Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2020/07/26 12:0 a.m.29 views

yaml-cpp: Denial of service

Background yaml-cpp is a YAML parser and emitter in C++. Description The function Scanner::peek in scanner.cpp may have an assertion failure. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known workaround at this time. Resolution All yaml-cpp users...

7.5CVSS4AI score0.02249EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2020/07/26 12:0 a.m.29 views

HylaFAX: Multiple vulnerabilities

Background HylaFAX is an enterprise-class system for sending and receiving facsimile messages and for sending alpha-numeric pages. Description Multiple vulnerabilities have been discovered in HylaFAX. Please review the CVE identifiers referenced below for details. Impact Please review the...

7.8CVSS2.1AI score0.00538EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2020/04/10 12:0 a.m.29 views

libssh: Denial of service

Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description It was discovered that libssh could crash when AES-CTR ciphers are used. Impact A remote attacker running a malicious client or server could possibly crash the counterpart...

5.3CVSS3.8AI score0.03065EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2019/08/15 12:0 a.m.29 views

ZNC: Privilege escalation

Background ZNC is an advanced IRC bouncer. Description It was discovered that ZNC’s “Modules.cpp” allows remote authenticated non-admin users to escalate privileges. Impact A remote authenticated attacker could escalate privileges and subsequently execute arbitrary code or conduct a Denial of...

8.8CVSS9AI score0.04127EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2018/01/07 12:0 a.m.29 views

LibXcursor: User-assisted execution of arbitrary code

Background X.Org X11 libXcursor runtime library. Description It was discovered that libXcursor is prone to several heap overflows when parsing malicious files. Impact A remote attacker, by enticing a user to process a specially crafted cursor file, could possibly execute arbitrary code with the...

7.5CVSS8.4AI score0.05173EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2017/06/22 12:0 a.m.29 views

libksba: Denial of Service and information disclosure

Background Libksba is a X.509 and CMS PKCS7 library. Description It was found that an unproportionate amount of memory is allocated when parsing crafted certificates in libskba, which may lead to Denial of Service condition. Moreover in libksba 1.3.4, allocated memory is uninitialized and could...

7.5CVSS3.2AI score0.03205EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/06/16 12:0 a.m.29 views

spice: Multiple vulnerabilities

Background Provides a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share usb devices and share folders without complications. Description Multiple vulnerabilities have been discovered in spice, please review the CVE...

10CVSS8.5AI score0.08492EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/12/26 12:0 a.m.29 views

MuPDF: User-assisted execution of arbitrary code

Background MuPDF is a lightweight PDF viewer and toolkit written in portable C. Description Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifier and Secunia Research referenced below for details. Impact A remote attacker could entice a user to open a specially...

7.5CVSS7.4AI score0.14518EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/06/25 12:0 a.m.29 views

Network Audio System: Multiple vulnerabilities

Background Network Audio System is a network transparent, client/server audio transport system. Description Multiple vulnerabilities have been discovered in Network Audio System. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly...

7.5CVSS7.6AI score0.0408EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2014/06/01 12:0 a.m.29 views

Fail2ban: Multiple vulnerabilities

Background Fail2ban is a tool for parsing log files and banning IP addresses which show suspicious behavior. Description Multiple vulnerabilities have been discovered in Fail2ban. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a crafted URL to ...

5CVSS6.6AI score0.03235EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/05/19 12:0 a.m.29 views

X2Go Server: Privilege Escalation

Background X2Go is an open source terminal server project. Description X2Go Server is prone to a local privilege-escalation vulnerability. Impact A local attacker could gain escalated privileges. Workaround There is no known workaround at this time. Resolution All X2Go Server users should upgrade...

9CVSS6.3AI score0.02876EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/05/18 12:0 a.m.29 views

OpenConnect: User-assisted execution of arbitrary code

Background OpenConnect is a free client for Cisco AnyConnect SSL VPN software. Description A stack-based buffer overflow error has been discovered in OpenConnect. Impact A remote attacker could entice a user to connect to a malicious VPN server, possibly resulting in execution of arbitrary code...

5CVSS7.4AI score0.02648EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/05/18 12:0 a.m.29 views

JBIG-KIT: Denial of service

Background JBIG-KIT is a software implementation of the JBIG1 data compression standard. Description JBIG-KIT contains a stack-based buffer overflow in the jbgdecin function in libjbig/jbig.c. Impact A remote attacker could possibly cause a Denial of Service condition via a specially crafted imag...

6.8CVSS6.7AI score0.03449EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/05/03 12:0 a.m.29 views

WeeChat: Multiple vulnerabilities

Background Wee Enhanced Environment for Chat WeeChat is a light and extensible console IRC client. Description Two vulnerabilities have been discovered in WeeChat: The hookprocess function does not properly handle shell expansions CVE-2012-5534. WeeChat does not properly decode colors which could...

7.5CVSS7.9AI score0.05543EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/03/13 12:0 a.m.29 views

QtCore: Denial of service

Background The Qt toolkit is a comprehensive C++ application development framework. Description A vulnerability in QXmlSimpleReader’s XML entity parsing has been discovered. Impact A remote attacker could entice a user to open a specially crafted XML file using an application linked against QtCor...

5CVSS6.4AI score0.03105EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2013/11/04 12:0 a.m.29 views

Mednafen: Arbitrary code execution

Background Mednafen is an advanced NES, GB/GBC/GBA, TurboGrafx 16/CD, NGPC and Lynx emulator. Description An unspecified vulnerability has been discovered in Mednafen when using network play. Impact A remote server could execute arbitrary code with the privileges of the process. Workaround There ...

10CVSS7.4AI score0.03169EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2013/10/10 12:0 a.m.29 views

Setuptools: Man-in-the-Middle attack

Background Setuptools is a manager for Python packages. Description Setuptools does not check the integrity of downloaded Python packages. Impact A remote attacker could perform man-in-the-middle attacks to execute arbitrary code with the privileges of the process. Workaround There is no known...

6.8CVSS7.2AI score0.01949EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2013/10/05 12:0 a.m.29 views

isync: Man-in-the-Middle attack

Background isync is an IMAP and MailDir mailbox synchronizer. Description isync does not properly verify the server’s hostname against the CN field in the SSL certificate. Impact A remote server could perform man-in-the-middle attacks to disclose passwords or obtain other sensitive information...

4.3CVSS6.2AI score0.01326EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/10/20 12:0 a.m.29 views

Bash: Multiple vulnerabilities

Background Bash is the standard GNU Bourne Again SHell. Description Two vulnerabilities have been found in Bash: Bash example scripts do not handle temporary files securely CVE-2008-5374. Improper bounds checking in Bash could cause a stack-based buffer overflow CVE-2012-3410. Impact A remote...

6.9CVSS9.2AI score0.00413EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/09/27 12:0 a.m.29 views

Pidgin: Arbitrary code execution

Background Pidgin is a GTK Instant Messenger client for a variety of instant messaging protocols. libpurple is the core library for Pidgin. Description A stack-based buffer overflow vulnerability has been found in the MXit protocol plug-in for libpurple. Impact A remote attacker could possibly...

7.5CVSS7.6AI score0.06402EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2012/07/09 12:0 a.m.29 views

Gnash: Multiple vulnerabilities

Background Gnash is a GNU flash movie player that supports many SWF features. Description Multiple vulnerabilities have been found in Gnash: The "nsPluginInstance::setupCookies" function in plugin.cpp creates world-readable cookies with predictable file names CVE-2011-4328. The "GnashImage::size"...

6.8CVSS7.6AI score0.04271EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/06/25 12:0 a.m.29 views

TeX Live: Multiple vulnerabilities

Background TeX Live is a complete TeX distribution. Description Multiple vulnerabilities have been discovered in texlive-core. Please review the CVE identifiers referenced below for details. Impact These vulnerabilities might allow user-assisted remote attackers to execute arbitrary code via a...

6.8CVSS7.8AI score0.1192EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2012/06/21 12:0 a.m.29 views

OpenJPEG: User-assisted execution of arbitrary code

Background OpenJPEG is an open-source JPEG 2000 library. Description An error in jp2.c of OpenJPEG could allow an out-of-bounds write error. Impact A remote attacker could entice a user to open a specially crafted JPEG file, possibly resulting in execution of arbitrary code or a Denial of Service...

9.3CVSS7AI score0.05139EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2010/09/29 12:0 a.m.29 views

fence: Multiple symlink vulnerabilities

Background fence is an I/O group fencing system. Description The fenceapc, fenceapcsnmp CVE-2008-4579 and fencemanual CVE-2008-4580 programs contain symlink vulnerabilities. Impact These vulnerabilities may allow arbitrary files to be overwritten with root privileges. Workaround There is no known...

7.2CVSS6.8AI score0.00363EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2010/06/01 12:0 a.m.29 views

multipath-tools: World-writeable socket

Background multipath-tools are used to drive the Device Mapper multipathing driver. Description multipath-tools uses world-writable permissions for the socket file /var/run/multipathd.sock. Impact Local users could send arbitrary commands to the multipath daemon, causing cluster failures and data...

7.8CVSS2.7AI score0.00494EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2010/01/13 12:0 a.m.29 views

aria2: Multiple vulnerabilities

Background aria2 is a download utility with resuming and segmented downloading with HTTP/HTTPS/FTP/BitTorrent support. Description Tatsuhiro Tsujikawa reported a buffer overflow in DHTRoutingTableDeserializer.cc CVE-2009-3575 and a format string vulnerability in the AbstractCommand::onAbort...

10CVSS7.8AI score0.05784EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/09/25 12:0 a.m.29 views

cURL: Certificate validation error

Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description Scott Cantor reported that cURL does not properly handle fields in X.509 certificates that contain an ASCII NUL \0 character. Specifically, the processing of such fields is...

7.5CVSS5AI score0.03602EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/09/09 12:0 a.m.29 views

TkMan: Insecure temporary file usage

Background TkMan is a graphical, hypertext manual page and Texinfo browser for UNIX. Description Dmitry E. Oboukhov reported that TkMan does not handle the "/tmp/tkman" and "/tmp/ll" temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with...

6.9CVSS6.3AI score0.0039EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/08/18 12:0 a.m.29 views

Perl Compress::Raw modules: Denial of service

Background Compress::Raw::Zlib and Compress::Raw::Bzip2 are Perl low-level interfaces to the zlib and bzip2 compression libraries. Description Leo Bergolth reported an off-by-one error in the inflate function in Zlib.xs of Compress::Raw::Zlib, possibly leading to a heap-based buffer overflow...

6.8CVSS6.8AI score0.07441EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2009/03/23 12:0 a.m.29 views

Ghostscript: User-assisted execution of arbitrary code

Background Ghostscript is an interpreter for the PostScript language and the Portable Document Format PDF. Description Jan Lieskovsky from the Red Hat Security Response Team discovered the following vulnerabilities in Ghostscript's ICC Library: Multiple integer overflows CVE-2009-0583. Multiple...

9.3CVSS8.3AI score0.04708EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/03/16 12:0 a.m.29 views

BlueZ: Arbitrary code execution

Background BlueZ is a set of Bluetooth tools and system daemons for Linux. Description It has been reported that the Bluetooth packet parser does not validate string length fields in SDP packets. Impact A physically proximate attacker using a Bluetooth device with an already established trust...

9.8CVSS7AI score0.04287EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2009/02/12 12:0 a.m.29 views

xterm: User-assisted arbitrary commands execution

Background xterm is a terminal emulator for the X Window system. Description Paul Szabo reported an insufficient input sanitization when processing Device Control Request Status String DECRQSS sequences. Impact A remote attacker could entice a user to display a file containing specially crafted...

9.3CVSS6.9AI score0.04974EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/01/14 12:0 a.m.29 views

Avahi: Denial of service

Background Avahi is a system that facilitates service discovery on a local network. Description Hugo Dias reported a failed assertion in the originatesfromlocallegacyunicastsocket function in avahi-core/server.c when processing mDNS packets with a source port of 0. Impact A remote attacker could...

5CVSS6.1AI score0.59223EPSS
Exploits7
Gentoo Linux
Gentoo Linux
added 2008/12/06 12:0 a.m.29 views

Mgetty: Insecure temporary file usage

Background Mgetty is a set of fax and voice modem programs. Description Dmitry E. Oboukhov reported that the "spooldir" directory in fax/faxspool.in is created in an insecure manner. Impact A local attacker could exploit this vulnerability to overwrite arbitrary files with the privileges of the...

6.9CVSS6.3AI score0.00415EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/09/19 12:0 a.m.29 views

Postfix: Denial of service

Background Postfix is Wietse Venema's mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program. Description It has been discovered than Postfix leaks an epoll file descriptor when executing external commands, e.g. user-controlled...

2.1CVSS6.1AI score0.00707EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2008/09/08 12:0 a.m.29 views

Amarok: Insecure temporary file creation

Background Amarok is an advanced music player. Description Dwayne Litzenberger reported that the MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp uses the albuminfo.xml temporary file in an insecure manner. Impact A local attacker could perform a symlink...

3.3CVSS6.3AI score0.00353EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/09/04 12:0 a.m.29 views

yelp: User-assisted execution of arbitrary code

Background yelp is the default help browser for GNOME. Description Aaron Grattafiori reported a format string vulnerability in the windowerror function in yelp-window.c. Impact A remote attacker can entice a user to open specially crafted "man:" or "ghelp:" URIs in yelp, or an application using...

10CVSS7.3AI score0.19395EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/05/11 12:0 a.m.29 views

MoinMoin: Privilege escalation

Background MoinMoin is an advanced and extensible Wiki Engine. Description It has been reported that the user form processing in the file userform.py does not properly manage users when using Access Control Lists or a non-empty superusers list. Impact A remote attacker could exploit this...

6.8CVSS6.5AI score0.01656EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/04/18 12:0 a.m.29 views

CUPS: Integer overflow vulnerability

Background CUPS provides a portable printing layer for UNIX-based operating systems. Description Thomas Pollet reported a possible integer overflow vulnerability in the PNG image handling in the file filter/image-png.c. Impact A malicious user might be able to execute arbitrary code with the...

4.3CVSS7.5AI score0.02EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/03/19 12:0 a.m.29 views

OpenLDAP: Denial of Service vulnerabilities

Background OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. Description The following errors have been discovered in OpenLDAP: Tony Blake discovered an error which exists within the normalisation of "objectClasses" CVE-2007-5707. Thomas Sesselmann...

7.1CVSS7.6AI score0.03653EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2007/12/18 12:0 a.m.29 views

E2fsprogs: Multiple buffer overflows

Background E2fsprogs provides utilities for use with the ext2 and ext3 file systems including the libext2fs library that allows user-level programs to manipulate an ext2 or ext3 file system. Description Rafal Wojtczuk McAfee AVERT Research discovered multiple integer overflows in libext2fs, that...

5.8CVSS7.1AI score0.03978EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/11/19 12:0 a.m.29 views

Perl: Buffer overflow

Background Perl is a stable, cross-platform programming language created by Larry Wall. Description Tavis Ormandy and Will Drewry Google Security Team discovered a heap-based buffer overflow in the Regular Expression engine regcomp.c that occurs when switching from byte to Unicode UTF-8 character...

7.5CVSS9.7AI score0.0483EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/10/20 12:0 a.m.29 views

TRAMP: Insecure temporary file creation

Background TRAMP is a remote file editing package for GNU Emacs, a highly extensible and customizable text editor. Description Stefan Monnier discovered that the tramp-make-tramp-temp-file function creates temporary files in an insecure manner. Impact A local attacker could create symbolic links ...

6.9CVSS6.2AI score0.00307EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/10/13 12:0 a.m.29 views

DenyHosts: Denial of service

Background DenyHosts is designed to monitor SSH servers for repeated failed login attempts. Description Daniel B. Cid discovered that DenyHosts used an incomplete regular expression to parse failed login attempts, a different issue than GLSA 200701-01. Impact A remote unauthenticated attacker can...

6.8CVSS6.8AI score0.01481EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/10/12 12:0 a.m.29 views

T1Lib: Buffer overflow

Background T1Lib is a library for rasterizing bitmaps from Adobe Type 1 fonts. Description Hamid Ebadi discovered a boundary error in the intT1EnvGetCompletePath function which can lead to a buffer overflow when processing an overly long filename. Impact A remote attacker could entice a user to...

7.5CVSS7.4AI score0.18661EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/04/22 12:0 a.m.29 views

Courier-IMAP: Remote execution of arbitrary code

Background Courier-IMAP is an IMAP server which is part of the Courier mail system. It provides access only to maildirs. Description CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact A remote attacker...

5.3AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/04/03 12:0 a.m.29 views

zziplib: Buffer Overflow

Background The zziplib library is a lightweight library for extracting data from files archived in a single zip file. Description dmcox dmcox discovered a boundary error in the zzipopensharedio function from zzip/file.c . Impact A remote attacker could entice a user to run a zziplib function with...

9.3CVSS7.1AI score0.06553EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/02/13 12:0 a.m.29 views

RAR, UnRAR: Buffer overflow

Background RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files. Description RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow. Impact A remote attacker could entice a user to...

6.8CVSS7.4AI score0.03954EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/01/26 12:0 a.m.29 views

VLC media player: Format string vulnerability

Background VLC media player is a multimedia player for various audio and video formats. Description Kevin Finisterre has discovered that when handling media locations, various functions throughout VLC media player make improper use of format strings. Impact An attacker could entice a user to open...

6.8CVSS7.2AI score0.11975EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2007/01/23 12:0 a.m.29 views

libgtop: Privilege escalation

Background libgtop facilitates the libgtopdaemon, which is used by GNOME to obtain information about remote systems. Description Liu Qishuai discovered that glibtopgetprocmaps in sysdeps/linux/procmap.c does not properly allocate memory for storing a filename, allowing certain filenames to cause...

3.7CVSS7.3AI score0.00885EPSS
Exploits0
Total number of security vulnerabilities3816