Lucene search
+L
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2007/02/13 12:0 a.m.•34 views

Snort: Denial of service

Background Snort is a widely deployed intrusion detection program. Description Randy Smith, Christian Estan and Somesh Jha discovered that the rule matching algorithm of Snort can be exploited in a way known as a "backtracking attack" to perform numerous time-consuming operations. Impact A remote...

5CVSS6.3AI score0.02312EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/01/29 12:0 a.m.•35 views

KSirc: Denial of Service vulnerability

Background KSirc is the default KDE IRC client. Description KSirc fails to check the size of an incoming PRIVMSG string sent from an IRC server during the connection process. Impact A malicious IRC server could send a long PRIVMSG string to the KSirc client causing an assertion failure and the...

6.5CVSS6.3AI score0.09993EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/11/27 12:0 a.m.•34 views

Ingo H3: Folder name shell command injection

Background Ingo H3 is a generic frontend for editing Sieve, procmail, maildrop and IMAP filter rules. Description Ingo H3 fails to properly escape shell metacharacters in procmail rules. Impact A remote authenticated attacker could craft a malicious rule which could lead to the execution of...

6.5CVSS6.6AI score0.01961EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/24 12:0 a.m.•34 views

ImageMagick: PALM and DCM buffer overflows

Background ImageMagick is a software suite to create, edit, and compose bitmap images, that can also read, write, and convert images in many other formats. Description M. Joonas Pihlaja has reported that a boundary error exists within the ReadDCMImage function of coders/dcm.c, causing the imprope...

5.1CVSS7AI score0.03481EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/13 12:0 a.m.•34 views

GraphicsMagick: PALM and DCM buffer overflows

Background GraphicsMagick is a collection of tools and libraries which support reading, writing, and manipulating images in many major formats. Description M. Joonas Pihlaja has reported that a boundary error exists within the ReadDCMImage function of coders/dcm.c, causing the improper handling o...

5.1CVSS7.2AI score0.03481EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/09 12:0 a.m.•34 views

Bugzilla: Multiple Vulnerabilities

Background Bugzilla is a bug tracking system used to allow developers to more easily track outstanding bugs in products. Description The vulnerabilities identified in Bugzilla are as follows: Frederic Buclin and Gervase Markham discovered that input passed to various fields throughout Bugzilla we...

5CVSS6.2AI score0.01909EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/09/06 12:0 a.m.•34 views

LibXfont: Multiple integer overflows

Background libXfont is the X.Org Xfont library, some parts are based on the FreeType code base. Description Several integer overflows have been found in the PCF font parser. Impact A local attacker could possibly execute arbitrary code or crash the Xserver by enticing a user to load a specially...

7.5CVSS7.2AI score0.04304EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/07/25 12:0 a.m.•34 views

Samba: Denial of Service vulnerability

Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Description During an internal audit the Samba team discovered that a flaw in the way Samba stores share connection requests could lead to a...

5CVSS6.2AI score0.05503EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/07/09 12:0 a.m.•34 views

SHOUTcast server: Multiple vulnerabilities

Background SHOUTcast server is a streaming audio server. Description The SHOUTcast server is vulnerable to a file disclosure when the server receives a specially crafted GET request. Furthermore it also fails to sanitize the input passed to the "Description", "URL", "Genre", "AIM", and "ICQ"...

7.8CVSS6.8AI score0.03975EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2006/04/21 12:0 a.m.•34 views

Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of service

Background Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Description Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service. Impact An attacker could possibly exploit this vulnerability by sending...

2.6CVSS6.3AI score0.0243EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/02/26 12:0 a.m.•34 views

noweb: Insecure temporary file creation

Background noweb is a simple, extensible, and language independent literate programming tool. Description Javier Fernandez-Sanguino has discovered that the lib/toascii.nw and shell/roff.mm scripts insecurely create temporary files with predictable filenames. Impact A local attacker could create...

1.2CVSS6.1AI score0.00346EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/01/26 12:0 a.m.•34 views

Trac: Cross-site scripting vulnerability

Background Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface. Description Christophe Truc discovered that Trac fails to properly sanitize input passed in the URL. Impact A remote attacker could exploit this to inject and execute...

4.3CVSS6.9AI score0.01437EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/01/10 12:0 a.m.•34 views

xine-lib, FFmpeg: Heap-based buffer overflow

Background xine is a GPL high-performance, portable and reusable multimedia playback engine. xine-lib is xine's core engine. FFmpeg is a very fast video and audio converter and is used in xine-lib. Description Simon Kilvington has reported a vulnerability in FFmpeg libavcodec. The flaw is due to ...

7.5CVSS7.3AI score0.05209EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/21 12:0 a.m.•34 views

GNUMP3d: Directory traversal and insecure temporary file creation

Background GNUMP3d is a streaming server for MP3s, OGG vorbis files, movies and other media formats. Description Ludwig Nussel from SUSE Linux has identified two vulnerabilities in GNUMP3d. GNUMP3d fails to properly check for the existence of /tmp/index.lok before writing to the file, allowing fo...

6.4CVSS6.4AI score0.02226EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/11 12:0 a.m.•34 views

uw-imap: Remote buffer overflow

Background uw-imap is the University of Washington's IMAP and POP server daemons. Description Improper bounds checking of user supplied data while parsing IMAP mailbox names can lead to overflowing the stack buffer. Impact Successful exploitation requires an authenticated IMAP user to request a...

7.5CVSS7AI score0.08464EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/07 12:0 a.m.•34 views

RealPlayer, Helix Player: Format string vulnerability

Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Helix Player is an open source media player for Linux. Description "c0ntex" reported that RealPlayer and Helix Player suffer from a heap overflow. Impact By enticing a user to play a specially craft...

5.1CVSS7.3AI score0.13181EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/24 12:0 a.m.•34 views

Webmin, Usermin: Remote code execution through PAM authentication

Background Webmin and Usermin are web-based system administration consoles. Webmin allows an administrator to easily configure servers and other features. Usermin allows users to configure their own accounts, execute commands, and read e-mails. Description Keigo Yamazaki discovered that the...

7.5CVSS7AI score0.04127EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/20 12:0 a.m.•34 views

Zebedee: Denial of Service vulnerability

Background Zebedee is an application that establishes an encrypted, compressed tunnel for TCP/IP or UDP data transfer between two systems. Description "Shiraishi.M" reported that Zebedee crashes when "0" is received as the port number in the protocol option header. Impact By performing malformed...

5CVSS6.4AI score0.07124EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/07/20 12:0 a.m.•34 views

MediaWiki: Cross-site scripting vulnerability

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to escape a parameter in the page move template correctly. Impact By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to...

4.3CVSS6.4AI score0.02043EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/11 12:0 a.m.•34 views

Ettercap: Format string vulnerability

Background Ettercap is a suite of tools for content filtering, sniffing and man in the middle attacks on a LAN. Description The cursesmsg function of Ettercap's Ncurses-based user interface insecurely implements formatted printing. Impact A remote attacker could craft a malicious network flow tha...

7.5CVSS6.8AI score0.05488EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/05/05 12:0 a.m.•35 views

Oops!: Remote code execution

Background Oops! is an advanced, multithreaded caching web proxy. Description A format string flaw has been detected in the myxlog function of the Oops! proxy, which is called by the passwdmysql and passwdpgsql module's auth functions. Impact A remote attacker could send a specially crafted HTTP...

5CVSS6.7AI score0.02298EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/04/13 12:0 a.m.•34 views

Gld: Remote execution of arbitrary code

Background Gld is a standalone greylisting server for Postfix. Description dong-hun discovered several buffer overflows in server.c, as well as several format string vulnerabilities in cnf.c. Impact An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the...

10CVSS7.4AI score0.67658EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2005/03/04 12:0 a.m.•35 views

OpenMotif, LessTif: New libXpm buffer overflows

Background LessTif is a clone of OSF/Motif, which is a standard user interface toolkit available on Unix and Linux. OpenMotif also provides a free version of the Motif toolkit for open source applications. Description Chris Gilbert discovered potentially exploitable buffer overflow cases in libXp...

7.5CVSS7.4AI score0.04507EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/28 12:0 a.m.•34 views

uim: Privilege escalation vulnerability

Background uim is a simple, secure and flexible input method library. Description Takumi Asaki discovered that uim insufficiently checks environment variables. setuid/setgid applications linked against libuim could end up executing arbitrary code. This vulnerability only affects immodule-enabled ...

4.6CVSS7.2AI score0.0036EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/18 12:0 a.m.•34 views

GProFTPD: gprostats format string vulnerability

Background GProFTPD is a GTK+ administration tool for the ProFTPD server. GProFTPD is distributed with gprostats, a utility to parse ProFTPD transfer logs. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a format string vulnerability in the gprostats utility. Impa...

7.5CVSS6.9AI score0.1085EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/02/16 12:0 a.m.•34 views

KStars: Buffer overflow in fliccd

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KStars is a desktop planetarium for KDE. It includes support for the Instrument Neutral Distributed Interface INDI. Description Erik Sjolund discovered a buffer overflow in fliccd which is pa...

10CVSS7.2AI score0.04924EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/31 12:0 a.m.•34 views

ClamAV: Multiple issues

Background ClamAV is an antivirus toolkit. It includes a multi-threaded daemon and a command line scanner. Description ClamAV fails to properly scan ZIP files with special headers CAN-2005-0133 and base64 encoded images in URLs. Impact By sending a base64 encoded image file in a URL an attacker...

5CVSS6.3AI score0.02547EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/30 12:0 a.m.•34 views

Gallery: Cross-site scripting vulnerability

Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Rafel Ivgi has discovered a cross-site scripting...

5CVSS6.2AI score0.01611EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/24 12:0 a.m.•34 views

Konversation: Various vulnerabilities

Background Konversation is a user-friendly IRC client for KDE. Description Wouter Coekaerts has discovered three vulnerabilities within Konversation: The Server::parseWildcards function, which is used by the "Quick Buttons", does not properly handle variable expansion CAN-2005-0129. Perl scripts...

7.5CVSS6.8AI score0.10321EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/22 12:0 a.m.•34 views

CUPS: Stack overflow in included Xpdf code

Background The Common UNIX Printing System CUPS is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. Description The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc insufficiently checks boundaries when processing /Encrypt /Length tags in PDF files GLSA 200501-28...

7.5CVSS7.2AI score0.07217EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/01/11 12:0 a.m.•34 views

KPdf, KOffice: More vulnerabilities in included Xpdf

Background KPdf is a KDE-based PDF viewer included in the kdegraphics package. KOffice is an integrated office suite for KDE. Description KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to multiple new integer overflows, as described in GLSA 200412-24. Impact An...

9.3CVSS1.7AI score0.06576EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/12/28 12:0 a.m.•34 views

ViewCVS: Information leak and XSS vulnerabilities

Background ViewCVS is a browser interface for viewing CVS and Subversion version control repositories through a web browser. Description The tar export functions in ViewCVS bypass the 'hidecvsroot' and 'forbidden' settings and therefore expose information that should be kept secret CAN-2004-0915...

5CVSS6.1AI score0.01294EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/12/19 12:0 a.m.•34 views

kfax: Multiple overflows in the included TIFF library

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. kfax part of kdegraphics is the KDE fax file viewer. Description Than Ngo discovered that kfax contains a private copy of the TIFF library and is therefore subject to several known...

7.5CVSS7.1AI score0.08268EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/11/09 12:0 a.m.•34 views

zip: Path name buffer overflow

Background zip is a compression and file packaging utility. Description zip does not check the resulting path length when doing recursive folder compression. Impact An attacker could exploit this by enticing another user or web application to create an archive including a specially-crafted path...

10CVSS3.3AI score0.09246EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/07 12:0 a.m.•34 views

Portage, Gentoolkit: Temporary file vulnerabilities

Background Portage is Gentoo's package management tool. The dispatch-conf utility allows for easy rollback of configuration file changes and automatic updates of configurations files never modified by users. Gentoolkit is a collection of Gentoo specific administration scripts, one of which is the...

2.1CVSS0.2AI score0.00342EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/25 12:0 a.m.•34 views

Netatalk: Insecure tempfile handling in etc2ps.sh

Background Netatalk is a kernel level implementation of the AppleTalk Protocol Suite, which allows Unix hosts to act as file, print, and time servers for Apple computers. It includes several script utilities, including etc2ps.sh. Description The etc2ps.sh script creates temporary files in...

2.1CVSS6AI score0.00393EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/21 12:0 a.m.•34 views

Apache 2, mod_ssl: Bypass of SSLCipherSuite directive

Background The Apache HTTP server is one of the most popular web servers on the internet. modssl provides SSL v2/v3 and TLS v1 support for Apache 1.3 and is also included in Apache 2. Description A flaw has been found in modssl where the "SSLCipherSuite" directive could be bypassed in certain...

7.5CVSS6.4AI score0.13835EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/17 12:0 a.m.•34 views

SnipSnap: HTTP response splitting

Background SnipSnap is a user friendly content management system with features such as wiki and weblog. Description SnipSnap contains various HTTP response splitting vulnerabilities that could potentially compromise the sites data. Some of these attacks include web cache poisoning, cross-user...

5CVSS1.5AI score0.02437EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/09/16 12:0 a.m.•34 views

Heimdal: ftpd root escalation

Background Heimdal is an implementation of Kerberos 5. Description Przemyslaw Frasunek discovered several flaws in lukemftpd, which also apply to Heimdal ftpd's out-of-band signal handling code. Additionally, a potential vulnerability that could lead to Denial of Service by the Key Distribution...

5.1CVSS6.8AI score0.02416EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/16 12:0 a.m.•34 views

phpGroupWare: XSS vulnerability in wiki module

Background phpGroupWare is a web-based suite of group applications including calendar, todo-list, addressbook, email, wiki, news headlines, and a file manager. Description Due to an input validation error, the wiki module in the phpGroupWare suite is vulnerable to cross site scripting attacks...

6.8CVSS6.3AI score0.01326EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/09 12:0 a.m.•34 views

Samba: Remote printing non-vulnerability

Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Description Due to a bug in the printernotifyinfo function, authorized users could potentially crash their smbd process by sending improperly...

5CVSS6.3AI score0.03907EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/08/04 12:0 a.m.•34 views

Courier: Cross-site scripting vulnerability in SqWebMail

Background Courier is an integrated mail and groupware server based on open protocols. It provides ESMTP, IMAP, POP3, webmail, and mailing list services within a single framework. The webmail functionality included in Courier called SqWebMail allows you to access mailboxes from a web browser...

6.8CVSS5.4AI score0.04973EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/07/14 12:0 a.m.•34 views

Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling

Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description An attacker can utili...

5CVSS6AI score0.02761EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/06/17 12:0 a.m.•34 views

Squid: NTLM authentication helper buffer overflow

Background Squid contains a bug in the function ntlmcheckauth. It fails to do proper bounds checking on the values copyied to the 'pass' variable. Description Squid is a full-featured Web Proxy Cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, a...

10CVSS7.1AI score0.7107EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2004/05/19 12:0 a.m.•34 views

Icecast denial of service vulnerability

Background Icecast is a program that streams audio data to listeners over the Internet. Description There is an out-of-bounds read error in the web interface of Icecast when handling Basic Authorization requests. This vulnerability can theorically be exploited by sending a specially crafted...

5CVSS2.2AI score0.02085EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/04/09 12:0 a.m.•34 views

iproute local Denial of Service vulnerability

Background iproute is a set of tools for managing linux network routing and advanced features. Description It has been reported that iproute can accept spoofed messages on the kernel netlink interface from local users. This could lead to a local Denial of Service condition. Impact Local users cou...

4.9CVSS6AI score0.00371EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/03/31 12:0 a.m.•34 views

Remote buffer overflow in MPlayer

Background Quote from http://mplayerhq.hu "MPlayer is a movie player for LINUX runs on many other Unices, and non-x86 CPUs, see the documentation. It plays most MPEG, VOB, AVI, OGG/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, FLI, RM, NuppelVideo, YUV4MPEG, FILM, RoQ, PVA files, supported by many native,...

10CVSS7AI score0.2698EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/02/11 12:0 a.m.•34 views

XFree86 Font Information File Buffer Overflow

Background XFree86, provides a client/server interface between display hardware and the desktop environment while also providing both the windowing infrastructure and a standardized API. XFree86 is platform independent, network-transparent and extensible. Description Exploitation of a buffer...

10CVSS7.5AI score0.21175EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2003/12/04 12:0 a.m.•34 views

rsync: exploitable heap overflow

Background rsync is a popular file transfer package used to synchronize the Portage tree. Description Rsync version 2.5.6 contains a vulnerability that can be used to run arbitrary code. The Gentoo infrastructure team has some reasonably good forensic evidence that this exploit may have been used...

7.5CVSS7.1AI score0.21157EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/07/05 12:0 a.m.•33 views

podman: Multiple Vulnerabilities

Background Podman is a tool for managing OCI containers and pods with a Docker-compatible CLI. Description Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution Al...

10CVSS6.4AI score0.93305EPSS
Exploits6
Total number of security vulnerabilities3816