Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2012/01/30 12:0 a.m.•30 views

bip: Multiple vulnerabilities

Background bip is a multi-user IRC proxy with SSL support. Description Multiple vulnerabilities have been discovered in bip: Uli Schlachter reported that bip does not properly handle invalid data during authentication, resulting in a daemon crash CVE-2010-3071. Julien Tinnes reported that bip doe...

6.5CVSS8.2AI score0.03335EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2011/11/11 12:0 a.m.•30 views

OpenTTD: Multiple vulnerabilities

Background OpenTTD is a clone of Transport Tycoon Deluxe. Description Multiple vulnerabilities have been discovered in OpenTTD. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code with the privileges of the OpenTTD process or cause...

7.5CVSS7.5AI score0.05007EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2011/01/15 12:0 a.m.•30 views

libvpx: User-assisted execution of arbitrary code

Background libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Description libvpx is vulnerable to an integer overflow vulnerability when processing crafted VP8 video streams. Impact A remote attacker could entice a user to open a...

10CVSS9.5AI score0.04569EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2010/09/02 12:0 a.m.•30 views

wxGTK: User-assisted execution of arbitrary code

Background wxGTK is the GTK+ version of wxWidgets, a cross-platform C++ GUI toolkit. Description wxGTK is prone to an integer overflow error in the wxImage::Create function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Impact A remote attacker might entice a user to...

6.8CVSS7.2AI score0.02816EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/09/13 12:0 a.m.•30 views

ZNC: Directory traversal

Background ZNC is an advanced IRC bouncer. Description The vendor reported a directory traversal vulnerability when processing DCC SEND requests. Impact A remote, authenticated user could send a specially crafted DCC SEND request to overwrite arbitrary files with the privileges of the user runnin...

7.5CVSS7AI score0.02918EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/09/12 12:0 a.m.•30 views

Lynx: Arbitrary command execution

Background Lynx is a fully-featured WWW client for users running cursor-addressable, character-cell display devices such as vt100 terminals and terminal emulators. Description Clint Ruoho reported that the fix for CVE-2005-2929 GLSA 200511-09 only disabled the lynxcgi:// handler when not using th...

10CVSS7.1AI score0.0506EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/08/18 12:0 a.m.•30 views

DokuWiki: Local file inclusion

Background DokuWiki is a standards compliant Wiki system written in PHP. Description girex reported that data from the "configcascade" parameter in inc/init.php is not properly sanitized before being used. Impact A remote attacker could exploit this vulnerability to execute PHP code from arbitrar...

9.3CVSS6.6AI score0.23157EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/06/29 12:0 a.m.•30 views

Apache Tomcat JK Connector: Information disclosure

Background The Apache Tomcat JK Connector aka modjk connects the Tomcat application server with the Apache HTTP Server. Description The Red Hat Security Response Team discovered that modjk does not properly handle 1 requests setting the "Content-Length" header while not providing data and 2 clien...

2.6CVSS7.4AI score0.07263EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/04/16 12:0 a.m.•30 views

mpg123: User-assisted execution of arbitrary code

Background mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and 3. Description The vendor reported a signedness error in the storeid3text function in id3.c, allowing for out-of-bounds memory access. Impact A remote attacker could entice a user to open an MPEG-1 Audio Layer 3 MP3...

10CVSS7AI score0.05437EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/04/07 12:0 a.m.•30 views

Xpdf: Untrusted search path

Background Xpdf is a PDF file viewer that runs under the X Window System. Description Erik Wallin reported that Gentoo's Xpdf attempts to read the "xpdfrc" file from the current working directory if it cannot find a ".xpdfrc" file in the user's home directory. This is caused by a missing definiti...

6.9CVSS6.6AI score0.004EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/03/23 12:0 a.m.•30 views

Muttprint: Insecure temporary file usage

Background Muttprint formats the output of mail clients to a good-looking printing using LaTeX. Description Dmitry E. Oboukhov reported an insecure usage of the temporary file "/tmp/muttprint.log" in the muttprint script. Impact A local attacker could perform symlink attacks to overwrite arbitrar...

6.9CVSS6.3AI score0.00286EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/03/10 12:0 a.m.•30 views

Shadow: Privilege escalation

Background Shadow is a set of tools to deal with user accounts. Description Paul Szabo reported a race condition in the "login" executable when setting up tty permissions. Impact A local attacker belonging to the "utmp" group could use symlink attacks to overwrite arbitrary files and possibly gai...

7.2CVSS6.4AI score0.00949EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/01/12 12:0 a.m.•30 views

Online-Bookmarks: Multiple vulnerabilities

Background Online-Bookmarks is a web-based bookmark management system to store your bookmarks, favorites and links. Description The following vulnerabilities were reported: Authentication bypass when directly requesting certain pages CVE-2004-2155. Insufficient input validation in the login...

7.5CVSS7.3AI score0.01869EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/12/10 12:0 a.m.•30 views

Archive::Tar: Directory traversal vulnerability

Background Archive::Tar is a Perl module for creation and manipulation of tar files. Description Jonathan Smith of rPath reported that Archive::Tar does not check for ".." in file names. Impact A remote attacker could entice a user or automated system to extract a specially crafted tar archive,...

6.8CVSS6.5AI score0.04322EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/12/02 12:0 a.m.•30 views

IPsec-Tools: racoon Denial of service

Background IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Description Two Denial of Service vulnerabilities have been reported in racoon: The vendor reported a memory leak in...

7.8CVSS8.1AI score0.03435EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/12/02 12:0 a.m.•30 views

libxml2: Multiple vulnerabilities

Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the Gnome project. Description Multiple vulnerabilities were reported in libxml2: Andreas Solberg reported that libxml2 does not properly detect recursion during entity expansion in an attribute...

10CVSS8.1AI score0.23373EPSS
Exploits13
Gentoo Linux
Gentoo Linux
•added 2008/10/30 12:0 a.m.•30 views

libspf2: DNS response buffer overflow

Background libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Currently, only the exim MTA uses libspf2 in Gentoo. Description libspf2 uses a fixed-length buffer to...

10CVSS6.8AI score0.2225EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/08/06 12:0 a.m.•30 views

Wireshark: Denial of service

Background Wireshark is a network protocol analyzer with a graphical front-end. Description Multiple vulnerabilities related to memory management were discovered in the GSM SMS dissector CVE-2008-3137, the PANA and KISMET dissectors CVE-2008-3138, the RTMPT dissector CVE-2008-3139, the syslog...

5CVSS6.5AI score0.04946EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/05/09 12:0 a.m.•30 views

Firebird: Data disclosure

Background Firebird is a multi-platform, open source relational database. Description Viesturs reported that the default configuration for Gentoo's init script "/etc/conf.d/firebird" sets the "ISCPASSWORD" environment variable when starting Firebird. It will be used when no password is supplied b...

5CVSS6.6AI score0.0212EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/03/18 12:0 a.m.•30 views

MoinMoin: Multiple vulnerabilities

Background MoinMoin is an advanced, easy to use and extensible Wiki Engine. Description Multiple vulnerabilities have been discovered: A vulnerability exists in the file wikimacro.py because the macroGetval function does not properly enforce ACLs CVE-2008-1099. A directory traversal vulnerability...

5CVSS6.8AI score0.14787EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/01/29 12:0 a.m.•30 views

Netkit FTP Server: Denial of service

Background net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL support. Description Venustech AD-LAB discovered that an FTP client connected to a vulnerable server with passive mode and SSL support can trigger an fclose function call on an uninitialized stream in ftpd.c. Impact A...

9.3CVSS6.3AI score0.02479EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/12/29 12:0 a.m.•30 views

libexif: Multiple vulnerabilities

Background libexif is a library for parsing, editing and saving Exif metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered an integer overflow vulnerability in t...

6.8CVSS7.4AI score0.02727EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/12/09 12:0 a.m.•30 views

Cairo: User-assisted execution of arbitrary code

Background Cairo is a 2D vector graphics library with cross-device output support. Description Multiple integer overflows were reported, one of which Peter Valchev Google Security found to be leading to a heap-based buffer overflow in the cairoimagesurfacecreatefrompng function that processes PNG...

6.8CVSS7.3AI score0.05486EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/11/14 12:0 a.m.•30 views

Pioneers: Multiple Denials of Service

Background Pioneers formerly gnocatan is a clone of the popular board game "The Settlers of Catan". Description Roland Clobus discovered that the Pioneers server may free sessions objects while they are still in use, resulting in access to invalid memory zones CVE-2007-5933. Bas Wijnen discovered...

7.8CVSS6.4AI score0.02022EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/10/14 12:0 a.m.•30 views

KDM: Local privilege escalation

Background KDM is the Display Manager for the graphical desktop environment KDE. It is part of the kdebase package. Description Kees Huijgen discovered an error when checking the credentials which can lead to a login without specifying a password. This only occurs when auto login is configured fo...

6.8CVSS7.1AI score0.01015EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/09/15 12:0 a.m.•30 views

GNU Tar: Directory traversal vulnerability

Background The GNU Tar program provides the ability to create tar archives, as well as various other kinds of manipulation. Description Dmitry V. Levin discovered a directory traversal vulnerability in the containsdotdot function in file src/names.c. Impact By enticing a user to extract a special...

6.8CVSS7.4AI score0.02743EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/07/03 12:0 a.m.•30 views

GNU C Library: Integer overflow

Background The GNU C library is the standard C library used by Gentoo Linux systems. It provides programs with basic facilities and interfaces to system calls. ld.so is the dynamic linker which prepares dynamically linked programs for execution by resolving runtime dependencies and related...

7.2CVSS7AI score0.00454EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/05/20 12:0 a.m.•30 views

PPTPD: Denial of Service attack

Background PPTPD is a Point-to-Point Tunnelling Protocol Daemon for Linux. Description James Cameron from HP has reported a vulnerability in PPTPD caused by malformed GRE packets. Impact A remote attacker could exploit this vulnerability to cause a Denial of Service on the PPTPD connection...

5CVSS6.3AI score0.02312EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/04/06 12:0 a.m.•30 views

Evince: Stack overflow in included gv code

Background Evince is a document viewer for multiple document formats, including PostScript. Description Evince includes code from GNU gv that does not properly boundary check user-supplied data before copying it into process buffers. Impact An attacker could entice a user to open a specially...

5.1CVSS7.2AI score0.14838EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/03/16 12:0 a.m.•30 views

Asterisk: SIP Denial of service

Background Asterisk is an open source implementation of a telephone private branch exchange PBX. Description The MU Security Research Team discovered that Asterisk contains a NULL-pointer dereferencing error in the SIP channel when handling request messages. Impact A remote attacker could cause a...

7.8CVSS6.3AI score0.20274EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/01/24 12:0 a.m.•30 views

MIT Kerberos 5: Arbitrary Remote Code Execution

Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description The Kerberos administration daemon, and possibly other applications using the GSS-API or RPC libraries, could potentially call a function pointer in a freed heap buffer, or attempt to fr...

9.3CVSS7.4AI score0.07926EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/01/03 12:0 a.m.•30 views

DenyHosts: Denial of service

Background DenyHosts is designed to monitor SSH servers for repeated failed login attempts. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that DenyHosts used an incomplete regular expression to parse failed login attempts. Impact A remote unauthenticated attacker ca...

5CVSS6.7AI score0.01871EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/12/09 12:0 a.m.•30 views

xine-lib: Buffer overflow

Background xine is a portable and reusable multimedia playback engine. xine-lib is xine's core engine. Description A possible buffer overflow has been reported in the Real Media input plugin. Impact An attacker could exploit this vulnerability by enticing a user into loading a specially crafted...

7.5CVSS7.2AI score0.05346EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/11/27 12:0 a.m.•30 views

Kile: Incorrect backup file permission

Background Kile is a TeX/LaTeX editor for KDE. Description Kile fails to set the same permissions on backup files as on the original file. This is similar to CVE-2005-1920. Impact A kile user may inadvertently grant access to sensitive information. Workaround There is no known workaround at this...

7.5CVSS6.3AI score0.0367EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/20 12:0 a.m.•30 views

Ruby: Denial of Service vulnerability

Background Ruby is a dynamic, open source programming language with a focus on simplicity and productivity. Description Zed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported that the CGI library shipped with Ruby is vulnerable to a remote Denial of Service by an unauthenticated...

5CVSS6.6AI score0.04071EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/10/04 12:0 a.m.•30 views

Adobe Flash Player: Arbitrary code execution

Background The Adobe Flash Player is a renderer for Flash files - commonly used to provide interactive websites, digital experiences and mobile content. Description The Adobe Flash Player contains multiple unspecified vulnerabilities. Impact An attacker could entice a user to view a malicious Fla...

5.1CVSS7.3AI score0.16606EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/08/10 12:0 a.m.•30 views

MIT Kerberos 5: Multiple local privilege escalation vulnerabilities

Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Description Unchecked calls to setuid in krshd and v4rcp, as well as unchecked calls ...

7.2CVSS7.4AI score0.00528EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/07/28 12:0 a.m.•30 views

TunePimp: Buffer overflow

Background The TunePimp library also referred to as libtunepimp is a development library geared towards developers who wish to create MusicBrainz enabled tagging applications. Description Kevin Kofler has reported a vulnerability where three stack variables are allocated with 255, 255 and 100 byt...

5.1CVSS7AI score0.04465EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/15 12:0 a.m.•30 views

Sendmail: Denial of service

Background Sendmail is a popular mail transfer agent MTA. Description Frank Sheiness discovered that the mime8to7 function can recurse endlessly during the decoding of multipart MIME messages until the stack of the process is filled and the process crashes. Impact By sending specially crafted...

5CVSS6.2AI score0.05173EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/11 12:0 a.m.•30 views

JPEG library: Denial of service

Background The JPEG library is able to load, handle and manipulate images in the JPEG format. Description Tavis Ormandy of the Gentoo Linux Auditing Team discovered that the vulnerable JPEG library ebuilds compile JPEG without the --maxmem feature which is not recommended. Impact By enticing a us...

5CVSS8.9AI score0.01863EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/07 12:0 a.m.•30 views

Pound: HTTP request smuggling

Background Pound is a reverse proxy, load balancer and HTTPS front-end. It allows to distribute the load on several web servers and offers a SSL wrapper for web servers that do not support SSL directly. Description Pound fails to handle HTTP requests with conflicting "Content-Length" and...

4.3CVSS9.1AI score0.01472EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/05/02 12:0 a.m.•30 views

phpWebSite: Local file inclusion

Background phpWebSite provides a complete web site content management system. Description rgod has reported that the "hubdir" parameter in "index.php" isn't properly verified. When "magicquotesgpc" is disabled, this can be exploited to include arbitrary files from local ressources. Impact If...

7.5CVSS6.3AI score0.03875EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/03/23 12:0 a.m.•30 views

NetHack, Slash'EM, Falcon's Eye: Local privilege escalation

Background NetHack is the classic single player dungeon exploration game. Slash'EM and Falcon's Eye are NetHack variants. Description NetHack, Slash'EM and Falcon's Eye have been found to be incompatible with the system used for managing games on Gentoo Linux. As a result, they cannot be played...

4.6CVSS7.1AI score0.00711EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/03/21 12:0 a.m.•30 views

Pngcrush: Buffer overflow

Background Pngcrush is an optimizer for PNG files. Description Carsten Lohrke of Gentoo Linux reported that Pngcrush contains a vulnerable version of zlib GLSA 200507-19. Impact By creating a specially crafted data stream, attackers can overwrite data structures for applications that use Pngcrush...

5CVSS9.6AI score0.03999EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/02/06 12:0 a.m.•30 views

Apache: Multiple vulnerabilities

Background The Apache HTTP server is one of the most popular web servers on the Internet. modimap provides support for server-side image maps; modssl provides secure HTTP connections. Description Apache's modimap fails to properly sanitize the "Referer" directive of imagemaps in some cases, leavi...

5.4CVSS9.4AI score0.73692EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/02/06 12:0 a.m.•30 views

ADOdb: PostgresSQL command injection

Background ADOdb is an abstraction library for PHP creating a common API for a wide range of database backends. Description Andy Staudacher discovered that ADOdb does not properly sanitize all parameters. Impact By sending specifically crafted requests to an application that uses ADOdb and a...

5CVSS7.4AI score0.02842EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/22 12:0 a.m.•30 views

Horde Application Framework: XSS vulnerability

Background The Horde Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME, and more. Description The Horde Team reported a potential XSS vulnerability. Horde fails...

4.3CVSS6.4AI score0.0171EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/22 12:0 a.m.•30 views

cURL: NTLM username stack overflow

Background cURL is a command line tool and library for transferring files via many different protocols. It supports NTLM authentication to retrieve files from Windows-based systems. Description iDEFENSE reported that insufficient bounds checking on a memcpy of the supplied NTLM username can resul...

7.5CVSS7.2AI score0.05188EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/17 12:0 a.m.•30 views

Lynx: Buffer overflow in NNTP processing

Background Lynx is a text-mode browser for the World Wide Web. It supports multiple URL types, including HTTP and NNTP URLs. Description When accessing a NNTP URL, Lynx connects to a NNTP server and retrieves information about the available articles in the target newsgroup. Ulf Harnhammar...

9.8CVSS7.4AI score0.23257EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/24 12:0 a.m.•30 views

Mantis: XSS and SQL injection vulnerabilities

Background Mantis is a web-based bugtracking system written in PHP. Description Mantis fails to properly sanitize untrusted input before using it. This leads to an SQL injection and several cross-site scripting vulnerabilities. Impact An attacker could possibly use the SQL injection vulnerability...

7.5CVSS7.3AI score0.02576EPSS
Exploits1
Total number of security vulnerabilities3816