Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2014/06/25 12:0 a.m.•32 views

Asterisk: Multiple vulnerabilities

Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers below for details. Impact A remote attacker that gains access to a privileged Asterisk account can execute arbitrary system...

6.5CVSS7.3AI score0.05679EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/06/22 12:0 a.m.•32 views

cURL: Multiple vulnerabilities

Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a man-in-the-middle...

6.4CVSS6.9AI score0.0508EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/06/10 12:0 a.m.•32 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

10CVSS7.7AI score0.08486EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2014/05/18 12:0 a.m.•32 views

lib3ds: User-assisted execution of arbitrary code

Background lib3ds is a library for managing 3D-Studio Release 3 and 4 .3DS files. Description An array index error has been discovered in lib3ds. Impact A remote attacker could entice a user to open a specially crafted 3DS file using an application linked against lib3ds, possibly resulting in...

9.3CVSS7AI score0.06659EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2014/03/26 12:0 a.m.•32 views

grep: User-assisted execution of arbitrary code

Background grep is the GNU regular expression matcher. Description An integer overflow flaw has been discovered in grep. Impact An attacker could entice a user to run grep on a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial...

4.4CVSS9.6AI score0.01022EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2014/03/08 12:0 a.m.•32 views

LibYAML: Arbitrary code execution

Background LibYAML is a YAML 1.1 parser and emitter written in C. Description A heap-based buffer overflow flaw was found in the way libyaml parsed YAML tags. Impact A remote attacker could provide a specially-crafted YAML document which when parsed by LibYAML, would cause the application to cras...

6.8CVSS7.3AI score0.09312EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/02/11 12:0 a.m.•32 views

FreeType: Multiple vulnerabilities

Background FreeType is a high-quality and portable font engine. Description Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could entice a user to open a specially crafted font, possibly...

4.3CVSS7.3AI score0.03857EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/01/26 12:0 a.m.•32 views

Tomboy: Privilege escalation

Background Tomboy is a desktop note-taking application. Description Tomboy places a zero-length directory name in the LDLIBRARYPATH, which might result in the current working directory . to be included when searching for dynamically linked libraries. NOTE: This vulnerability exists due to an...

6.9CVSS6.1AI score0.00481EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/11/13 12:0 a.m.•32 views

Netpbm: User-assisted arbitrary code execution

Background Netpbm is a toolkit for manipulation of graphic images, including conversion of images between a variety of different formats. Description A stack-based buffer overflow exists in converter/ppm/xpmtoppm.c in Netpbm. Impact A remote attacker could entice a user to open a specially crafte...

7.5CVSS7.4AI score0.04223EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/10/25 12:0 a.m.•32 views

GNU Automake: Multiple vulnerabilities

Background GNU Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. Description Multiple vulnerabilities have been discovered in GNU Automake. Please review the CVE identifiers referenced below for details. Impact A local attacker could execut...

4.4CVSS9.9AI score0.00477EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2013/09/15 12:0 a.m.•32 views

LibRaw, libkdcraw: Multiple vulnerabilities

Background LibRaw is a library for reading RAW files obtained from digital photo cameras. libkdcraw is a wrapper for LibRaw within KDE. Description Multiple vulnerabilities have been discovered in LibRaw and libkdcraw. Please review the CVE identifiers referenced below for details. Impact A remot...

7.5CVSS8.6AI score0.04412EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2012/08/14 12:0 a.m.•32 views

Gajim: Multiple vulnerabilities

Background Gajim is a Jabber and XMPP client written in PyGTK. Description Multiple vulnerabilities have been discovered in Gajim. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted link using Gajim, possibly...

7.5CVSS7.6AI score0.03179EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2012/03/16 12:0 a.m.•32 views

gif2png: Multiple vulnerabilities

Background gif2png converts images from GIF format to PNG format. Description Two vulnerabilities have been found in gif2png: A boundary error in gif2png.c could cause a buffer overflow CVE-2010-4694. The patch for CVE-2009-5018 causes gif2png to truncate GIF pathnames CVE-2010-4695. Impact A...

6.8CVSS7.7AI score0.10901EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2011/11/20 12:0 a.m.•32 views

abcm2ps: Multiple vulnerabilities

Background abcm2ps is a program to convert abc files to Postscript files. Description Multiple vulnerabilities have been discovered in abcm2ps: Boundary errors in the PUT0 and PUT1 macros, the trimtitle function, or a long "-O" command line option can lead to a buffer overflow CVE-2010-3441. A...

10CVSS7.7AI score0.05851EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/10/20 12:0 a.m.•32 views

Wget: Certificate validation error

Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description The vendor reported that Wget does not properly handle Common Name CN fields in X.509 certificates that contain an ASCII NUL \0 character...

6.8CVSS6.6AI score0.03517EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/09/18 12:0 a.m.•32 views

nginx: Remote execution of arbitrary code

Background nginx is a robust, small and high performance HTTP and reverse proxy server. Description Chris Ries reported a heap-based buffer underflow in the ngxhttpparsecomplexuri function in http/ngxhttpparse.c when parsing the request URI. Impact A remote attacker might send a specially crafted...

7.5CVSS7.2AI score0.75079EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2009/09/09 12:0 a.m.•32 views

Apache Portable Runtime, APR Utility Library: Execution of arbitrary code

Background The Apache Portable Runtime aka APR provides a set of APIs for creating platform-independent applications. The Apache Portable Runtime Utility Library aka APR-Util provides an interface to functionality such as XML parsing, string matching and databases connections. Description Matt...

10CVSS7.3AI score0.13781EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/09/07 12:0 a.m.•32 views

Linux-PAM: Privilege escalation

Background Linux-PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description Marcus Granado repoted that Linux-PAM does not properly handle user...

6.6CVSS3.9AI score0.01929EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/07/12 12:0 a.m.•32 views

Syslog-ng: Chroot escape

Background Syslog-ng is a flexible and scalable system logger. Description Florian Grandel reported that Syslog-ng does not call chdir before chroot which leads to an inherited file descriptor to the current working directory. Impact A local attacker might exploit a separate vulnerability in...

9.3CVSS6.1AI score0.022EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/03/12 12:0 a.m.•32 views

ProFTPD: Multiple vulnerabilities

Background ProFTPD is an advanced and very configurable FTP server. Description The following vulnerabilities were reported: Percent characters in the username are not properly handled, which introduces a single quote character during variable substitution by modsql CVE-2009-0542. Some invalid,...

7.5CVSS8.1AI score0.7473EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/03/06 12:0 a.m.•32 views

Audacity: User-assisted execution of arbitrary code

Background Audacity is a free cross-platform audio editor. Description Houssamix discovered a boundary error in the Stringparse::getnonspacequoted function in lib-src/allegro/strparse.cpp. Impact A remote attacker could entice a user into importing a specially crafted .gro file, resulting in the...

9.3CVSS4.6AI score0.16625EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/01/11 12:0 a.m.•32 views

Tremulous: User-assisted execution of arbitrary code

Background Tremulous is a team-based First Person Shooter game. Description It has been reported that Tremulous includes a vulnerable version of the ioQuake3 engine GLSA 200605-12, CVE-2006-2236. Impact A remote attacker could entice a user to connect to a malicious games server, possibly resulti...

7.6CVSS7AI score0.0759EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/01/11 12:0 a.m.•32 views

JHead: Multiple vulnerabilities

Background JHead is an exif jpeg header manipulation tool. Description Marc Merlin and John Dong reported multiple vulnerabilities in JHead: A buffer overflow in the DoCommand function when processing the cmd argument and related to potential string overflows CVE-2008-4575. An insecure creation o...

10CVSS7.9AI score0.02197EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/07/21 12:0 a.m.•32 views

Bacula: Information disclosure

Background Bacula is a network based backup suite. Description Matthijs Kooijman reported that the "makecatalogbackup" script uses the MySQL password as a command line argument when invoking other programs. Impact A local attacker could list the processes on the local machine when the script is...

5.5CVSS6.1AI score0.00292EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/06/19 12:0 a.m.•32 views

X.Org X server: Multiple vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Regenrecht reported multiple vulnerabilities in various X server extensions via iDefense: The SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions of the RECORD and...

10CVSS8.6AI score0.03566EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/05/13 12:0 a.m.•32 views

Common Data Format library: User-assisted execution of arbitrary code

Background The Common Data Format library is a scientific data management package which allows programmers and application developers to manage and manipulate scalar, vector, and multi-dimensional data arrays in a platform independent fashion. Description Alfredo Ortega Core Security Technologies...

7.5CVSS6.9AI score0.03868EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2008/05/07 12:0 a.m.•32 views

Wireshark: Denial of service

Background Wireshark is a network protocol analyzer with a graphical front-end. Description Errors exist in: the X.509sat dissector because of an uninitialized variable and the Roofnet dissector because a NULL pointer may be passed to the gvsnprintf function CVE-2008-1561. the LDAP dissector...

5CVSS6.6AI score0.50693EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2008/04/10 12:0 a.m.•32 views

lighttpd: Multiple vulnerabilities

Background lighttpd is a lightweight high-performance web server. Description Julien Cayzax discovered that an insecure default setting exists in moduserdir in lighttpd. When userdir.path is not set the default value used is $HOME. It should be noted that the "nobody" user's $HOME is "/"...

5CVSS6.5AI score0.119EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/03/17 12:0 a.m.•32 views

PCRE: Buffer overflow

Background PCRE is a Perl-compatible regular expression library. GLib includes a copy of PCRE. Description PCRE contains a buffer overflow vulnerability when processing a character class containing a very large number of characters with codepoints greater than 255. Impact A remote attacker could...

7.5CVSS7.4AI score0.05914EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/01/09 12:0 a.m.•32 views

unp: Arbitrary command execution

Background unp is a script for unpacking various file formats. Description Erich Schubert from Debian discovered that unp does not escape file names properly before passing them to calls of the shell. Impact A remote attacker could entice a user or automated system to unpack a compressed archive...

10CVSS6.8AI score0.02282EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/12/10 12:0 a.m.•32 views

Samba: Execution of arbitrary code

Background Samba is a suite of SMB and CIFS client/server programs for UNIX. Description Alin Rad Pop Secunia Research discovered a boundary checking error in the sendmailslot function which could lead to a stack-based buffer overflow. Impact A remote attacker could send a specially crafted...

9.3CVSS8.1AI score0.27482EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/12/09 12:0 a.m.•32 views

Lookup: Insecure temporary file creation

Background Lookup is a search interface to books and dictionnaries for Emacs. Description Tatsuya Kinoshita reported that the ndeb-binary function does not handle temporay files correctly. Impact A local attacker could use a symlink attack to overwrite files with the privileges of the user runnin...

4.6CVSS6.2AI score0.00367EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/11/18 12:0 a.m.•32 views

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been reported in Mozilla Thunderbird's HTML browser engine CVE-2007-5339 and JavaScript engine CVE-2007-5340 that can be exploited to cause a memory corruption...

4.3CVSS7.1AI score0.0343EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/11/07 12:0 a.m.•32 views

Mono: Buffer overflow

Background Mono provides the necessary software to develop and run .NET client and server applications on various platforms. Description IOActive discovered an error in the Mono.Math.BigInteger class, in the reduction step of the Montgomery-based Pow methods, that could lead to a buffer overflow...

7.5CVSS7.1AI score0.0362EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/10/24 12:0 a.m.•32 views

HPLIP: Privilege escalation

Background The Hewlett-Packard Linux Imaging and Printing system HPLIP provides drivers for HP's inkjet and laser printers, scanners and fax machines. It integrates with the Common UNIX Printing System CUPS and Scanner Access Now Easy SANE. Description Kees Cook from the Ubuntu Security team...

7.6CVSS6.9AI score0.67264EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2007/10/04 12:0 a.m.•32 views

RPCSEC_GSS library: Buffer overflow

Background librpcsecgss is an implementation of RPCSECGSS for secure RPC communications. Description A stack based buffer overflow has been discovered in the svcauthgssvalidate function in file lib/rpc/svcauthgss.c when processing an overly long string in a RPC message. Impact A remote attacker...

10CVSS7.5AI score0.10997EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2007/09/15 12:0 a.m.•32 views

id3lib: Insecure temporary file creation

Background id3lib is an open-source, cross-platform software development library for reading, writing, and manipulating ID3v1 and ID3v2 tags. Description Nikolaus Schulz discovered that the function RenderV2ToFile in file src/tagfile.cpp creates temporary files in an insecure manner. Impact A loc...

7.2CVSS6.2AI score0.00557EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/09/13 12:0 a.m.•32 views

Streamripper: Buffer overflow

Background Streamripper is a tool for extracting and recording mp3 files from a Shoutcast stream. Description Chris Rohlf discovered several boundary errors in the httplibparsescheader function when processing HTTP headers. Impact A remote attacker could entice a user to connect to a malicious...

5.8CVSS7AI score0.03506EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/07/11 12:0 a.m.•32 views

XnView: Stack-based buffer overflow

Background XnView is software to view and convert graphics files. XPixMap XPM is a simple ascii-based graphics format. Description XnView is vulnerable to a stack-based buffer overflow while processing an XPM file with an overly long section string greater than 1024 bytes. Impact An attacker coul...

10CVSS7.4AI score0.18867EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/06/06 12:0 a.m.•32 views

Evolution: User-assisted execution of arbitrary code

Background Evolution is the mail client of the GNOME desktop environment. Description Ulf Harnhammar from Secunia Research has discovered a format string error in the writehtml function in the file calendar/gui/e-cal-component-memo-preview.c. Impact A remote attacker could entice a user to open a...

6.8CVSS7AI score0.03364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/06/05 12:0 a.m.•32 views

libexif: Integer overflow vulnerability

Background libexif is a library for parsing, editing and saving Exif data. Description Victor Stinner reported an integer overflow in the exifdataloaddataentry function from file exif-data.c while handling Exif data. Impact An attacker could entice a user to process a file with specially crafted...

9.3CVSS7.3AI score0.13162EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/05/08 12:0 a.m.•32 views

IPsec-Tools: Denial of service

Background IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Description The isakmpinforecv function in src/racoon/isakmpinf.c does not always check that DELETE ISAKMPNPTYPED and NOTIFY...

4.3CVSS6.3AI score0.02851EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/04/27 12:0 a.m.•32 views

BEAST: Denial of service

Background BEdevilled Audio SysTem is an audio compositor, supporting a wide range of audio formats. Description BEAST, which is installed as setuid root, fails to properly check whether it can drop privileges accordingly if seteuid fails due to a user exceeding assigned resource limits. Impact A...

7.8CVSS6.2AI score0.00434EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/04/16 12:0 a.m.•32 views

OpenOffice.org: Multiple vulnerabilities

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description John Heasman of NGSSoftware has discovered a stack-based buffer overflow in the StarCal...

9.3CVSS7.4AI score0.06722EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/03/31 12:0 a.m.•32 views

Squid: Denial of service

Background Squid is a multi-protocol proxy server. Description Squid incorrectly handles TRACE requests that contain a "Max-Forwards" header field with value "0" in the clientProcessRequest function. Impact A remote attacker can send specially crafted TRACE HTTP requests that will terminate the...

5CVSS6.3AI score0.27452EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/02/13 12:0 a.m.•32 views

Snort: Denial of service

Background Snort is a widely deployed intrusion detection program. Description Randy Smith, Christian Estan and Somesh Jha discovered that the rule matching algorithm of Snort can be exploited in a way known as a "backtracking attack" to perform numerous time-consuming operations. Impact A remote...

5CVSS6.3AI score0.02312EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/09/26 12:0 a.m.•32 views

GnuTLS: RSA Signature Forgery

Background GnuTLS is an implementation of SSL 3.0 and TLS 1.0. Description verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace. Impact Remote attackers could...

5CVSS6.7AI score0.02427EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/10 12:0 a.m.•32 views

libwmf: Buffer overflow vulnerability

Background libwmf is a library for reading and converting vector images in Microsoft's native Windows Metafile Format WMF. Description infamous41md discovered that libwmf fails to do proper bounds checking on the MaxRecordSize variable in the WMF file header. This could lead to an head-based buff...

7.5CVSS7.7AI score0.07745EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/04 12:0 a.m.•32 views

Courier MTA: Denial of Service vulnerability

Background Courier MTA is an integrated mail and groupware server based on open protocols. Description Courier MTA has fixed a security issue relating to usernames containing the "=" character, causing high CPU utilization. Impact An attacker could exploit this vulnerability by sending a speciall...

7.8CVSS6.2AI score0.024EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/04 12:0 a.m.•32 views

LibVNCServer: Authentication bypass

Background LibVNCServer is a GPL'ed library for creating VNC servers. Description LibVNCServer fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None". LibVNCServer will accept this security type, even if it is not offered by the...

7.5CVSS6.5AI score0.04283EPSS
Exploits0
Total number of security vulnerabilities3816