Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2014/03/26 12:0 a.m.•33 views

grep: User-assisted execution of arbitrary code

Background grep is the GNU regular expression matcher. Description An integer overflow flaw has been discovered in grep. Impact An attacker could entice a user to run grep on a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial...

4.4CVSS9.6AI score0.01022EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2014/01/06 12:0 a.m.•33 views

Gajim: Information disclosure

Background Gajim is a Jabber/XMPP client which uses GTK+. Description The sslverifycallback function in tlsnb.py does not properly validate SSL certificates, causing any certificate to be accepted as valid as long as the root CA is valid. Impact A remote attacker might employ a specially crafted...

4.3CVSS6.1AI score0.01148EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2013/12/03 12:0 a.m.•33 views

libtheora: Arbitrary code execution

Background libtheora is the reference implementation of Theora, a free and open video compression format from the Xiph.org Foundation. Description An integer overflow flaw has been discovered in libtheora. Impact A remote attacker could execute arbitrary code or cause a Denial of Service conditio...

9.3CVSS9.9AI score0.04785EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/09/15 12:0 a.m.•33 views

LibRaw, libkdcraw: Multiple vulnerabilities

Background LibRaw is a library for reading RAW files obtained from digital photo cameras. libkdcraw is a wrapper for LibRaw within KDE. Description Multiple vulnerabilities have been discovered in LibRaw and libkdcraw. Please review the CVE identifiers referenced below for details. Impact A remot...

7.5CVSS8.6AI score0.04412EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2012/09/25 12:0 a.m.•33 views

Libtasn1: Denial of service

Background Libtasn1 is a library used to parse ASN.1 Abstract Syntax Notation One objects, and perform DER Distinguished Encoding Rules decoding. Description Libtasn1 does not properly handle length fields when performing DER decoding. Impact A remote attacker could entice a user to open a...

5CVSS8.6AI score0.0446EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2012/09/24 12:0 a.m.•33 views

Background International Components for Unicode ICU is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description An error in the canonicalize function in uloc.cpp could cause a stack-based buffer overflow. Impact A remote attacker could...

7.5CVSS9.6AI score0.08003EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/08/14 12:0 a.m.•33 views

Perl Config-IniFiles Module: Insecure temporary file usage

Background Config-IniFiles is a Perl module for reading .ini-style configuration files. Description The Perl Config-IniFiles module uses predicatable temporary file names. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running th...

3.6CVSS6.3AI score0.00504EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2012/05/15 12:0 a.m.•33 views

ConnMan: Multiple vulnerabilities

Background ConnMan provides a daemon for managing Internet connections. Description Multiple vulnerabilities have been found in ConnMan: Errors in inet.c and rtnl.c prevent ConnMan from checking the origin of netlink messages CVE-2012-2320. ConnMan does not properly check for shell escapes when...

10CVSS7.8AI score0.05712EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/03/16 12:0 a.m.•33 views

Audacious Plugins: User-assisted execution of arbitrary code

Background Plugins for the Audacious music player. Description Multiple vulnerabilities have been found in Audacious Plugins: The "CSoundFile::ReadWav" function in loadwav.cpp contains an integer overflow which could cause a heap-based buffer overflow CVE-2011-2911. The "CSoundFile::ReadS3M"...

6.8CVSS7.8AI score0.04583EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/03/06 12:0 a.m.•33 views

libxml2: Denial of service

Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description libxml2 does not properly randomize hash functions to protect against hash collision attacks. Impact A remote attacker could entice a user or automated system to open a specially crafted XML document...

5CVSS8.5AI score0.0326EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2010/06/01 12:0 a.m.•33 views

CamlImages: User-assisted execution of arbitrary code

Background CamlImages is an image processing library for Objective Caml. Description Tielei Wang reported multiple integer overflows, possibly leading to heap-based buffer overflows in the 1 readpngfile and readpngfileasrgb24 functions, when processing a PNG image CVE-2009-2295 and 2 gifread.c an...

7.5CVSS7.2AI score0.03816EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/09/18 12:0 a.m.•33 views

nginx: Remote execution of arbitrary code

Background nginx is a robust, small and high performance HTTP and reverse proxy server. Description Chris Ries reported a heap-based buffer underflow in the ngxhttpparsecomplexuri function in http/ngxhttpparse.c when parsing the request URI. Impact A remote attacker might send a specially crafted...

7.5CVSS7.2AI score0.75079EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2009/09/07 12:0 a.m.•33 views

Linux-PAM: Privilege escalation

Background Linux-PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description Marcus Granado repoted that Linux-PAM does not properly handle user...

6.6CVSS3.9AI score0.01929EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/07/12 12:0 a.m.•33 views

Cyrus-SASL: Execution of arbitrary code

Background Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Description James Ralston reported that in certain situations, Cyrus-SASL does not properly terminate strings which can result in buffer overflows when performing Base64 encoding. Impact A remote...

7.5CVSS4.5AI score0.08206EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/12/12 12:0 a.m.•33 views

Honeyd: Insecure temporary file creation

Background Honeyd is a small daemon that creates virtual hosts on a network. Description Dmitry E. Oboukhov reported an insecure temporary file usage within the "test.sh" script. Impact A local attacker could perform symlink attacks and overwrite arbitrary files with the privileges of the user...

6.9CVSS6.3AI score0.0035EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/07/21 12:0 a.m.•33 views

Bacula: Information disclosure

Background Bacula is a network based backup suite. Description Matthijs Kooijman reported that the "makecatalogbackup" script uses the MySQL password as a command line argument when invoking other programs. Impact A local attacker could list the processes on the local machine when the script is...

5.5CVSS6.1AI score0.00292EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/07/09 12:0 a.m.•33 views

OpenOffice.org: User-assisted execution of arbitrary code

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description Sean Larsson iDefense Labs reported an integer overflow in the function rtlallocateMemo...

9.3CVSS7.2AI score0.05748EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/06/19 12:0 a.m.•33 views

X.Org X server: Multiple vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Regenrecht reported multiple vulnerabilities in various X server extensions via iDefense: The SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions of the RECORD and...

10CVSS8.6AI score0.03566EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/04/24 12:0 a.m.•33 views

SILC: Multiple vulnerabilities

Background SILC Secure Internet Live Conferencing protocol Toolkit is a software development kit for use in clients, SILC Server is a communication server, and SILC Client is an IRSSI-based text client. Description Nathan G. Grennan reported a boundary error in SILC Toolkit within the...

7.8CVSS8AI score0.04323EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/04/10 12:0 a.m.•33 views

lighttpd: Multiple vulnerabilities

Background lighttpd is a lightweight high-performance web server. Description Julien Cayzax discovered that an insecure default setting exists in moduserdir in lighttpd. When userdir.path is not set the default value used is $HOME. It should be noted that the "nobody" user's $HOME is "/"...

5CVSS6.5AI score0.119EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/03/11 12:0 a.m.•33 views

International Components for Unicode: Multiple vulnerabilities

Background International Components for Unicode is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Will Drewry Google Security reported a vulnerability in the regular expression engine when using back references to capture \0...

9.3CVSS9.7AI score0.02819EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/02/21 12:0 a.m.•33 views

ClamAV: Multiple vulnerabilities

Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description An integer overflow has been reported in the "cliscanpe" function in file libclamav/pe.c CVE-2008-0318. Another unspecified vulnerability has been reported in fil...

10CVSS7.3AI score0.07876EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/01/09 12:0 a.m.•33 views

unp: Arbitrary command execution

Background unp is a script for unpacking various file formats. Description Erich Schubert from Debian discovered that unp does not escape file names properly before passing them to calls of the shell. Impact A remote attacker could entice a user or automated system to unpack a compressed archive...

10CVSS6.8AI score0.02282EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/12/30 12:0 a.m.•33 views

Opera: Multiple vulnerabilities

Background Opera is a fast Web browser that is available free of charge. Description David Bloom reported two vulnerabilities where plug-ins CVE-2007-6520 and Rich text editing CVE-2007-6522 could be used to allow cross domain scripting. Alexander Klink Cynops GmbH discovered an issue with TLS...

10CVSS7AI score0.05018EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/11/17 12:0 a.m.•33 views

Bochs: Multiple vulnerabilities

Background Bochs is a IA-32 x86 PC emulator written in C++. Description Tavis Ormandy of the Google Security Team discovered a heap-based overflow vulnerability in the NE2000 driver CVE-2007-2893. He also discovered a divide-by-zero error in the emulated floppy disk controller CVE-2007-2894. Impa...

7.2CVSS6.8AI score0.00727EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/11/07 12:0 a.m.•33 views

Mono: Buffer overflow

Background Mono provides the necessary software to develop and run .NET client and server applications on various platforms. Description IOActive discovered an error in the Mono.Math.BigInteger class, in the reduction step of the Montgomery-based Pow methods, that could lead to a buffer overflow...

7.5CVSS7.1AI score0.0362EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/11/01 12:0 a.m.•33 views

gFTP: Multiple vulnerabilities

Background gFTP is an FTP client for the GNOME desktop environment. Description Kalle Olavi Niemitalo discovered two boundary errors in fsplib code included in gFTP when processing overly long directory or file names. Impact A remote attacker could trigger these vulnerabilities by enticing a user...

7.5CVSS7.2AI score0.05169EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/10/25 12:0 a.m.•33 views

Qt: Buffer overflow

Background Qt is a cross-platform GUI framework, which is used e.g. by KDE. Description Dirk Mueller from the KDE development team discovered a boundary error in file qutfcodec.cpp when processing Unicode strings. Impact A remote attacker could send a specially crafted Unicode string to a...

7.5CVSS7AI score0.0234EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/10/24 12:0 a.m.•33 views

HPLIP: Privilege escalation

Background The Hewlett-Packard Linux Imaging and Printing system HPLIP provides drivers for HP's inkjet and laser printers, scanners and fax machines. It integrates with the Common UNIX Printing System CUPS and Scanner Access Now Easy SANE. Description Kees Cook from the Ubuntu Security team...

7.6CVSS6.9AI score0.67264EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2007/09/15 12:0 a.m.•33 views

id3lib: Insecure temporary file creation

Background id3lib is an open-source, cross-platform software development library for reading, writing, and manipulating ID3v1 and ID3v2 tags. Description Nikolaus Schulz discovered that the function RenderV2ToFile in file src/tagfile.cpp creates temporary files in an insecure manner. Impact A loc...

7.2CVSS6.2AI score0.00557EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/09/13 12:0 a.m.•33 views

Streamripper: Buffer overflow

Background Streamripper is a tool for extracting and recording mp3 files from a Shoutcast stream. Description Chris Rohlf discovered several boundary errors in the httplibparsescheader function when processing HTTP headers. Impact A remote attacker could entice a user to connect to a malicious...

5.8CVSS7AI score0.03506EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/07/11 12:0 a.m.•33 views

XnView: Stack-based buffer overflow

Background XnView is software to view and convert graphics files. XPixMap XPM is a simple ascii-based graphics format. Description XnView is vulnerable to a stack-based buffer overflow while processing an XPM file with an overly long section string greater than 1024 bytes. Impact An attacker coul...

10CVSS7.4AI score0.18867EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/06/06 12:0 a.m.•33 views

Evolution: User-assisted execution of arbitrary code

Background Evolution is the mail client of the GNOME desktop environment. Description Ulf Harnhammar from Secunia Research has discovered a format string error in the writehtml function in the file calendar/gui/e-cal-component-memo-preview.c. Impact A remote attacker could entice a user to open a...

6.8CVSS7AI score0.03364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/06/05 12:0 a.m.•33 views

libexif: Integer overflow vulnerability

Background libexif is a library for parsing, editing and saving Exif data. Description Victor Stinner reported an integer overflow in the exifdataloaddataentry function from file exif-data.c while handling Exif data. Impact An attacker could entice a user to process a file with specially crafted...

9.3CVSS7.3AI score0.13162EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/02/25 12:0 a.m.•33 views

Nexuiz: Multiple vulnerabilities

Background Nexuiz is a multi-player FPS game which uses a modified version of the Quake 1 engine. Description Nexuiz fails to correctly validate input within "clientcommands". There is also a failure to correctly handle connection attempts from remote hosts. Impact Using a specially crafted...

7.5CVSS7AI score0.02133EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/12/11 12:0 a.m.•33 views

Tar: Directory traversal vulnerability

Background The Tar program provides the ability to create and manipulate tar archives. Description Tar does not properly extract archive elements using the GNUTYPENAMES record name, allowing files to be created at arbitrary locations using symlinks. Once a symlink is extracted, files after the...

4CVSS7.4AI score0.11084EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/12/10 12:0 a.m.•33 views

GnuPG: Multiple vulnerabilities

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Hugh Warrington has reported a boundary error in GnuPG, in the "askoutfilename" function from openfile.c: the makeprintablestring function could return a string longer than...

10CVSS7.2AI score0.05713EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/13 12:0 a.m.•33 views

RPM: Buffer overflow

Background The Red Hat Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Description Vladimir Mosgalin has reported that when processing certain packages, RPM incorrectly...

5.4CVSS7AI score0.03581EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/10/26 12:0 a.m.•33 views

Cheese Tracker: Buffer Overflow

Background Cheese Tracker is a Qt-based portable Impulse Tracker clone, a music tracker for the CT, IT, XM and S3M file formats. Description Luigi Auriemma reported that the XM loader of Cheese Tracker contains a buffer overflow vulnerability in the loaderXM::loadintrumentinternal function from...

5.1CVSS7.4AI score0.06609EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/08/23 12:0 a.m.•33 views

Heimdal: Multiple local privilege escalation vulnerabilities

Background Heimdal is a free implementation of Kerberos 5. Description The ftpd and rcp applications provided by Heimdal fail to check the return value of calls to seteuid. Impact A local attacker could exploit this vulnerability to execute arbitrary code with elevated privileges. Workaround Ther...

7.2CVSS7.1AI score0.00528EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/10 12:0 a.m.•33 views

libwmf: Buffer overflow vulnerability

Background libwmf is a library for reading and converting vector images in Microsoft's native Windows Metafile Format WMF. Description infamous41md discovered that libwmf fails to do proper bounds checking on the MaxRecordSize variable in the WMF file header. This could lead to an head-based buff...

7.5CVSS7.7AI score0.07745EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/04 12:0 a.m.•33 views

Courier MTA: Denial of Service vulnerability

Background Courier MTA is an integrated mail and groupware server based on open protocols. Description Courier MTA has fixed a security issue relating to usernames containing the "=" character, causing high CPU utilization. Impact An attacker could exploit this vulnerability by sending a speciall...

7.8CVSS6.2AI score0.024EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/07/19 12:0 a.m.•33 views

libpng: Buffer overflow

Background libpng is an open, extensible image format library, with lossless compression. Description In pngrutil.c, the function pngdecompresschunk allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow. Impact By enticing a user to lo...

7.5CVSS7.4AI score0.03975EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/19 12:0 a.m.•33 views

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description Several vulnerabilities were found and fixed in Mozilla Thunderbird. For details, please consult the references below. Impact A remote attacker could craft malicious emails that would leverage...

9.3CVSS7.6AI score0.07251EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/11 12:0 a.m.•33 views

Cscope: Many buffer overflows

Background Cscope is a developer's tool for browsing source code. Description Cscope does not verify the length of file names sourced in include statements. Impact A user could be enticed to source a carefully crafted file which will allow the attacker to execute arbitrary code with the permissio...

6.9CVSS3.5AI score0.01733EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/05/06 12:0 a.m.•33 views

Mozilla Firefox: Potential remote code execution

Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description Martijn Wargers and Nick Mott discovered a vulnerability when rendering malformed JavaScript content. The Mozilla Firefox 1.0 line is not affected. Impact If JavaScript is enabled, by tricking a us...

5.1CVSS7.1AI score0.51346EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/01/26 12:0 a.m.•33 views

Trac: Cross-site scripting vulnerability

Background Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface. Description Christophe Truc discovered that Trac fails to properly sanitize input passed in the URL. Impact A remote attacker could exploit this to inject and execute...

4.3CVSS6.9AI score0.01437EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/12/20 12:0 a.m.•33 views

CenterICQ: Multiple vulnerabilities

Background CenterICQ is a text-based instant messaging interface that supports multiple protocols. It includes the ktools library, which provides text-mode user interface controls. Description Gentoo developer Wernfried Haas discovered that when the "Enable peer-to-peer communications" option is...

7.8CVSS7.4AI score0.11988EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/12/14 12:0 a.m.•33 views

Ethereal: Buffer overflow in OSPF protocol dissector

Background Ethereal is a feature-rich network protocol analyzer. It provides protocol analyzers for various network flows, including one for Open Shortest Path First OSPF Interior Gateway Protocol. Description iDEFENSE reported a possible overflow due to the lack of bounds checking in the...

7.5CVSS7.3AI score0.06199EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/12/07 12:0 a.m.•33 views

Webmin, Usermin: Format string vulnerability

Background Webmin is a web-based interface for Unix-like systems. Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Description Jack Louis discovered that the Webmin and Usermin "miniserv.pl" web server component is vulnerable to a Perl...

7.5CVSS7.3AI score0.1448EPSS
Exploits2
Total number of security vulnerabilities3816