Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2018/03/26 12:0 a.m.30 views

PLIB: User-assisted execution of arbitrary code

Background PLIB includes sound effects, music, a complete 3D engine, font rendering, a simple Windowing library, a game scripting language, a GUI, networking, 3D math library and a collection of handy utility functions. Description A stack-based buffer overflow within the error function of...

6.8CVSS7.5AI score0.09968EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2018/01/07 12:0 a.m.30 views

OptiPNG: Multiple vulnerabilities

Background OptiPNG is a PNG optimizer that re-compresses image files to a smaller size, without losing any information. Description Multiple vulnerabilities have been discovered in OptiPNG. Please review the referenced CVE identifiers for details. Impact A remote attacker could entice a user to...

7.8CVSS8.3AI score0.01968EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2017/06/06 12:0 a.m.30 views

ImageWorsener: Multiple vulnerabilities

Background ImageWorsener is a cross-platform command-line utility and library for image scaling and other image processing. Description Multiple vulnerabilities have been discovered in ImageWorsener. Please review the CVE identifiers referenced below for details. Impact A remote attacker could...

8.8CVSS3.6AI score0.02569EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2017/02/10 12:0 a.m.30 views

Graphviz: Multiple vulnerabilities

Background Graphviz is an open source graph visualization software. Description Multiple vulnerabilities in Graphviz were discovered. Please review the CVE identifiers referenced below for details. Impact A remote attacker, able to control input matched against a regular expression or by enticing...

10CVSS7.7AI score0.06082EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2017/02/06 12:0 a.m.30 views

RTMPDump: Multiple vulnerabilities

Background RTMPDump is an RTMP client intended to stream audio or video flash content Description Multiple vulnerabilities have been discovered in RTMPDump. The following is a list of vulnerabilities fixed: Additional decode input size checks Ignore zero-length packets Potential integer overflow ...

8.5AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/01/01 12:0 a.m.30 views

Xdg-Utils: Command injection

Background Xdg-Utils is a set of tools allowing all applications to easily integrate with the Free Desktop configuration. Description An eval injection vulnerability was discovered in Xdg-Utils. Impact A context-dependent attacker could execute arbitrary code via the URL argument to xdg-open...

6.8CVSS9.2AI score0.03256EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2016/12/13 12:0 a.m.30 views

Zabbix: Multiple vulnerabilities

Background Zabbix is software for monitoring applications, networks, and servers. Description Multiple vulnerabilities have been discovered in Zabbix. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges...

8.1CVSS3.8AI score0.21141EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2016/12/13 12:0 a.m.30 views

Pixman: Buffer overflow

Background Pixman is a pixel manipulation library. Description In pixman-general, careless computations done with the ‘destbuffer’ pointer may overflow, failing the buffer upper limit check. Impact A remote attacker could possibly cause a Denial of Service condition, or execute arbitrary code wit...

8.4AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/04/26 12:0 a.m.30 views

libksba: Multiple vulnerabilities

Background Libksba is a X.509 and CMS PKCS7 library. Description libksba is vulnerable to two integer overflows and a Denial of Service vulnerability. Please read the references for additional details. Impact Remote attackers could cause Denial of Service or unspecified other vectors through...

4.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/03/14 12:0 a.m.30 views

hivex: User-assisted execution of arbitrary code

Background hivex is a library for reading and writing Windows Registry ‘hive’ binary files. Description Manipulating a short or truncated hive file may trigger an out-of-bounds read or write in hivex. Impact A context-dependent attacker could cause an application linked against hivex to pass a...

4.6CVSS6AI score0.00625EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/11/23 12:0 a.m.30 views

Openswan: Denial of service

Background Openswan is an implementation of IPsec for Linux. Description A NULL pointer dereference has been found in Openswan. Impact A remote attacker could create a Denial of Service condition. Workaround There is no known workaround at this time. Resolution Gentoo has discontinued support for...

5CVSS6.4AI score0.02664EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/11/16 12:0 a.m.30 views

GNU Wget: Arbitrary code execution

Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description An absolute path traversal vulnerability has been found in GNU Wget. Impact A remote FTP server is able to write to arbitrary files, and consequently...

9.3CVSS7.6AI score0.39883EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2014/11/05 12:0 a.m.30 views

TigerVNC: User-assisted execution of arbitrary code

Background TigerVNC is a high-performance VNC server/client. Description Two boundary errors in TigerVNC could lead to a heap-based buffer overflow. Impact A remote attacker could entice a user to connect to a malicious VNC server using TigerVNC, possibly resulting in execution of arbitrary code...

9.8CVSS9.5AI score0.02494EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/08/26 12:0 a.m.30 views

file: Denial of service

Background file is a utility that guesses a file format by scanning binary data for patterns. Description BEGIN regular expression in the awk script detector in magic/Magdir/commands uses multiple wildcards with unlimited repetitions. Impact A context-dependent attacker could entice a user to ope...

5CVSS7.6AI score0.0304EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/02/21 12:0 a.m.30 views

TCPTrack: Arbitrary code execution

Background TCPTrack is a simple libpcap based program for live TCP connection monitoring. Description A heap-based buffer overflow vulnerability exists in TCPTrack’s parsing of command line arguments. This is only a vulnerability in limited scenarios in which TCPTrack is “configured as a handler...

6.8CVSS7.8AI score0.02333EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/02/20 12:0 a.m.30 views

GNU Midnight Commander: User-assisted execution of arbitrary code

Background GNU Midnight Commander is a text based file manager. Description GNU Midnight Commander does not properly sanitize environment variables. Impact A remote attacker could entice a user to open a specially crafted archive file using GNU Midnight Commander, possibly resulting in execution ...

5.1CVSS7AI score0.01867EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/02/11 12:0 a.m.30 views

Roundcube: Arbitrary code execution

Background Roundcube is a browser-based multilingual IMAP client with an application-like user interface. Description A vulnerability in steps/utils/savepref.inc allows remote attackers to use the session parameter to change configuration settings. Impact A remote attacker could possibly execute...

7.5CVSS7.6AI score0.02873EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/02/07 12:0 a.m.30 views

Apache mod_fcgid: Arbitrary code execution

Background Apache modfcgid is a binary-compatible alternative to modfastcgi with better process management. Description Apache modfcgid fails to perform a boundary check on user-supplied input, potentially resulting in a heap-based buffer overflow. Impact A remote attacker can supply a crafted...

7.5CVSS7.1AI score0.13141EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2013/12/14 12:0 a.m.30 views

libsmi: Arbitrary code execution

Background libsmi is a library that allows management applications to access SMI MIB module definitions. Description libsmi contains a buffer overflow vulnerability in the smiGetNode function in lib/smi.c. Impact A context-dependent attacker could possibly execute arbitrary code by way of a...

7.5CVSS7.4AI score0.14035EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2013/08/22 12:0 a.m.30 views

D-Bus: Denial of service

Background D-Bus is a message bus system which processes can use to talk to each other. Description D-Bus’ dbusprintfstringupperbound function crashes if it returns exactly 1024 bytes. Impact A local attacker could provide specially-crafted input to an application using D-Bus which would cause...

1.9CVSS5.4AI score0.00383EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/07/09 12:0 a.m.30 views

JRuby: Denial of service

Background JRuby is a Java-based Ruby interpreter implementation. Description JRuby does not properly randomize hash functions to protect against hash collision attacks. Impact A remote attacker could send a specially crafted input, possibly resulting in a Denial of Service condition. Workaround...

5CVSS6.3AI score0.0436EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2012/03/28 12:0 a.m.30 views

Logwatch: Arbitrary code execution

Background Logwatch analyzes and reports on system logs. Description logwatch.pl does not properly sanitize log filenames against shell metacharacters before passing them to the "system" function. Impact A remote attacker could pass a specially crafted log filename to Logwatch, possibly resulting...

10CVSS5.4AI score0.18321EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/03/16 12:0 a.m.30 views

ModPlug: User-assisted execution of arbitrary code

Background ModPlug is a library for playing MOD-like music. Description Multiple vulnerabilities have been found in ModPlug: The ReadS3M method in loads3m.cpp fails to validate user-supplied information, which could cause a stack-based buffer overflow CVE-2011-1574. The "CSoundFile::ReadWav"...

6.8CVSS7.9AI score0.42941EPSS
Exploits8
Gentoo Linux
Gentoo Linux
added 2012/03/16 12:0 a.m.30 views

Openswan: Denial of service

Background Openswan is an implementation of IPsec for Linux. Description Two vulnerabilities have been found in Openswan: Improper permissions are used on /var/run/starter.pid and /var/lock/subsys/ipsec CVE-2011-2147. Openswan contains a use-after-free error in the cryptographic helper handler...

4CVSS6.6AI score0.02086EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/03/06 12:0 a.m.30 views

spamdyke: Arbitrary code execution

Background spamdyke is a drop-in connection-time spam filter for qmail. Description Boundary errors related to the "snprintf" and "vsnprintf" functions in spamdyke could cause a buffer overflow. Impact A remote attacker could possibly execute arbitrary code or cause a Denial of Service. Workaroun...

7.5CVSS7.4AI score0.04574EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/02/22 12:0 a.m.30 views

Asterisk: Denial of service

Background Asterisk is an open source telephony engine and toolkit. Description A vulnerability has been found in Asterisk's handling of certain encrypted streams where the ressrtp module has been loaded but video support has not been enabled. Impact A remote attacker could send a specially craft...

4.3CVSS6.3AI score0.02497EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2012/01/30 12:0 a.m.30 views

bip: Multiple vulnerabilities

Background bip is a multi-user IRC proxy with SSL support. Description Multiple vulnerabilities have been discovered in bip: Uli Schlachter reported that bip does not properly handle invalid data during authentication, resulting in a daemon crash CVE-2010-3071. Julien Tinnes reported that bip doe...

6.5CVSS8.2AI score0.03335EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2011/11/11 12:0 a.m.30 views

OpenTTD: Multiple vulnerabilities

Background OpenTTD is a clone of Transport Tycoon Deluxe. Description Multiple vulnerabilities have been discovered in OpenTTD. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code with the privileges of the OpenTTD process or cause...

7.5CVSS7.5AI score0.05007EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2011/01/15 12:0 a.m.30 views

libvpx: User-assisted execution of arbitrary code

Background libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Description libvpx is vulnerable to an integer overflow vulnerability when processing crafted VP8 video streams. Impact A remote attacker could entice a user to open a...

10CVSS9.5AI score0.04569EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2010/09/02 12:0 a.m.30 views

wxGTK: User-assisted execution of arbitrary code

Background wxGTK is the GTK+ version of wxWidgets, a cross-platform C++ GUI toolkit. Description wxGTK is prone to an integer overflow error in the wxImage::Create function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Impact A remote attacker might entice a user to...

6.8CVSS7.2AI score0.02816EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2010/01/03 12:0 a.m.30 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player: An anonymous researcher working with the Zero Day Initiative reported that Adobe Flash...

9.3CVSS8.5AI score0.11556EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2009/09/13 12:0 a.m.30 views

ZNC: Directory traversal

Background ZNC is an advanced IRC bouncer. Description The vendor reported a directory traversal vulnerability when processing DCC SEND requests. Impact A remote, authenticated user could send a specially crafted DCC SEND request to overwrite arbitrary files with the privileges of the user runnin...

7.5CVSS7AI score0.02918EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/09/12 12:0 a.m.30 views

Lynx: Arbitrary command execution

Background Lynx is a fully-featured WWW client for users running cursor-addressable, character-cell display devices such as vt100 terminals and terminal emulators. Description Clint Ruoho reported that the fix for CVE-2005-2929 GLSA 200511-09 only disabled the lynxcgi:// handler when not using th...

10CVSS7.1AI score0.0506EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/08/18 12:0 a.m.30 views

DokuWiki: Local file inclusion

Background DokuWiki is a standards compliant Wiki system written in PHP. Description girex reported that data from the "configcascade" parameter in inc/init.php is not properly sanitized before being used. Impact A remote attacker could exploit this vulnerability to execute PHP code from arbitrar...

9.3CVSS6.6AI score0.23157EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/06/29 12:0 a.m.30 views

Apache Tomcat JK Connector: Information disclosure

Background The Apache Tomcat JK Connector aka modjk connects the Tomcat application server with the Apache HTTP Server. Description The Red Hat Security Response Team discovered that modjk does not properly handle 1 requests setting the "Content-Length" header while not providing data and 2 clien...

2.6CVSS7.4AI score0.07263EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2009/04/16 12:0 a.m.30 views

mpg123: User-assisted execution of arbitrary code

Background mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and 3. Description The vendor reported a signedness error in the storeid3text function in id3.c, allowing for out-of-bounds memory access. Impact A remote attacker could entice a user to open an MPEG-1 Audio Layer 3 MP3...

10CVSS7AI score0.05437EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/04/07 12:0 a.m.30 views

Xpdf: Untrusted search path

Background Xpdf is a PDF file viewer that runs under the X Window System. Description Erik Wallin reported that Gentoo's Xpdf attempts to read the "xpdfrc" file from the current working directory if it cannot find a ".xpdfrc" file in the user's home directory. This is caused by a missing definiti...

6.9CVSS6.6AI score0.004EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/03/23 12:0 a.m.30 views

Muttprint: Insecure temporary file usage

Background Muttprint formats the output of mail clients to a good-looking printing using LaTeX. Description Dmitry E. Oboukhov reported an insecure usage of the temporary file "/tmp/muttprint.log" in the muttprint script. Impact A local attacker could perform symlink attacks to overwrite arbitrar...

6.9CVSS6.3AI score0.00286EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/03/10 12:0 a.m.30 views

Shadow: Privilege escalation

Background Shadow is a set of tools to deal with user accounts. Description Paul Szabo reported a race condition in the "login" executable when setting up tty permissions. Impact A local attacker belonging to the "utmp" group could use symlink attacks to overwrite arbitrary files and possibly gai...

7.2CVSS6.4AI score0.00949EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/01/12 12:0 a.m.30 views

Online-Bookmarks: Multiple vulnerabilities

Background Online-Bookmarks is a web-based bookmark management system to store your bookmarks, favorites and links. Description The following vulnerabilities were reported: Authentication bypass when directly requesting certain pages CVE-2004-2155. Insufficient input validation in the login...

7.5CVSS7.3AI score0.01869EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/12/10 12:0 a.m.30 views

Archive::Tar: Directory traversal vulnerability

Background Archive::Tar is a Perl module for creation and manipulation of tar files. Description Jonathan Smith of rPath reported that Archive::Tar does not check for ".." in file names. Impact A remote attacker could entice a user or automated system to extract a specially crafted tar archive,...

6.8CVSS6.5AI score0.04322EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/12/02 12:0 a.m.30 views

IPsec-Tools: racoon Denial of service

Background IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Description Two Denial of Service vulnerabilities have been reported in racoon: The vendor reported a memory leak in...

7.8CVSS8.1AI score0.03435EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/10/30 12:0 a.m.30 views

libspf2: DNS response buffer overflow

Background libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Currently, only the exim MTA uses libspf2 in Gentoo. Description libspf2 uses a fixed-length buffer to...

10CVSS6.8AI score0.2225EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2008/08/06 12:0 a.m.30 views

Wireshark: Denial of service

Background Wireshark is a network protocol analyzer with a graphical front-end. Description Multiple vulnerabilities related to memory management were discovered in the GSM SMS dissector CVE-2008-3137, the PANA and KISMET dissectors CVE-2008-3138, the RTMPT dissector CVE-2008-3139, the syslog...

5CVSS6.5AI score0.04946EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2008/05/20 12:0 a.m.31 views

Perl: Execution of arbitrary code

Background Perl is a stable, cross platform programming language. Description Tavis Ormandy and Will Drewry of the Google Security Team have reported a double free vulnerability when processing a crafted regular expression containing UTF-8 characters. Impact A remote attacker could possibly explo...

5CVSS7.2AI score0.03153EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/05/09 12:0 a.m.30 views

Firebird: Data disclosure

Background Firebird is a multi-platform, open source relational database. Description Viesturs reported that the default configuration for Gentoo's init script "/etc/conf.d/firebird" sets the "ISCPASSWORD" environment variable when starting Firebird. It will be used when no password is supplied b...

5CVSS6.6AI score0.0212EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/01/29 12:0 a.m.30 views

Netkit FTP Server: Denial of service

Background net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL support. Description Venustech AD-LAB discovered that an FTP client connected to a vulnerable server with passive mode and SSL support can trigger an fclose function call on an uninitialized stream in ftpd.c. Impact A...

9.3CVSS6.3AI score0.02479EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/12/29 12:0 a.m.30 views

libexif: Multiple vulnerabilities

Background libexif is a library for parsing, editing and saving Exif metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered an integer overflow vulnerability in t...

6.8CVSS7.4AI score0.02727EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/11/14 12:0 a.m.30 views

Pioneers: Multiple Denials of Service

Background Pioneers formerly gnocatan is a clone of the popular board game "The Settlers of Catan". Description Roland Clobus discovered that the Pioneers server may free sessions objects while they are still in use, resulting in access to invalid memory zones CVE-2007-5933. Bas Wijnen discovered...

7.8CVSS6.4AI score0.02022EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/10/07 12:0 a.m.30 views

libvorbis: Multiple vulnerabilities

Background libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Description David Thiel of iSEC Partners discovered a heap-based buffer overflow in the 01inverse function in res0.c and a boundary...

6.8CVSS7.5AI score0.0314EPSS
Exploits0
Total number of security vulnerabilities3816