information leak and XSS vulnerabilities

Background ViewCVS is a browser interface for viewing CVS and Subversion version control repositories through a web browser. Description The tar export functions in ViewCVS bypass the 'hidecvsroot' and 'forbidden' settings and therefore expose information that should be kept secret CAN-2004-0915...

5CVSS6.1AI score0.01294EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/12/19 12:0 a.m.•34 views

kfax: Multiple overflows in the included TIFF library

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. kfax part of kdegraphics is the KDE fax file viewer. Description Than Ngo discovered that kfax contains a private copy of the TIFF library and is therefore subject to several known...

7.5CVSS7.1AI score0.08268EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/11/25 12:0 a.m.•34 views

Cyrus IMAP Server: Multiple remote vulnerabilities

Background The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail server. Description Multiple vulnerabilities have been discovered in the argument parsers of the 'partial' and 'fetch' commands of the Cyrus IMAP Server CAN-2004-1012, CAN-2004-1013. There are also buffer overflows in t...

10CVSS7.8AI score0.05951EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/09 12:0 a.m.•34 views

zip: Path name buffer overflow

Background zip is a compression and file packaging utility. Description zip does not check the resulting path length when doing recursive folder compression. Impact An attacker could exploit this by enticing another user or web application to create an archive including a specially-crafted path...

10CVSS3.3AI score0.09246EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/07 12:0 a.m.•34 views

Portage, Gentoolkit: Temporary file vulnerabilities

Background Portage is Gentoo's package management tool. The dispatch-conf utility allows for easy rollback of configuration file changes and automatic updates of configurations files never modified by users. Gentoolkit is a collection of Gentoo specific administration scripts, one of which is the...

2.1CVSS0.2AI score0.00342EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/25 12:0 a.m.•34 views

Netatalk: Insecure tempfile handling in etc2ps.sh

Background Netatalk is a kernel level implementation of the AppleTalk Protocol Suite, which allows Unix hosts to act as file, print, and time servers for Apple computers. It includes several script utilities, including etc2ps.sh. Description The etc2ps.sh script creates temporary files in...

2.1CVSS6AI score0.00393EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/17 12:0 a.m.•34 views

SnipSnap: HTTP response splitting

Background SnipSnap is a user friendly content management system with features such as wiki and weblog. Description SnipSnap contains various HTTP response splitting vulnerabilities that could potentially compromise the sites data. Some of these attacks include web cache poisoning, cross-user...

5CVSS1.5AI score0.02437EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/09/16 12:0 a.m.•34 views

phpGroupWare: XSS vulnerability in wiki module

Background phpGroupWare is a web-based suite of group applications including calendar, todo-list, addressbook, email, wiki, news headlines, and a file manager. Description Due to an input validation error, the wiki module in the phpGroupWare suite is vulnerable to cross site scripting attacks...

6.8CVSS6.3AI score0.01326EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/08/04 12:0 a.m.•34 views

Courier: Cross-site scripting vulnerability in SqWebMail

Background Courier is an integrated mail and groupware server based on open protocols. It provides ESMTP, IMAP, POP3, webmail, and mailing list services within a single framework. The webmail functionality included in Courier called SqWebMail allows you to access mailboxes from a web browser...

6.8CVSS5.4AI score0.04973EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/07/14 12:0 a.m.•34 views

Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling

Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description An attacker can utili...

5CVSS6AI score0.02761EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/06/17 12:0 a.m.•34 views

Squid: NTLM authentication helper buffer overflow

Background Squid contains a bug in the function ntlmcheckauth. It fails to do proper bounds checking on the values copyied to the 'pass' variable. Description Squid is a full-featured Web Proxy Cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, a...

10CVSS7.1AI score0.7107EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2004/06/15 12:0 a.m.•35 views

Gallery: Privilege escalation vulnerability

Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description There is a vulnerability in the Gallery photo album...

10CVSS6.7AI score0.02831EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/05/19 12:0 a.m.•34 views

Icecast denial of service vulnerability

Background Icecast is a program that streams audio data to listeners over the Internet. Description There is an out-of-bounds read error in the web interface of Icecast when handling Basic Authorization requests. This vulnerability can theorically be exploited by sending a specially crafted...

5CVSS2.2AI score0.02085EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/04/09 12:0 a.m.•34 views

iproute local Denial of Service vulnerability

Background iproute is a set of tools for managing linux network routing and advanced features. Description It has been reported that iproute can accept spoofed messages on the kernel netlink interface from local users. This could lead to a local Denial of Service condition. Impact Local users cou...

4.9CVSS6AI score0.00371EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/03/31 12:0 a.m.•34 views

Remote buffer overflow in MPlayer

Background Quote from http://mplayerhq.hu "MPlayer is a movie player for LINUX runs on many other Unices, and non-x86 CPUs, see the documentation. It plays most MPEG, VOB, AVI, OGG/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, FLI, RM, NuppelVideo, YUV4MPEG, FILM, RoQ, PVA files, supported by many native,...

10CVSS7AI score0.2698EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/02/11 12:0 a.m.•34 views

XFree86 Font Information File Buffer Overflow

Background XFree86, provides a client/server interface between display hardware and the desktop environment while also providing both the windowing infrastructure and a standardized API. XFree86 is platform independent, network-transparent and extensible. Description Exploitation of a buffer...

10CVSS7.5AI score0.21175EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2003/11/10 12:0 a.m.•34 views

HylaFAX: Remote code exploit in hylafax

Background HylaFAX is a popular client-server fax package. Description During a code review of the hfaxd server, the SuSE Security Team discovered a format bug condition that allows a remote attacker to execute arbitrary code as the root user. However, the bug cannot be triggered in the default...

10CVSS7.4AI score0.1206EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/08/10 12:0 a.m.•33 views

libde265: Multiple Vulnerabilities

Background Open h.265 video codec implementation. Description Multiple vulnerabilities have been discovered in libde265. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...

9.8CVSS7.7AI score0.0202EPSS
Exploits46
Gentoo Linux
Gentoo Linux
•added 2024/07/05 12:0 a.m.•33 views

podman: Multiple Vulnerabilities

Background Podman is a tool for managing OCI containers and pods with a Docker-compatible CLI. Description Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution Al...

10CVSS6.4AI score0.93305EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2024/06/28 12:0 a.m.•33 views

GStreamer, GStreamer Plugins: Multiple Vulnerabilities

Background GStreamer is an open source multimedia framework. Description Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...

8.8CVSS7.6AI score0.02189EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/03/03 12:0 a.m.•33 views

Tox: Remote Code Execution

Background Tox is easy-to-use software that connects you with friends and family without anyone else listening in. Description A vulnerability has been discovered in btrbk. Please review the CVE identifier referenced below for details. Impact A stack-based buffer overflow allows remote attackers ...

9.8CVSS8.4AI score0.03954EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/02/18 12:0 a.m.•33 views

QtWebEngine: Multiple Vulnerabilities

Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.6CVSS8AI score0.4351EPSS
Exploits4
Total number of security vulnerabilities3816