Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2006/12/10 12:0 a.m.•29 views

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla Project. Description It has been identified that Mozilla Thunderbird improperly handles Script objects while they are being executed, allowing them to be modified during execution. JavaScript is disabled in...

7.5CVSS7.6AI score0.05531EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/12/10 12:0 a.m.•29 views

ModPlug: Multiple buffer overflows

Background ModPlug is a library for playing MOD-like music. Description Luigi Auriemma has reported various boundary errors in loadit.cpp and a boundary error in the "CSoundFile::ReadSample" function in sndfile.cpp. Impact A remote attacker can entice a user to read crafted modules or ITP files,...

5.1CVSS7.3AI score0.08325EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/21 12:0 a.m.•29 views

qmailAdmin: Buffer overflow

Background qmailAdmin is a free software package that provides a web interface for managing a qmail system with virtual domains. Description qmailAdmin fails to properly handle the "PATHINFO" variable in qmailadmin.c. The PATHINFO is a standard CGI environment variable filled with user supplied...

7.5CVSS7AI score0.04499EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/17 12:0 a.m.•29 views

WordPress: Multiple vulnerabilities

Background WordPress is a PHP and MySQL based multiuser blogging system. Description "random" discovered that users can enter serialized objects as strings in their profiles that will be harmful when unserialized. "adapter" found out that user-edit.php fails to effectively deny non-permitted user...

6CVSS6.3AI score0.03432EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/08 12:0 a.m.•29 views

ClamAV: Heap buffer overflow

Background ClamAV is a GPL virus scanner. Description Damian Put has discovered a boundary error in the pefromupx function used by the UPX extraction module, which unpacks PE Windows executable files. Both the "clamscan" command-line utility and the "clamd" daemon are affected. Impact By sending ...

7.5CVSS7AI score0.19058EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/06/19 12:0 a.m.•29 views

Typespeed: Remote execution of arbitrary code

Background Typespeed is a game to test and practice 10-finger-typing. Network code allows two users to compete head-to-head. Description Niko Tyni discovered a buffer overflow in the addnewword function of Typespeed's network code. Impact By sending specially crafted network packets to a machine...

7.5CVSS7.6AI score0.03644EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/12 12:0 a.m.•29 views

GDM: Privilege escalation

Background GDM is the GNOME display manager. Description GDM allows a normal user to access the configuration manager. Impact When the "face browser" in GDM is enabled, a normal user can use the "configure login manager" with his/her own password instead of the root password, and thus gain...

3.7CVSS6.6AI score0.0036EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/05/21 12:0 a.m.•29 views

libextractor: Two heap-based buffer overflows

Background libextractor is a library used to extract metadata from arbitrary files. Description Luigi Auriemma has found two heap-based buffer overflows in libextractor 0.5.13 and earlier: one of them occurs in the asfreadheader function in the ASF plugin, and the other occurs in the parsetrakato...

4CVSS4.7AI score0.0892EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/04/07 12:0 a.m.•29 views

ClamAV: Multiple vulnerabilities

Background ClamAV is a GPL virus scanner. Description ClamAV contains format string vulnerabilities in the logging code CVE-2006-1615. Furthermore Damian Put discovered an integer overflow in ClamAV's PE header parser CVE-2006-1614 and David Luyer discovered that ClamAV can be tricked into...

10CVSS7.2AI score0.11352EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/01/29 12:0 a.m.•29 views

LibAST: Privilege escalation

Background LibAST is a utility library that was originally intended to accompany Eterm, but may be used by various other applications. Description Michael Jennings discovered an exploitable buffer overflow in the configuration engine of LibAST. Impact The vulnerability can be exploited to gain...

4.6CVSS7AI score0.00727EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/11/18 12:0 a.m.•29 views

Smb4k: Local unauthorized file access

Background Smb4K is a SMB/CIFS share browser for KDE. Description A vulnerability leading to unauthorized file access has been found. A pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a textfile will cause Smb4k to write the contents of these files to the target of the symlink, as...

2.1CVSS6.4AI score0.00364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/16 12:0 a.m.•29 views

GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities

Background GTK+ the GIMP Toolkit is a toolkit for creating graphical user interfaces. The GdkPixbuf library provides facilities for image handling. It is available as a standalone library and also packaged with GTK+ 2. Description iDEFENSE reported a possible heap overflow in the XPM loader...

7.8CVSS7AI score0.04708EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/08 12:0 a.m.•29 views

xine-lib: Format string vulnerability

Background xine-lib is a multimedia library which can be utilized to create multimedia frontends. It includes functions to retrieve information about audio CD contents from public CDDB servers. Description Ulf Harnhammar discovered a format string bug in the routines handling CDDB server response...

7.5CVSS6.4AI score0.09676EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2005/09/01 12:0 a.m.•29 views

MPlayer: Heap overflow in ad_pcm.c

Background MPlayer is a media player capable of handling multiple multimedia file formats. Description Sven Tantau discovered a heap overflow in the code handling the strf chunk of PCM audio streams. Impact An attacker could craft a malicious video or audio file which, when opened using MPlayer,...

7.5CVSS7AI score0.03257EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/02 12:0 a.m.•29 views

nbSMTP: Format string vulnerability

Background nbSMTP is an SMTP client suitable to run in chroot jails, in embedded systems, laptops and workstations. Description Niels Heinen discovered a format string vulnerability. Impact An attacker can setup a malicious SMTP server and exploit this vulnerability to execute arbitrary code with...

7.5CVSS7.3AI score0.09939EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/28 12:0 a.m.•29 views

Ethereal: Multiple vulnerabilities

Background Ethereal is a feature-rich network protocol analyzer. Description There are numerous vulnerabilities in versions of Ethereal prior to 0.10.12, including: The SMB dissector could overflow a buffer or exhaust memory CAN-2005-2365. iDEFENSE discovered that several dissectors are vulnerabl...

7.5CVSS7.7AI score0.06143EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/12 12:0 a.m.•29 views

MIT Kerberos 5: Multiple vulnerabilities

Background MIT Kerberos 5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the heap by freeing unallocated memory when receiving a special TCP request...

9.8CVSS7.7AI score0.11012EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/08 12:0 a.m.•29 views

SilverCity: Insecure file permissions

Background SilverCity provides lexical analysis for over 20 programming and markup languages. Description The SilverCity package installs three executable files with insecure permissions. Impact A local attacker could modify the executable files, causing arbitrary code to be executed with the...

7.8CVSS6.7AI score0.0034EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/01 12:0 a.m.•29 views

Binutils, elfutils: Buffer overflow

Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Elfutils provides a library and utilities to access, modify and analyse ELF objects. Description Tavis...

4.6CVSS7.1AI score0.006EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/15 12:0 a.m.•29 views

OpenOffice.Org: DOC document Heap Overflow

Background OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. Description AD-LAB has discovered a heap overflow in the "StgCompObjStream::Load" function when processing D...

5.1CVSS7.2AI score0.04132EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/30 12:0 a.m.•29 views

Smarty: Template vulnerability

Background Smarty is a template engine for PHP. The "template security" feature of Smarty is designed to help reduce the risk of a system compromise when you have untrusted parties editing templates. Description A vulnerability has been discovered within the regexreplace modifier of the Smarty...

7.5CVSS7.2AI score0.01532EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/02 12:0 a.m.•29 views

enscript: Multiple vulnerabilities

Background enscript is a powerful ASCII to PostScript file converter. Description Erik Sjolund discovered several issues in enscript: it suffers from several buffer overflows CAN-2004-1186, quotes and shell escape characters are insufficiently sanitized in filenames CAN-2004-1185, and it supporte...

7.5CVSS2.6AI score0.04476EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/11 12:0 a.m.•29 views

poppassd_pam: Unauthorized password changing

Background poppassdpam is a PAM-enabled server for changing system passwords that can be used to change POP server passwords. Description Gentoo Linux developer Marcus Hanwell discovered that poppassdpam did not check that the old password was valid before changing passwords. Our investigation...

10CVSS6.5AI score0.02444EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/12/30 12:0 a.m.•29 views

PHProjekt: Remote code execution vulnerability

Background PHProjekt is a modular groupware web application used to coordinate group activities and share files. Description cYon discovered that the authform.inc.php script allows a remote user to define the global variable $pathpre. Impact A remote attacker can exploit this vulnerability to for...

4.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/12/21 12:0 a.m.•29 views

Zwiki: XSS vulnerability

Background Zwiki is a Zope wiki-clone for easy-to-edit collaborative websites. Description Due to improper input validation, Zwiki can be exploited to perform cross-site scripting attacks. Impact By enticing a user to read a specially-crafted wiki entry, an attacker can execute arbitrary script...

6.8CVSS3.6AI score0.04945EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/11/06 12:0 a.m.•29 views

ImageMagick: EXIF buffer overflow

Background ImageMagick is a collection of tools to read, write and manipulate images in many formats. Description ImageMagick fails to do proper bounds checking when handling image files with EXIF information. Impact An attacker could use an image file with specially-crafted EXIF information to...

10CVSS7AI score0.05843EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/02 12:0 a.m.•29 views

libxml2: Remotely exploitable buffer overflow

Background libxml2 is an XML parsing library written in C. Description Multiple buffer overflows have been detected in the nanoftp and nanohttp modules. These modules are responsible for parsing URLs with ftp information, and resolving names via DNS. Impact An attacker could exploit an applicatio...

10CVSS7AI score0.21686EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/10/27 12:0 a.m.•29 views

rssh: Format string vulnerability

Background rssh is a restricted shell, allowing only a few commands like scp or sftp. It is often used as a complement to OpenSSH to provide limited access to users. Description Florian Schilhabel from the Gentoo Linux Security Audit Team found a format string vulnerability in rssh syslogging of...

9CVSS1.7AI score0.04702EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/09 12:0 a.m.•29 views

ed: Insecure temporary file handling

Background ed is a line-oriented text editor, used to create or modify text files, both interactively and via shell scripts. Description ed insecurely creates temporary files in world-writeable directories with predictable names. Given that ed is used in various system shell scripts, they are by...

4.6CVSS6.2AI score0.00392EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/01 12:0 a.m.•29 views

sharutils: Buffer overflows in shar.c and unshar.c

Background sharutils contains utilities to manage shell archives. Description sharutils contains two buffer overflows. Ulf Harnhammar discovered a buffer overflow in shar.c, where the length of data returned by the wc command is not checked. Florian Schilhabel discovered another buffer overflow i...

7.5CVSS2.6AI score0.02992EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/14 12:0 a.m.•29 views

SUS: Local root vulnerability

Background SUS is a utility that allows regular users to be able to execute certain commands as root. Description Leon Juranic found a bug in the logging functionality of SUS that can lead to local privilege escalation. A format string vulnerability exists in the log function due to an incorrect...

7.2CVSS3.5AI score0.0062EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/08/05 12:0 a.m.•29 views

Opera: Multiple new vulnerabilities

Background Opera is a multi-platform web browser. Description Multiple vulnerabilities have been found in the Opera web browser. Opera fails to deny write access to the "location" browser object. An attacker can overwrite methods in this object and gain script access to any page that uses one of...

5CVSS1.7AI score0.02989EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/05/23 12:0 a.m.•29 views

Buffer Overflow in Firebird

Background Firebird is an open source relational database that runs on Linux, Windows, and various UNIX systems. Description A buffer overflow exists in three Firebird binaries gdsinetserver, gdslockmgr, and gdsdrop that is exploitable by setting a large value to the INTERBASE environment variabl...

4.6CVSS7AI score0.01012EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/05/20 12:0 a.m.•29 views

cadaver heap-based buffer overflow

Background cadaver is a command-line WebDAV client. Description Stefan Esser discovered a vulnerability in the code of the neon library see GLSA 200405-13. This library is also included in cadaver. Impact When connected to a malicious WebDAV server, this vulnerability could allow remote execution...

7.5CVSS7AI score0.05015EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/05/11 12:0 a.m.•29 views

ClamAV VirusEvent parameter vulnerability

Background From http://www.clamav.net/ : "Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for...

4.6CVSS1.3AI score0.00585EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/04/26 12:0 a.m.•29 views

Multiple Vulnerabilities in ssmtp

Background SSMTP is a very simple mail transfer agent MTA that relays mail from the local machine to another SMTP host. It is not designed to function as a full mail server; its sole purpose is to relay mail. Description There are two format string vulnerabilities inside the logevent and die...

5CVSS7.2AI score0.03504EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/09/22 12:0 a.m.•28 views

Rust: Multiple Vulnerabilities

Background A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Description Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

7.9CVSS7.7AI score0.00763EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/08/07 12:0 a.m.•28 views

aiohttp: Multiple Vulnerabilities

Background aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Description Multiple vulnerabilities have been discovered in aiohttp. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

7.5CVSS7.7AI score0.01085EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2024/08/06 12:0 a.m.•28 views

containerd: Multiple Vulnerabilities

Background containerd is a daemon with an API and a command line client, to manage containers on one machine. It uses runC to run containers according to the OCI specification. Description Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced...

7.8CVSS7.8AI score0.00542EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/07/10 12:0 a.m.•28 views

Buildah: Multiple Vulnerabilities

Background Buildah is a tool that facilitates building Open Container Initiative OCI container images Description Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

10CVSS7.3AI score0.02983EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/07/05 12:0 a.m.•28 views

PuTTY: Multiple Vulnerabilities

Background PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator. Description Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below for details. Impact Please review the reference...

5.9CVSS10AI score0.93305EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2024/05/08 12:0 a.m.•28 views

Epiphany: Buffer Overflow

Background Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko. Description A vulnerability has been discovered in Epiphany. Please review the CVE identifier referenced below for details. Impact In GNOME Epiphany an HTML document can trigger a client buffer overflow in...

7.5CVSS7.5AI score0.01952EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/05/04 12:0 a.m.•28 views

systemd: Multiple Vulnerabilities

Background A system and service manager. Description Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

5.5CVSS10AI score0.00867EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/02/19 12:0 a.m.•28 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

9.8CVSS10AI score0.20472EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/02/18 12:0 a.m.•28 views

GNU Tar: Out of Bounds Read

Background The GNU Tar program provides the ability to create tar archives, as well as various other kinds of manipulation. Description A vulnerability have been discovered in GNU Tar. Please review the CVE identifier referenced below for details. Impact GNU Tar has a one-byte out-of-bounds read...

5.5CVSS6.9AI score0.04524EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/01/31 12:0 a.m.•28 views

libaom: Multiple Vulnerabilities

Background libaom is the Alliance for Open Media's AV1 Codec SDK. Description Multiple vulnerabilities have been discovered in libaom. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

9.8CVSS7.7AI score0.02216EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2024/01/24 12:0 a.m.•28 views

GOCR: Multiple Vulnerabilities

Background GOCR is an OCR Optical Character Recognition program, developed under the GNU Public License. It converts scanned images of text back to text files. Description Multiple vulnerabilities have been discovered in GOCR. Please review the CVE identifiers referenced below for details. Impact...

7.8CVSS7.2AI score0.01141EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2023/05/03 12:0 a.m.•28 views

dbus-broker: Multiple Vulnerabilities

Background dbus-broker is a Linux D-Bus message broker. Description Multiple vulnerabilities have been discovered in dbus-broker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaroun...

7.5CVSS7.1AI score0.01749EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2023/01/11 12:0 a.m.•28 views

Alpine: Multiple Vulnerabilities

Background Alpine is an easy to use text-based based mail and news client. Description Multiple vulnerabilities have been discovered in Alpine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

5.9CVSS2.6AI score0.01565EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2022/11/22 12:0 a.m.•28 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

9.8CVSS2.7AI score0.01061EPSS
Exploits0
Total number of security vulnerabilities3816