Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2004/11/07 12:0 a.m.34 views

Portage, Gentoolkit: Temporary file vulnerabilities

Background Portage is Gentoo's package management tool. The dispatch-conf utility allows for easy rollback of configuration file changes and automatic updates of configurations files never modified by users. Gentoolkit is a collection of Gentoo specific administration scripts, one of which is the...

2.1CVSS0.2AI score0.00342EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/10/25 12:0 a.m.34 views

Netatalk: Insecure tempfile handling in etc2ps.sh

Background Netatalk is a kernel level implementation of the AppleTalk Protocol Suite, which allows Unix hosts to act as file, print, and time servers for Apple computers. It includes several script utilities, including etc2ps.sh. Description The etc2ps.sh script creates temporary files in...

2.1CVSS6AI score0.00393EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/17 12:0 a.m.34 views

SnipSnap: HTTP response splitting

Background SnipSnap is a user friendly content management system with features such as wiki and weblog. Description SnipSnap contains various HTTP response splitting vulnerabilities that could potentially compromise the sites data. Some of these attacks include web cache poisoning, cross-user...

5CVSS1.5AI score0.02437EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/09/16 12:0 a.m.34 views

phpGroupWare: XSS vulnerability in wiki module

Background phpGroupWare is a web-based suite of group applications including calendar, todo-list, addressbook, email, wiki, news headlines, and a file manager. Description Due to an input validation error, the wiki module in the phpGroupWare suite is vulnerable to cross site scripting attacks...

6.8CVSS6.3AI score0.01326EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/04 12:0 a.m.34 views

Courier: Cross-site scripting vulnerability in SqWebMail

Background Courier is an integrated mail and groupware server based on open protocols. It provides ESMTP, IMAP, POP3, webmail, and mailing list services within a single framework. The webmail functionality included in Courier called SqWebMail allows you to access mailboxes from a web browser...

6.8CVSS5.4AI score0.04973EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/07/14 12:0 a.m.34 views

Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling

Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description An attacker can utili...

5CVSS6AI score0.02761EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/06/17 12:0 a.m.34 views

Squid: NTLM authentication helper buffer overflow

Background Squid contains a bug in the function ntlmcheckauth. It fails to do proper bounds checking on the values copyied to the 'pass' variable. Description Squid is a full-featured Web Proxy Cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, a...

10CVSS7.1AI score0.7107EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2004/06/15 12:0 a.m.35 views

Gallery: Privilege escalation vulnerability

Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description There is a vulnerability in the Gallery photo album...

10CVSS6.7AI score0.02831EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/05/19 12:0 a.m.34 views

Icecast denial of service vulnerability

Background Icecast is a program that streams audio data to listeners over the Internet. Description There is an out-of-bounds read error in the web interface of Icecast when handling Basic Authorization requests. This vulnerability can theorically be exploited by sending a specially crafted...

5CVSS2.2AI score0.02085EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/04/09 12:0 a.m.34 views

iproute local Denial of Service vulnerability

Background iproute is a set of tools for managing linux network routing and advanced features. Description It has been reported that iproute can accept spoofed messages on the kernel netlink interface from local users. This could lead to a local Denial of Service condition. Impact Local users cou...

4.9CVSS6AI score0.00371EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/03/31 12:0 a.m.34 views

Remote buffer overflow in MPlayer

Background Quote from http://mplayerhq.hu "MPlayer is a movie player for LINUX runs on many other Unices, and non-x86 CPUs, see the documentation. It plays most MPEG, VOB, AVI, OGG/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, FLI, RM, NuppelVideo, YUV4MPEG, FILM, RoQ, PVA files, supported by many native,...

10CVSS7AI score0.2698EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/02/11 12:0 a.m.34 views

XFree86 Font Information File Buffer Overflow

Background XFree86, provides a client/server interface between display hardware and the desktop environment while also providing both the windowing infrastructure and a standardized API. XFree86 is platform independent, network-transparent and extensible. Description Exploitation of a buffer...

10CVSS7.5AI score0.21175EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2003/12/14 12:0 a.m.34 views

XChat: malformed dcc send request denial of service

Background XChat is a multiplatform IRC client. Description There is a remotely exploitable bug in XChat 2.0.6 that could lead to a denial of service attack. Gentoo wishes to thank lloydbates for discovering this bug, as well as jcdutton and rac for submitting patches to fix the bug. Impact A...

1.3AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2003/11/10 12:0 a.m.34 views

HylaFAX: Remote code exploit in hylafax

Background HylaFAX is a popular client-server fax package. Description During a code review of the hfaxd server, the SuSE Security Team discovered a format bug condition that allows a remote attacker to execute arbitrary code as the root user. However, the bug cannot be triggered in the default...

10CVSS7.4AI score0.1206EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/08/10 12:0 a.m.33 views

libde265: Multiple Vulnerabilities

Background Open h.265 video codec implementation. Description Multiple vulnerabilities have been discovered in libde265. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...

9.8CVSS7.7AI score0.0202EPSS
Exploits46
Gentoo Linux
Gentoo Linux
added 2024/07/05 12:0 a.m.33 views

podman: Multiple Vulnerabilities

Background Podman is a tool for managing OCI containers and pods with a Docker-compatible CLI. Description Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution Al...

10CVSS6.4AI score0.93305EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2024/06/28 12:0 a.m.33 views

GStreamer, GStreamer Plugins: Multiple Vulnerabilities

Background GStreamer is an open source multimedia framework. Description Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...

8.8CVSS7.6AI score0.02189EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/03/03 12:0 a.m.33 views

Tox: Remote Code Execution

Background Tox is easy-to-use software that connects you with friends and family without anyone else listening in. Description A vulnerability has been discovered in btrbk. Please review the CVE identifier referenced below for details. Impact A stack-based buffer overflow allows remote attackers ...

9.8CVSS8.4AI score0.03954EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/02/18 12:0 a.m.33 views

QtWebEngine: Multiple Vulnerabilities

Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.6CVSS8AI score0.43238EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2024/02/18 12:0 a.m.33 views

Thunar: Arbitrary Code Execution

Background Thunar is a modern file manager for the Xfce Desktop Environment. Thunar has been designed from the ground up to be fast and easy to use. Its user interface is clean and intuitive and does not include any confusing or useless options by default. Thunar starts up quickly and navigating...

9.8CVSS7.5AI score0.03076EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/02/04 12:0 a.m.33 views

Wireshark: Multiple Vulnerabilities

Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

6.5CVSS7.6AI score0.00746EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/01/16 12:0 a.m.33 views

Nettle: Denial of Service

Background Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Description Multiple vulnerabilities have been...

9.8CVSS8.4AI score0.02686EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/01/15 12:0 a.m.33 views

zlib: Buffer Overflow

Background zlib is a widely used free and patent unencumbered data compression library. Description A vulnerability has been discovered in zlib. Please review the CVE identifier referenced below for details. Impact MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffe...

9.8CVSS7.8AI score0.02918EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2023/11/24 12:0 a.m.33 views

LinuxCIFS utils: Multiple Vulnerabilities

Background The LinuxCIFS utils are a collection of tools for managing Linux CIFS Client Filesystems. Description Multiple vulnerabilities have been discovered in LinuxCIFS utils. Please review the CVE identifiers referenced below for details. Impact A stack-based buffer overflow when parsing the...

7.8CVSS7.6AI score0.01804EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2023/05/30 12:0 a.m.33 views

X.Org X server, XWayland: Multiple Vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X server, XWayland. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers...

8.8CVSS7.4AI score0.02685EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.33 views

libsdl2: Multiple Vulnerabilities

Background Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. Description Multiple vulnerabilities have been discovered in libsdl2. Please review the CVE...

8.8CVSS7.2AI score0.01986EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/09/29 12:0 a.m.33 views

BlueZ: Multiple Vulnerabilities

Background BlueZ is the canonical bluetooth tools and system daemons package for Linux. Description Multiple vulnerabilities have been discovered in BlueZ. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

8.8CVSS2.5AI score0.01808EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2020/11/03 12:0 a.m.33 views

KPMCore: Root privilege escalation

Background KPMcore, the KDE Partition Manager core, is a library for examining and modifying partitions, disk devices, and filesystems on a Linux system. It provides a unified programming interface over top of external system-manipulation tools. Description Improper checks on the D-Bus request...

7.8CVSS3AI score0.00422EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/08/30 12:0 a.m.33 views

targetcli-fb: Multiple vulnerabilities

Background Tool for managing the Linux LIO kernel target. Description Multiple vulnerabilities have been discovered in targetcli-fb. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

7.8CVSS2.6AI score0.00348EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/07/28 12:0 a.m.33 views

libetpan: Improper STARTTLS handling

Background libetpan is a portable, efficient middleware for different kinds of mail access. Description It was discovered that libetpan was not properly handling state within the STARTTLS protocol handshake. Impact There may be a breach of integrity or confidentiality in connections made using...

7.4CVSS1.3AI score0.02393EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2020/06/15 12:0 a.m.33 views

Bubblewrap: Arbitrary code execution

Background Bubblewrap is an unprivileged sandboxing tool namespaces-powered chroot-like solution. Description Bubblewrap misuses temporary directories in /tmp as a mount point. Impact This flaw may allow possible execution of code or prevention of running Bubblewrap. Workaround There is no known...

7.8CVSS3.8AI score0.00494EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/04/02 12:0 a.m.33 views

GnuTLS: DTLS protocol regression

Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description It was discovered that DTLS client did not contribute any randomness to the DTLS negotiation. Impact Please review the referenced advisory for details. Workaround There is no known workaround at this time...

2.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2018/12/30 12:0 a.m.33 views

GKSu: Arbitrary command execution

Background A library that provides a Gtk+ frontend to su and sudo. Description A vulnerability was discovered in GKSu’s gksu-run-helper. Impact An attacker could execute arbitrary commands. Workaround There is no known workaround at this time. Resolution Gentoo has discontinued support for GKSu a...

6.8CVSS6.9AI score0.02193EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2018/12/06 12:0 a.m.33 views

EDE: Privilege escalation

Background A package that simplifies the task of creating, building, and debugging large programs with Emacs. It provides some of the features of an IDE, or Integrated Development Environment, in Emacs. Description An untrusted search path vulnerability was discovered in EDE. Impact A local...

9.3CVSS3.3AI score0.02733EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2018/12/02 12:0 a.m.33 views

Nagios: Privilege escalation

Background Nagios is an open source host, service and network monitoring program. Description A vulnerability in Nagios was discovered due to the improper handling of configuration files which can be owned by a non-root user. Impact A local attacker can escalate privileges to root by leveraging...

7.8CVSS3.8AI score0.00332EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2018/01/08 12:0 a.m.33 views

LibXfont, LibXfont2: Arbitrary file access

Background X.Org Xfont library. Description It was discovered that libXfont incorrectly followed symlinks when opening font files. Impact A local unprivileged user could use this flaw to cause the X server to access arbitrary files, including special device files. Workaround There is no known...

5.5CVSS5.9AI score0.0042EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2018/01/07 12:0 a.m.33 views

WebkitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine. Description Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the referenced CVE Identifiers for details. Impact An attacker, by enticing a user to visit maliciously crafted web content, may be...

8.8CVSS9.1AI score0.024EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/11/12 12:0 a.m.34 views

eGroupWare: Remote code execution

Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description It was found that eGroupWare contains multiple code injection vulnerabilities in multiple parameters and routes because of improper input sanitization. Impact A remo...

7.5CVSS7.6AI score0.04079EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2017/10/13 12:0 a.m.33 views

elfutils: Multiple vulnerabilities

Background Elfutils provides a library and utilities to access, modify and analyse ELF objects. Description Multiple vulnerabilities have been discovered in elfutils. Please review the referenced CVE identifiers for details. Impact A remote attacker could possibly cause a Denial of Service...

5.5CVSS6.7AI score0.02126EPSS
Exploits7
Gentoo Linux
Gentoo Linux
added 2017/06/22 12:0 a.m.33 views

jbig2dec: Multiple vulnerabilities

Background jbig2dec is a decoder implementation of the JBIG2 image compression format. Description Multiple vulnerabilities have been discovered in jbig2dec. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user or automated system to process...

5.5CVSS4.5AI score0.01813EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/06/22 12:0 a.m.33 views

nettle: Information disclosure

Background Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Description It was found that nettle’s RSA and DSA...

7.5CVSS7.5AI score0.05007EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/03/28 12:0 a.m.33 views

GNU Libtasn1: Denial of service

Background A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functions. Description Libtasn1 does not correctly handle certain...

5.9CVSS2.6AI score0.29572EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/10/31 12:0 a.m.33 views

CUPS: Multiple vulnerabilities

Background CUPS, the Common Unix Printing System, is a full-featured print server. Description Multiple vulnerabilities have been discovered in cups. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges ...

10CVSS6.7AI score0.29913EPSS
Exploits9
Gentoo Linux
Gentoo Linux
added 2015/07/10 12:0 a.m.33 views

SNMP: Denial of service

Background SNMP is a widely used protocol for monitoring the health and welfare of network equipment. Description A specially crafted trap message triggers a conversion to an erroneous variable type when the -OQ option is used. Impact A remote attacker could possibly cause a Denial of Service...

5CVSS8.6AI score0.04619EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2015/07/07 12:0 a.m.33 views

libxml2: Denial of service

Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description libxml2 returns the empty string when the allocation limit is encountered while constructing the attribute value string. Impact A remote attacker may be able to cause Denial of Service via a specially...

5CVSS9.1AI score0.0634EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/12/28 12:0 a.m.33 views

fish: Multiple vulnerabilities

Background fish is the Friendly Interactive SHell. Description Multiple vulnerabilities have been discovered in fish. Please review the CVE identifiers referenced below for details. Impact A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remot...

9.8CVSS9.3AI score0.0319EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/12/13 12:0 a.m.33 views

Django: Multiple vulnerabilities

Background Django is a Python-based web framework. Description Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to create a Denial of Service condition, obtain sensitive information, or...

6CVSS6.7AI score0.02449EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/12/08 12:0 a.m.33 views

Dovecot: Denial of service

Background Dovecot is an open source IMAP and POP3 email server. Description Dovecot does not properly close connections, allowing a resource exhaustion for incomplete SSL/TLS handshakes. Impact A remote attacker could possibly cause a Denial of Service condition. Workaround There is no known...

5CVSS6.4AI score0.03331EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/06/25 12:0 a.m.33 views

Asterisk: Multiple vulnerabilities

Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers below for details. Impact A remote attacker that gains access to a privileged Asterisk account can execute arbitrary system...

6.5CVSS7.3AI score0.05679EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/06/14 12:0 a.m.33 views

libXfont: Multiple vulnerabilities

Background libXfont is an X11 font rasterisation library. Description Multiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could use a specially crafted file to gain privileges, cause a Denia...

7.5CVSS8.5AI score0.04362EPSS
Exploits0
Total number of security vulnerabilities3816