Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2009/09/25 12:0 a.m.•29 views

cURL: Certificate validation error

Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description Scott Cantor reported that cURL does not properly handle fields in X.509 certificates that contain an ASCII NUL \0 character. Specifically, the processing of such fields is...

7.5CVSS5AI score0.03602EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/08/18 12:0 a.m.•29 views

Perl Compress::Raw modules: Denial of service

Background Compress::Raw::Zlib and Compress::Raw::Bzip2 are Perl low-level interfaces to the zlib and bzip2 compression libraries. Description Leo Bergolth reported an off-by-one error in the inflate function in Zlib.xs of Compress::Raw::Zlib, possibly leading to a heap-based buffer overflow...

6.8CVSS6.8AI score0.07441EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2009/04/18 12:0 a.m.•29 views

udev: Multiple vulnerabilities

Background udev is the device manager used in the Linux 2.6 kernel series. Description Sebastian Krahmer of SUSE discovered the following two vulnerabilities: udev does not verify the origin of NETLINK messages properly CVE-2009-1185. A buffer overflow exists in the utilpathencode function in...

7.2CVSS7.8AI score0.81528EPSS
Exploits12
Gentoo Linux
Gentoo Linux
•added 2009/02/12 12:0 a.m.•29 views

xterm: User-assisted arbitrary commands execution

Background xterm is a terminal emulator for the X Window system. Description Paul Szabo reported an insufficient input sanitization when processing Device Control Request Status String DECRQSS sequences. Impact A remote attacker could entice a user to display a file containing specially crafted...

9.3CVSS6.9AI score0.04974EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/01/14 12:0 a.m.•29 views

Avahi: Denial of service

Background Avahi is a system that facilitates service discovery on a local network. Description Hugo Dias reported a failed assertion in the originatesfromlocallegacyunicastsocket function in avahi-core/server.c when processing mDNS packets with a source port of 0. Impact A remote attacker could...

5CVSS6.1AI score0.59223EPSS
Exploits7
Gentoo Linux
Gentoo Linux
•added 2008/10/30 12:0 a.m.•29 views

libspf2: DNS response buffer overflow

Background libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Currently, only the exim MTA uses libspf2 in Gentoo. Description libspf2 uses a fixed-length buffer to...

10CVSS6.8AI score0.2225EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/09/04 12:0 a.m.•29 views

yelp: User-assisted execution of arbitrary code

Background yelp is the default help browser for GNOME. Description Aaron Grattafiori reported a format string vulnerability in the windowerror function in yelp-window.c. Impact A remote attacker can entice a user to open specially crafted "man:" or "ghelp:" URIs in yelp, or an application using...

10CVSS7.3AI score0.19395EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/05/11 12:0 a.m.•29 views

MoinMoin: Privilege escalation

Background MoinMoin is an advanced and extensible Wiki Engine. Description It has been reported that the user form processing in the file userform.py does not properly manage users when using Access Control Lists or a non-empty superusers list. Impact A remote attacker could exploit this...

6.8CVSS6.5AI score0.01656EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/12/18 12:0 a.m.•29 views

E2fsprogs: Multiple buffer overflows

Background E2fsprogs provides utilities for use with the ext2 and ext3 file systems including the libext2fs library that allows user-level programs to manipulate an ext2 or ext3 file system. Description Rafal Wojtczuk McAfee AVERT Research discovered multiple integer overflows in libext2fs, that...

5.8CVSS7.1AI score0.03978EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/11/19 12:0 a.m.•29 views

Perl: Buffer overflow

Background Perl is a stable, cross-platform programming language created by Larry Wall. Description Tavis Ormandy and Will Drewry Google Security Team discovered a heap-based buffer overflow in the Regular Expression engine regcomp.c that occurs when switching from byte to Unicode UTF-8 character...

7.5CVSS9.7AI score0.0483EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/10/20 12:0 a.m.•29 views

TRAMP: Insecure temporary file creation

Background TRAMP is a remote file editing package for GNU Emacs, a highly extensible and customizable text editor. Description Stefan Monnier discovered that the tramp-make-tramp-temp-file function creates temporary files in an insecure manner. Impact A local attacker could create symbolic links ...

6.9CVSS6.2AI score0.00307EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/10/13 12:0 a.m.•29 views

DenyHosts: Denial of service

Background DenyHosts is designed to monitor SSH servers for repeated failed login attempts. Description Daniel B. Cid discovered that DenyHosts used an incomplete regular expression to parse failed login attempts, a different issue than GLSA 200701-01. Impact A remote unauthenticated attacker can...

6.8CVSS6.8AI score0.01481EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/10/07 12:0 a.m.•29 views

libvorbis: Multiple vulnerabilities

Background libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Description David Thiel of iSEC Partners discovered a heap-based buffer overflow in the 01inverse function in res0.c and a boundary...

6.8CVSS7.5AI score0.0314EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/09/15 12:0 a.m.•29 views

GNU Tar: Directory traversal vulnerability

Background The GNU Tar program provides the ability to create tar archives, as well as various other kinds of manipulation. Description Dmitry V. Levin discovered a directory traversal vulnerability in the containsdotdot function in file src/names.c. Impact By enticing a user to extract a special...

6.8CVSS7.4AI score0.02743EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/09/11 12:0 a.m.•29 views

MIT Kerberos 5: Multiple vulnerabilities

Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon. Description A stack buffer overflow CVE-2007-3999 has been reported in svcauthgssvalidate of the RPC library of kadmind. Another vulnerability...

10CVSS7.9AI score0.10997EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2007/05/10 12:0 a.m.•29 views

ImageMagick: Multiple buffer overflows

Background ImageMagick is a collection of tools allowing various manipulations on image files. Description iDefense Labs has discovered multiple integer overflows in ImageMagick in the functions ReadDCMImage and ReadXWDImage, that are used to process DCM and XWD files. Impact An attacker could...

6.8CVSS7AI score0.0353EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/04/22 12:0 a.m.•29 views

Courier-IMAP: Remote execution of arbitrary code

Background Courier-IMAP is an IMAP server which is part of the Courier mail system. It provides access only to maildirs. Description CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact A remote attacker...

5.3AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/04/03 12:0 a.m.•29 views

zziplib: Buffer Overflow

Background The zziplib library is a lightweight library for extracting data from files archived in a single zip file. Description dmcox dmcox discovered a boundary error in the zzipopensharedio function from zzip/file.c . Impact A remote attacker could entice a user to run a zziplib function with...

9.3CVSS7.1AI score0.06553EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/02/13 12:0 a.m.•29 views

RAR, UnRAR: Buffer overflow

Background RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files. Description RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow. Impact A remote attacker could entice a user to...

6.8CVSS7.4AI score0.03954EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/01/26 12:0 a.m.•29 views

VLC media player: Format string vulnerability

Background VLC media player is a multimedia player for various audio and video formats. Description Kevin Finisterre has discovered that when handling media locations, various functions throughout VLC media player make improper use of format strings. Impact An attacker could entice a user to open...

6.8CVSS7.2AI score0.11975EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2007/01/23 12:0 a.m.•29 views

libgtop: Privilege escalation

Background libgtop facilitates the libgtopdaemon, which is used by GNOME to obtain information about remote systems. Description Liu Qishuai discovered that glibtopgetprocmaps in sysdeps/linux/procmap.c does not properly allocate memory for storing a filename, allowing certain filenames to cause...

3.7CVSS7.3AI score0.00885EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/01/16 12:0 a.m.•29 views

Kronolith: Local file inclusion

Background Kronolith is a web-based calendar which relies on the Horde Framework for integration with other applications. Description Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. Impact An authenticated...

7.5CVSS6.9AI score0.02244EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/12/10 12:0 a.m.•29 views

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla Project. Description It has been identified that Mozilla Thunderbird improperly handles Script objects while they are being executed, allowing them to be modified during execution. JavaScript is disabled in...

7.5CVSS7.6AI score0.05531EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/12/10 12:0 a.m.•29 views

ModPlug: Multiple buffer overflows

Background ModPlug is a library for playing MOD-like music. Description Luigi Auriemma has reported various boundary errors in loadit.cpp and a boundary error in the "CSoundFile::ReadSample" function in sndfile.cpp. Impact A remote attacker can entice a user to read crafted modules or ITP files,...

5.1CVSS7.3AI score0.08325EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/21 12:0 a.m.•29 views

qmailAdmin: Buffer overflow

Background qmailAdmin is a free software package that provides a web interface for managing a qmail system with virtual domains. Description qmailAdmin fails to properly handle the "PATHINFO" variable in qmailadmin.c. The PATHINFO is a standard CGI environment variable filled with user supplied...

7.5CVSS7AI score0.04499EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/17 12:0 a.m.•29 views

WordPress: Multiple vulnerabilities

Background WordPress is a PHP and MySQL based multiuser blogging system. Description "random" discovered that users can enter serialized objects as strings in their profiles that will be harmful when unserialized. "adapter" found out that user-edit.php fails to effectively deny non-permitted user...

6CVSS6.3AI score0.03432EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/08 12:0 a.m.•29 views

ClamAV: Heap buffer overflow

Background ClamAV is a GPL virus scanner. Description Damian Put has discovered a boundary error in the pefromupx function used by the UPX extraction module, which unpacks PE Windows executable files. Both the "clamscan" command-line utility and the "clamd" daemon are affected. Impact By sending ...

7.5CVSS7AI score0.19058EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/06/12 12:0 a.m.•29 views

GDM: Privilege escalation

Background GDM is the GNOME display manager. Description GDM allows a normal user to access the configuration manager. Impact When the "face browser" in GDM is enabled, a normal user can use the "configure login manager" with his/her own password instead of the root password, and thus gain...

3.7CVSS6.6AI score0.0036EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/04/07 12:0 a.m.•29 views

ClamAV: Multiple vulnerabilities

Background ClamAV is a GPL virus scanner. Description ClamAV contains format string vulnerabilities in the logging code CVE-2006-1615. Furthermore Damian Put discovered an integer overflow in ClamAV's PE header parser CVE-2006-1614 and David Luyer discovered that ClamAV can be tricked into...

10CVSS7.2AI score0.11352EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/03/21 12:0 a.m.•29 views

Pngcrush: Buffer overflow

Background Pngcrush is an optimizer for PNG files. Description Carsten Lohrke of Gentoo Linux reported that Pngcrush contains a vulnerable version of zlib GLSA 200507-19. Impact By creating a specially crafted data stream, attackers can overwrite data structures for applications that use Pngcrush...

5CVSS9.6AI score0.03999EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/02/06 12:0 a.m.•29 views

ADOdb: PostgresSQL command injection

Background ADOdb is an abstraction library for PHP creating a common API for a wide range of database backends. Description Andy Staudacher discovered that ADOdb does not properly sanitize all parameters. Impact By sending specifically crafted requests to an application that uses ADOdb and a...

5CVSS7.4AI score0.02842EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/01/29 12:0 a.m.•29 views

LibAST: Privilege escalation

Background LibAST is a utility library that was originally intended to accompany Eterm, but may be used by various other applications. Description Michael Jennings discovered an exploitable buffer overflow in the configuration engine of LibAST. Impact The vulnerability can be exploited to gain...

4.6CVSS7AI score0.00727EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/11/18 12:0 a.m.•29 views

Smb4k: Local unauthorized file access

Background Smb4K is a SMB/CIFS share browser for KDE. Description A vulnerability leading to unauthorized file access has been found. A pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a textfile will cause Smb4k to write the contents of these files to the target of the symlink, as...

2.1CVSS6.4AI score0.00364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/01 12:0 a.m.•29 views

MPlayer: Heap overflow in ad_pcm.c

Background MPlayer is a media player capable of handling multiple multimedia file formats. Description Sven Tantau discovered a heap overflow in the code handling the strf chunk of PCM audio streams. Impact An attacker could craft a malicious video or audio file which, when opened using MPlayer,...

7.5CVSS7AI score0.03257EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/02 12:0 a.m.•29 views

nbSMTP: Format string vulnerability

Background nbSMTP is an SMTP client suitable to run in chroot jails, in embedded systems, laptops and workstations. Description Niels Heinen discovered a format string vulnerability. Impact An attacker can setup a malicious SMTP server and exploit this vulnerability to execute arbitrary code with...

7.5CVSS7.3AI score0.09939EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/28 12:0 a.m.•29 views

Ethereal: Multiple vulnerabilities

Background Ethereal is a feature-rich network protocol analyzer. Description There are numerous vulnerabilities in versions of Ethereal prior to 0.10.12, including: The SMB dissector could overflow a buffer or exhaust memory CAN-2005-2365. iDEFENSE discovered that several dissectors are vulnerabl...

7.5CVSS7.7AI score0.06143EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/12 12:0 a.m.•29 views

MIT Kerberos 5: Multiple vulnerabilities

Background MIT Kerberos 5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the heap by freeing unallocated memory when receiving a special TCP request...

9.8CVSS7.7AI score0.11012EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/08 12:0 a.m.•29 views

SilverCity: Insecure file permissions

Background SilverCity provides lexical analysis for over 20 programming and markup languages. Description The SilverCity package installs three executable files with insecure permissions. Impact A local attacker could modify the executable files, causing arbitrary code to be executed with the...

7.8CVSS6.7AI score0.0034EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/15 12:0 a.m.•29 views

OpenOffice.Org: DOC document Heap Overflow

Background OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. Description AD-LAB has discovered a heap overflow in the "StgCompObjStream::Load" function when processing D...

5.1CVSS7.2AI score0.04132EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/30 12:0 a.m.•29 views

Smarty: Template vulnerability

Background Smarty is a template engine for PHP. The "template security" feature of Smarty is designed to help reduce the risk of a system compromise when you have untrusted parties editing templates. Description A vulnerability has been discovered within the regexreplace modifier of the Smarty...

7.5CVSS7.2AI score0.01532EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/25 12:0 a.m.•29 views

IPsec-Tools: racoon Denial of service

Background IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Description Sebastian Krahmer has reported a potential remote Denial of Service vulnerability in the ISAKMP header parsing cod...

5CVSS6.5AI score0.02433EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/02 12:0 a.m.•29 views

enscript: Multiple vulnerabilities

Background enscript is a powerful ASCII to PostScript file converter. Description Erik Sjolund discovered several issues in enscript: it suffers from several buffer overflows CAN-2004-1186, quotes and shell escape characters are insufficiently sanitized in filenames CAN-2004-1185, and it supporte...

7.5CVSS2.6AI score0.04476EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/11 12:0 a.m.•29 views

poppassd_pam: Unauthorized password changing

Background poppassdpam is a PAM-enabled server for changing system passwords that can be used to change POP server passwords. Description Gentoo Linux developer Marcus Hanwell discovered that poppassdpam did not check that the old password was valid before changing passwords. Our investigation...

10CVSS6.5AI score0.02444EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/05 12:0 a.m.•29 views

Mozilla, Firefox, Thunderbird: Various vulnerabilities

Background Mozilla is a popular web browser that includes a mail and newsreader. Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation browser and mail client from the Mozilla project. Description Maurycy Prodeus from isec.pl found a potentially exploitable buffer overflow ...

7.2CVSS1.5AI score0.01805EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/12/30 12:0 a.m.•29 views

PHProjekt: Remote code execution vulnerability

Background PHProjekt is a modular groupware web application used to coordinate group activities and share files. Description cYon discovered that the authform.inc.php script allows a remote user to define the global variable $pathpre. Impact A remote attacker can exploit this vulnerability to for...

4.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/12/21 12:0 a.m.•29 views

Zwiki: XSS vulnerability

Background Zwiki is a Zope wiki-clone for easy-to-edit collaborative websites. Description Due to improper input validation, Zwiki can be exploited to perform cross-site scripting attacks. Impact By enticing a user to read a specially-crafted wiki entry, an attacker can execute arbitrary script...

6.8CVSS3.6AI score0.04945EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/11/08 12:0 a.m.•29 views

OpenSSL, Groff: Insecure tempfile handling

Background OpenSSL is a toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols as well as a general-purpose cryptography library. It includes the derchop script, which is used to convert DER-encoded certificates to PEM format. Groff GNU Troff is a typesetting package...

2.1CVSS6AI score0.00415EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/06 12:0 a.m.•29 views

ImageMagick: EXIF buffer overflow

Background ImageMagick is a collection of tools to read, write and manipulate images in many formats. Description ImageMagick fails to do proper bounds checking when handling image files with EXIF information. Impact An attacker could use an image file with specially-crafted EXIF information to...

10CVSS7AI score0.05843EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/02 12:0 a.m.•29 views

libxml2: Remotely exploitable buffer overflow

Background libxml2 is an XML parsing library written in C. Description Multiple buffer overflows have been detected in the nanoftp and nanohttp modules. These modules are responsible for parsing URLs with ftp information, and resolving names via DNS. Impact An attacker could exploit an applicatio...

10CVSS7AI score0.21686EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/10/27 12:0 a.m.•29 views

rssh: Format string vulnerability

Background rssh is a restricted shell, allowing only a few commands like scp or sftp. It is often used as a complement to OpenSSH to provide limited access to users. Description Florian Schilhabel from the Gentoo Linux Security Audit Team found a format string vulnerability in rssh syslogging of...

9CVSS1.7AI score0.04702EPSS
Exploits0
Total number of security vulnerabilities3816