Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2006/09/26 12:0 a.m.32 views

GnuTLS: RSA Signature Forgery

Background GnuTLS is an implementation of SSL 3.0 and TLS 1.0. Description verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace. Impact Remote attackers could...

5CVSS6.7AI score0.02427EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/09/15 12:0 a.m.32 views

BIND: Denial of service

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Queries for SIG records will cause an assertion error if more than one SIG RRset is returned. Additionally, an INSIST failure can be triggered by sending multiple recursive...

7.5CVSS8.5AI score0.12551EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/08/04 12:0 a.m.32 views

LibVNCServer: Authentication bypass

Background LibVNCServer is a GPL'ed library for creating VNC servers. Description LibVNCServer fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None". LibVNCServer will accept this security type, even if it is not offered by the...

7.5CVSS6.5AI score0.04283EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/06/07 12:0 a.m.32 views

Opera: Buffer overflow

Background Opera is a multi-platform web browser. Description SEC Consult has discovered a buffer overflow in the code processing style sheet attributes. It is caused by an integer signedness error in a length check followed by a call to a string function. It seems to be hard to exploit this buff...

5.1CVSS7.8AI score0.12074EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/05/02 12:0 a.m.32 views

X.Org: Buffer overflow in XRender extension

Background X.Org is X.Org Foundation's public implementation of the X Window System. Description X.Org miscalculates the size of a buffer in the XRender extension. Impact An X.Org user could exploit this issue to make the X server execute arbitrary code with elevated privileges. Workaround There ...

2.1CVSS7.3AI score0.00514EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/05/02 12:0 a.m.32 views

ClamAV: Buffer overflow in Freshclam

Background ClamAV is a GPL virus scanner. Freshclam is a utility to download virus signature updates. Description Ulf Harnhammar and an anonymous German researcher discovered that Freshclam fails to check the size of the header data returned by a webserver. Impact By enticing a user to connect to...

5.1CVSS6.7AI score0.0581EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/04/06 12:0 a.m.32 views

Doomsday: Format string vulnerability

Background Doomsday is a modern gaming engine for popular ID games like Doom, Heretic and Hexen. Description Luigi Auriemma discovered that Doomsday incorrectly implements formatted printing. Impact A remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of...

7.5CVSS7.5AI score0.13191EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/03/26 12:0 a.m.32 views

RealPlayer: Buffer overflow vulnerability

Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Description RealPlayer is vulnerable to a buffer overflow when processing malicious SWF files. Impact By enticing a user to open a specially crafted SWF file an attacker could execute arbitrary code...

9.3CVSS7.5AI score0.16744EPSS
Exploits11
Gentoo Linux
Gentoo Linux
added 2006/03/21 12:0 a.m.32 views

Macromedia Flash Player: Arbitrary code execution

Background The Macromedia Flash Player is a renderer for the popular SWF filetype which is commonly used to provide interactive websites, digital experiences and mobile content. Description The Macromedia Flash Player contains multiple unspecified vulnerabilities. Impact An attacker serving a...

5.1CVSS7.3AI score0.06602EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/12/18 12:0 a.m.32 views

Opera: Command-line URL shell command injection

Background Opera is a multi-platform web browser. Description Peter Zelezny discovered that the shell script used to launch Opera parses shell commands that are enclosed within backticks in the URL provided via the command line. Impact A remote attacker could exploit this vulnerability by enticin...

7.5CVSS6.8AI score0.06357EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/11/22 12:0 a.m.32 views

eix: Insecure temporary file creation

Background eix is a small utility for searching ebuilds with indexing for fast results. Description Eric Romang discovered that eix creates a temporary file with a predictable name. eix creates a temporary file in /tmp/eix..sync where is the process ID of the shell running eix. Impact A local...

5CVSS6.3AI score0.01099EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/09/30 12:0 a.m.32 views

AbiWord: RTF import stack-based buffer overflow

Background AbiWord is a free and cross-platform word processing program. It allows to import RTF files into AbiWord documents. Description Chris Evans discovered that the RTF import function in AbiWord is vulnerable to a stack-based buffer overflow. Impact An attacker could design a malicious RTF...

7.5CVSS7.1AI score0.04595EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/08/26 12:0 a.m.32 views

PhpWiki: Arbitrary command execution through XML-RPC

Background PhpWiki is an application that creates a web site where anyone can edit the pages through HTML forms. Description Earlier versions of PhpWiki contain an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Impact A remote attacker could...

7.5CVSS6.5AI score0.05091EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/08/25 12:0 a.m.32 views

Tor: Information disclosure

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description The Diffie-Hellman implementation of Tor fails to verify the cryptographic strength of keys which are used during handshakes. Impact By setting up a malicio...

5CVSS6.3AI score0.01247EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/08/19 12:0 a.m.32 views

Adobe Reader: Buffer Overflow

Background Adobe Reader is a utility used to view PDF files. Description A buffer overflow has been reported within a core application plug-in, which is part of Adobe Reader. Impact An attacker may create a specially-crafted PDF file, enticing a user to open it. This could trigger a buffer overfl...

7.5CVSS7AI score0.13245EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/08/17 12:0 a.m.32 views

bluez-utils: Bluetooth device name validation vulnerability

Background bluez-utils are the utilities for use with the BlueZ implementation of the Bluetooth wireless standards for Linux. Description The name of a Bluetooth device is improperly validated by the hcid utility when a remote device attempts to pair itself with a computer. Impact An attacker cou...

7.5CVSS6.6AI score0.024EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/07/30 12:0 a.m.32 views

AMD64 x86 emulation base libraries: Buffer overflow

Background The x86 emulation base libraries for AMD64 emulate the x86 32-bit architecture on the AMD64 64-bit architecture. Description Earlier versions of emul-linux-x86-baselibs contain a vulnerable version of zlib, which may lead to a buffer overflow. Impact By creating a specially crafted...

7.5CVSS9.8AI score0.05476EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2005/07/18 12:0 a.m.32 views

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Thunderbird: "mozbugra4" and "shutdown" discovered that Thunderbird was improperly cloning base objects MFSA 2005-56. "mozbugra4"...

5CVSS7.6AI score0.10036EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/06/06 12:0 a.m.32 views

Dzip: Directory traversal vulnerability

Background Dzip is a compressor and uncompressor especially made for demo recordings of id's Quake. Description Dzip is vulnerable to a directory traversal attack when extracting archives. Impact An attacker could exploit this vulnerability by creating a specially crafted archive to extract files...

5CVSS6.5AI score0.0164EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/31 12:0 a.m.32 views

LimeWire: Disclosure of sensitive information

Background LimeWire is a Java peer-to-peer client compatible with the Gnutella file-sharing protocol. Description Two input validation errors were found in the handling of Gnutella GET requests CAN-2005-0788 and magnet requests CAN-2005-0789. Impact A remote attacker can craft a specific Gnutella...

5CVSS6.6AI score0.06918EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/03/17 12:0 a.m.32 views

Grip: CDDB response overflow

Background Grip is a GTK+ based audio CD player/ripper. Description Joseph VanAndel has discovered a buffer overflow in Grip when processing large CDDB results. Impact A malicious CDDB server could cause Grip to crash by returning more then 16 matches, potentially allowing the execution of...

7.5CVSS7.4AI score0.04621EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/14 12:0 a.m.32 views

VMware Workstation: Untrusted library search path

Background VMware Workstation is a powerful virtual machine for developers and system administrators. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that VMware Workstation searches for gdk-pixbuf loadable modules in an untrusted, world-writable directory. Impact...

4.6CVSS6.8AI score0.00371EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/20 12:0 a.m.32 views

Ethereal: Multiple vulnerabilities

Background Ethereal is a feature rich network protocol analyzer. Description There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.9, including: The COPS dissector could go into an infinite loop CAN-2005-0006. The DLSw dissector could cause an assertion, making Ethereal exi...

7.5CVSS7.8AI score0.06308EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/12/16 12:0 a.m.32 views

Adobe Acrobat Reader: Buffer overflow vulnerability

Background Adobe Acrobat Reader is a utility used to view PDF files. Description A buffer overflow has been discovered in the email processing of Adobe Acrobat Reader. This flaw exists in the mailListIsPdf function, which checks if the input file is an email message containing a PDF file. Impact ...

10CVSS4.8AI score0.08272EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/11/17 12:0 a.m.32 views

GIMPS, SETI@home, ChessBrain: Insecure installation

Background GIMPS is a client for the distributed Great Internet Mersenne Prime Search. SETI@home is the client for the Search for Extraterrestrial Intelligence SETI project. ChessBrain is the client for the distributed chess supercomputer. Description GIMPS, SETI@home and ChessBrain ebuilds insta...

7.2CVSS2.3AI score0.00397EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/11/11 12:0 a.m.32 views

Davfs2, lvm-user: Insecure tempfile handling

Background Davfs2 is a file system driver that allows you to mount a WebDAV server as a local disk drive. lvm-user is a package providing userland utilities for LVM Logical Volume Management 1.x features. Description Florian Schilhabel from the Gentoo Linux Security Audit Team found that Davfs2...

2.1CVSS6AI score0.00393EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/11/09 12:0 a.m.32 views

mtink: Insecure tempfile handling

Background mtink is a status monitor and inkjet cartridge changer for some Epson printers. Description Tavis Ormandy from Gentoo Linux discovered that mtink uses insecure permissions on temporary files. Impact A local attacker could create symbolic links in the temporary files directory, pointing...

2.1CVSS6.3AI score0.00362EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/10/21 12:0 a.m.32 views

glibc: Insecure tempfile handling in catchsegv script

Background glibc is a package that contains the GNU C library. Description The catchsegv script creates temporary files in world-writeable directories with predictable names. Impact A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere o...

2.1CVSS6.1AI score0.00394EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/22 12:0 a.m.32 views

xine-lib: Multiple vulnerabilities

Background xine-lib is a multimedia library which can be utilized to create multimedia frontends. Description xine-lib contains two stack-based overflows and one heap-based overflow. In the code reading VCD disc labels, the ISO disc label is copied into an unprotected stack buffer of fixed size...

7.5CVSS4.8AI score0.08374EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/06/30 12:0 a.m.32 views

Pavuk: Remote buffer overflow

Background Pavuk is web spider and website mirroring tool. Description When Pavuk connects to a web server and the server sends back the HTTP status code 305 Use Proxy, Pavuk copies data from the HTTP Location header in an unsafe manner. Impact An attacker could cause a stack-based buffer overflo...

7.6CVSS7.4AI score0.0292EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/05/25 12:0 a.m.32 views

Multiple XSS Vulnerabilities in SquirrelMail

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP, and can optionally be installed with SQL support. Description Several unspecified cross-site scripting XSS vulnerabilities and a well hidden SQL injection vulnerability were found. An XSS attack allows an...

10CVSS7AI score0.22528EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/05/14 12:0 a.m.32 views

Exim verify=header_syntax buffer overflow

Background Exim is an highly configurable message transfer agent MTA developed at the University of Cambridge. Description When the option "verify = headersyntax" is used in an ACL in the configuration file, Exim is vulnerable to a buffer overflow attack that can be triggered remotely by sending...

7.5CVSS7.4AI score0.06974EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/04/06 12:0 a.m.32 views

KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability

Background KDE-PIM is an application suite designed to manage mail, addresses, appointments, and contacts. Description A buffer overflow may occur in KDE-PIM's VCF file reader when a maliciously crafted VCF file is opened by a user on a vulnerable system. Impact A remote attacker may unauthorized...

7.5CVSS7.1AI score0.06151EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/12/08 12:0 a.m.31 views

HashiCorp Consul: Multiple Vulnerabilities

Background HashiCorp Consul is a tool for service discovery, monitoring and configuration. Description Multiple vulnerabilities have been discovered in HashiCorp Consul. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

8.7CVSS8.5AI score0.99999EPSS
Exploits19
Gentoo Linux
Gentoo Linux
added 2024/08/09 12:0 a.m.31 views

QEMU: Multiple Vulnerabilities

Background QEMU is a generic and open source machine emulator and virtualizer. Description Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

8.8CVSS7.5AI score0.00656EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2024/08/07 12:0 a.m.31 views

nghttp2: Multiple Vulnerabilities

Background Nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C. Description Multiple vulnerabilities have been discovered in nghttp2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

7.5CVSS7.7AI score0.99999EPSS
Exploits20
Gentoo Linux
Gentoo Linux
added 2024/07/05 12:0 a.m.31 views

BusyBox: Multiple Vulnerabilities

Background BusyBox is set of tools for embedded systems and is a replacement for GNU Coreutils. Description Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.8CVSS7.7AI score0.03379EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/02/26 12:0 a.m.31 views

GNU Aspell: Heap Buffer Overflow

Background GNU Aspell is a popular spell-checker. Dictionaries are available for many languages. Description Multiple vulnerabilities have been discovered in GNU Aspell. Please review the CVE identifiers referenced below for details. Impact GNU Aspell has a heap-based buffer overflow in...

7.8CVSS7.8AI score0.00549EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/01/15 12:0 a.m.31 views

KTextEditor: Arbitrary Local Code Execution

Background Framework providing a full text editor component for KDE. Description A vulnerability has been discovered in KTextEditor. Please review the CVE identifiers referenced below for details. Impact KTextEditor executes binaries without user interaction in a few cases, e.g. KTextEditor will...

7.8CVSS7.2AI score0.00894EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/01/07 12:0 a.m.31 views

Eclipse Mosquitto: Multiple Vulnerabilities

Background Eclipse Mosquitto is an open source MQTT v3 broker. Description Multiple vulnerabilities have been discovered in Eclipse Mosquitto. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...

7.5CVSS7.4AI score0.01116EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/01/02 12:0 a.m.31 views

Joblib: Arbitrary Code Execution

Background Joblib is a set of tools to provide lightweight pipelining in Python. In particular: 1. transparent disk-caching of functions and lazy re-evaluation memoize pattern 2. easy simple parallel computing Joblib is optimized to be fast and robust on large data in particular and has specific...

9.8CVSS8AI score0.01975EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/09/29 12:0 a.m.31 views

GMP: Buffer Overflow Vulnerability

Background The GNU Multiple Precision Arithmetic Library is a library forarbitrary-precision arithmetic on different types of numbers. Description There is an integer overflow leading to a buffer overflow when processing untrusted input via GMP's mpzinpraw function. Impact Untrusted input can cau...

7.5CVSS7.3AI score0.03425EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/05/30 12:0 a.m.31 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

8.8CVSS7.4AI score0.01185EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.31 views

Tor: Multiple Vulnerabilities

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...

7.5CVSS7.3AI score0.01685EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.31 views

ProFTPd: Memory Disclosure

Background ProFTPD is an advanced and very configurable FTP server. Description ProFTPd unconditionally sends passwords to Radius servers for authentication in multiples of 16 bytes. If a password is not of a length that is a multiple of 16 bytes, ProFTPd will read beyond the end of the password...

7.5CVSS7.1AI score0.01129EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.31 views

ISC DHCP: Multiple Vulnerabilities

Background ISC DHCP is ISC's reference implementation of all aspects of the Dynamic Host Configuration Protocol. Description Multiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifie...

7.4CVSS8AI score0.06118EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2022/10/16 12:0 a.m.31 views

Open Asset Import Library ("assimp"): Multiple Vulnerabilities

Background Open Asset Import Library is a library to import and export various 3d-model-formats including scene-post-processing to generate missing render data. Description Multiple vulnerabilities have been discovered in Fetchmail, the worst of which could result in email disclosure to third...

5.5CVSS1.7AI score0.00942EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2021/04/30 12:0 a.m.31 views

ClamAV: Denial of service

Background ClamAV is a GPL virus scanner. Description A vulnerability has been discovered in ClamAV. Please review the CVE identifier referenced below for details. Impact A remote attacker could cause ClamAV to scan a specially crafted file, possibly resulting a Denial of Service condition...

7.5CVSS3.8AI score0.03155EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/09/13 12:0 a.m.31 views

ZeroMQ: Denial of service

Background Looks like an embeddable networking library but acts like a concurrency framework. Description It was discovered that ZeroMQ does not properly handle connecting peers before a handshake is completed. Impact An unauthenticated remote attacker able to connect to a ZeroMQ endpoint, even...

7.5CVSS2.4AI score0.03408EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2018/01/07 12:0 a.m.31 views

GNU Emacs: Command injection

Background GNU Emacs is a highly extensible and customizable text editor. Description A command injection flaw within the Emacs “enriched mode” handling has been discovered. Impact A remote attacker, by enticing a user to open a specially crafted file, could execute arbitrary commands with the...

8.8CVSS9.5AI score0.04009EPSS
Exploits1
Total number of security vulnerabilities3816