Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2008/12/12 12:0 a.m.•33 views

Honeyd: Insecure temporary file creation

Background Honeyd is a small daemon that creates virtual hosts on a network. Description Dmitry E. Oboukhov reported an insecure temporary file usage within the "test.sh" script. Impact A local attacker could perform symlink attacks and overwrite arbitrary files with the privileges of the user...

6.9CVSS6.3AI score0.0035EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/12/02 12:0 a.m.•33 views

lighttpd: Multiple vulnerabilities

Background lighttpd is a lightweight high-performance web server. Description Multiple vulnerabilities have been reported in lighttpd: Qhy reported a memory leak in the httprequestparse function in request.c CVE-2008-4298. Gaetan Bisson reported that URIs are not decoded before applying...

7.5CVSS8.3AI score0.04345EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/07/21 12:0 a.m.•33 views

Bacula: Information disclosure

Background Bacula is a network based backup suite. Description Matthijs Kooijman reported that the "makecatalogbackup" script uses the MySQL password as a command line argument when invoking other programs. Impact A local attacker could list the processes on the local machine when the script is...

5.5CVSS6.1AI score0.00292EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/07/09 12:0 a.m.•33 views

OpenOffice.org: User-assisted execution of arbitrary code

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description Sean Larsson iDefense Labs reported an integer overflow in the function rtlallocateMemo...

9.3CVSS7.2AI score0.05748EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/06/19 12:0 a.m.•33 views

X.Org X server: Multiple vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Regenrecht reported multiple vulnerabilities in various X server extensions via iDefense: The SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions of the RECORD and...

10CVSS8.6AI score0.03566EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/04/24 12:0 a.m.•33 views

SILC: Multiple vulnerabilities

Background SILC Secure Internet Live Conferencing protocol Toolkit is a software development kit for use in clients, SILC Server is a communication server, and SILC Client is an IRSSI-based text client. Description Nathan G. Grennan reported a boundary error in SILC Toolkit within the...

7.8CVSS8AI score0.04323EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/04/10 12:0 a.m.•33 views

lighttpd: Multiple vulnerabilities

Background lighttpd is a lightweight high-performance web server. Description Julien Cayzax discovered that an insecure default setting exists in moduserdir in lighttpd. When userdir.path is not set the default value used is $HOME. It should be noted that the "nobody" user's $HOME is "/"...

5CVSS6.5AI score0.119EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/03/11 12:0 a.m.•33 views

International Components for Unicode: Multiple vulnerabilities

Background International Components for Unicode is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Will Drewry Google Security reported a vulnerability in the regular expression engine when using back references to capture \0...

9.3CVSS9.7AI score0.02819EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/02/21 12:0 a.m.•33 views

ClamAV: Multiple vulnerabilities

Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description An integer overflow has been reported in the "cliscanpe" function in file libclamav/pe.c CVE-2008-0318. Another unspecified vulnerability has been reported in fil...

10CVSS7.3AI score0.07876EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/01/09 12:0 a.m.•33 views

unp: Arbitrary command execution

Background unp is a script for unpacking various file formats. Description Erich Schubert from Debian discovered that unp does not escape file names properly before passing them to calls of the shell. Impact A remote attacker could entice a user or automated system to unpack a compressed archive...

10CVSS6.8AI score0.02282EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/12/30 12:0 a.m.•33 views

Opera: Multiple vulnerabilities

Background Opera is a fast Web browser that is available free of charge. Description David Bloom reported two vulnerabilities where plug-ins CVE-2007-6520 and Rich text editing CVE-2007-6522 could be used to allow cross domain scripting. Alexander Klink Cynops GmbH discovered an issue with TLS...

10CVSS7AI score0.05018EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/11/17 12:0 a.m.•33 views

Bochs: Multiple vulnerabilities

Background Bochs is a IA-32 x86 PC emulator written in C++. Description Tavis Ormandy of the Google Security Team discovered a heap-based overflow vulnerability in the NE2000 driver CVE-2007-2893. He also discovered a divide-by-zero error in the emulated floppy disk controller CVE-2007-2894. Impa...

7.2CVSS6.8AI score0.00727EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/11/07 12:0 a.m.•33 views

Mono: Buffer overflow

Background Mono provides the necessary software to develop and run .NET client and server applications on various platforms. Description IOActive discovered an error in the Mono.Math.BigInteger class, in the reduction step of the Montgomery-based Pow methods, that could lead to a buffer overflow...

7.5CVSS7.1AI score0.0362EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/11/01 12:0 a.m.•33 views

gFTP: Multiple vulnerabilities

Background gFTP is an FTP client for the GNOME desktop environment. Description Kalle Olavi Niemitalo discovered two boundary errors in fsplib code included in gFTP when processing overly long directory or file names. Impact A remote attacker could trigger these vulnerabilities by enticing a user...

7.5CVSS7.2AI score0.05169EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/10/25 12:0 a.m.•33 views

Qt: Buffer overflow

Background Qt is a cross-platform GUI framework, which is used e.g. by KDE. Description Dirk Mueller from the KDE development team discovered a boundary error in file qutfcodec.cpp when processing Unicode strings. Impact A remote attacker could send a specially crafted Unicode string to a...

7.5CVSS7AI score0.0234EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/10/24 12:0 a.m.•33 views

HPLIP: Privilege escalation

Background The Hewlett-Packard Linux Imaging and Printing system HPLIP provides drivers for HP's inkjet and laser printers, scanners and fax machines. It integrates with the Common UNIX Printing System CUPS and Scanner Access Now Easy SANE. Description Kees Cook from the Ubuntu Security team...

7.6CVSS6.9AI score0.67264EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2007/09/15 12:0 a.m.•33 views

id3lib: Insecure temporary file creation

Background id3lib is an open-source, cross-platform software development library for reading, writing, and manipulating ID3v1 and ID3v2 tags. Description Nikolaus Schulz discovered that the function RenderV2ToFile in file src/tagfile.cpp creates temporary files in an insecure manner. Impact A loc...

7.2CVSS6.2AI score0.00557EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/09/13 12:0 a.m.•33 views

Streamripper: Buffer overflow

Background Streamripper is a tool for extracting and recording mp3 files from a Shoutcast stream. Description Chris Rohlf discovered several boundary errors in the httplibparsescheader function when processing HTTP headers. Impact A remote attacker could entice a user to connect to a malicious...

5.8CVSS7AI score0.03506EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/07/11 12:0 a.m.•33 views

XnView: Stack-based buffer overflow

Background XnView is software to view and convert graphics files. XPixMap XPM is a simple ascii-based graphics format. Description XnView is vulnerable to a stack-based buffer overflow while processing an XPM file with an overly long section string greater than 1024 bytes. Impact An attacker coul...

10CVSS7.4AI score0.18867EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/06/06 12:0 a.m.•33 views

Evolution: User-assisted execution of arbitrary code

Background Evolution is the mail client of the GNOME desktop environment. Description Ulf Harnhammar from Secunia Research has discovered a format string error in the writehtml function in the file calendar/gui/e-cal-component-memo-preview.c. Impact A remote attacker could entice a user to open a...

6.8CVSS7AI score0.03364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/06/05 12:0 a.m.•33 views

libexif: Integer overflow vulnerability

Background libexif is a library for parsing, editing and saving Exif data. Description Victor Stinner reported an integer overflow in the exifdataloaddataentry function from file exif-data.c while handling Exif data. Impact An attacker could entice a user to process a file with specially crafted...

9.3CVSS7.3AI score0.13162EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/05/02 12:0 a.m.•33 views

Quagga: Denial of service

Background Quagga is a free routing daemon, supporting RIP, OSPF and BGP protocols. Description The Quagga development team reported a vulnerability in the BGP routing deamon when processing NLRI attributes inside UPDATE messages. Impact A malicious peer inside a BGP area could send a specially...

6.3CVSS6.4AI score0.0174EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/02/25 12:0 a.m.•33 views

Nexuiz: Multiple vulnerabilities

Background Nexuiz is a multi-player FPS game which uses a modified version of the Quake 1 engine. Description Nexuiz fails to correctly validate input within "clientcommands". There is also a failure to correctly handle connection attempts from remote hosts. Impact Using a specially crafted...

7.5CVSS7AI score0.02133EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/02/17 12:0 a.m.•33 views

BIND: Denial of service

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description An unspecified improper usage of an already freed context has been reported. Additionally, an assertion error could be triggered in the DNSSEC validation of some responses to...

7.8CVSS6.4AI score0.43355EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/12/11 12:0 a.m.•33 views

Tar: Directory traversal vulnerability

Background The Tar program provides the ability to create and manipulate tar archives. Description Tar does not properly extract archive elements using the GNUTYPENAMES record name, allowing files to be created at arbitrary locations using symlinks. Once a symlink is extracted, files after the...

4CVSS7.4AI score0.11084EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/12/10 12:0 a.m.•33 views

GnuPG: Multiple vulnerabilities

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Hugh Warrington has reported a boundary error in GnuPG, in the "askoutfilename" function from openfile.c: the makeprintablestring function could return a string longer than...

10CVSS7.2AI score0.05713EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/13 12:0 a.m.•33 views

RPM: Buffer overflow

Background The Red Hat Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Description Vladimir Mosgalin has reported that when processing certain packages, RPM incorrectly...

5.4CVSS7AI score0.03581EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/10/26 12:0 a.m.•33 views

Cheese Tracker: Buffer Overflow

Background Cheese Tracker is a Qt-based portable Impulse Tracker clone, a music tracker for the CT, IT, XM and S3M file formats. Description Luigi Auriemma reported that the XM loader of Cheese Tracker contains a buffer overflow vulnerability in the loaderXM::loadintrumentinternal function from...

5.1CVSS7.4AI score0.06609EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/09/06 12:0 a.m.•33 views

LibXfont: Multiple integer overflows

Background libXfont is the X.Org Xfont library, some parts are based on the FreeType code base. Description Several integer overflows have been found in the PCF font parser. Impact A local attacker could possibly execute arbitrary code or crash the Xserver by enticing a user to load a specially...

7.5CVSS7.2AI score0.04304EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/23 12:0 a.m.•33 views

Heimdal: Multiple local privilege escalation vulnerabilities

Background Heimdal is a free implementation of Kerberos 5. Description The ftpd and rcp applications provided by Heimdal fail to check the return value of calls to seteuid. Impact A local attacker could exploit this vulnerability to execute arbitrary code with elevated privileges. Workaround Ther...

7.2CVSS7.1AI score0.00528EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/10 12:0 a.m.•33 views

libwmf: Buffer overflow vulnerability

Background libwmf is a library for reading and converting vector images in Microsoft's native Windows Metafile Format WMF. Description infamous41md discovered that libwmf fails to do proper bounds checking on the MaxRecordSize variable in the WMF file header. This could lead to an head-based buff...

7.5CVSS7.7AI score0.07745EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/04 12:0 a.m.•33 views

Courier MTA: Denial of Service vulnerability

Background Courier MTA is an integrated mail and groupware server based on open protocols. Description Courier MTA has fixed a security issue relating to usernames containing the "=" character, causing high CPU utilization. Impact An attacker could exploit this vulnerability by sending a speciall...

7.8CVSS6.2AI score0.024EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/07/19 12:0 a.m.•33 views

libpng: Buffer overflow

Background libpng is an open, extensible image format library, with lossless compression. Description In pngrutil.c, the function pngdecompresschunk allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow. Impact By enticing a user to lo...

7.5CVSS7.4AI score0.03975EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/19 12:0 a.m.•33 views

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description Several vulnerabilities were found and fixed in Mozilla Thunderbird. For details, please consult the references below. Impact A remote attacker could craft malicious emails that would leverage...

9.3CVSS7.6AI score0.07251EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/11 12:0 a.m.•33 views

Cscope: Many buffer overflows

Background Cscope is a developer's tool for browsing source code. Description Cscope does not verify the length of file names sourced in include statements. Impact A user could be enticed to source a carefully crafted file which will allow the attacker to execute arbitrary code with the permissio...

6.9CVSS3.5AI score0.01733EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/05/06 12:0 a.m.•33 views

Mozilla Firefox: Potential remote code execution

Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description Martijn Wargers and Nick Mott discovered a vulnerability when rendering malformed JavaScript content. The Mozilla Firefox 1.0 line is not affected. Impact If JavaScript is enabled, by tricking a us...

5.1CVSS7.1AI score0.51346EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/04/21 12:0 a.m.•33 views

Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of service

Background Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Description Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service. Impact An attacker could possibly exploit this vulnerability by sending...

2.6CVSS6.3AI score0.0243EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/01/26 12:0 a.m.•33 views

Trac: Cross-site scripting vulnerability

Background Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface. Description Christophe Truc discovered that Trac fails to properly sanitize input passed in the URL. Impact A remote attacker could exploit this to inject and execute...

4.3CVSS6.9AI score0.01437EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/12/20 12:0 a.m.•33 views

CenterICQ: Multiple vulnerabilities

Background CenterICQ is a text-based instant messaging interface that supports multiple protocols. It includes the ktools library, which provides text-mode user interface controls. Description Gentoo developer Wernfried Haas discovered that when the "Enable peer-to-peer communications" option is...

7.8CVSS7.4AI score0.11988EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/12/14 12:0 a.m.•33 views

Ethereal: Buffer overflow in OSPF protocol dissector

Background Ethereal is a feature-rich network protocol analyzer. It provides protocol analyzers for various network flows, including one for Open Shortest Path First OSPF Interior Gateway Protocol. Description iDEFENSE reported a possible overflow due to the lack of bounds checking in the...

7.5CVSS7.3AI score0.06199EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/12/07 12:0 a.m.•33 views

Webmin, Usermin: Format string vulnerability

Background Webmin is a web-based interface for Unix-like systems. Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Description Jack Louis discovered that the Webmin and Usermin "miniserv.pl" web server component is vulnerable to a Perl...

7.5CVSS7.3AI score0.1448EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2005/11/15 12:0 a.m.•33 views

Scorched 3D: Multiple vulnerabilities

Background Scorched 3D is a clone of the classic "Scorched Earth" DOS game, adding features like a 3D island environment and Internet multiplayer capabilities. Description Luigi Auriemma discovered multiple flaws in the Scorched 3D game server, including a format string vulnerability and several...

7.8CVSS7.5AI score0.11481EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2005/11/13 12:0 a.m.•33 views

Lynx: Arbitrary command execution

Background Lynx is a fully-featured WWW client for users running cursor-addressable, character-cell display devices such as vt100 terminals and terminal emulators. Description iDefense labs discovered a problem within the feature to execute local cgi-bin programs via the "lynxcgi:" URI handler. D...

7.5CVSS7.1AI score0.04923EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/27 12:0 a.m.•33 views

PHP: Vulnerabilities in included PCRE and XML-RPC libraries

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description PHP makes use of a private copy of libpcre which is subject to an...

7.5CVSS7.4AI score0.05091EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/14 12:0 a.m.•33 views

pam_ldap and nss_ldap: Plain text authentication leak

Background pamldap is a Pluggable Authentication Module which allows authentication against an LDAP directory. nssldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. TLS is Transport Layer Security, a protocol that allows...

5CVSS6.3AI score0.02752EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/27 12:0 a.m.•33 views

Clam AntiVirus: Denial of Service vulnerability

Background Clam AntiVirus is a GPL anti-virus toolkit, designed for integration with mail servers to perform attachment scanning. Clam AntiVirus also provides a command line scanner and a tool for fetching updates of the virus database. Description Andrew Toller and Stefan Kanthak discovered that...

2.6CVSS6.3AI score0.02339EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/21 12:0 a.m.•33 views

SquirrelMail: Several XSS vulnerabilities

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description SquirrelMail is vulnerable to several cross-site scripting issues, most reported by Martijn Brinkers. Impact By enticing a user to read a specially-crafted e-mail or using a manipulated...

4.3CVSS6.2AI score0.0183EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/11 12:0 a.m.•33 views

LutelWall: Insecure temporary file creation

Background LutelWall is a high-level Linux firewall configuration tool. Description Eric Romang has discovered that the newversioncheck function in LutelWall insecurely creates a temporary file when updating to a new version. Impact A local attacker could create symbolic links in the temporary fi...

5.5CVSS6.1AI score0.00392EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/05/21 12:0 a.m.•33 views

ImageMagick, GraphicsMagick: Denial of Service vulnerability

Background Both ImageMagick and GraphicsMagick are collection of tools to read, write and manipulate images in many formats. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a Denial of Service vulnerability in the XWD decoder of ImageMagick and GraphicsMagick when...

5CVSS6.2AI score0.04161EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/05/20 12:0 a.m.•33 views

gdb: Multiple vulnerabilities

Background gdb is the GNU project's debugger, facilitating the analysis and debugging of applications. The BFD library provides a uniform method of accessing a variety of object file formats. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the B...

7.2CVSS7.2AI score0.006EPSS
Exploits0
Total number of security vulnerabilities3816