Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2007/07/05 12:0 a.m.•31 views

Webmin, Usermin: Cross-site scripting vulnerabilities

Background Webmin is a web-based administrative interface for Unix-like systems. Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Description The pamlogin.cgi file does not properly sanitize user input before sending it back as output t...

4.3CVSS6.7AI score0.01569EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/05/31 12:0 a.m.•31 views

file: Integer overflow

Background file is a utility that guesses a file format by scanning binary data for patterns. Description Colin Percival from FreeBSD reported that the previous fix for the fileprintf buffer overflow introduced a new integer overflow. Impact A remote attacker could entice a user to run the file...

5.1CVSS7.4AI score0.02702EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/04/24 12:0 a.m.•31 views

ClamAV: Multiple vulnerabilities

Background ClamAV is a GPL virus scanner. Description iDefense Labs have reported a stack-based buffer overflow in the cabunstore function when processing negative values in .cab files. Multiple file descriptor leaks have also been reported in chmunpack.c, pdf.c and dblock.c when processing .chm...

7.5CVSS7.4AI score0.05412EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/04/23 12:0 a.m.•31 views

NAS: Multiple vulnerabilities

Background NAS is a network transparent, client/server audio transport system. Description Luigi Auriemma has discovered multiple vulnerabilities in NAS, some of which include a buffer overflow in the function acceptattlocal, an integer overflow in the function ProcAuWriteElement, and a null...

10CVSS7.6AI score0.08015EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2007/04/17 12:0 a.m.•31 views

FreeRADIUS: Denial of service

Background FreeRADIUS is an open source RADIUS authentication server implementation. Description The Coverity Scan project has discovered a memory leak within the handling of certain malformed Diameter format values inside an EAP-TTLS tunnel. Impact A remote attacker could send a large amount of...

5CVSS6.5AI score0.02476EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/01/27 12:0 a.m.•31 views

X.Org X server: Multiple vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple memory corruption vulnerabilities have been found in the ProcDbeGetVisualInfo and the ProcDbeSwapBuffers of the DBE extension, and ProcRenderAddGlyphs in the Render extension. Impac...

10CVSS7.5AI score0.0339EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/01/16 12:0 a.m.•31 views

Mono: Information disclosure

Background Mono provides the necessary software to develop and run .NET client and server applications on various platforms. Description Jose Ramon Palanco has discovered that the System.Web class in the XSP for the ASP.NET server 1.1 through 2.0 in Mono does not properly validate or sanitize loc...

5CVSS6.1AI score0.04958EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/12/20 12:0 a.m.•31 views

Ruby: Denial of Service vulnerability

Background Ruby is a dynamic, open source programming language with a focus on simplicity and productivity. Description The readmultipart function of the CGI library shipped with Ruby cgi.rb does not properly check boundaries in MIME multipart content. This is a different issue than GLSA 200611-1...

5CVSS6.3AI score0.03703EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/12/12 12:0 a.m.•31 views

Trac: Cross-site request forgery

Background Trac is a wiki and issue tracking system for software development projects. Description Trac allows users to perform certain tasks via HTTP requests without performing correct validation on those requests. Impact An attacker could entice an authenticated user to browse to a specially...

7.5CVSS6.6AI score0.02108EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/10/04 12:0 a.m.•31 views

Mozilla Thunderbird: Multiple vulnerabilities

Background The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail component. Description A number of vulnerabilities have been found and fixed in Mozilla Thunderbird. For details please consult the references below. Impact The most severe vulnerabilities might lead to the execution...

10CVSS7AI score0.14074EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/09/28 12:0 a.m.•31 views

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a redesign of the Mozilla Navigator component. The goal is to produce a cross-platform, stand-alone browser application. Description A number of vulnerabilities were found and fixed in Mozilla Firefox. For details please consult the references below. Impact The most...

10CVSS6.8AI score0.14074EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/09/15 12:0 a.m.•31 views

BIND: Denial of service

Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Queries for SIG records will cause an assertion error if more than one SIG RRset is returned. Additionally, an INSIST failure can be triggered by sending multiple recursive...

7.5CVSS8.5AI score0.12551EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/09/12 12:0 a.m.•31 views

AdPlug: Multiple vulnerabilities

Background AdPlug is a free, cross-platform, and hardware-independent AdLib sound player library. Description AdPlug is vulnerable to buffer and heap overflows when processing the following types of files: CFF, MTK, DMO, U6M, DTM, and S3M. Impact By enticing a user to load a specially crafted fil...

5.1CVSS7.3AI score0.1277EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2006/08/24 12:0 a.m.•31 views

Heartbeat: Denial of service

Background Heartbeat is a component of the High-Availability Linux project. It is used to perform death-of-node detection, communications and cluster management. Description Yan Rong Ge discovered that the peelnetstring function in clnetstring.c does not validate the "length" parameter of user...

5CVSS6.2AI score0.12589EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/10 12:0 a.m.•31 views

Net::Server: Format string vulnerability

Background Net::Server is an extensible, generic Perl server engine. It is used by several Perl applications like Postgrey. Description The log function of Net::Server does not handle format string specifiers properly before they are sent to syslog. Impact By sending a specially crafted datastrea...

5CVSS6.3AI score0.02698EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/10 12:0 a.m.•31 views

WordPress: Privilege escalation

Background WordPress is a PHP and MySQL based multiuser blogging system. Description The WordPress developers have confirmed a vulnerability in capability checking for plugins. Impact By exploiting a flaw, a user can circumvent WordPress access restrictions when using plugins. The actual impact...

10CVSS6.8AI score0.03681EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/07 12:0 a.m.•31 views

shadow: Privilege escalation

Background shadow provides a set of utilities to deal with user accounts. Description When the mailbox is created in useradd, the "open" function does not receive the three arguments it expects while OCREAT is present, which leads to random permissions on the created file, before fchmod is...

3.7CVSS6.2AI score0.00444EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/05/01 12:0 a.m.•31 views

MPlayer: Heap-based buffer overflow

Background MPlayer is a media player that supports many multimedia file types. Description Xfocus Team discovered multiple integer overflows that may lead to a heap-based buffer overflow. Impact An attacker could entice a user to play a specially crafted multimedia file, potentially resulting in...

5.1CVSS7.1AI score0.03443EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/04/26 12:0 a.m.•31 views

xine-lib: Buffer overflow vulnerability

Background xine-lib is the xine core engine. xine is a free multimedia player. It plays CDs, DVDs, and VCDs, and can also decode other common multimedia formats. Description Federico L. Bossi Bonin discovered that when handling MPEG streams xine-lib fails to make a proper boundary check of the...

7.5CVSS7AI score0.14637EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/04/22 12:0 a.m.•31 views

Crossfire server: Denial of Service and potential arbitrary code execution

Background Crossfire is a cooperative multiplayer graphical adventure and role-playing game. The Crossfire game server allows various compatible clients to connect to participate in a cooperative game. Description Luigi Auriemma discovered a vulnerability in the Crossfire game server, in the...

6.4CVSS7AI score0.17253EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/04/06 12:0 a.m.•31 views

Doomsday: Format string vulnerability

Background Doomsday is a modern gaming engine for popular ID games like Doom, Heretic and Hexen. Description Luigi Auriemma discovered that Doomsday incorrectly implements formatted printing. Impact A remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of...

7.5CVSS7.5AI score0.13191EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/03/10 12:0 a.m.•31 views

GNU tar: Buffer overflow

Background GNU tar is the standard GNU utility for creating and manipulating tar archives, a common format used for creating backups and distributing files on UNIX-like systems. Description Jim Meyering discovered a flaw in the handling of certain header fields that could result in a buffer...

5.1CVSS8.2AI score0.05053EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/02/26 12:0 a.m.•31 views

GraphicsMagick: Format string vulnerability

Background GraphicsMagick is a collection of tools to read, write and manipulate images in many formats. Description The SetImageInfo function was found vulnerable to a format string mishandling. Daniel Kobras discovered that the handling of "%"-escaped sequences in filenames passed to the functi...

5.1CVSS7.2AI score0.04344EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/02/21 12:0 a.m.•31 views

GPdf: heap overflows in included Xpdf code

Background GPdf is a Gnome PDF viewer. Description Dirk Mueller found a heap overflow vulnerability in the XPdf codebase when handling splash images that exceed size of the associated bitmap. Impact An attacker could entice a user to open a specially crafted PDF file with GPdf, potentially...

7.5CVSS7AI score0.04403EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/01/26 12:0 a.m.•31 views

Gallery: Cross-site scripting vulnerability

Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Peter Schumacher discovered that Gallery fails to...

4.3CVSS6.4AI score0.018EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/01/03 12:0 a.m.•32 views

pinentry: Local privilege escalation

Background pinentry is a collection of simple PIN or passphrase entry dialogs which utilize the Assuan protocol. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that the pinentry ebuild incorrectly sets the permissions of the pinentry binaries upon installation, s...

6.6CVSS6.6AI score0.00389EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/30 12:0 a.m.•31 views

XLI, Xloadimage: Buffer overflow

Background XLI and Xloadimage are X11 image manipulation utilities. Description When XLI or Xloadimage process an image, they create a new image object to contain the new image, copying the title from the old image to the newly created image. Ariel Berkman reported that the 'zoom', 'reduce', and...

5.1CVSS7.1AI score0.04159EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/20 12:0 a.m.•31 views

util-linux: umount command validation error

Background util-linux is a suite of useful Linux programs including umount, a program used to unmount filesystems. Description When a regular user mounts a filesystem, they are subject to restrictions in the /etc/fstab configuration file. David Watson discovered that when unmounting a filesystem...

7.2CVSS6.9AI score0.00426EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/19 12:0 a.m.•31 views

Adobe Reader: Buffer Overflow

Background Adobe Reader is a utility used to view PDF files. Description A buffer overflow has been reported within a core application plug-in, which is part of Adobe Reader. Impact An attacker may create a specially-crafted PDF file, enticing a user to open it. This could trigger a buffer overfl...

7.5CVSS7AI score0.13245EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/30 12:0 a.m.•31 views

AMD64 x86 emulation base libraries: Buffer overflow

Background The x86 emulation base libraries for AMD64 emulate the x86 32-bit architecture on the AMD64 64-bit architecture. Description Earlier versions of emul-linux-x86-baselibs contain a vulnerable version of zlib, which may lead to a buffer overflow. Impact By creating a specially crafted...

7.5CVSS9.8AI score0.05476EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2005/06/09 12:0 a.m.•31 views

libextractor: Multiple overflow vulnerabilities

Background libextractor is a library used to extract meta-data from files. It makes use of Xpdf code to extract information from PDF files. Description Xpdf is vulnerable to multiple overflows, as described in GLSA 200501-28. Also, integer overflows were discovered in Real and PNG extractors...

7.5CVSS6.9AI score0.07217EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/05/14 12:0 a.m.•31 views

phpBB: Cross-Site Scripting Vulnerability

Background phpBB is an Open Source bulletin board package. Description phpBB is vulnerable to a cross-site scripting vulnerability due to improper sanitization of user supplied input. Coupled with poor validation of BBCode URLs which may be included in a forum post, an unsuspecting user may follo...

2.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/13 12:0 a.m.•31 views

JunkBuster: Multiple vulnerabilities

Background JunkBuster is a filtering HTTP proxy, designed to enhance privacy and remove unwanted content. Description James Ranson reported a vulnerability when JunkBuster is configured to run in single-threaded mode, an attacker can modify the referrer setting by getting a victim to request a...

7.5CVSS6.8AI score0.03312EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/20 12:0 a.m.•31 views

Sylpheed, Sylpheed-claws: Message reply overflow

Background Sylpheed is a lightweight email client and newsreader. Sylpheed-claws is a 'bleeding edge' version of Sylpheed. Description Sylpheed and Sylpheed-claws fail to properly handle non-ASCII characters in email headers when composing reply messages. Impact An attacker can send an email...

5.1CVSS7AI score0.03246EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/01 12:0 a.m.•31 views

phpWebSite: Arbitrary PHP execution and path disclosure

Background phpWebSite provides a complete web site content management system. Description NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable to a path disclosure. Impact A remote...

7.5CVSS7.2AI score0.021EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/01/16 12:0 a.m.•31 views

Squid: Multiple vulnerabilities

Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Squid contains a...

10CVSS7.1AI score0.68776EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2004/11/24 12:0 a.m.•31 views

TWiki: Arbitrary command execution

Background TWiki is a Web-based groupware tool based around the concept of wiki pages that can be edited by anybody with a Web browser. Description The TWiki search function, which uses a shell command executed via the Perl backtick operator, does not properly escape shell metacharacters in the...

10CVSS6.9AI score0.61668EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2004/11/19 12:0 a.m.•31 views

X.Org, XFree86: libXpm vulnerabilities

Background libXpm is a pixmap manipulation library for the X Window System, included in both X.Org and XFree86. Description Several issues were discovered in libXpm, including integer overflows, out-of-bounds memory accesses, insecure path traversal and an endless loop. Impact An attacker could...

10CVSS7.1AI score0.08698EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/06 12:0 a.m.•31 views

Gallery: Cross-site scripting vulnerability

Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Jim Paris has discovered a cross-site scripting...

6.8CVSS3.3AI score0.01477EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/25 12:0 a.m.•31 views

MIT krb5: Insecure temporary file use in send-pr.sh

Background MIT krb5 is the free implementation of the Kerberos network authentication protocol written by the Massachusetts Institute of Technology. Description The send-pr.sh script creates temporary files in world-writeable directories with predictable names. Impact A local attacker could creat...

2.1CVSS6.4AI score0.00328EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/20 12:0 a.m.•31 views

OpenOffice.org: Temporary files disclosure

Background OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. Description On start-up, OpenOffice.org 1.1.2 creates a temporary directory with insecure permissions. When ...

2.1CVSS6AI score0.00559EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/10/18 12:0 a.m.•31 views

phpMyAdmin: Vulnerability in MIME-based transformation system

Background phpMyAdmin is a popular web-based MySQL administration tool written in PHP. It allows users to browse and administer a MySQL database from a web-browser. Transformations are a phpMyAdmin feature allowing plug-ins to rewrite the contents of any column seen in phpMyAdmin's Browsing mode,...

7.5CVSS1.7AI score0.02926EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/22 12:0 a.m.•31 views

xine-lib: Multiple vulnerabilities

Background xine-lib is a multimedia library which can be utilized to create multimedia frontends. Description xine-lib contains two stack-based overflows and one heap-based overflow. In the code reading VCD disc labels, the ISO disc label is copied into an unprotected stack buffer of fixed size...

7.5CVSS4.8AI score0.08374EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/12 12:0 a.m.•31 views

Webmin, Usermin: Multiple vulnerabilities in Usermin

Background Webmin and Usermin are web-based system administration consoles. Webmin allows an administrator to easily configure servers and other features. Usermin allows users to configure their own accounts, execute commands, and read e-mail. The Usermin functionality, including webmail, is also...

7.5CVSS7.2AI score0.03608EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/09/01 12:0 a.m.•31 views

MySQL: Insecure temporary file creation in mysqlhotcopy

Background MySQL is a popular open-source multi-threaded, multi-user SQL database server. Description Jeroen van Wolffelaar discovered that the MySQL database hot copy utility mysqlhotcopy.sh, when using the scp method, uses temporary files with predictable names. A malicious local user with writ...

4.6CVSS6.7AI score0.00515EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/07/12 12:0 a.m.•31 views

rsync: Directory traversal in rsync daemon

Background rsync is a utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens to connections from rsync clients. Description When rsyncd is used...

5CVSS6.3AI score0.03404EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/06/30 12:0 a.m.•31 views

Pavuk: Remote buffer overflow

Background Pavuk is web spider and website mirroring tool. Description When Pavuk connects to a web server and the server sends back the HTTP status code 305 Use Proxy, Pavuk copies data from the HTTP Location header in an unsafe manner. Impact An attacker could cause a stack-based buffer overflo...

7.6CVSS7.4AI score0.0292EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/05/18 12:0 a.m.•31 views

Pound format string vulnerability

Background Pound is a reverse proxy, load balancer and HTTPS front-end. It allows to distribute the load on several web servers and offers a SSL wrapper for web servers that do not support SSL directly. Description A format string flaw in the processing of syslog messages was discovered and...

7.5CVSS1AI score0.0664EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/04/07 12:0 a.m.•31 views

ClamAV RAR Archive Remote Denial Of Service Vulnerability

Background From http://www.clamav.net/ : "Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for...

2.6CVSS0.9AI score0.01406EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/12/08 12:0 a.m.•30 views

HashiCorp Consul: Multiple Vulnerabilities

Background HashiCorp Consul is a tool for service discovery, monitoring and configuration. Description Multiple vulnerabilities have been discovered in HashiCorp Consul. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

8.7CVSS8.5AI score0.99999EPSS
Exploits19
Total number of security vulnerabilities3816