Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2006/11/21 12:0 a.m.•28 views

Texinfo: Buffer overflow

Background Texinfo is the official documentation system of the GNU project. Description Miloslav Trmac from Red Hat discovered a buffer overflow in the "readline" function of texindex.c. The "readline" function is called by the texi2dvi and texindex commands. Impact By enticing a user to open a...

4.6CVSS7.5AI score0.00526EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/10/20 12:0 a.m.•28 views

Cscope: Multiple buffer overflows

Background Cscope is a developer's tool for browsing source code. Description Unchecked use of strcpy and scanf leads to several buffer overflows. Impact A user could be enticed to open a carefully crafted file which would allow the attacker to execute arbitrary code with the permissions of the...

5.1CVSS7.3AI score0.03653EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/09/06 12:0 a.m.•28 views

GTetrinet: Remote code execution

Background GTetrinet is a networked Tetris clone for GNOME 2. Description Michael Gehring has found that GTetrinet fails to properly handle array indexes. Impact An attacker can potentially execute arbitrary code by sending a negative number of players to the server. Workaround There is no known...

7.5CVSS7.3AI score0.04015EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/26 12:0 a.m.•28 views

AlsaPlayer: Multiple buffer overflows

Background AlsaPlayer is a heavily multithreaded PCM player that tries to utilize ALSA utilities and drivers. As of June 2004, the project is inactive. Description AlsaPlayer contains three buffer overflows: in the function that handles the HTTP connections, the GTK interface, and the CDDB queryi...

5CVSS7AI score0.11082EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/08/06 12:0 a.m.•28 views

pike: SQL injection vulnerability

Background Pike is a general purpose programming language, able to be used for multiple tasks. Description Some input is not properly sanitised before being used in a SQL statement in the underlying PostgreSQL database. Impact A remote attacker could provide malicious input to a pike program, whi...

7.5CVSS7.1AI score0.01729EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/26 12:0 a.m.•28 views

EnergyMech: Denial of service

Background EnergyMech is an IRC bot programmed in C. Description A bug in EnergyMech fails to handle empty CTCP NOTICEs correctly, and will cause a crash from a segmentation fault. Impact By sending an empty CTCP NOTICE, a remote attacker could exploit this vulnerability to cause a Denial of...

5CVSS6.3AI score0.0178EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/05/21 12:0 a.m.•28 views

libextractor: Two heap-based buffer overflows

Background libextractor is a library used to extract metadata from arbitrary files. Description Luigi Auriemma has found two heap-based buffer overflows in libextractor 0.5.13 and earlier: one of them occurs in the asfreadheader function in the ASF plugin, and the other occurs in the parsetrakato...

4CVSS4.7AI score0.0892EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/03/06 12:0 a.m.•28 views

zoo: Stack-based buffer overflow

Background zoo is a file archiving utility for maintaining collections of files, written by Rahul Dhesi. Description Jean-Sebastien Guay-Leroux discovered a boundary error in the fullpath function in misc.c when processing overly long file and directory names in ZOO archives. Impact An attacker...

5.1CVSS7.3AI score0.0444EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/12/27 12:0 a.m.•28 views

rssh: Privilege escalation

Background rssh is a restricted shell, allowing only a few commands like scp or sftp. It is often used as a complement to OpenSSH to provide limited access to users. Description Max Vozeler discovered that the rsshchroothelper command allows local users to chroot into arbitrary directories. Impac...

7.2CVSS6.7AI score0.00381EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/16 12:0 a.m.•28 views

GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities

Background GTK+ the GIMP Toolkit is a toolkit for creating graphical user interfaces. The GdkPixbuf library provides facilities for image handling. It is available as a standalone library and also packaged with GTK+ 2. Description iDEFENSE reported a possible heap overflow in the XPM loader...

7.8CVSS7AI score0.04708EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/25 12:0 a.m.•28 views

Zope: File inclusion through RestructuredText

Background Zope is an application server that can be used to build content management systems, intranets, portals or other custom applications. Description Zope honors file inclusion directives in RestructuredText objects by default. Impact An attacker could exploit the vulnerability by sending...

7.5CVSS6.7AI score0.03046EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/08 12:0 a.m.•28 views

xine-lib: Format string vulnerability

Background xine-lib is a multimedia library which can be utilized to create multimedia frontends. It includes functions to retrieve information about audio CD contents from public CDDB servers. Description Ulf Harnhammar discovered a format string bug in the routines handling CDDB server response...

7.5CVSS6.4AI score0.09676EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2005/10/04 12:0 a.m.•28 views

Uim: Privilege escalation vulnerability

Background Uim is a multilingual input method library which provides secure and useful input method for all languages. Description Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libui...

4.6CVSS7.4AI score0.0041EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/22 12:0 a.m.•28 views

zlib: Buffer overflow

Background zlib is a widely used free and patent unencumbered data compression library. Description zlib improperly handles invalid data streams which could lead to a buffer overflow. Impact By creating a specially crafted compressed data stream, attackers can overwrite data structures for...

5CVSS9.7AI score0.03999EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/01 12:0 a.m.•28 views

Binutils, elfutils: Buffer overflow

Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Elfutils provides a library and utilities to access, modify and analyse ELF objects. Description Tavis...

4.6CVSS7.1AI score0.006EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/21 12:0 a.m.•28 views

openMosixview: Insecure temporary file creation

Background The openMosixview package contains several tools used to manage openMosix clusters, including openMosixview the main monitoring and administration application and openMosixcollector a daemon collecting cluster and node information. Description Gangstuck and Psirac from Rexotec discover...

3.6CVSS6.2AI score0.00361EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/20 12:0 a.m.•28 views

MPlayer: Two heap overflow vulnerabilities

Background MPlayer is a media player capable of handling multiple multimedia file formats. Description Heap overflows have been found in the code handling RealMedia RTSP and Microsoft Media Services streams over TCP MMST. Impact By setting up a malicious server and enticing a user to use its...

7.5CVSS7.3AI score0.0438EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/18 12:0 a.m.•28 views

CVS: Multiple vulnerabilities

Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description Alen Zukich has discovered several serious security issues in CVS, including at least one buffer overflow CAN-2005-0753, memory leaks...

7.5CVSS7.7AI score0.04745EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/12 12:0 a.m.•28 views

libexif: Buffer overflow vulnerability

Background libexif is a library for parsing, editing and saving EXIF data. Description libexif contains a buffer overflow vulnerability in the EXIF tag validation code. When opening an image with a specially crafted EXIF tag, the lack of validation can cause applications linked to libexif to cras...

2.6CVSS7.3AI score0.0446EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/04 12:0 a.m.•28 views

LinPopUp: Buffer overflow in message reply

Background LinPopUp is a graphical application that acts as a frontend to Samba client messaging functions, allowing a Linux desktop to communicate with a Microsoft Windows computer that runs Winpopup. Description Stephen Dranger discovered that LinPopUp contains a buffer overflow in string.c,...

10CVSS3.3AI score0.09107EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/12/17 12:0 a.m.•28 views

Samba: Integer overflow

Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Description Samba contains a bug when unmarshalling specific MS-RPC requests from clients. Impact A remote attacker may be able to execute...

10CVSS4.9AI score0.13196EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/23 12:0 a.m.•28 views

ProZilla: Multiple vulnerabilities

Background ProZilla is a download accelerator for Linux. Description ProZilla contains several exploitable buffer overflows in the code handling the network protocols. Impact A remote attacker could setup a malicious server and entice a user to retrieve files from that server using ProZilla. This...

10CVSS1.9AI score0.14638EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/11/10 12:0 a.m.•28 views

Apache 2.0: Denial of Service by memory consumption

Background The Apache HTTP Server is one of the most popular web servers on the Internet. Description Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code. Impact By sending a large amount of...

5CVSS6.3AI score0.55105EPSS
Exploits7
Gentoo Linux
Gentoo Linux
•added 2004/11/02 12:0 a.m.•28 views

MIME-tools: Virus detection evasion

Background MIME-tools is a Perl module containing functions to handle MIME attachments. Description MIME-tools doesn't correctly parse attachment boundaries with an empty name boundary="". Impact An attacker could send a carefully crafted email and evade detection on some email virus-scanning...

7.5CVSS2.1AI score0.01585EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/29 12:0 a.m.•28 views

Archive::Zip: Virus detection evasion

Background Archive::Zip is a Perl module containing functions to handle ZIP archives. Description Archive::Zip can be used by email scanning software like amavisd-new to uncompress attachments before virus scanning. By modifying the uncompressed size of archived files in the global header of the...

7.5CVSS1.7AI score0.17441EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/10/27 12:0 a.m.•28 views

PuTTY: Pre-authentication buffer overflow

Background PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. Description PuTTY fails to do proper bounds checking on SSH2MSGDEBUG packets. The "stringlen" parameter value is incorrectly checked due to signedness issues. Note that...

10CVSS7.2AI score0.07363EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/01 12:0 a.m.•28 views

sharutils: Buffer overflows in shar.c and unshar.c

Background sharutils contains utilities to manage shell archives. Description sharutils contains two buffer overflows. Ulf Harnhammar discovered a buffer overflow in shar.c, where the length of data returned by the wc command is not checked. Florian Schilhabel discovered another buffer overflow i...

7.5CVSS2.6AI score0.02992EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/24 12:0 a.m.•28 views

Apache: Exposure of protected directories

Background The Apache HTTP server is one of most popular web servers on the Internet. Description A bug in the way Apache handles the Satisfy directive, which is used to require that certain conditions client host, client authentication, etc be met before access to a certain directory is granted,...

7.5CVSS6.2AI score0.06813EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/09/23 12:0 a.m.•28 views

getmail: Filesystem overwrite vulnerability

Background getmail is a reliable fetchmail replacement that supports Maildir, Mboxrd and external MDA delivery. Description David Watson discovered a vulnerability in getmail when it is configured to run as root and deliver mail to the maildirs/mbox files of untrusted local users. A malicious loc...

2.1CVSS6.4AI score0.00392EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/07 12:0 a.m.•28 views

star: Suid root vulnerability

Background star is an enhanced tape archiver, much like tar, that is recognized for it's speed as well as it's enhanced mt/rmt support. Description A suid root vulnerability exists in versions of star that are configured to use ssh for remote tape access. Impact Attackers with local user level...

7.2CVSS6.4AI score0.00433EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/08/17 12:0 a.m.•28 views

rsync: Potential information leakage

Background rsync is a utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens to connections from rsync clients. Description The paths sent by t...

6.4CVSS6.3AI score0.02317EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/08/12 12:0 a.m.•28 views

Nessus: "adduser" race condition vulnerability

Background Nessus is a free and powerful network security scanner. Description A race condition can occur in "nessus-adduser" if the user has not configured their TMPDIR variable. Impact A malicious user could exploit this bug to escalate privileges to the rights of the user running...

3.7CVSS1.7AI score0.00305EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/05/26 12:0 a.m.•28 views

Midnight Commander: Multiple vulnerabilities

Background Midnight Commander is a visual console file manager. Description Numerous security issues have been discovered in Midnight Commander, including several buffer overflow vulnerabilities, multiple vulnerabilities in the handling of temporary file and directory creation, and multiple forma...

10CVSS7.8AI score0.03936EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/05/25 12:0 a.m.•28 views

Insecure Temporary File Creation In MySQL

Background MySQL is a popular open-source multi-threaded, multi-user SQL database server. Description The MySQL bug reporting utility mysqlbug creates a temporary file to log bug reports to. A malicious local user with write access to the /tmp directory could create a symbolic link of the name...

2.1CVSS6.5AI score0.00604EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2025/05/14 12:0 a.m.•27 views

Spidermonkey: Multiple Vulnerabilities

Background SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell. Description Multiple vulnerabilities have be...

9.8CVSS7.6AI score0.00809EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/09/28 12:0 a.m.•27 views

yt-dlp: Multiple Vulnerabilities

Background yt-dlp is a youtube-dl fork with additional features and fixes. Description Multiple vulnerabilities have been found in yt-dlp. Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

8.2CVSS7.6AI score0.01038EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/08/07 12:0 a.m.•27 views

Redis: Multiple Vulnerabilities

Background Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache and message broker. Description Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CV...

8.8CVSS7.7AI score0.80919EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/08/07 12:0 a.m.•27 views

Go: Multiple Vulnerabilities

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.8CVSS8.2AI score0.91969EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/08/06 12:0 a.m.•27 views

containerd: Multiple Vulnerabilities

Background containerd is a daemon with an API and a command line client, to manage containers on one machine. It uses runC to run containers according to the OCI specification. Description Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced...

7.8CVSS7.8AI score0.00542EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/07/05 12:0 a.m.•27 views

GNU Coreutils: Buffer Overflow Vulnerability

Background The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system. Description A vulnerability has been discovered in the Coreutils "split" program that can lead to a heap buffer overflow and possibly arbitrary code execution. Impact Please...

5.5CVSS8.3AI score0.0049EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/07/05 12:0 a.m.•27 views

PuTTY: Multiple Vulnerabilities

Background PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator. Description Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below for details. Impact Please review the reference...

5.9CVSS10AI score0.93305EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2024/05/12 12:0 a.m.•27 views

PoDoFo: Multiple Vulnerabilities

Background PoDoFo is a free portable C++ library to work with the PDF file format. Description Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution All PoDoFo use...

8.8CVSS7.3AI score0.0074EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2024/02/03 12:0 a.m.•27 views

SDDM: Privilege Escalation

Background SDDM is a modern display manager for X11 and Wayland sessions aiming to be fast, simple and beautiful. It uses modern technologies like QtQuick, which in turn gives the designer the ability to create smooth, animated user interfaces. Description A vulnerability has been discovered in...

6.3CVSS6.8AI score0.00415EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/02/03 12:0 a.m.•27 views

GNAT Ada Suite: Remote Code Execution

Background The GNAT Ada Suite is an Ada development environment. Description A vulnerability has been discovered in GNAT Ada Suite. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...

9.8CVSS7AI score0.08235EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/01/06 12:0 a.m.•27 views

R: Directory Traversal

Background R is a language and environment for statistical computing and graphics. Description The native R package installation mechanisms do not sufficiently validate installed source packages for path traversal. Impact Installation of a malicious R package could result in an arbitrary file...

10CVSS7.7AI score0.0224EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2023/12/20 12:0 a.m.•27 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

9.8CVSS7.6AI score0.0093EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2023/05/03 12:0 a.m.•27 views

dbus-broker: Multiple Vulnerabilities

Background dbus-broker is a Linux D-Bus message broker. Description Multiple vulnerabilities have been discovered in dbus-broker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaroun...

7.5CVSS7.1AI score0.01749EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2022/09/29 12:0 a.m.•27 views

Kitty: Arbitrary Code Execution

Background Kitty is a fast, feature-rich, GPU-based terminal. Description Carter Sande discovered that maliciously constructed control sequences can cause Kitty to display a notification that, when clicked, can cause Kitty to execute arbitrary commands. Impact Kitty can produce notifications that...

7.8CVSS4.4AI score0.00499EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2022/09/25 12:0 a.m.•27 views

HarfBuzz: Multiple vulnerabilities

Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...

6.5CVSS1.6AI score0.0178EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2021/07/08 12:0 a.m.•27 views

Mechanize: Command injection

Background Mechanize is a Ruby library used for automating interaction with websites. Description Mechanize does not neutralize filename input and could allow arbitrary code execution if an attacker can control filenames used by Mechanize. Impact Please review the referenced CVE identifiers for...

8.3CVSS3.9AI score0.03507EPSS
Exploits0
Total number of security vulnerabilities3816