Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2006/04/22 12:0 a.m.•31 views

Crossfire server: Denial of Service and potential arbitrary code execution

Background Crossfire is a cooperative multiplayer graphical adventure and role-playing game. The Crossfire game server allows various compatible clients to connect to participate in a cooperative game. Description Luigi Auriemma discovered a vulnerability in the Crossfire game server, in the...

6.4CVSS7AI score0.17253EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/03/10 12:0 a.m.•31 views

GNU tar: Buffer overflow

Background GNU tar is the standard GNU utility for creating and manipulating tar archives, a common format used for creating backups and distributing files on UNIX-like systems. Description Jim Meyering discovered a flaw in the handling of certain header fields that could result in a buffer...

5.1CVSS8.2AI score0.05053EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/02/26 12:0 a.m.•31 views

GraphicsMagick: Format string vulnerability

Background GraphicsMagick is a collection of tools to read, write and manipulate images in many formats. Description The SetImageInfo function was found vulnerable to a format string mishandling. Daniel Kobras discovered that the handling of "%"-escaped sequences in filenames passed to the functi...

5.1CVSS7.2AI score0.04344EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/02/21 12:0 a.m.•31 views

GPdf: heap overflows in included Xpdf code

Background GPdf is a Gnome PDF viewer. Description Dirk Mueller found a heap overflow vulnerability in the XPdf codebase when handling splash images that exceed size of the associated bitmap. Impact An attacker could entice a user to open a specially crafted PDF file with GPdf, potentially...

7.5CVSS7AI score0.04403EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/02/06 12:0 a.m.•31 views

Apache: Multiple vulnerabilities

Background The Apache HTTP server is one of the most popular web servers on the Internet. modimap provides support for server-side image maps; modssl provides secure HTTP connections. Description Apache's modimap fails to properly sanitize the "Referer" directive of imagemaps in some cases, leavi...

5.4CVSS9.4AI score0.73692EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/01/26 12:0 a.m.•31 views

Gallery: Cross-site scripting vulnerability

Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Peter Schumacher discovered that Gallery fails to...

4.3CVSS6.4AI score0.01843EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/01/03 12:0 a.m.•32 views

pinentry: Local privilege escalation

Background pinentry is a collection of simple PIN or passphrase entry dialogs which utilize the Assuan protocol. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that the pinentry ebuild incorrectly sets the permissions of the pinentry binaries upon installation, s...

6.6CVSS6.6AI score0.00389EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/30 12:0 a.m.•31 views

XLI, Xloadimage: Buffer overflow

Background XLI and Xloadimage are X11 image manipulation utilities. Description When XLI or Xloadimage process an image, they create a new image object to contain the new image, copying the title from the old image to the newly created image. Ariel Berkman reported that the 'zoom', 'reduce', and...

5.1CVSS7.1AI score0.04159EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/22 12:0 a.m.•31 views

cURL: NTLM username stack overflow

Background cURL is a command line tool and library for transferring files via many different protocols. It supports NTLM authentication to retrieve files from Windows-based systems. Description iDEFENSE reported that insufficient bounds checking on a memcpy of the supplied NTLM username can resul...

7.5CVSS7.2AI score0.05188EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/17 12:0 a.m.•31 views

Lynx: Buffer overflow in NNTP processing

Background Lynx is a text-mode browser for the World Wide Web. It supports multiple URL types, including HTTP and NNTP URLs. Description When accessing a NNTP URL, Lynx connects to a NNTP server and retrieves information about the available articles in the target newsgroup. Ulf Harnhammar...

9.8CVSS7.4AI score0.23257EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/20 12:0 a.m.•31 views

util-linux: umount command validation error

Background util-linux is a suite of useful Linux programs including umount, a program used to unmount filesystems. Description When a regular user mounts a filesystem, they are subject to restrictions in the /etc/fstab configuration file. David Watson discovered that when unmounting a filesystem...

7.2CVSS6.9AI score0.00426EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/19 12:0 a.m.•31 views

Adobe Reader: Buffer Overflow

Background Adobe Reader is a utility used to view PDF files. Description A buffer overflow has been reported within a core application plug-in, which is part of Adobe Reader. Impact An attacker may create a specially-crafted PDF file, enticing a user to open it. This could trigger a buffer overfl...

7.5CVSS7AI score0.13245EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/25 12:0 a.m.•31 views

fetchmail: Buffer Overflow

Background fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. Description fetchmail does not properly validate UIDs coming from a POP3 mail server. The UID is placed in a fixed length buffer on the stack, which can be overflown. Impac...

5CVSS7AI score0.05882EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/06/09 12:0 a.m.•31 views

libextractor: Multiple overflow vulnerabilities

Background libextractor is a library used to extract meta-data from files. It makes use of Xpdf code to extract information from PDF files. Description Xpdf is vulnerable to multiple overflows, as described in GLSA 200501-28. Also, integer overflows were discovered in Real and PNG extractors...

7.5CVSS6.9AI score0.07217EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/05/14 12:0 a.m.•31 views

phpBB: Cross-Site Scripting Vulnerability

Background phpBB is an Open Source bulletin board package. Description phpBB is vulnerable to a cross-site scripting vulnerability due to improper sanitization of user supplied input. Coupled with poor validation of BBCode URLs which may be included in a forum post, an unsuspecting user may follo...

2.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/13 12:0 a.m.•31 views

JunkBuster: Multiple vulnerabilities

Background JunkBuster is a filtering HTTP proxy, designed to enhance privacy and remove unwanted content. Description James Ranson reported a vulnerability when JunkBuster is configured to run in single-threaded mode, an attacker can modify the referrer setting by getting a victim to request a...

7.5CVSS6.8AI score0.03312EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/20 12:0 a.m.•31 views

Sylpheed, Sylpheed-claws: Message reply overflow

Background Sylpheed is a lightweight email client and newsreader. Sylpheed-claws is a 'bleeding edge' version of Sylpheed. Description Sylpheed and Sylpheed-claws fail to properly handle non-ASCII characters in email headers when composing reply messages. Impact An attacker can send an email...

5.1CVSS7AI score0.03246EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/01 12:0 a.m.•31 views

phpWebSite: Arbitrary PHP execution and path disclosure

Background phpWebSite provides a complete web site content management system. Description NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable to a path disclosure. Impact A remote...

7.5CVSS7.2AI score0.021EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/02/28 12:0 a.m.•31 views

MediaWiki: Multiple vulnerabilities

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description A security audit of the MediaWiki project discovered that MediaWiki is vulnerable to several cross-site scripting and cross-site request forgery attacks, and that the image deletion code doe...

7.5CVSS6.4AI score0.0193EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/16 12:0 a.m.•31 views

Squid: Multiple vulnerabilities

Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Squid contains a...

10CVSS7.1AI score0.68776EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2005/01/05 12:0 a.m.•31 views

mit-krb5: Heap overflow in libkadm5srv

Background MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description The MIT Kerberos 5 administration library libkadm5srv contains a heap overflow in the code handling password changing. Impact Under specific...

7.2CVSS3.1AI score0.00734EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/24 12:0 a.m.•31 views

TWiki: Arbitrary command execution

Background TWiki is a Web-based groupware tool based around the concept of wiki pages that can be edited by anybody with a Web browser. Description The TWiki search function, which uses a shell command executed via the Perl backtick operator, does not properly escape shell metacharacters in the...

10CVSS6.9AI score0.61668EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2004/11/19 12:0 a.m.•31 views

X.Org, XFree86: libXpm vulnerabilities

Background libXpm is a pixmap manipulation library for the X Window System, included in both X.Org and XFree86. Description Several issues were discovered in libXpm, including integer overflows, out-of-bounds memory accesses, insecure path traversal and an endless loop. Impact An attacker could...

10CVSS7.1AI score0.08698EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/08 12:0 a.m.•31 views

OpenSSL, Groff: Insecure tempfile handling

Background OpenSSL is a toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols as well as a general-purpose cryptography library. It includes the derchop script, which is used to convert DER-encoded certificates to PEM format. Groff GNU Troff is a typesetting package...

2.1CVSS6AI score0.00415EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/06 12:0 a.m.•31 views

Gallery: Cross-site scripting vulnerability

Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Jim Paris has discovered a cross-site scripting...

6.8CVSS3.3AI score0.01477EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/25 12:0 a.m.•31 views

MIT krb5: Insecure temporary file use in send-pr.sh

Background MIT krb5 is the free implementation of the Kerberos network authentication protocol written by the Massachusetts Institute of Technology. Description The send-pr.sh script creates temporary files in world-writeable directories with predictable names. Impact A local attacker could creat...

2.1CVSS6.4AI score0.00328EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/20 12:0 a.m.•31 views

OpenOffice.org: Temporary files disclosure

Background OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. Description On start-up, OpenOffice.org 1.1.2 creates a temporary directory with insecure permissions. When ...

2.1CVSS6AI score0.00559EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/10/18 12:0 a.m.•31 views

phpMyAdmin: Vulnerability in MIME-based transformation system

Background phpMyAdmin is a popular web-based MySQL administration tool written in PHP. It allows users to browse and administer a MySQL database from a web-browser. Transformations are a phpMyAdmin feature allowing plug-ins to rewrite the contents of any column seen in phpMyAdmin's Browsing mode,...

7.5CVSS1.7AI score0.02926EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/13 12:0 a.m.•31 views

Samba: Denial of Service vulnerabilities

Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. smbd and nmbd are two daemons used by the Samba server. Description There is a defect in smbd's ASN.1 parsing. A bad packet received during t...

5CVSS6.5AI score0.05498EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/12 12:0 a.m.•31 views

Webmin, Usermin: Multiple vulnerabilities in Usermin

Background Webmin and Usermin are web-based system administration consoles. Webmin allows an administrator to easily configure servers and other features. Usermin allows users to configure their own accounts, execute commands, and read e-mail. The Usermin functionality, including webmail, is also...

7.5CVSS7.2AI score0.03608EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/09/01 12:0 a.m.•31 views

MySQL: Insecure temporary file creation in mysqlhotcopy

Background MySQL is a popular open-source multi-threaded, multi-user SQL database server. Description Jeroen van Wolffelaar discovered that the MySQL database hot copy utility mysqlhotcopy.sh, when using the scp method, uses temporary files with predictable names. A malicious local user with writ...

4.6CVSS6.7AI score0.00515EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/07/12 12:0 a.m.•31 views

rsync: Directory traversal in rsync daemon

Background rsync is a utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens to connections from rsync clients. Description When rsyncd is used...

5CVSS6.3AI score0.03404EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/05/20 12:0 a.m.•31 views

Buffer overflow in Subversion

Background Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture where the server can be an Apache server running modsvn, or an ssh program as in CVS's :ext: method. In addition to supporting the features found in CVS,...

7.5CVSS7.2AI score0.7525EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2004/05/18 12:0 a.m.•31 views

Pound format string vulnerability

Background Pound is a reverse proxy, load balancer and HTTPS front-end. It allows to distribute the load on several web servers and offers a SSL wrapper for web servers that do not support SSL directly. Description A format string flaw in the processing of syslog messages was discovered and...

7.5CVSS1AI score0.0664EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/04/07 12:0 a.m.•31 views

ClamAV RAR Archive Remote Denial Of Service Vulnerability

Background From http://www.clamav.net/ : "Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for...

2.6CVSS0.9AI score0.01406EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2025/07/22 12:0 a.m.•30 views

Roundcube: Multiple Vulnerabilities

Background Free and open source webmail software for the masses, written in PHP. Description Multiple vulnerabilities have been discovered in Roundcube. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...

9.8CVSS7.6AI score0.42751EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/12/08 12:0 a.m.•30 views

HashiCorp Consul: Multiple Vulnerabilities

Background HashiCorp Consul is a tool for service discovery, monitoring and configuration. Description Multiple vulnerabilities have been discovered in HashiCorp Consul. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

8.7CVSS8.5AI score0.99999EPSS
Exploits19
Gentoo Linux
Gentoo Linux
•added 2024/08/10 12:0 a.m.•30 views

Bundler: Multiple Vulnerabilities

Background Bundler provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed. Description Multiple vulnerabilities have been discovered in Bundler. Please review the CVE identifiers referenced below for details. Impact Please review...

9.3CVSS7.5AI score0.06307EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2024/07/24 12:0 a.m.•30 views

ExifTool: Multiple vulnerabilities

Background ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. Description Multiple vulnerabilities have been discovered in ExifTool. Please review the CVE identifiers referenced below for...

7.8CVSS7.3AI score0.99981EPSS
Exploits44
Gentoo Linux
Gentoo Linux
•added 2024/07/01 12:0 a.m.•30 views

cryptography: Multiple Vulnerabilities

Background cryptography is a package which provides cryptographic recipes and primitives to Python developers. Description Multiple vulnerabilities have been discovered in cryptography. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.1CVSS7.7AI score0.06718EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2024/07/01 12:0 a.m.•30 views

GNU Emacs, Org Mode: Multiple Vulnerabilities

Background GNU Emacs is a highly extensible and customizable text editor. Description Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

9.8CVSS7.6AI score0.01639EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/05/12 12:0 a.m.•30 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

8.8CVSS7.6AI score0.00937EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2024/05/05 12:0 a.m.•30 views

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.8CVSS7.1AI score0.00937EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2024/02/26 12:0 a.m.•30 views

GNU Aspell: Heap Buffer Overflow

Background GNU Aspell is a popular spell-checker. Dictionaries are available for many languages. Description Multiple vulnerabilities have been discovered in GNU Aspell. Please review the CVE identifiers referenced below for details. Impact GNU Aspell has a heap-based buffer overflow in...

7.8CVSS7.8AI score0.00549EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/01/17 12:0 a.m.•30 views

OpenJDK: Multiple Vulnerabilities

Background OpenJDK is an open source implementation of the Java programming language. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

9.8CVSS7.6AI score0.17673EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2024/01/10 12:0 a.m.•30 views

FAAD2: Multiple Vulnerabilities

Background FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder. Description Multiple vulnerabilities have been discovered in FAAD2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

6.5CVSS7.7AI score0.00898EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2023/05/03 12:0 a.m.•30 views

AtomicParsley: Multiple Vulnerabilities

Background AtomicParsley is a command line program for manipulating iTunes-style metadata in MPEG4 files. Description Multiple vulnerabilities have been discovered in AtomicParsley. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers...

9.8CVSS9.6AI score0.02155EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2021/04/30 12:0 a.m.•30 views

X.Org X Server: Privilege escalation

Background The X Window System is a graphical windowing system based on a client/server model. Description It was discovered that X.Org X Server did not sufficiently check the length of the XInput extension’s ChangeFeedbackControl request. Impact An authorized attacker could possibly escalate...

7.8CVSS7.9AI score0.0105EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2018/04/08 12:0 a.m.•30 views

mailx: Multiple vulnerabilities

Background A utility program for sending and receiving mail, also known as a Mail User Agent program. Description Multiple vulnerabilities have been discovered in mailx. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary commands...

7.8CVSS8.5AI score0.06858EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2018/03/26 12:0 a.m.•30 views

PLIB: User-assisted execution of arbitrary code

Background PLIB includes sound effects, music, a complete 3D engine, font rendering, a simple Windowing library, a game scripting language, a GUI, networking, 3D math library and a collection of handy utility functions. Description A stack-based buffer overflow within the error function of...

6.8CVSS7.5AI score0.09968EPSS
Exploits0
Total number of security vulnerabilities3816