Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2006/06/15 12:0 a.m.30 views

Sendmail: Denial of service

Background Sendmail is a popular mail transfer agent MTA. Description Frank Sheiness discovered that the mime8to7 function can recurse endlessly during the decoding of multipart MIME messages until the stack of the process is filled and the process crashes. Impact By sending specially crafted...

5CVSS6.2AI score0.05173EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/06/11 12:0 a.m.30 views

JPEG library: Denial of service

Background The JPEG library is able to load, handle and manipulate images in the JPEG format. Description Tavis Ormandy of the Gentoo Linux Auditing Team discovered that the vulnerable JPEG library ebuilds compile JPEG without the --maxmem feature which is not recommended. Impact By enticing a us...

5CVSS8.9AI score0.01863EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/06/07 12:0 a.m.30 views

Pound: HTTP request smuggling

Background Pound is a reverse proxy, load balancer and HTTPS front-end. It allows to distribute the load on several web servers and offers a SSL wrapper for web servers that do not support SSL directly. Description Pound fails to handle HTTP requests with conflicting "Content-Length" and...

4.3CVSS9.1AI score0.01472EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/05/02 12:0 a.m.30 views

phpWebSite: Local file inclusion

Background phpWebSite provides a complete web site content management system. Description rgod has reported that the "hubdir" parameter in "index.php" isn't properly verified. When "magicquotesgpc" is disabled, this can be exploited to include arbitrary files from local ressources. Impact If...

7.5CVSS6.3AI score0.03875EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/03/23 12:0 a.m.30 views

NetHack, Slash'EM, Falcon's Eye: Local privilege escalation

Background NetHack is the classic single player dungeon exploration game. Slash'EM and Falcon's Eye are NetHack variants. Description NetHack, Slash'EM and Falcon's Eye have been found to be incompatible with the system used for managing games on Gentoo Linux. As a result, they cannot be played...

4.6CVSS7.1AI score0.00711EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/03/21 12:0 a.m.30 views

Pngcrush: Buffer overflow

Background Pngcrush is an optimizer for PNG files. Description Carsten Lohrke of Gentoo Linux reported that Pngcrush contains a vulnerable version of zlib GLSA 200507-19. Impact By creating a specially crafted data stream, attackers can overwrite data structures for applications that use Pngcrush...

5CVSS9.6AI score0.03999EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/02/06 12:0 a.m.30 views

ADOdb: PostgresSQL command injection

Background ADOdb is an abstraction library for PHP creating a common API for a wide range of database backends. Description Andy Staudacher discovered that ADOdb does not properly sanitize all parameters. Impact By sending specifically crafted requests to an application that uses ADOdb and a...

5CVSS7.4AI score0.02842EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/11/22 12:0 a.m.30 views

Horde Application Framework: XSS vulnerability

Background The Horde Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME, and more. Description The Horde Team reported a potential XSS vulnerability. Horde fails...

4.3CVSS6.4AI score0.0171EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/09/24 12:0 a.m.30 views

Mantis: XSS and SQL injection vulnerabilities

Background Mantis is a web-based bugtracking system written in PHP. Description Mantis fails to properly sanitize untrusted input before using it. This leads to an SQL injection and several cross-site scripting vulnerabilities. Impact An attacker could possibly use the SQL injection vulnerability...

7.5CVSS7.3AI score0.02576EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/07/25 12:0 a.m.30 views

fetchmail: Buffer Overflow

Background fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. Description fetchmail does not properly validate UIDs coming from a POP3 mail server. The UID is placed in a fixed length buffer on the stack, which can be overflown. Impac...

5CVSS7AI score0.05882EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/04/22 12:0 a.m.30 views

KDE kimgio: PCX handling buffer overflow

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. kimgio is the KDE image handler provided by kdelibs. Description kimgio fails to properly validate input when handling PCX files. Impact By enticing a user to load a specially-crafted PCX ima...

7.5CVSS6.9AI score0.05427EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/25 12:0 a.m.30 views

IPsec-Tools: racoon Denial of service

Background IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Description Sebastian Krahmer has reported a potential remote Denial of Service vulnerability in the ISAKMP header parsing cod...

5CVSS6.5AI score0.02433EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/16 12:0 a.m.30 views

MySQL: Multiple vulnerabilities

Background MySQL is a fast, multi-threaded, multi-user SQL database server. Description MySQL fails to properly validate input for authenticated users with INSERT and DELETE privileges CAN-2005-0709 and CAN-2005-0710. Furthermore MySQL uses predictable filenames when creating temporary files with...

4.6CVSS7.3AI score0.1844EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2005/03/06 12:0 a.m.30 views

ImageMagick: Filename handling vulnerability

Background ImageMagick is a collection of tools and libraries for manipulating a wide variety of image formats. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a flaw in the handling of filenames by the ImageMagick utilities. Impact Successful exploitation may...

7.5CVSS6.4AI score0.04219EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/01 12:0 a.m.30 views

Qt: Untrusted library search path

Background Qt is a cross-platform GUI toolkit used by KDE. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that Qt searches for shared libraries in an untrusted, world-writable directory. Impact A local attacker could create a malicious shared object that would be...

4.6CVSS6.8AI score0.00361EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/28 12:0 a.m.30 views

MediaWiki: Multiple vulnerabilities

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description A security audit of the MediaWiki project discovered that MediaWiki is vulnerable to several cross-site scripting and cross-site request forgery attacks, and that the image deletion code doe...

7.5CVSS6.4AI score0.0193EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/30 12:0 a.m.30 views

ncpfs: Multiple vulnerabilities

Background ncpfs is a NCP protocol network filesystem driver that allows access to NetWare services, to mount volumes of NetWare servers or print to NetWare print queues. Description Erik Sjolund discovered two vulnerabilities in the programs bundled with ncpfs: there is a potentially exploitable...

7.5CVSS7.6AI score0.02864EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/23 12:0 a.m.30 views

MySQL: Insecure temporary file creation

Background MySQL is a fast, multi-threaded, multi-user SQL database server. Description Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discovered that the 'mysqlaccess' script creates temporary files in world-writeable directories with predictable names. Impact A local...

4.6CVSS6.5AI score0.00594EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/05 12:0 a.m.30 views

Mozilla, Firefox, Thunderbird: Various vulnerabilities

Background Mozilla is a popular web browser that includes a mail and newsreader. Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation browser and mail client from the Mozilla project. Description Maurycy Prodeus from isec.pl found a potentially exploitable buffer overflow ...

7.2CVSS1.5AI score0.01805EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/05 12:0 a.m.30 views

mit-krb5: Heap overflow in libkadm5srv

Background MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description The MIT Kerberos 5 administration library libkadm5srv contains a heap overflow in the code handling password changing. Impact Under specific...

7.2CVSS3.1AI score0.00734EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/11/02 12:0 a.m.30 views

Apache 1.3: Buffer overflow vulnerability in mod_include

Background The Apache HTTP server is one of the most popular web servers on the internet. modinclude is an Apache module to handle Server Side Includes SSI. Description A possible buffer overflow exists in the gettag function of modinclude.c. Impact If Server Side Includes SSI are enabled, a loca...

7.8CVSS7AI score0.0483EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/09/20 12:0 a.m.30 views

Foomatic: Arbitrary command execution in foomatic-rip filter

Background Foomatic is a system for connecting printer drivers with spooler systems such as CUPS and LPD. The foomatic-filters package contains wrapper scripts which are designed to be used with Foomatic. Description There is a vulnerability in the foomatic-filters package. This vulnerability is...

7.5CVSS7AI score0.04306EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/16 12:0 a.m.30 views

mpg123: Buffer overflow vulnerability

Background mpg123 is a MPEG Audio Player. Description mpg123 contains a buffer overflow in the code that handles layer2 decoding of media files. Impact An attacker can possibly exploit this bug with a specially-crafted mp3 or mp2 file to execute arbitrary code with the permissions of the user...

7.5CVSS7.6AI score0.03786EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/13 12:0 a.m.30 views

Samba: Denial of Service vulnerabilities

Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. smbd and nmbd are two daemons used by the Samba server. Description There is a defect in smbd's ASN.1 parsing. A bad packet received during t...

5CVSS6.5AI score0.05498EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/02 12:0 a.m.30 views

Python 2.2: Buffer overflow in getaddrinfo()

Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description If IPV6 is disabled in Python 2.2, getaddrinfo is not able to handle IPV6 DNS requests properly and a buffer overflow occurs. Impact An attacker can execute arbitrary code as the us...

7.5CVSS7.5AI score0.0535EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/07/26 12:0 a.m.30 views

Pavuk: Digest authentication helper buffer overflow

Background Pavuk is web spider and website mirroring tool. Description Pavuk contains several buffer overflow vulnerabilities in the code handling digest authentication. Impact An attacker could cause a buffer overflow, leading to arbitrary code execution with the rights of the user running Pavuk...

7.5CVSS2.3AI score0.13368EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/07/08 12:0 a.m.30 views

Shorewall : Insecure temp file handling

Background Shorewall is a high level tool for configuring Netfilter, the firewall facility included in the Linux Kernel. Description Shorewall uses temporary files and directories in an insecure manner. A local user could create symbolic links at specific locations, eventually overwriting other...

4.6CVSS6.2AI score0.0034EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/05/20 12:0 a.m.30 views

Buffer overflow in Subversion

Background Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture where the server can be an Apache server running modsvn, or an ssh program as in CVS's :ext: method. In addition to supporting the features found in CVS,...

7.5CVSS7.2AI score0.7525EPSS
Exploits8
Gentoo Linux
Gentoo Linux
added 2004/03/26 12:0 a.m.30 views

Multiple remote buffer overflow vulnerabilities in Courier

Background Courier MTA is a multiprotocol mail server suite that provides webmail, mailing lists, IMAP, and POP3 services. Courier-IMAP is a standalone server that gives IMAP access to local mailboxes. Description The vulnerabilities have been found in the 'SHIFTJIS' converter in 'shiftjis.c' and...

7.5CVSS7.1AI score0.03257EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2003/12/08 12:0 a.m.30 views

CVS: malformed module request vulnerability

Background CVS, which stands for Concurrent Versions System, is a client/server application which tracks changes to sets of files. It allows multiple users to work concurrently on files, and then merge their changes back into the main tree which can be on a remote system. It also allows branching...

7.5CVSS6.3AI score0.02294EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2003/11/22 12:0 a.m.30 views

Libnids: remote code execution vulnerability

Background Libnids is a component of a network intrusion detection system. Description There is a bug in the part of libnids code responsible for TCP reassembly. The flaw probably allows remote code execution. Impact A remote attacker could possibly execute arbitrary code. Workaround There is no...

7.5CVSS7.5AI score0.03684EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/08/10 12:0 a.m.29 views

Bundler: Multiple Vulnerabilities

Background Bundler provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed. Description Multiple vulnerabilities have been discovered in Bundler. Please review the CVE identifiers referenced below for details. Impact Please review...

9.3CVSS7.5AI score0.06307EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2024/07/01 12:0 a.m.29 views

cryptography: Multiple Vulnerabilities

Background cryptography is a package which provides cryptographic recipes and primitives to Python developers. Description Multiple vulnerabilities have been discovered in cryptography. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.1CVSS7.7AI score0.06718EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2024/07/01 12:0 a.m.29 views

GNU Emacs, Org Mode: Multiple Vulnerabilities

Background GNU Emacs is a highly extensible and customizable text editor. Description Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

9.8CVSS7.6AI score0.01639EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/07/01 12:0 a.m.29 views

SSSD: Command Injection

Background SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. Description A...

9.3CVSS8AI score0.02524EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/05/12 12:0 a.m.29 views

Kubelet: Privilege Escalation

Background Kubelet is a Kubernetes Node Agent. Description A vulnerability has been discovered in Kubelet. Please review the CVE identifier referenced below for details. Impact A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes...

8.8CVSS7.5AI score0.03578EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/05/12 12:0 a.m.29 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

8.8CVSS7.6AI score0.00937EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2024/02/21 12:0 a.m.29 views

LibreOffice: Multiple Vulnerabilities

Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact...

8.8CVSS7.6AI score0.01017EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/02/04 12:0 a.m.29 views

NBD Tools: Multiple Vulnerabilities

Background The NBD Tools are the Network Block Device utilities allowing one to use remote block devices over a TCP/IP network. It includes a userland NBD server. Description Multiple vulnerabilities have been discovered in NBD Tools. Please review the CVE identifiers referenced below for details...

9.8CVSS7.8AI score0.0347EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2023/12/22 12:0 a.m.29 views

LibRaw: Heap Buffer Overflow

Background LibRaw is a library for reading RAW files obtained from digital photo cameras. Description A vulnerability has been discovered in LibRaw. Please review the CVE identifier referenced below for details. Impact A heap-buffer-overflow in raw2imageex caused by a maliciously crafted file may...

6.5CVSS6.9AI score0.01289EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/12/18 12:0 a.m.29 views

Leptonica: Multiple Vulnerabilities

Background Leptonica is a C library for image processing and analysis. Description Multiple vulnerabilities have been discovered in Leptonica. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

9.8CVSS7.3AI score0.03739EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/11/25 12:0 a.m.29 views

GNU Libmicrohttpd: Buffer Overflow Vulnerability

Background GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application. GNU Libmicrohttpd is free software and part of the GNU project. Description A buffer overflow vulnerability has been discovered in GNU Libmicrohttpd. Please review the CVE...

10CVSS7.7AI score0.08739EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2023/09/17 12:0 a.m.29 views

Wireshark: Multiple Vulnerabilities

Background Wireshark is a versatile network protocol analyzer. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

7.5CVSS7.4AI score0.0462EPSS
Exploits14
Gentoo Linux
Gentoo Linux
added 2023/09/17 12:0 a.m.29 views

Requests: Information Leak

Background Requests is an HTTP library for human beings. Description Requests is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin with authentication credentials encoded into the URL. Impact Users' proxy...

6.1CVSS7.3AI score0.02974EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2022/10/31 12:0 a.m.29 views

exif: Denial of Service

Background libexif is a library for parsing, editing and saving Exif metadata from images. exif is a small command line interface for libexif. Description There is a bug in exif's XML output format which can result in a null pointer dereference when outputting crafted JPEG EXIF data. Impact A...

5.5CVSS2.9AI score0.01268EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2022/10/16 12:0 a.m.29 views

Deluge: Cross-Site Scripting

Background Deluge is a BitTorrent client. Description Deluge does not sufficiently sanitize crafted torrent file data, leading to the application interpreting untrusted data as HTML. Impact An attacker can achieve XSS via a crafted torrent file. Workaround There is no known workaround at this tim...

6.1CVSS1.4AI score0.00736EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2020/07/26 12:0 a.m.29 views

yaml-cpp: Denial of service

Background yaml-cpp is a YAML parser and emitter in C++. Description The function Scanner::peek in scanner.cpp may have an assertion failure. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known workaround at this time. Resolution All yaml-cpp users...

7.5CVSS4AI score0.02249EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2020/07/26 12:0 a.m.29 views

HylaFAX: Multiple vulnerabilities

Background HylaFAX is an enterprise-class system for sending and receiving facsimile messages and for sending alpha-numeric pages. Description Multiple vulnerabilities have been discovered in HylaFAX. Please review the CVE identifiers referenced below for details. Impact Please review the...

7.8CVSS2.1AI score0.00538EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2020/04/10 12:0 a.m.29 views

libssh: Denial of service

Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description It was discovered that libssh could crash when AES-CTR ciphers are used. Impact A remote attacker running a malicious client or server could possibly crash the counterpart...

5.3CVSS3.8AI score0.03065EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2019/08/15 12:0 a.m.29 views

ZNC: Privilege escalation

Background ZNC is an advanced IRC bouncer. Description It was discovered that ZNC’s “Modules.cpp” allows remote authenticated non-admin users to escalate privileges. Impact A remote authenticated attacker could escalate privileges and subsequently execute arbitrary code or conduct a Denial of...

8.8CVSS9AI score0.04127EPSS
Exploits0
Total number of security vulnerabilities3816