Lucene search
+L
GentooMost viewed

3816 matches found

gentoo
gentoo
•added 2005/09/24 12:0 a.m.•34 views

Webmin, Usermin: Remote code execution through PAM authentication

Background Webmin and Usermin are web-based system administration consoles. Webmin allows an administrator to easily configure servers and other features. Usermin allows users to configure their own accounts, execute commands, and read e-mails. Description Keigo Yamazaki discovered that the...

7.5CVSS7AI score0.04127EPSS
Exploits0
gentoo
gentoo
•added 2005/09/20 12:0 a.m.•34 views

Zebedee: Denial of Service vulnerability

Background Zebedee is an application that establishes an encrypted, compressed tunnel for TCP/IP or UDP data transfer between two systems. Description "Shiraishi.M" reported that Zebedee crashes when "0" is received as the port number in the protocol option header. Impact By performing malformed...

5CVSS6.4AI score0.07124EPSS
Exploits1
gentoo
gentoo
•added 2005/07/20 12:0 a.m.•34 views

MediaWiki: Cross-site scripting vulnerability

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to escape a parameter in the page move template correctly. Impact By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to...

4.3CVSS6.4AI score0.02043EPSS
Exploits0
gentoo
gentoo
•added 2005/06/11 12:0 a.m.•34 views

Ettercap: Format string vulnerability

Background Ettercap is a suite of tools for content filtering, sniffing and man in the middle attacks on a LAN. Description The cursesmsg function of Ettercap's Ncurses-based user interface insecurely implements formatted printing. Impact A remote attacker could craft a malicious network flow tha...

7.5CVSS6.8AI score0.05488EPSS
Exploits0
gentoo
gentoo
•added 2005/05/05 12:0 a.m.•35 views

Oops!: Remote code execution

Background Oops! is an advanced, multithreaded caching web proxy. Description A format string flaw has been detected in the myxlog function of the Oops! proxy, which is called by the passwdmysql and passwdpgsql module's auth functions. Impact A remote attacker could send a specially crafted HTTP...

5CVSS6.7AI score0.02298EPSS
Exploits1
gentoo
gentoo
•added 2005/04/13 12:0 a.m.•34 views

Gld: Remote execution of arbitrary code

Background Gld is a standalone greylisting server for Postfix. Description dong-hun discovered several buffer overflows in server.c, as well as several format string vulnerabilities in cnf.c. Impact An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the...

10CVSS7.4AI score0.67658EPSS
Exploits6
gentoo
gentoo
•added 2005/03/04 12:0 a.m.•35 views

OpenMotif, LessTif: New libXpm buffer overflows

Background LessTif is a clone of OSF/Motif, which is a standard user interface toolkit available on Unix and Linux. OpenMotif also provides a free version of the Motif toolkit for open source applications. Description Chris Gilbert discovered potentially exploitable buffer overflow cases in libXp...

7.5CVSS7.4AI score0.04507EPSS
Exploits0
gentoo
gentoo
•added 2005/02/28 12:0 a.m.•34 views

uim: Privilege escalation vulnerability

Background uim is a simple, secure and flexible input method library. Description Takumi Asaki discovered that uim insufficiently checks environment variables. setuid/setgid applications linked against libuim could end up executing arbitrary code. This vulnerability only affects immodule-enabled ...

4.6CVSS7.2AI score0.0036EPSS
Exploits0
gentoo
gentoo
•added 2005/02/21 12:0 a.m.•34 views

PuTTY: Remote code execution

Background PuTTY is a popular SSH client, PSCP is a secure copy implementation, and PSFTP is a SSH File Transfer Protocol client. Description Two vulnerabilities have been discovered in the PSCP and PSFTP clients, which can be triggered by the SFTP server itself. These issues are caused by the...

7.5CVSS7.3AI score0.04041EPSS
Exploits0
gentoo
gentoo
•added 2005/02/18 12:0 a.m.•34 views

GProFTPD: gprostats format string vulnerability

Background GProFTPD is a GTK+ administration tool for the ProFTPD server. GProFTPD is distributed with gprostats, a utility to parse ProFTPD transfer logs. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a format string vulnerability in the gprostats utility. Impa...

7.5CVSS6.9AI score0.1085EPSS
Exploits1
gentoo
gentoo
•added 2005/02/16 12:0 a.m.•34 views

KStars: Buffer overflow in fliccd

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KStars is a desktop planetarium for KDE. It includes support for the Instrument Neutral Distributed Interface INDI. Description Erik Sjolund discovered a buffer overflow in fliccd which is pa...

10CVSS7.2AI score0.04924EPSS
Exploits0
gentoo
gentoo
•added 2005/01/30 12:0 a.m.•34 views

Gallery: Cross-site scripting vulnerability

Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Rafel Ivgi has discovered a cross-site scripting...

5CVSS6.2AI score0.01611EPSS
Exploits0
gentoo
gentoo
•added 2005/01/22 12:0 a.m.•34 views

CUPS: Stack overflow in included Xpdf code

Background The Common UNIX Printing System CUPS is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. Description The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc insufficiently checks boundaries when processing /Encrypt /Length tags in PDF files GLSA 200501-28...

7.5CVSS7.2AI score0.07217EPSS
Exploits1
gentoo
gentoo
•added 2005/01/11 12:0 a.m.•34 views

KPdf, KOffice: More vulnerabilities in included Xpdf

Background KPdf is a KDE-based PDF viewer included in the kdegraphics package. KOffice is an integrated office suite for KDE. Description KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to multiple new integer overflows, as described in GLSA 200412-24. Impact An...

9.3CVSS1.7AI score0.06576EPSS
Exploits0
gentoo
gentoo
•added 2004/12/28 12:0 a.m.•34 views

ViewCVS: Information leak and XSS vulnerabilities

Background ViewCVS is a browser interface for viewing CVS and Subversion version control repositories through a web browser. Description The tar export functions in ViewCVS bypass the 'hidecvsroot' and 'forbidden' settings and therefore expose information that should be kept secret CAN-2004-0915...

5CVSS6.1AI score0.01294EPSS
Exploits0
gentoo
gentoo
•added 2004/12/19 12:0 a.m.•34 views

kfax: Multiple overflows in the included TIFF library

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. kfax part of kdegraphics is the KDE fax file viewer. Description Than Ngo discovered that kfax contains a private copy of the TIFF library and is therefore subject to several known...

7.5CVSS7.1AI score0.08268EPSS
Exploits1
gentoo
gentoo
•added 2004/11/09 12:0 a.m.•34 views

zip: Path name buffer overflow

Background zip is a compression and file packaging utility. Description zip does not check the resulting path length when doing recursive folder compression. Impact An attacker could exploit this by enticing another user or web application to create an archive including a specially-crafted path...

10CVSS3.3AI score0.09246EPSS
Exploits0
gentoo
gentoo
•added 2004/11/07 12:0 a.m.•34 views

Portage, Gentoolkit: Temporary file vulnerabilities

Background Portage is Gentoo's package management tool. The dispatch-conf utility allows for easy rollback of configuration file changes and automatic updates of configurations files never modified by users. Gentoolkit is a collection of Gentoo specific administration scripts, one of which is the...

2.1CVSS0.2AI score0.00342EPSS
Exploits0
gentoo
gentoo
•added 2004/10/25 12:0 a.m.•34 views

Netatalk: Insecure tempfile handling in etc2ps.sh

Background Netatalk is a kernel level implementation of the AppleTalk Protocol Suite, which allows Unix hosts to act as file, print, and time servers for Apple computers. It includes several script utilities, including etc2ps.sh. Description The etc2ps.sh script creates temporary files in...

2.1CVSS6AI score0.00393EPSS
Exploits0
gentoo
gentoo
•added 2004/09/17 12:0 a.m.•34 views

SnipSnap: HTTP response splitting

Background SnipSnap is a user friendly content management system with features such as wiki and weblog. Description SnipSnap contains various HTTP response splitting vulnerabilities that could potentially compromise the sites data. Some of these attacks include web cache poisoning, cross-user...

5CVSS1.5AI score0.02437EPSS
Exploits1
gentoo
gentoo
•added 2004/09/16 12:0 a.m.•34 views

Heimdal: ftpd root escalation

Background Heimdal is an implementation of Kerberos 5. Description Przemyslaw Frasunek discovered several flaws in lukemftpd, which also apply to Heimdal ftpd's out-of-band signal handling code. Additionally, a potential vulnerability that could lead to Denial of Service by the Key Distribution...

5.1CVSS6.8AI score0.02416EPSS
Exploits0
gentoo
gentoo
•added 2004/09/16 12:0 a.m.•34 views

phpGroupWare: XSS vulnerability in wiki module

Background phpGroupWare is a web-based suite of group applications including calendar, todo-list, addressbook, email, wiki, news headlines, and a file manager. Description Due to an input validation error, the wiki module in the phpGroupWare suite is vulnerable to cross site scripting attacks...

6.8CVSS6.3AI score0.01326EPSS
Exploits0
gentoo
gentoo
•added 2004/09/09 12:0 a.m.•34 views

Samba: Remote printing non-vulnerability

Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Description Due to a bug in the printernotifyinfo function, authorized users could potentially crash their smbd process by sending improperly...

5CVSS6.3AI score0.03907EPSS
Exploits0
gentoo
gentoo
•added 2004/08/04 12:0 a.m.•34 views

Courier: Cross-site scripting vulnerability in SqWebMail

Background Courier is an integrated mail and groupware server based on open protocols. It provides ESMTP, IMAP, POP3, webmail, and mailing list services within a single framework. The webmail functionality included in Courier called SqWebMail allows you to access mailboxes from a web browser...

6.8CVSS5.4AI score0.04973EPSS
Exploits1
gentoo
gentoo
•added 2004/07/14 12:0 a.m.•34 views

Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling

Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description An attacker can utili...

5CVSS6AI score0.02761EPSS
Exploits0
gentoo
gentoo
•added 2004/06/17 12:0 a.m.•34 views

Squid: NTLM authentication helper buffer overflow

Background Squid contains a bug in the function ntlmcheckauth. It fails to do proper bounds checking on the values copyied to the 'pass' variable. Description Squid is a full-featured Web Proxy Cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, a...

10CVSS7.1AI score0.7107EPSS
Exploits6
gentoo
gentoo
•added 2004/06/15 12:0 a.m.•35 views

Gallery: Privilege escalation vulnerability

Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description There is a vulnerability in the Gallery photo album...

10CVSS6.7AI score0.02831EPSS
Exploits0
gentoo
gentoo
•added 2004/05/19 12:0 a.m.•34 views

Icecast denial of service vulnerability

Background Icecast is a program that streams audio data to listeners over the Internet. Description There is an out-of-bounds read error in the web interface of Icecast when handling Basic Authorization requests. This vulnerability can theorically be exploited by sending a specially crafted...

5CVSS2.2AI score0.02085EPSS
Exploits0
gentoo
gentoo
•added 2004/04/09 12:0 a.m.•34 views

iproute local Denial of Service vulnerability

Background iproute is a set of tools for managing linux network routing and advanced features. Description It has been reported that iproute can accept spoofed messages on the kernel netlink interface from local users. This could lead to a local Denial of Service condition. Impact Local users cou...

4.9CVSS6AI score0.00371EPSS
Exploits0
gentoo
gentoo
•added 2004/03/31 12:0 a.m.•34 views

Remote buffer overflow in MPlayer

Background Quote from http://mplayerhq.hu "MPlayer is a movie player for LINUX runs on many other Unices, and non-x86 CPUs, see the documentation. It plays most MPEG, VOB, AVI, OGG/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, FLI, RM, NuppelVideo, YUV4MPEG, FILM, RoQ, PVA files, supported by many native,...

10CVSS7AI score0.2698EPSS
Exploits1
gentoo
gentoo
•added 2004/02/11 12:0 a.m.•34 views

XFree86 Font Information File Buffer Overflow

Background XFree86, provides a client/server interface between display hardware and the desktop environment while also providing both the windowing infrastructure and a standardized API. XFree86 is platform independent, network-transparent and extensible. Description Exploitation of a buffer...

10CVSS7.5AI score0.21175EPSS
Exploits1
gentoo
gentoo
•added 2003/12/04 12:0 a.m.•34 views

rsync: exploitable heap overflow

Background rsync is a popular file transfer package used to synchronize the Portage tree. Description Rsync version 2.5.6 contains a vulnerability that can be used to run arbitrary code. The Gentoo infrastructure team has some reasonably good forensic evidence that this exploit may have been used...

7.5CVSS7.1AI score0.21157EPSS
Exploits1
gentoo
gentoo
•added 2003/11/10 12:0 a.m.•34 views

HylaFAX: Remote code exploit in hylafax

Background HylaFAX is a popular client-server fax package. Description During a code review of the hfaxd server, the SuSE Security Team discovered a format bug condition that allows a remote attacker to execute arbitrary code as the root user. However, the bug cannot be triggered in the default...

10CVSS7.4AI score0.1206EPSS
Exploits0
gentoo
gentoo
•added 2024/12/08 12:0 a.m.•33 views

HashiCorp Consul: Multiple Vulnerabilities

Background HashiCorp Consul is a tool for service discovery, monitoring and configuration. Description Multiple vulnerabilities have been discovered in HashiCorp Consul. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

8.7CVSS8.5AI score0.99999EPSS
Exploits19
gentoo
gentoo
•added 2024/07/05 12:0 a.m.•33 views

podman: Multiple Vulnerabilities

Background Podman is a tool for managing OCI containers and pods with a Docker-compatible CLI. Description Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution Al...

10CVSS6.4AI score0.93305EPSS
Exploits6
gentoo
gentoo
•added 2024/06/28 12:0 a.m.•33 views

GStreamer, GStreamer Plugins: Multiple Vulnerabilities

Background GStreamer is an open source multimedia framework. Description Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...

8.8CVSS7.6AI score0.02189EPSS
Exploits0
gentoo
gentoo
•added 2024/05/04 12:0 a.m.•33 views

mujs: Multiple Vulnerabilities

Background mujs is an embeddable Javascript interpreter in C. Description Multiple vulnerabilities have been discovered in mujs. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround...

9.8CVSS7.4AI score0.02248EPSS
Exploits3
gentoo
gentoo
•added 2024/03/03 12:0 a.m.•33 views

UltraJSON: Multiple Vulnerabilities

Background UltraJSON is an ultra fast JSON encoder and decoder written in pure C with bindings for Python 3.8+. Description Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded...

7.5CVSS6.9AI score0.02283EPSS
Exploits1
gentoo
gentoo
•added 2024/03/03 12:0 a.m.•33 views

Tox: Remote Code Execution

Background Tox is easy-to-use software that connects you with friends and family without anyone else listening in. Description A vulnerability has been discovered in btrbk. Please review the CVE identifier referenced below for details. Impact A stack-based buffer overflow allows remote attackers ...

9.8CVSS8.4AI score0.03954EPSS
Exploits1
gentoo
gentoo
•added 2024/02/18 12:0 a.m.•33 views

QtWebEngine: Multiple Vulnerabilities

Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.6CVSS8AI score0.4351EPSS
Exploits4
gentoo
gentoo
•added 2024/01/24 12:0 a.m.•33 views

sudo: Memory Manipulation

Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details. Impact Stack/register variables can be flipped via fault...

7CVSS7.7AI score0.00541EPSS
Exploits1
gentoo
gentoo
•added 2023/05/30 12:0 a.m.•33 views

X.Org X server, XWayland: Multiple Vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X server, XWayland. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers...

8.8CVSS7.4AI score0.02685EPSS
Exploits0
gentoo
gentoo
•added 2023/05/03 12:0 a.m.•33 views

libsdl2: Multiple Vulnerabilities

Background Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. Description Multiple vulnerabilities have been discovered in libsdl2. Please review the CVE...

8.8CVSS7.2AI score0.01986EPSS
Exploits0
gentoo
gentoo
•added 2023/01/11 12:0 a.m.•33 views

Twisted: Multiple Vulnerabilities

Background Twisted is an asynchronous networking framework written in Python. Description Multiple vulnerabilities have been discovered in Twisted. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is ...

7.5CVSS2.6AI score0.03608EPSS
Exploits2
gentoo
gentoo
•added 2022/10/31 12:0 a.m.•33 views

android-tools: Multiple Vulnerabilities

Background android-tools contains Android platform tools adb, fastboot, and mkbootimg. Description Multiple vulnerabilities have been discovered in android-tools. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

2.7AI score
Exploits0
gentoo
gentoo
•added 2022/09/29 12:0 a.m.•33 views

BlueZ: Multiple Vulnerabilities

Background BlueZ is the canonical bluetooth tools and system daemons package for Linux. Description Multiple vulnerabilities have been discovered in BlueZ. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

8.8CVSS2.5AI score0.01808EPSS
Exploits2
gentoo
gentoo
•added 2022/08/10 12:0 a.m.•33 views

Yubico pam-u2f: Local PIN Bypass vulnerability

Background Yubico pam-u2f is a PAM module for FIDO2 and U2F keys. Description A logic issue in Yubico pam-u2f could result in the bypass of a PIN entry requirement when authenticating with FIDO2. Impact An attacker with local access to certain applications using pam-u2f for authentication could...

6.8CVSS3.2AI score0.00333EPSS
Exploits0
gentoo
gentoo
•added 2020/11/03 12:0 a.m.•33 views

KPMCore: Root privilege escalation

Background KPMcore, the KDE Partition Manager core, is a library for examining and modifying partitions, disk devices, and filesystems on a Linux system. It provides a unified programming interface over top of external system-manipulation tools. Description Improper checks on the D-Bus request...

7.8CVSS3AI score0.00422EPSS
Exploits0
gentoo
gentoo
•added 2018/12/02 12:0 a.m.•33 views

Nagios: Privilege escalation

Background Nagios is an open source host, service and network monitoring program. Description A vulnerability in Nagios was discovered due to the improper handling of configuration files which can be owned by a non-root user. Impact A local attacker can escalate privileges to root by leveraging...

7.8CVSS3.8AI score0.00332EPSS
Exploits0
gentoo
gentoo
•added 2018/04/11 12:0 a.m.•33 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

9.3CVSS3.7AI score0.29073EPSS
Exploits8
Total number of security vulnerabilities3816