Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2008/03/03 12:0 a.m.28 views

Mantis: Cross-Site Scripting

Background Mantis is a web-based bug tracking system. Description seiji reported that the filename for the uploaded file in bugreport.php is not properly sanitised before being stored. Impact A remote attacker could upload a file with a specially crafted to a bug report, resulting in the executio...

4.3CVSS6.7AI score0.01745EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/01/20 12:0 a.m.28 views

libcdio: User-assisted execution of arbitrary code

Background libcdio is a library for accessing CD-ROM and CD images. Description Devon Miller reported a boundary error in the "printiso9660recurse" function in files cd-info.c and iso-info.c when processing long filenames within Joliet images. Impact A remote attacker could entice a user to open ...

5CVSS7AI score0.12725EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2007/12/09 12:0 a.m.28 views

GNU Emacs: Multiple vulnerabilities

Background GNU Emacs is a highly extensible and customizable text editor. Description Drake Wilson reported that the hack-local-variables function in GNU Emacs 22 does not properly match assignments of local variables in a file against a list of unsafe or risky variables, allowing to override the...

10CVSS7.1AI score0.0307EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/10/16 12:0 a.m.28 views

Balsa: Buffer overflow

Background Balsa is a highly configurable email client for GNOME. Description Evil Ninja Squirrel discovered a stack-based buffer overflow in the irfetchseq function when receiving a long response to a FETCH command CVE-2007-5007. Impact A remote attacker could entice a user to connect to a...

6.8CVSS7.5AI score0.03893EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/10/07 12:0 a.m.28 views

QGit: Insecure temporary file creation

Background QGit is a graphical interface to git repositories that allows you to browse revisions history, view patch content and changed files. Description Raphael Marichez discovered that the DataLoader::doStart method creates temporary files in an insecure manner and executes them. Impact A loc...

6.9CVSS6.7AI score0.00448EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/08/16 12:0 a.m.28 views

Wireshark: Multiple vulnerabilities

Background Wireshark is a network protocol analyzer with a graphical front-end. Description Wireshark doesn't properly handle chunked encoding in HTTP responses CVE-2007-3389, iSeries capture files CVE-2007-3390, certain types of DCP ETSI packets CVE-2007-3391, and SSL or MMS packets CVE-2007-339...

7.8CVSS7.1AI score0.16258EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2007/07/02 12:0 a.m.28 views

Evolution: User-assisted remote execution of arbitrary code

Background Evolution is the mail client of the GNOME desktop environment. Camel is the Evolution Data Server module that handles mail functions. Description The imaprescan function of the file camel-imap-folder.c does not properly sanitize the "SEQUENCE" response sent by an IMAP server before bei...

6.8CVSS7.2AI score0.03122EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/05/13 12:0 a.m.28 views

XScreenSaver: Privilege escalation

Background XScreenSaver is a widely used screen saver collection shipped on systems running the X11 Window System. Description XScreenSaver incorrectly handles the results of the getpwuid function in drivers/lock.c when using directory servers during a network outage. Impact A local user can cras...

4.6CVSS6.2AI score0.00413EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/05/07 12:0 a.m.28 views

GIMP: Buffer overflow

Background GIMP is the GNU Image Manipulation Program. Description Marsu discovered that the "setcolortable" function in the SUNRAS plugin is vulnerable to a stack-based buffer overflow. Impact An attacker could entice a user to open a specially crafted .RAS file, possibly leading to the executio...

6.8CVSS7.1AI score0.15674EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/04/16 12:0 a.m.28 views

Vixie Cron: Denial of service

Background Vixie Cron is a command scheduler with extended syntax over cron. Description During an internal audit, Raphael Marichez of the Gentoo Linux Security Team found that Vixie Cron has weak permissions set on Gentoo, allowing for a local user to create hard links to system and users cron...

2.1CVSS6.5AI score0.00383EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/26 12:0 a.m.28 views

mgv: Stack overflow in included gv code

Background mgv is a Postscript viewer with a Motif interface, based on Ghostview and GNU gv. Description mgv includes code from gv that does not properly boundary check user-supplied data before copying it into process buffers. Impact An attacker could entice a user to open a specially crafted...

5.1CVSS7.1AI score0.14838EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/01/30 12:0 a.m.28 views

ELinks: Arbitrary Samba command execution

Background ELinks is a text mode web browser. Description Teemu Salmela discovered an error in the validation code of "smb://" URLs used by ELinks, the same issue as reported in GLSA 200612-16 concerning Links. Impact A remote attacker could entice a user to browse to a specially crafted "smb://"...

7.5CVSS7AI score0.0805EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/01/23 12:0 a.m.28 views

xine-ui: Format string vulnerabilities

Background xine-ui is a skin-based user interface for xine. xine is a free multimedia player. It plays CDs, DVDs, and VCDs, and can also decode other common multimedia formats. Description Due to the improper handling and use of format strings, the errorscreatewindow function in errors.c does not...

10CVSS7AI score0.03486EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/01/12 12:0 a.m.28 views

w3m: Format string vulnerability

Background w3m is a multi-platform text-based web browser. Description w3m in -dump or -backend mode does not correctly handle printf format string specifiers in the Common Name CN field of an X.509 SSL certificate. Impact An attacker could entice a user to visit a malicious website that would lo...

9.3CVSS6.9AI score0.04665EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/11/30 12:0 a.m.28 views

ProFTPD: Remote execution of arbitrary code

Background ProFTPD is a highly-configurable FTP server. Description Evgeny Legerov discovered a stack-based buffer overflow in the sreplace function in support.c, as well as a buffer overflow in in the modtls module. Additionally, an off-by-two error related to the CommandBufferSize configuration...

10CVSS7.4AI score0.74254EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2006/11/28 12:0 a.m.28 views

Mono: Insecure temporary file creation

Background Mono provides the necessary software to develop and run .NET client and server applications. Description Sebastian Krahmer of the SuSE Security Team discovered that the System.CodeDom.Compiler classes of Mono create temporary files with insecure permissions. Impact A local attacker cou...

6.2CVSS6.1AI score0.00449EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/11/21 12:0 a.m.28 views

Texinfo: Buffer overflow

Background Texinfo is the official documentation system of the GNU project. Description Miloslav Trmac from Red Hat discovered a buffer overflow in the "readline" function of texindex.c. The "readline" function is called by the texi2dvi and texindex commands. Impact By enticing a user to open a...

4.6CVSS7.5AI score0.00526EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/10/20 12:0 a.m.28 views

Cscope: Multiple buffer overflows

Background Cscope is a developer's tool for browsing source code. Description Unchecked use of strcpy and scanf leads to several buffer overflows. Impact A user could be enticed to open a carefully crafted file which would allow the attacker to execute arbitrary code with the permissions of the...

5.1CVSS7.3AI score0.03653EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/09/06 12:0 a.m.28 views

GTetrinet: Remote code execution

Background GTetrinet is a networked Tetris clone for GNOME 2. Description Michael Gehring has found that GTetrinet fails to properly handle array indexes. Impact An attacker can potentially execute arbitrary code by sending a negative number of players to the server. Workaround There is no known...

7.5CVSS7.3AI score0.04015EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/08/26 12:0 a.m.28 views

AlsaPlayer: Multiple buffer overflows

Background AlsaPlayer is a heavily multithreaded PCM player that tries to utilize ALSA utilities and drivers. As of June 2004, the project is inactive. Description AlsaPlayer contains three buffer overflows: in the function that handles the HTTP connections, the GTK interface, and the CDDB queryi...

5CVSS7AI score0.11082EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/08/06 12:0 a.m.28 views

pike: SQL injection vulnerability

Background Pike is a general purpose programming language, able to be used for multiple tasks. Description Some input is not properly sanitised before being used in a SQL statement in the underlying PostgreSQL database. Impact A remote attacker could provide malicious input to a pike program, whi...

7.5CVSS7.1AI score0.01729EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/07/25 12:0 a.m.28 views

Wireshark: Multiple vulnerabilities

Background Wireshark, formerly known as Ethereal, is a popular network protocol analyzer. Description Wireshark dissectors have been found vulnerable to a large number of exploits, including off-by-one errors, buffer overflows, format string overflows and an infinite loop. Impact Running an...

10CVSS7.5AI score0.0733EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/06/26 12:0 a.m.28 views

EnergyMech: Denial of service

Background EnergyMech is an IRC bot programmed in C. Description A bug in EnergyMech fails to handle empty CTCP NOTICEs correctly, and will cause a crash from a segmentation fault. Impact By sending an empty CTCP NOTICE, a remote attacker could exploit this vulnerability to cause a Denial of...

5CVSS6.3AI score0.0178EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/03/06 12:0 a.m.28 views

zoo: Stack-based buffer overflow

Background zoo is a file archiving utility for maintaining collections of files, written by Rahul Dhesi. Description Jean-Sebastien Guay-Leroux discovered a boundary error in the fullpath function in misc.c when processing overly long file and directory names in ZOO archives. Impact An attacker...

5.1CVSS7.3AI score0.0444EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/12/27 12:0 a.m.28 views

rssh: Privilege escalation

Background rssh is a restricted shell, allowing only a few commands like scp or sftp. It is often used as a complement to OpenSSH to provide limited access to users. Description Max Vozeler discovered that the rsshchroothelper command allows local users to chroot into arbitrary directories. Impac...

7.2CVSS6.7AI score0.00381EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/10/25 12:0 a.m.28 views

Zope: File inclusion through RestructuredText

Background Zope is an application server that can be used to build content management systems, intranets, portals or other custom applications. Description Zope honors file inclusion directives in RestructuredText objects by default. Impact An attacker could exploit the vulnerability by sending...

7.5CVSS6.7AI score0.03046EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/10/04 12:0 a.m.28 views

Uim: Privilege escalation vulnerability

Background Uim is a multilingual input method library which provides secure and useful input method for all languages. Description Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libui...

4.6CVSS7.4AI score0.0041EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/07/22 12:0 a.m.28 views

zlib: Buffer overflow

Background zlib is a widely used free and patent unencumbered data compression library. Description zlib improperly handles invalid data streams which could lead to a buffer overflow. Impact By creating a specially crafted compressed data stream, attackers can overwrite data structures for...

5CVSS9.7AI score0.03999EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/04/21 12:0 a.m.28 views

openMosixview: Insecure temporary file creation

Background The openMosixview package contains several tools used to manage openMosix clusters, including openMosixview the main monitoring and administration application and openMosixcollector a daemon collecting cluster and node information. Description Gangstuck and Psirac from Rexotec discover...

3.6CVSS6.2AI score0.00361EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/04/20 12:0 a.m.28 views

MPlayer: Two heap overflow vulnerabilities

Background MPlayer is a media player capable of handling multiple multimedia file formats. Description Heap overflows have been found in the code handling RealMedia RTSP and Microsoft Media Services streams over TCP MMST. Impact By setting up a malicious server and enticing a user to use its...

7.5CVSS7.3AI score0.0438EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/04/18 12:0 a.m.28 views

CVS: Multiple vulnerabilities

Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description Alen Zukich has discovered several serious security issues in CVS, including at least one buffer overflow CAN-2005-0753, memory leaks...

7.5CVSS7.7AI score0.04745EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/12 12:0 a.m.28 views

libexif: Buffer overflow vulnerability

Background libexif is a library for parsing, editing and saving EXIF data. Description libexif contains a buffer overflow vulnerability in the EXIF tag validation code. When opening an image with a specially crafted EXIF tag, the lack of validation can cause applications linked to libexif to cras...

2.6CVSS7.3AI score0.0446EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/04 12:0 a.m.28 views

LinPopUp: Buffer overflow in message reply

Background LinPopUp is a graphical application that acts as a frontend to Samba client messaging functions, allowing a Linux desktop to communicate with a Microsoft Windows computer that runs Winpopup. Description Stephen Dranger discovered that LinPopUp contains a buffer overflow in string.c,...

10CVSS3.3AI score0.09107EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/12/17 12:0 a.m.28 views

Samba: Integer overflow

Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Description Samba contains a bug when unmarshalling specific MS-RPC requests from clients. Impact A remote attacker may be able to execute...

10CVSS4.9AI score0.13196EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/11/23 12:0 a.m.28 views

ProZilla: Multiple vulnerabilities

Background ProZilla is a download accelerator for Linux. Description ProZilla contains several exploitable buffer overflows in the code handling the network protocols. Impact A remote attacker could setup a malicious server and entice a user to retrieve files from that server using ProZilla. This...

10CVSS1.9AI score0.14638EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/11/10 12:0 a.m.28 views

Apache 2.0: Denial of Service by memory consumption

Background The Apache HTTP Server is one of the most popular web servers on the Internet. Description Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code. Impact By sending a large amount of...

5CVSS6.3AI score0.55105EPSS
Exploits7
Gentoo Linux
Gentoo Linux
added 2004/11/02 12:0 a.m.28 views

MIME-tools: Virus detection evasion

Background MIME-tools is a Perl module containing functions to handle MIME attachments. Description MIME-tools doesn't correctly parse attachment boundaries with an empty name boundary="". Impact An attacker could send a carefully crafted email and evade detection on some email virus-scanning...

7.5CVSS2.1AI score0.01585EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/10/27 12:0 a.m.28 views

PuTTY: Pre-authentication buffer overflow

Background PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. Description PuTTY fails to do proper bounds checking on SSH2MSGDEBUG packets. The "stringlen" parameter value is incorrectly checked due to signedness issues. Note that...

10CVSS7.2AI score0.07363EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/24 12:0 a.m.28 views

Apache: Exposure of protected directories

Background The Apache HTTP server is one of most popular web servers on the Internet. Description A bug in the way Apache handles the Satisfy directive, which is used to require that certain conditions client host, client authentication, etc be met before access to a certain directory is granted,...

7.5CVSS6.2AI score0.06813EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/09/23 12:0 a.m.28 views

getmail: Filesystem overwrite vulnerability

Background getmail is a reliable fetchmail replacement that supports Maildir, Mboxrd and external MDA delivery. Description David Watson discovered a vulnerability in getmail when it is configured to run as root and deliver mail to the maildirs/mbox files of untrusted local users. A malicious loc...

2.1CVSS6.4AI score0.00392EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/07 12:0 a.m.28 views

star: Suid root vulnerability

Background star is an enhanced tape archiver, much like tar, that is recognized for it's speed as well as it's enhanced mt/rmt support. Description A suid root vulnerability exists in versions of star that are configured to use ssh for remote tape access. Impact Attackers with local user level...

7.2CVSS6.4AI score0.00433EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/17 12:0 a.m.28 views

rsync: Potential information leakage

Background rsync is a utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens to connections from rsync clients. Description The paths sent by t...

6.4CVSS6.3AI score0.02317EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/12 12:0 a.m.28 views

Nessus: "adduser" race condition vulnerability

Background Nessus is a free and powerful network security scanner. Description A race condition can occur in "nessus-adduser" if the user has not configured their TMPDIR variable. Impact A malicious user could exploit this bug to escalate privileges to the rights of the user running...

3.7CVSS1.7AI score0.00305EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/05/26 12:0 a.m.28 views

Midnight Commander: Multiple vulnerabilities

Background Midnight Commander is a visual console file manager. Description Numerous security issues have been discovered in Midnight Commander, including several buffer overflow vulnerabilities, multiple vulnerabilities in the handling of temporary file and directory creation, and multiple forma...

10CVSS7.8AI score0.03936EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/05/25 12:0 a.m.28 views

Insecure Temporary File Creation In MySQL

Background MySQL is a popular open-source multi-threaded, multi-user SQL database server. Description The MySQL bug reporting utility mysqlbug creates a temporary file to log bug reports to. A malicious local user with write access to the /tmp directory could create a symbolic link of the name...

2.1CVSS6.5AI score0.00604EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2025/05/14 12:0 a.m.27 views

Spidermonkey: Multiple Vulnerabilities

Background SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell. Description Multiple vulnerabilities have be...

9.8CVSS7.6AI score0.00809EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/09/28 12:0 a.m.27 views

yt-dlp: Multiple Vulnerabilities

Background yt-dlp is a youtube-dl fork with additional features and fixes. Description Multiple vulnerabilities have been found in yt-dlp. Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

8.2CVSS7.6AI score0.01038EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/07/05 12:0 a.m.27 views

GNU Coreutils: Buffer Overflow Vulnerability

Background The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system. Description A vulnerability has been discovered in the Coreutils "split" program that can lead to a heap buffer overflow and possibly arbitrary code execution. Impact Please...

5.5CVSS8.3AI score0.0049EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/05/12 12:0 a.m.27 views

PoDoFo: Multiple Vulnerabilities

Background PoDoFo is a free portable C++ library to work with the PDF file format. Description Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution All PoDoFo use...

8.8CVSS7.3AI score0.0074EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2024/02/03 12:0 a.m.27 views

SDDM: Privilege Escalation

Background SDDM is a modern display manager for X11 and Wayland sessions aiming to be fast, simple and beautiful. It uses modern technologies like QtQuick, which in turn gives the designer the ability to create smooth, animated user interfaces. Description A vulnerability has been discovered in...

6.3CVSS6.8AI score0.00415EPSS
Exploits1
Total number of security vulnerabilities3816