Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2008/08/06 12:0 a.m.•32 views

libxslt: Execution of arbitrary code

Background libxslt is the XSLT C library developed for the GNOME project. XSLT is an XML language to define transformations for XML. Description Chris Evans Google Security reported that the libexslt library that is part of libxslt is affected by a heap-based buffer overflow in the RC4...

7.5CVSS7.4AI score0.12789EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/07/21 12:0 a.m.•32 views

Bacula: Information disclosure

Background Bacula is a network based backup suite. Description Matthijs Kooijman reported that the "makecatalogbackup" script uses the MySQL password as a command line argument when invoking other programs. Impact A local attacker could list the processes on the local machine when the script is...

5.5CVSS6.1AI score0.00292EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/06/08 12:0 a.m.•32 views

Imlib 2: User-assisted execution of arbitrary code

Background Imlib 2 is an advanced replacement library for libraries like libXpm. Description Stefan Cornelius Secunia Research reported two boundary errors in Imlib2: One of them within the load function in the file src/modules/loaders/loaderpnm.c when processing the header of a PNM image file,...

9.3CVSS7.8AI score0.05748EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/05/13 12:0 a.m.•32 views

Common Data Format library: User-assisted execution of arbitrary code

Background The Common Data Format library is a scientific data management package which allows programmers and application developers to manage and manipulate scalar, vector, and multi-dimensional data arrays in a platform independent fashion. Description Alfredo Ortega Core Security Technologies...

7.5CVSS6.9AI score0.03868EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2008/05/07 12:0 a.m.•32 views

Wireshark: Denial of service

Background Wireshark is a network protocol analyzer with a graphical front-end. Description Errors exist in: the X.509sat dissector because of an uninitialized variable and the Roofnet dissector because a NULL pointer may be passed to the gvsnprintf function CVE-2008-1561. the LDAP dissector...

5CVSS6.6AI score0.50693EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2008/03/17 12:0 a.m.•32 views

PCRE: Buffer overflow

Background PCRE is a Perl-compatible regular expression library. GLib includes a copy of PCRE. Description PCRE contains a buffer overflow vulnerability when processing a character class containing a very large number of characters with codepoints greater than 255. Impact A remote attacker could...

7.5CVSS7.4AI score0.05914EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/02/12 12:0 a.m.•32 views

scponly: Multiple vulnerabilities

Background scponly is a shell for restricting user access to file transfer only using sftp and scp. Description Joachim Breitner reported that Subversion and rsync support invokes subcommands in an insecure manner CVE-2007-6350. It has also been discovered that scponly does not filter the -o and ...

8.5CVSS7AI score0.04362EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/01/09 12:0 a.m.•32 views

unp: Arbitrary command execution

Background unp is a script for unpacking various file formats. Description Erich Schubert from Debian discovered that unp does not escape file names properly before passing them to calls of the shell. Impact A remote attacker could entice a user or automated system to unpack a compressed archive...

10CVSS6.8AI score0.02282EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/12/10 12:0 a.m.•32 views

Samba: Execution of arbitrary code

Background Samba is a suite of SMB and CIFS client/server programs for UNIX. Description Alin Rad Pop Secunia Research discovered a boundary checking error in the sendmailslot function which could lead to a stack-based buffer overflow. Impact A remote attacker could send a specially crafted...

9.3CVSS8.1AI score0.27482EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/12/09 12:0 a.m.•32 views

Lookup: Insecure temporary file creation

Background Lookup is a search interface to books and dictionnaries for Emacs. Description Tatsuya Kinoshita reported that the ndeb-binary function does not handle temporay files correctly. Impact A local attacker could use a symlink attack to overwrite files with the privileges of the user runnin...

4.6CVSS6.2AI score0.00367EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/10/04 12:0 a.m.•32 views

RPCSEC_GSS library: Buffer overflow

Background librpcsecgss is an implementation of RPCSECGSS for secure RPC communications. Description A stack based buffer overflow has been discovered in the svcauthgssvalidate function in file lib/rpc/svcauthgss.c when processing an overly long string in a RPC message. Impact A remote attacker...

10CVSS7.5AI score0.10997EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2007/09/13 12:0 a.m.•32 views

Streamripper: Buffer overflow

Background Streamripper is a tool for extracting and recording mp3 files from a Shoutcast stream. Description Chris Rohlf discovered several boundary errors in the httplibparsescheader function when processing HTTP headers. Impact A remote attacker could entice a user to connect to a malicious...

5.8CVSS7AI score0.03506EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/07/11 12:0 a.m.•32 views

XnView: Stack-based buffer overflow

Background XnView is software to view and convert graphics files. XPixMap XPM is a simple ascii-based graphics format. Description XnView is vulnerable to a stack-based buffer overflow while processing an XPM file with an overly long section string greater than 1024 bytes. Impact An attacker coul...

10CVSS7.4AI score0.18867EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/05/08 12:0 a.m.•32 views

IPsec-Tools: Denial of service

Background IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Description The isakmpinforecv function in src/racoon/isakmpinf.c does not always check that DELETE ISAKMPNPTYPED and NOTIFY...

4.3CVSS6.3AI score0.02851EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/04/27 12:0 a.m.•32 views

BEAST: Denial of service

Background BEdevilled Audio SysTem is an audio compositor, supporting a wide range of audio formats. Description BEAST, which is installed as setuid root, fails to properly check whether it can drop privileges accordingly if seteuid fails due to a user exceeding assigned resource limits. Impact A...

7.8CVSS6.2AI score0.00434EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/04/16 12:0 a.m.•32 views

OpenOffice.org: Multiple vulnerabilities

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description John Heasman of NGSSoftware has discovered a stack-based buffer overflow in the StarCal...

9.3CVSS7.4AI score0.06722EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/03/31 12:0 a.m.•32 views

Squid: Denial of service

Background Squid is a multi-protocol proxy server. Description Squid incorrectly handles TRACE requests that contain a "Max-Forwards" header field with value "0" in the clientProcessRequest function. Impact A remote attacker can send specially crafted TRACE HTTP requests that will terminate the...

5CVSS6.3AI score0.27452EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/02/13 12:0 a.m.•32 views

Snort: Denial of service

Background Snort is a widely deployed intrusion detection program. Description Randy Smith, Christian Estan and Somesh Jha discovered that the rule matching algorithm of Snort can be exploited in a way known as a "backtracking attack" to perform numerous time-consuming operations. Impact A remote...

5CVSS6.3AI score0.02312EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/09/28 12:0 a.m.•32 views

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a redesign of the Mozilla Navigator component. The goal is to produce a cross-platform, stand-alone browser application. Description A number of vulnerabilities were found and fixed in Mozilla Firefox. For details please consult the references below. Impact The most...

10CVSS6.8AI score0.14074EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/09/26 12:0 a.m.•32 views

GnuTLS: RSA Signature Forgery

Background GnuTLS is an implementation of SSL 3.0 and TLS 1.0. Description verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace. Impact Remote attackers could...

5CVSS6.7AI score0.02427EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/09/15 12:0 a.m.•32 views

BIND: Denial of service

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Queries for SIG records will cause an assertion error if more than one SIG RRset is returned. Additionally, an INSIST failure can be triggered by sending multiple recursive...

7.5CVSS8.5AI score0.12551EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/08/04 12:0 a.m.•32 views

Courier MTA: Denial of Service vulnerability

Background Courier MTA is an integrated mail and groupware server based on open protocols. Description Courier MTA has fixed a security issue relating to usernames containing the "=" character, causing high CPU utilization. Impact An attacker could exploit this vulnerability by sending a speciall...

7.8CVSS6.2AI score0.024EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/04 12:0 a.m.•32 views

LibVNCServer: Authentication bypass

Background LibVNCServer is a GPL'ed library for creating VNC servers. Description LibVNCServer fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None". LibVNCServer will accept this security type, even if it is not offered by the...

7.5CVSS6.5AI score0.04283EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/07 12:0 a.m.•32 views

Opera: Buffer overflow

Background Opera is a multi-platform web browser. Description SEC Consult has discovered a buffer overflow in the code processing style sheet attributes. It is caused by an integer signedness error in a length check followed by a call to a string function. It seems to be hard to exploit this buff...

5.1CVSS7.8AI score0.12074EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/05/02 12:0 a.m.•32 views

X.Org: Buffer overflow in XRender extension

Background X.Org is X.Org Foundation's public implementation of the X Window System. Description X.Org miscalculates the size of a buffer in the XRender extension. Impact An X.Org user could exploit this issue to make the X server execute arbitrary code with elevated privileges. Workaround There ...

2.1CVSS7.3AI score0.00514EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/05/02 12:0 a.m.•32 views

ClamAV: Buffer overflow in Freshclam

Background ClamAV is a GPL virus scanner. Freshclam is a utility to download virus signature updates. Description Ulf Harnhammar and an anonymous German researcher discovered that Freshclam fails to check the size of the header data returned by a webserver. Impact By enticing a user to connect to...

5.1CVSS6.7AI score0.0581EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/04/06 12:0 a.m.•32 views

Doomsday: Format string vulnerability

Background Doomsday is a modern gaming engine for popular ID games like Doom, Heretic and Hexen. Description Luigi Auriemma discovered that Doomsday incorrectly implements formatted printing. Impact A remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of...

7.5CVSS7.5AI score0.13191EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/03/26 12:0 a.m.•32 views

RealPlayer: Buffer overflow vulnerability

Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Description RealPlayer is vulnerable to a buffer overflow when processing malicious SWF files. Impact By enticing a user to open a specially crafted SWF file an attacker could execute arbitrary code...

9.3CVSS7.5AI score0.16744EPSS
Exploits11
Gentoo Linux
Gentoo Linux
•added 2006/03/21 12:0 a.m.•32 views

Macromedia Flash Player: Arbitrary code execution

Background The Macromedia Flash Player is a renderer for the popular SWF filetype which is commonly used to provide interactive websites, digital experiences and mobile content. Description The Macromedia Flash Player contains multiple unspecified vulnerabilities. Impact An attacker serving a...

5.1CVSS7.3AI score0.06602EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/12/18 12:0 a.m.•32 views

Opera: Command-line URL shell command injection

Background Opera is a multi-platform web browser. Description Peter Zelezny discovered that the shell script used to launch Opera parses shell commands that are enclosed within backticks in the URL provided via the command line. Impact A remote attacker could exploit this vulnerability by enticin...

7.5CVSS6.8AI score0.06357EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/12/14 12:0 a.m.•32 views

Ethereal: Buffer overflow in OSPF protocol dissector

Background Ethereal is a feature-rich network protocol analyzer. It provides protocol analyzers for various network flows, including one for Open Shortest Path First OSPF Interior Gateway Protocol. Description iDEFENSE reported a possible overflow due to the lack of bounds checking in the...

7.5CVSS7.3AI score0.06199EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/22 12:0 a.m.•32 views

eix: Insecure temporary file creation

Background eix is a small utility for searching ebuilds with indexing for fast results. Description Eric Romang discovered that eix creates a temporary file with a predictable name. eix creates a temporary file in /tmp/eix..sync where is the process ID of the shell running eix. Impact A local...

5CVSS6.3AI score0.01099EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/30 12:0 a.m.•32 views

AbiWord: RTF import stack-based buffer overflow

Background AbiWord is a free and cross-platform word processing program. It allows to import RTF files into AbiWord documents. Description Chris Evans discovered that the RTF import function in AbiWord is vulnerable to a stack-based buffer overflow. Impact An attacker could design a malicious RTF...

7.5CVSS7.1AI score0.04595EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/26 12:0 a.m.•32 views

PhpWiki: Arbitrary command execution through XML-RPC

Background PhpWiki is an application that creates a web site where anyone can edit the pages through HTML forms. Description Earlier versions of PhpWiki contain an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Impact A remote attacker could...

7.5CVSS6.5AI score0.05091EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/25 12:0 a.m.•32 views

Tor: Information disclosure

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description The Diffie-Hellman implementation of Tor fails to verify the cryptographic strength of keys which are used during handshakes. Impact By setting up a malicio...

5CVSS6.3AI score0.01247EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/17 12:0 a.m.•32 views

bluez-utils: Bluetooth device name validation vulnerability

Background bluez-utils are the utilities for use with the BlueZ implementation of the Bluetooth wireless standards for Linux. Description The name of a Bluetooth device is improperly validated by the hcid utility when a remote device attempts to pair itself with a computer. Impact An attacker cou...

7.5CVSS6.6AI score0.024EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/30 12:0 a.m.•32 views

AMD64 x86 emulation base libraries: Buffer overflow

Background The x86 emulation base libraries for AMD64 emulate the x86 32-bit architecture on the AMD64 64-bit architecture. Description Earlier versions of emul-linux-x86-baselibs contain a vulnerable version of zlib, which may lead to a buffer overflow. Impact By creating a specially crafted...

7.5CVSS9.8AI score0.05476EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2005/07/18 12:0 a.m.•32 views

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Thunderbird: "mozbugra4" and "shutdown" discovered that Thunderbird was improperly cloning base objects MFSA 2005-56. "mozbugra4"...

5CVSS7.6AI score0.10036EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/07/14 12:0 a.m.•32 views

pam_ldap and nss_ldap: Plain text authentication leak

Background pamldap is a Pluggable Authentication Module which allows authentication against an LDAP directory. nssldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. TLS is Transport Layer Security, a protocol that allows...

5CVSS6.3AI score0.02752EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/06 12:0 a.m.•32 views

Dzip: Directory traversal vulnerability

Background Dzip is a compressor and uncompressor especially made for demo recordings of id's Quake. Description Dzip is vulnerable to a directory traversal attack when extracting archives. Impact An attacker could exploit this vulnerability by creating a specially crafted archive to extract files...

5CVSS6.5AI score0.0164EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/31 12:0 a.m.•32 views

LimeWire: Disclosure of sensitive information

Background LimeWire is a Java peer-to-peer client compatible with the Gnutella file-sharing protocol. Description Two input validation errors were found in the handling of Gnutella GET requests CAN-2005-0788 and magnet requests CAN-2005-0789. Impact A remote attacker can craft a specific Gnutella...

5CVSS6.6AI score0.06918EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/03/17 12:0 a.m.•32 views

Grip: CDDB response overflow

Background Grip is a GTK+ based audio CD player/ripper. Description Joseph VanAndel has discovered a buffer overflow in Grip when processing large CDDB results. Impact A malicious CDDB server could cause Grip to crash by returning more then 16 matches, potentially allowing the execution of...

7.5CVSS7.4AI score0.04621EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/14 12:0 a.m.•32 views

VMware Workstation: Untrusted library search path

Background VMware Workstation is a powerful virtual machine for developers and system administrators. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that VMware Workstation searches for gdk-pixbuf loadable modules in an untrusted, world-writable directory. Impact...

4.6CVSS6.8AI score0.00371EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/09 12:0 a.m.•32 views

pdftohtml: Vulnerabilities in included Xpdf

Background pdftohtml is a utility to convert PDF files to HTML or XML formats. It makes use of Xpdf code to decode PDF files. Description Xpdf is vulnerable to a buffer overflow, as described in GLSA 200501-28. Impact An attacker could entice a user to convert a specially-crafted PDF file,...

7.5CVSS7AI score0.07217EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/01/20 12:0 a.m.•32 views

Ethereal: Multiple vulnerabilities

Background Ethereal is a feature rich network protocol analyzer. Description There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.9, including: The COPS dissector could go into an infinite loop CAN-2005-0006. The DLSw dissector could cause an assertion, making Ethereal exi...

7.5CVSS7.8AI score0.06308EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/12/16 12:0 a.m.•32 views

Adobe Acrobat Reader: Buffer overflow vulnerability

Background Adobe Acrobat Reader is a utility used to view PDF files. Description A buffer overflow has been discovered in the email processing of Adobe Acrobat Reader. This flaw exists in the mailListIsPdf function, which checks if the input file is an email message containing a PDF file. Impact ...

10CVSS4.8AI score0.08272EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/23 12:0 a.m.•33 views

pdftohtml: Vulnerabilities in included Xpdf

Background pdftohtml is a utility to convert PDF files to HTML or XML formats. It makes use of Xpdf code to decode PDF files. Description Xpdf is vulnerable to multiple integer overflows, as described in GLSA 200410-20. Impact An attacker could entice a user to convert a specially-crafted PDF fil...

10CVSS7.1AI score0.09334EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/17 12:0 a.m.•32 views

GIMPS, SETI@home, ChessBrain: Insecure installation

Background GIMPS is a client for the distributed Great Internet Mersenne Prime Search. SETI@home is the client for the Search for Extraterrestrial Intelligence SETI project. ChessBrain is the client for the distributed chess supercomputer. Description GIMPS, SETI@home and ChessBrain ebuilds insta...

7.2CVSS2.3AI score0.00397EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/11 12:0 a.m.•32 views

Davfs2, lvm-user: Insecure tempfile handling

Background Davfs2 is a file system driver that allows you to mount a WebDAV server as a local disk drive. lvm-user is a package providing userland utilities for LVM Logical Volume Management 1.x features. Description Florian Schilhabel from the Gentoo Linux Security Audit Team found that Davfs2...

2.1CVSS6AI score0.00393EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/09 12:0 a.m.•32 views

mtink: Insecure tempfile handling

Background mtink is a status monitor and inkjet cartridge changer for some Epson printers. Description Tavis Ormandy from Gentoo Linux discovered that mtink uses insecure permissions on temporary files. Impact A local attacker could create symbolic links in the temporary files directory, pointing...

2.1CVSS6.3AI score0.00362EPSS
Exploits0
Total number of security vulnerabilities3816