Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2014/09/19 12:0 a.m.•31 views

c-icap: Denial of service

Background c-icap is an implementation of an ICAP server. It can be used with HTTP proxies that support the ICAP protocol to implement content adaptation and filtering services. Description c-icap contains a flaw in the parserequest function of request.c that may allow a remote denial of service...

5CVSS6.6AI score0.02817EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2014/06/27 12:0 a.m.•31 views

sudo: Privilege escalation

Background sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts. Description When the Sudo envreset option is disabled it is enabled by default, certain environment variables are not blacklisted as...

6.6CVSS6.2AI score0.00338EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2014/05/17 12:0 a.m.•31 views

Bacula: Information disclosure

Background Bacula is a network based backup suite. Description Bacula does not properly enforce console access control lists. Impact A remote authenticated attacker may be able to bypass restrictions to obtain sensitive information. Workaround There is no known workaround at this time. Resolution...

4CVSS6.1AI score0.02676EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/02/28 12:0 a.m.•31 views

ArgyllCMS: User-assisted execution of arbitrary code

Background ArgyllCMS is an ICC compatible color management system that supports accurate ICC profile creation for scanners, cameras and film recorders. Description Multiple integer overflow vulnerabilities have been discovered in the ICC Format Library in ArgyllCMS. Impact A remote attacker could...

6.8CVSS7.5AI score0.07486EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/02/21 12:0 a.m.•31 views

OpenSSL: Denial of service

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description A flaw in the ssl3takemac function can result in a NULL pointer dereference. Impact A remote attacker cou...

4.3CVSS7.7AI score0.11851EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/01/27 12:0 a.m.•31 views

CEDET: Privilege escalation

Background CEDET is a Collection of Emacs Development Environment Tools written with the end goal of creating an advanced development environment in Emacs. Description An untrusted search path vulnerability was discovered in CEDET. Impact A local attacker could escalate his privileges via a...

9.3CVSS6.1AI score0.02723EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/01/26 12:0 a.m.•31 views

GNU TeXmacs: Privilege escalation

Background GNU TeXmacs is a free WYSIWYG editing platform with special features for scientists. Description The texmacs and tmmupadhelp scripts in TeXmacs place a zero-length directory name in the LDLIBRARYPATH, which might result in the current working directory . to be included when searching f...

6.9CVSS6.2AI score0.00386EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2013/10/10 12:0 a.m.•31 views

OpenJPEG: User-assisted execution of arbitrary code

Background OpenJPEG is an open-source JPEG 2000 library. Description OpenJPEG contains an invalid free error and multiple buffer overflow flaws. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted JPEG file,...

10CVSS7.4AI score0.07695EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2012/09/26 12:0 a.m.•31 views

libjpeg-turbo: User-assisted execution of arbitrary code

Background libjpeg-turbo accelerates JPEG compression and decompression. Description A vulnerability in the getsos function in jdmarker.c could cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted JPEG file in an application linked against...

8.8CVSS8.1AI score0.04765EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/07/09 12:0 a.m.•31 views

X.Org X Server: Privilege escalation

Background The X Window System is a graphical windowing system based on a client/server model. Description The "LogVHdrMessageVerb" function in log.c contains a format string vulnerability. NOTE: Exposure to this vulnerability is reduced in Gentoo due to X.Org X Server being built with...

10CVSS6.3AI score0.02689EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/07/09 12:0 a.m.•31 views

CUPS: Multiple vulnerabilities

Background CUPS, the Common Unix Printing System, is a full-featured print server. Description Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code using specially...

9.8CVSS8.3AI score0.0647EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2012/06/21 12:0 a.m.•31 views

Wicd: Multiple vulnerabilities

Background Wicd is an open source wired and wireless network manager for Linux. Description Two vulnerabilities have been found in Wicd: Passwords and passphrases are written to /var/log/wicd CVE-2012-0813. Input from the daemon's D-Bus interface is not properly sanitized CVE-2012-2095. Impact A...

6.9CVSS6.8AI score0.00802EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2012/04/17 12:0 a.m.•31 views

FreeType: Multiple vulnerabilities

Background FreeType is a high-quality and portable font engine. Description Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted font, possibly resulting ...

10CVSS7.5AI score0.05637EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2011/01/05 12:0 a.m.•31 views

gif2png: User-assisted execution of arbitrary code

Background gif2png is a command line program that converts image files from the Graphics Interchange Format GIF format to the Portable Network Graphics PNG format. Description gif2png contains a command line parsing vulnerability that may result in a stack overflow due to an unexpectedly long inp...

6.8CVSS7.2AI score0.10901EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2010/01/13 12:0 a.m.•31 views

SquirrelMail: Multiple vulnerabilities

Background SquirrelMail is a standards-based webmail package written in PHP. Description Multiple vulnerabilities were found in SquirrelMail: Niels Teusink reported multiple input sanitation flaws in certain encrypted strings in e-mail headers, related to contrib/decryptheaders.php, PHPSELF and t...

6.8CVSS8AI score0.03399EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/11/06 12:0 a.m.•31 views

Horde: Multiple vulnerabilities

Background Horde is a web application framework written in PHP. Description Multiple vulnerabilities have been discovered in Horde: Stefan Esser of Sektion1 reported an error within the form library when handling image form fields CVE-2009-3236. Martin Geisler and David Wharton reported that an...

4.3CVSS6.5AI score0.02305EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/09/09 12:0 a.m.•31 views

aMule: Parameter injection

Background aMule is an eMule-like client for the eD2k and Kademlia networks, supporting multiple platforms. Description Sam Hocevar discovered that the aMule preview function does not properly sanitize file names. Impact A remote attacker could entice a user to download a file with a specially...

6.8CVSS6.5AI score0.0154EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/08/18 12:0 a.m.•31 views

Subversion: Remote execution of arbitrary code

Background Subversion is a versioning system designed to be a replacement for CVS. Description Matt Lewis of Google reported multiple integer overflows in the libsvndelta library, possibly leading to heap-based buffer overflows. Impact A remote attacker with commit access could exploit this...

8.5CVSS7.1AI score0.05112EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/04/18 12:0 a.m.•31 views

udev: Multiple vulnerabilities

Background udev is the device manager used in the Linux 2.6 kernel series. Description Sebastian Krahmer of SUSE discovered the following two vulnerabilities: udev does not verify the origin of NETLINK messages properly CVE-2009-1185. A buffer overflow exists in the utilpathencode function in...

7.2CVSS7.8AI score0.81528EPSS
Exploits12
Gentoo Linux
Gentoo Linux
•added 2009/04/17 12:0 a.m.•31 views

libsndfile: User-assisted execution of arbitrary code

Background libsndfile is a C library for reading and writing files containing sampled sound. Description Alin Rad Pop from Secunia Research reported an integer overflow when processing CAF description chunks, leading to a heap-based buffer overflow. Impact A remote attacker could entice a user to...

9.3CVSS5.3AI score0.03612EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/03/06 12:0 a.m.•31 views

Vinagre: User-assisted execution of arbitrary code

Background Vinagre is a VNC Client for the GNOME Desktop. Description Alfredo Ortega Core Security Technologies reported a format string error in the vinagreutilsshowerror function in src/vinagre-utils.c. Impact A remote attacker could entice a user into opening a specially crafted .vnc file or...

6.8CVSS7AI score0.09121EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/12/02 12:0 a.m.•31 views

libxml2: Multiple vulnerabilities

Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the Gnome project. Description Multiple vulnerabilities were reported in libxml2: Andreas Solberg reported that libxml2 does not properly detect recursion during entity expansion in an attribute...

10CVSS8.1AI score0.23373EPSS
Exploits13
Gentoo Linux
Gentoo Linux
•added 2008/09/23 12:0 a.m.•31 views

BitlBee: Security bypass

Background BitlBee is an IRC to IM gateway that support multiple IM protocols. Description Multiple unspecified vulnerabilities were reported, including a NULL pointer dereference. Impact A remote attacker could exploit these vulnerabilities to overwrite existing IM accounts. Workaround There is ...

7.5CVSS6.7AI score0.02407EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/05/27 12:0 a.m.•31 views

Roundup: Permission bypass

Background Roundup is an issue-tracking system with command-line, web and e-mail interfaces. Description Philipp Gortan reported that the xml-rpc server in Roundup does not check property permissions CVE-2008-1475. Furthermore, Roland Meister discovered multiple vulnerabilities caused by...

6.4CVSS6.3AI score0.01743EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/04/29 12:0 a.m.•31 views

KDE start_kdeinit: Multiple vulnerabilities

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like operating systems. startkdeinit is a wrapper for kdeinit. Description Vulnerabilities have been reported in the processing of user-controlled data by startkdeinit, which is setuid root by default. Impact A loca...

4.6CVSS7.2AI score0.00626EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/03/24 12:0 a.m.•31 views

Wireshark: Denial of service

Background Wireshark is a network protocol analyzer with a graphical front-end. Description Multiple unspecified errors exist in the SCTP, SNMP, and TFTP dissectors. Impact A remote attacker could cause a Denial of Service by sending a malformed packet. Workaround Disable the SCTP, SNMP, and TFTP...

5CVSS6.3AI score0.02003EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/03/03 12:0 a.m.•31 views

Paramiko: Information disclosure

Background Paramiko is a Secure Shell Server implementation written in Python. Description Dwayne C. Litzenberger reported that the file "common.py" does not properly use RandomPool when using threads or forked processes. Impact A remote attacker could predict the values generated by applications...

4.3CVSS6.3AI score0.0162EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/03/03 12:0 a.m.•31 views

SplitVT: Privilege escalation

Background SplitVT is a program for splitting terminals into two shells. Description Mike Ashton reported that SplitVT does not drop group privileges before executing the xprop utility. Impact A local attacker could exploit this vulnerability to gain the "utmp" group privileges. Workaround There ...

7.2CVSS6.4AI score0.00346EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/01/09 12:0 a.m.•31 views

Claws Mail: Insecure temporary file creation

Background Claws Mail is a GTK based e-mail client. Description Nico Golde from Debian reported that the sylprint.pl script that is part of the Claws Mail tools creates temporary files in an insecure manner. Impact A local attacker could exploit this vulnerability to conduct symlink attacks to...

3.6CVSS6.1AI score0.00365EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/11/20 12:0 a.m.•31 views

PCRE: Multiple vulnerabilities

Background PCRE is a library providing functions for Perl-compatible regular expressions. Description Tavis Ormandy Google Security discovered multiple vulnerabilities in PCRE. He reported an error when processing "\Q\E" sequences with unmatched "\E" codes that can lead to the compiled bytecode...

7.5CVSS7.5AI score0.0507EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/10/14 12:0 a.m.•31 views

KDM: Local privilege escalation

Background KDM is the Display Manager for the graphical desktop environment KDE. It is part of the kdebase package. Description Kees Huijgen discovered an error when checking the credentials which can lead to a login without specifying a password. This only occurs when auto login is configured fo...

6.8CVSS7.1AI score0.01015EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/09/18 12:0 a.m.•31 views

PhpWiki: Authentication bypass

Background PhpWiki is an application that creates a web site where anyone can edit the pages through HTML forms. Description The PhpWiki development team reported an authentication error within the file lib/WikiUser/LDAP.php when binding to an LDAP server with an empty password. Impact A remote...

10CVSS6.7AI score0.03529EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/09/13 12:0 a.m.•31 views

KVIrc: Remote arbitrary code execution

Background KVIrc is a free portable IRC client based on Qt. Description Stefan Cornelius from Secunia Research discovered that the "parseIrcUrl" function in file src/kvirc/kernel/kviircurl.cpp does not properly sanitise parts of the URI when building the command for KVIrc's internal script system...

9.3CVSS7.1AI score0.03197EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/07/05 12:0 a.m.•31 views

Webmin, Usermin: Cross-site scripting vulnerabilities

Background Webmin is a web-based administrative interface for Unix-like systems. Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Description The pamlogin.cgi file does not properly sanitize user input before sending it back as output t...

4.3CVSS6.7AI score0.01569EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/07/03 12:0 a.m.•31 views

GNU C Library: Integer overflow

Background The GNU C library is the standard C library used by Gentoo Linux systems. It provides programs with basic facilities and interfaces to system calls. ld.so is the dynamic linker which prepares dynamically linked programs for execution by resolving runtime dependencies and related...

7.2CVSS7AI score0.00454EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/05/31 12:0 a.m.•31 views

file: Integer overflow

Background file is a utility that guesses a file format by scanning binary data for patterns. Description Colin Percival from FreeBSD reported that the previous fix for the fileprintf buffer overflow introduced a new integer overflow. Impact A remote attacker could entice a user to run the file...

5.1CVSS7.4AI score0.02702EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/04/24 12:0 a.m.•31 views

ClamAV: Multiple vulnerabilities

Background ClamAV is a GPL virus scanner. Description iDefense Labs have reported a stack-based buffer overflow in the cabunstore function when processing negative values in .cab files. Multiple file descriptor leaks have also been reported in chmunpack.c, pdf.c and dblock.c when processing .chm...

7.5CVSS7.4AI score0.05412EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/04/23 12:0 a.m.•31 views

NAS: Multiple vulnerabilities

Background NAS is a network transparent, client/server audio transport system. Description Luigi Auriemma has discovered multiple vulnerabilities in NAS, some of which include a buffer overflow in the function acceptattlocal, an integer overflow in the function ProcAuWriteElement, and a null...

10CVSS7.6AI score0.08015EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2007/04/17 12:0 a.m.•31 views

FreeRADIUS: Denial of service

Background FreeRADIUS is an open source RADIUS authentication server implementation. Description The Coverity Scan project has discovered a memory leak within the handling of certain malformed Diameter format values inside an EAP-TTLS tunnel. Impact A remote attacker could send a large amount of...

5CVSS6.5AI score0.02476EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/01/27 12:0 a.m.•31 views

X.Org X server: Multiple vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple memory corruption vulnerabilities have been found in the ProcDbeGetVisualInfo and the ProcDbeSwapBuffers of the DBE extension, and ProcRenderAddGlyphs in the Render extension. Impac...

10CVSS7.5AI score0.0339EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/01/24 12:0 a.m.•31 views

MIT Kerberos 5: Arbitrary Remote Code Execution

Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description The Kerberos administration daemon, and possibly other applications using the GSS-API or RPC libraries, could potentially call a function pointer in a freed heap buffer, or attempt to fr...

9.3CVSS7.4AI score0.07926EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/01/16 12:0 a.m.•31 views

Mono: Information disclosure

Background Mono provides the necessary software to develop and run .NET client and server applications on various platforms. Description Jose Ramon Palanco has discovered that the System.Web class in the XSP for the ASP.NET server 1.1 through 2.0 in Mono does not properly validate or sanitize loc...

5CVSS6.1AI score0.04958EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/12/20 12:0 a.m.•31 views

Ruby: Denial of Service vulnerability

Background Ruby is a dynamic, open source programming language with a focus on simplicity and productivity. Description The readmultipart function of the CGI library shipped with Ruby cgi.rb does not properly check boundaries in MIME multipart content. This is a different issue than GLSA 200611-1...

5CVSS6.3AI score0.03703EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/12/12 12:0 a.m.•31 views

Trac: Cross-site request forgery

Background Trac is a wiki and issue tracking system for software development projects. Description Trac allows users to perform certain tasks via HTTP requests without performing correct validation on those requests. Impact An attacker could entice an authenticated user to browse to a specially...

7.5CVSS6.6AI score0.02108EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/09/12 12:0 a.m.•31 views

AdPlug: Multiple vulnerabilities

Background AdPlug is a free, cross-platform, and hardware-independent AdLib sound player library. Description AdPlug is vulnerable to buffer and heap overflows when processing the following types of files: CFF, MTK, DMO, U6M, DTM, and S3M. Impact By enticing a user to load a specially crafted fil...

5.1CVSS7.3AI score0.1277EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2006/08/24 12:0 a.m.•31 views

Heartbeat: Denial of service

Background Heartbeat is a component of the High-Availability Linux project. It is used to perform death-of-node detection, communications and cluster management. Description Yan Rong Ge discovered that the peelnetstring function in clnetstring.c does not validate the "length" parameter of user...

5CVSS6.2AI score0.12589EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/10 12:0 a.m.•31 views

Net::Server: Format string vulnerability

Background Net::Server is an extensible, generic Perl server engine. It is used by several Perl applications like Postgrey. Description The log function of Net::Server does not handle format string specifiers properly before they are sent to syslog. Impact By sending a specially crafted datastrea...

5CVSS6.3AI score0.02698EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/10 12:0 a.m.•31 views

WordPress: Privilege escalation

Background WordPress is a PHP and MySQL based multiuser blogging system. Description The WordPress developers have confirmed a vulnerability in capability checking for plugins. Impact By exploiting a flaw, a user can circumvent WordPress access restrictions when using plugins. The actual impact...

10CVSS6.8AI score0.03681EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/07 12:0 a.m.•31 views

shadow: Privilege escalation

Background shadow provides a set of utilities to deal with user accounts. Description When the mailbox is created in useradd, the "open" function does not receive the three arguments it expects while OCREAT is present, which leads to random permissions on the created file, before fchmod is...

3.7CVSS6.2AI score0.00444EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/05/01 12:0 a.m.•31 views

MPlayer: Heap-based buffer overflow

Background MPlayer is a media player that supports many multimedia file types. Description Xfocus Team discovered multiple integer overflows that may lead to a heap-based buffer overflow. Impact An attacker could entice a user to play a specially crafted multimedia file, potentially resulting in...

5.1CVSS7.1AI score0.03443EPSS
Exploits0
Total number of security vulnerabilities3816