Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2024/08/07 12:0 a.m.•28 views

Redis: Multiple Vulnerabilities

Background Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache and message broker. Description Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...

8.8CVSS7.7AI score0.77422EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/08/06 12:0 a.m.•28 views

containerd: Multiple Vulnerabilities

Background containerd is a daemon with an API and a command line client, to manage containers on one machine. It uses runC to run containers according to the OCI specification. Description Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced...

7.8CVSS7.8AI score0.00542EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/07/10 12:0 a.m.•28 views

Buildah: Multiple Vulnerabilities

Background Buildah is a tool that facilitates building Open Container Initiative OCI container images Description Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

10CVSS7.3AI score0.02983EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/07/05 12:0 a.m.•28 views

PuTTY: Multiple Vulnerabilities

Background PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator. Description Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below for details. Impact Please review the reference...

5.9CVSS10AI score0.93305EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2024/05/08 12:0 a.m.•28 views

Epiphany: Buffer Overflow

Background Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko. Description A vulnerability has been discovered in Epiphany. Please review the CVE identifier referenced below for details. Impact In GNOME Epiphany an HTML document can trigger a client buffer overflow in...

7.5CVSS7.5AI score0.01952EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/05/04 12:0 a.m.•28 views

systemd: Multiple Vulnerabilities

Background A system and service manager. Description Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

5.5CVSS10AI score0.00867EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/02/19 12:0 a.m.•28 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

9.8CVSS10AI score0.20472EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/02/18 12:0 a.m.•28 views

GNU Tar: Out of Bounds Read

Background The GNU Tar program provides the ability to create tar archives, as well as various other kinds of manipulation. Description A vulnerability have been discovered in GNU Tar. Please review the CVE identifier referenced below for details. Impact GNU Tar has a one-byte out-of-bounds read...

5.5CVSS6.9AI score0.04524EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/01/31 12:0 a.m.•28 views

libaom: Multiple Vulnerabilities

Background libaom is the Alliance for Open Media's AV1 Codec SDK. Description Multiple vulnerabilities have been discovered in libaom. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

9.8CVSS7.7AI score0.02216EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2024/01/24 12:0 a.m.•28 views

GOCR: Multiple Vulnerabilities

Background GOCR is an OCR Optical Character Recognition program, developed under the GNU Public License. It converts scanned images of text back to text files. Description Multiple vulnerabilities have been discovered in GOCR. Please review the CVE identifiers referenced below for details. Impact...

7.8CVSS7.2AI score0.01141EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2023/12/20 12:0 a.m.•28 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

9.8CVSS7.6AI score0.0093EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2022/09/29 12:0 a.m.•28 views

Kitty: Arbitrary Code Execution

Background Kitty is a fast, feature-rich, GPU-based terminal. Description Carter Sande discovered that maliciously constructed control sequences can cause Kitty to display a notification that, when clicked, can cause Kitty to execute arbitrary commands. Impact Kitty can produce notifications that...

7.8CVSS4.4AI score0.00481EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2022/09/25 12:0 a.m.•28 views

HarfBuzz: Multiple vulnerabilities

Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...

6.5CVSS1.6AI score0.0178EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2022/08/10 12:0 a.m.•28 views

Motion: Denial of service

Background Motion is a program that monitors the video signal from one or more cameras and is able to detect motions. Description The Motion HTTP server does not correctly perform URL decoding. If the HTTP server receives a request for a URL containing an incomplete percent-encoded character, a...

7.5CVSS1.9AI score0.04431EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2021/07/08 12:0 a.m.•28 views

Mechanize: Command injection

Background Mechanize is a Ruby library used for automating interaction with websites. Description Mechanize does not neutralize filename input and could allow arbitrary code execution if an attacker can control filenames used by Mechanize. Impact Please review the referenced CVE identifiers for...

8.3CVSS3.9AI score0.03507EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/07/29 12:0 a.m.•28 views

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

8.8CVSS2AI score0.22868EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/07/28 12:0 a.m.•28 views

Claws Mail: Improper STARTTLS handling

Background Claws Mail is a GTK based e-mail client. Description It was discovered that Claws Mail was not properly handling state within the STARTTLS protocol handshake. Impact There may be a breach of integrity or confidentiality in connections made using Claws Mail with STARTTLS. Workaround The...

9.8CVSS1.4AI score0.02592EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/06/15 12:0 a.m.•28 views

Asterisk: Root privilege escalation

Background A Modular Open Source PBX System. Description It was discovered that Gentoo’s Asterisk ebuild does not properly set permissions on its data directories. This only affects OpenRC systems, as the flaw was exploitable via the init script. Impact A local attacker could escalate privileges...

7.2AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2018/04/08 12:0 a.m.•28 views

SPICE VDAgent: Arbitrary command injection

Background Provides a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share USB devices and share folders without complications. Description SPICE VDAgent does not properly escape save directory before passing to shell...

7.8CVSS3AI score0.00419EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2017/06/22 12:0 a.m.•28 views

Urban Terror: Multiple vulnerabilities

Background Urban Terror is a free multiplayer first person shooter developed by FrozenSand, that will run on any Quake III Arena compatible engine. Description Multiple vulnerabilities have been discovered in Urban Terror. Please review the CVE identifiers referenced below for details. Impact A...

10CVSS7.3AI score0.0869EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2017/01/01 12:0 a.m.•28 views

e2fsprogs: Heap-based buffer overflow

Background e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Description A heap-based buffer overflow was discovered in openfs.c in the libext2fs library in e2fsprogs. Impact A remote attacker could entice a user to use ext2fs library for example, fsck on a...

4.6CVSS9.7AI score0.00897EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2016/07/20 12:0 a.m.•28 views

Varnish: Multiple vulnerabilities

Background Varnish is a web application accelerator. Description Varnish fails to properly validate input from HTTP headers, and does not deny requests with multiple Content-Length headers. Impact Remote attackers could conduct an HTTP response splitting attack, which may further enable them to...

7.5CVSS7.3AI score0.03524EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2016/05/30 12:0 a.m.•28 views

rsync: Multiple vulnerabilities

Background File transfer program to keep remote files into sync. Description Multiple vulnerabilities have been discovered in rsync. Please review the CVE identifiers referenced below for details. Impact Remote attackers could write arbitrary files via symlink attacks. Workaround There is no know...

6.4CVSS9.3AI score0.06499EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2015/02/06 12:0 a.m.•28 views

mpg123: User-assisted execution of arbitrary code

Background mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and 3. Description An issue has been found in mpg123 when decoding specifically crafted MP3 file, that causes a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted MPEG...

7.5CVSS7.8AI score0.02291EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/12/28 12:0 a.m.•28 views

getmail: Information disclosure

Background getmail is a POP3 mail retriever with reliable Maildir and mbox delivery. Description Multiple vulnerabilities have been discovered in getmail. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a man-in-the-middle attack via multiple...

6.8CVSS6.5AI score0.00928EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/06/25 12:0 a.m.•28 views

DenyHosts: Denial of service

Background DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks. Description DenyHosts does not properly define the regular expressions used when parsing SSH authentication logs. Impact A remote attacker could possibly cause a Denial of Service...

5CVSS6.4AI score0.08896EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/06/05 12:0 a.m.•28 views

Mutt: Arbitrary code execution

Background Mutt is a small but powerful text-based mail client. Description A heap-based buffer overflow has been discovered in the muttcopyhdr function. Impact A remote attacker could send a specially crafted message, possibly resulting in execution of arbitrary code with the privileges of the...

5CVSS7.4AI score0.05155EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2014/05/18 12:0 a.m.•28 views

Charybdis, ShadowIRCd: Denial of service

Background Charybdis is the Atheme Project’s IRC daemon based on ratbox. ShadowIRCd is an IRC daemon based on Charybdis that adds several useful features. Description A vulnerability has been discovered in Charybdis and ShadowIRCd. Please review the CVE identifier referenced below for details...

5CVSS6.4AI score0.03049EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2014/02/28 12:0 a.m.•28 views

Chrony: Multiple vulnerabilities

Background Chrony is a pair of programs which are used to maintain the accuracy of the system clock on a computer. Description Multiple vulnerabilities have been discovered in Chrony. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a...

5CVSS8AI score0.03271EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/02/26 12:0 a.m.•28 views

pidgin-knotify: Arbitrary code execution

Background pidgin-knotify is a Pidgin plug-in to display message notifications in KDE. Description pidgin-knotify does not properly sanitize shell metacharacters from received messages. Impact A remote attacker could send a specially crafted instant message, possibly resulting in execution of...

5.1CVSS7.1AI score0.01518EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/02/21 12:0 a.m.•28 views

libXfont: Multiple vulnerabilities

Background libXfont is an X11 font rasterisation library. Description Multiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details. Impact A local attacker could use a specially crafted file to gain privileges or cause a Denial of Servi...

9.3CVSS8.1AI score0.10254EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2014/02/10 12:0 a.m.•28 views

International Components for Unicode: Denial of service

Background International Components for Unicode is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Multiple vulnerabilities have been discovered in International Components for Unicode. Please review the CVE identifiers referenc...

7.5CVSS6.9AI score0.02531EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/02/05 12:0 a.m.•28 views

Banshee: Arbitrary code execution

Background Banshee is a multimedia management and playback application for GNOME. Description Banshee places a zero-length directory name in PATH, which allows libraries to be loaded from the working directory. Impact A local attacker could put specially crafted library into working directory of...

6.9CVSS6.8AI score0.00422EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2014/01/20 12:0 a.m.•28 views

GNUstep Base library: Multiple vulnerabilities

Background GNUstep Base library is a free software package implementing the API of the OpenStep Foundation Kit tm, including later additions. Description Multiple vulnerabilities have been discovered in GNUstep Base library. Please review the CVE identifiers referenced below for details. Impact A...

7.2CVSS7.1AI score0.00862EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2014/01/05 12:0 a.m.•28 views

Libgdiplus: Arbitrary code execution

Background Libgdiplus is the Mono library that provide a GDI+ comptible API on non-Windows operating systems. Description An integer overflow flaw has been discovered in Libgdiplus. Impact A remote attacker could entice a user to open a specially-crafted TIFF/JPEG/BMP file, potentially resulting ...

6.8CVSS7.1AI score0.01914EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/09/25 12:0 a.m.•28 views

libvirt: Multiple vulnerabilities

Background libvirt is a C toolkit for manipulating virtual machines. Description An error in the virNetMessageFree function in rpc/virnetserverclient.c can lead to a use-after-free. Additionally, a socket leak in the remoteDispatchStoragePoolListAllVolumes command can lead to file descriptor...

6.8CVSS8AI score0.05774EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/09/11 12:0 a.m.•28 views

Snack: User-assisted execution of arbitrary code

Background Snack is a sound toolkit for creating multi-platform audio applications with scripting languages. Description The GetWavHeader function in jkSoundFile.c does not have boundary checks when parsing format sub-chunks or unknown sub-chunks. Impact A remote attacker could entice a user to...

6.8CVSS6.8AI score0.10239EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2012/09/28 12:0 a.m.•28 views

GIMP: Multiple vulnerabilities

Background GIMP is the GNU Image Manipulation Program. Description Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a...

9.3CVSS8.2AI score0.81722EPSS
Exploits19
Gentoo Linux
Gentoo Linux
•added 2012/06/25 12:0 a.m.•28 views

msmtp: X.509 NULL spoofing vulnerability

Background msmtp is an SMTP client and SMTP plugin for mail user agents such as Mutt. Description A vulnerability have been discovered in msmtp. Please review the CVE identifier referenced below for details. Impact A remote attacker might employ a specially crafted certificate to conduct...

6.4CVSS6.4AI score0.0108EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/03/06 12:0 a.m.•28 views

libmikmod: User-assisted execution of arbitrary code

Background libmikmod is a library to play a wide range of module formats. Description Multiple boundary errors have been found in loadit.c in libmikmod, which may cause a buffer overflow. Impact A remote attacker could entice a user to open specially crafted files in an application linked against...

9.3CVSS7.3AI score0.06716EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/01/23 12:0 a.m.•28 views

iSCSI Enterprise Target: Arbitrary code execution

Background iSCSI Enterprise Target is an open source iSCSI target with professional features. Description Multiple functions in usr/iscsi/isns.c of iSCSI Enterprise Target contain format string errors. Impact A remote attacker could send a specially-crafted Internet Storage Name Service iSNS...

5CVSS7AI score0.03381EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2011/11/20 12:0 a.m.•28 views

radvd: Multiple vulnerabilities

Background radvd is an IPv6 router advertisement daemon for Linux and BSD. Description Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Impact A remote unauthenticated attacker may be able to gain escalated privileges, escalat...

7.5CVSS7.4AI score0.03962EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/11/25 12:0 a.m.•28 views

dstat: Untrusted search path

Background dstat is a versatile system resource monitor written in Python. Description Robert Buchholz of the Gentoo Security Team reported that dstat includes the current working directory and subdirectories in the Python module search path sys.path before calling "import". Impact A local attack...

4.4CVSS6.7AI score0.0034EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/05/27 12:0 a.m.•28 views

libsndfile: User-assisted execution of arbitrary code

Background libsndfile is a C library for reading and writing files containing sampled sound. Description The following vulnerabilities have been found in libsndfile: Tobias Klein reported that the headerread function in src/common.c uses user input for calculating a buffer size, possibly leading ...

9.3CVSS8.4AI score0.08226EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/01/21 12:0 a.m.•28 views

Scilab: Insecure temporary file usage

Background Scilab is a scientific software package for numerical computations. Description Dmitry E. Oboukhov reported an insecure temporary file usage within the scilink, scidoc and scidem scripts. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the...

6.9CVSS6.3AI score0.00405EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/12/23 12:0 a.m.•28 views

ClamAV: Multiple vulnerabilities

Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Moritz Jodeit reported an off-by-one error within the getunicodename function in libclamav/vbaextract.c when processing VBA project files CVE-2008-5050. Ilja van...

9.3CVSS7.1AI score0.08293EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/09/25 12:0 a.m.•28 views

Git: User-assisted execution of arbitrary code

Background Git is a distributed version control system. Description Multiple boundary errors in the functions diffaddremove and diffchange when processing overly long repository path names were reported. Impact A remote attacker could entice a user to run commands like "git-diff" or "git-grep" on...

7.5CVSS7.2AI score0.04302EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/09/25 12:0 a.m.•28 views

Wireshark: Multiple Denials of Service

Background Wireshark is a network protocol analyzer with a graphical front-end. Description The following vulnerabilities were reported: Multiple buffer overflows in the NCP dissector CVE-2008-3146. Infinite loop in the NCP dissector CVE-2008-3932. Invalid read in the tvbuncompress function when...

10CVSS6.9AI score0.04036EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/09/22 12:0 a.m.•28 views

Newsbeuter: User-assisted execution of arbitrary code

Background Newsbeuter is a RSS/Atom feed reader for the text console. Description J.H.M. Dassen reported that the open-in-browser command does not properly escape shell metacharacters in the URL before passing it to system. Impact A remote attacker could entice a user to open a feed with speciall...

6.8CVSS6.9AI score0.01823EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/09/22 12:0 a.m.•28 views

R: Insecure temporary file creation

Background R is a GPL licensed implementation of S, a language and environment for statistical computing and graphics. Description Dmitry E. Oboukhov reported that the "javareconf" script uses temporary files in an insecure manner. Impact A local attacker could exploit this vulnerability to...

6.9CVSS6.2AI score0.00352EPSS
Exploits0
Total number of security vulnerabilities3816