Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2008/01/30 12:0 a.m.27 views

Xdg-Utils: Arbitrary command execution

Background Xdg-Utils is a set of tools allowing all applications to easily integrate with the Free Desktop configuration. Description Miroslav Lichvar discovered that the "xdg-open" and "xdg-email" shell scripts do not properly sanitize their input before processing it. Impact A remote attacker...

6.8CVSS7AI score0.03171EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/12/09 12:0 a.m.27 views

GNU Emacs: Multiple vulnerabilities

Background GNU Emacs is a highly extensible and customizable text editor. Description Drake Wilson reported that the hack-local-variables function in GNU Emacs 22 does not properly match assignments of local variables in a file against a list of unsafe or risky variables, allowing to override the...

10CVSS7.1AI score0.02987EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/08/16 12:0 a.m.27 views

Wireshark: Multiple vulnerabilities

Background Wireshark is a network protocol analyzer with a graphical front-end. Description Wireshark doesn't properly handle chunked encoding in HTTP responses CVE-2007-3389, iSeries capture files CVE-2007-3390, certain types of DCP ETSI packets CVE-2007-3391, and SSL or MMS packets CVE-2007-339...

7.8CVSS7.1AI score0.16258EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2007/07/28 12:0 a.m.27 views

Fail2ban: Denial of service

Background Fail2ban is a tool for parsing log files and banning IP addresses which make too many password failures. Description A vulnerability has been discovered in Fail2ban when parsing log files. Impact A remote attacker could send specially crafted SSH login banners to the vulnerable host,...

6.8CVSS6.4AI score0.05748EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/07/02 12:0 a.m.27 views

Evolution: User-assisted remote execution of arbitrary code

Background Evolution is the mail client of the GNOME desktop environment. Camel is the Evolution Data Server module that handles mail functions. Description The imaprescan function of the file camel-imap-folder.c does not properly sanitize the "SEQUENCE" response sent by an IMAP server before bei...

6.8CVSS7.2AI score0.03122EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/05/08 12:0 a.m.27 views

MySQL: Two Denial of Service vulnerabilities

Background MySQL is a popular multi-threaded, multi-user SQL server. Description mu-b discovered a NULL pointer dereference in itemcmpfunc.cc when processing certain types of SQL requests. Sec Consult also discovered another NULL pointer dereference when sorting certain types of queries on the...

2.1CVSS7.1AI score0.00985EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/03/14 12:0 a.m.27 views

SILC Server: Denial of service

Background SILC Server is a server for the Secure Internet Live Conferencing SILC protocol. Description Frank Benkstein discovered a possible NULL pointer dereference in apps/silcd/command.c if a new channel is created without specifying a valid hmac or cipher algorithm name. Impact A remote...

2.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/06 12:0 a.m.27 views

STLport: Possible remote execution of arbitrary code

Background STLport is a multi-platform C++ Standard Library implementation. Description Two buffer overflows have been discovered, one in "print floats" and one in the rope constructor. Impact Both of the buffer overflows could result in the remote execution of arbitrary code. Please note that th...

7.5CVSS7.1AI score0.05806EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/04 12:0 a.m.27 views

AMD64 x86 emulation Qt library: Integer overflow

Background The AMD64 x86 emulation Qt library for AMD64 emulates the x86 32-bit Qt library on the AMD64 64-bit architecture. Description An integer overflow flaw has been found in the pixmap handling of Qt, making the AMD64 x86 emulation Qt library vulnerable as well. Impact By enticing a user to...

6.8CVSS7AI score0.04146EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/02/16 12:0 a.m.27 views

Fail2ban: Denial of service

Background Fail2ban monitors log files for failed authentication attempts and can block hosts responsible for repeated attacks. Description A flaw in the method used to parse log entries allows remote, unauthenticated attackers to forge authentication attempts from other hosts. Impact A remote...

5CVSS6.8AI score0.01762EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/01/30 12:0 a.m.27 views

ELinks: Arbitrary Samba command execution

Background ELinks is a text mode web browser. Description Teemu Salmela discovered an error in the validation code of "smb://" URLs used by ELinks, the same issue as reported in GLSA 200612-16 concerning Links. Impact A remote attacker could entice a user to browse to a specially crafted "smb://"...

7.5CVSS7AI score0.0805EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/01/24 12:0 a.m.27 views

Centericq: Remote buffer overflow in LiveJournal handling

Background Centericq is a text mode menu-driven and window-driven instant messaging interface. Description When interfacing with the LiveJournal service, Centericq does not appropriately allocate memory for incoming data, in some cases creating a buffer overflow. Impact An attacker could entice a...

7.5CVSS7AI score0.04173EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/09/28 12:0 a.m.27 views

DokuWiki: Shell command injection and Denial of service

Background DokuWiki is a wiki targeted at developer teams, workgroups and small companies. It does not use a database backend. Description Input validation flaws have been discovered in the image handling of fetch.php if ImageMagick is used, which is not the default method. Impact A remote attack...

7.5CVSS7.2AI score0.02162EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2006/09/13 12:0 a.m.27 views

xine-lib: Buffer overflows

Background xine is a high performance, portable and reusable multimedia playback engine. xine-lib is xine's core engine. Description xine-lib contains buffer overflows in the processing of AVI. Additionally, xine-lib is vulnerable to a buffer overflow in the HTTP plugin xinepluginphttp.so via a...

5CVSS7.8AI score0.11089EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/06/19 12:0 a.m.27 views

Typespeed: Remote execution of arbitrary code

Background Typespeed is a game to test and practice 10-finger-typing. Network code allows two users to compete head-to-head. Description Niko Tyni discovered a buffer overflow in the addnewword function of Typespeed's network code. Impact By sending specially crafted network packets to a machine...

7.5CVSS7.6AI score0.03644EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/06/11 12:0 a.m.27 views

SpamAssassin: Execution of arbitrary code

Background SpamAssassin is an extensible email filter used to identify junk email. spamd is the daemonized version of SpamAssassin. Description When spamd is run with both the "--vpopmail" -v and "--paranoid" -P options, it is vulnerable to an unspecified issue. Impact With certain configuration...

5.1CVSS7AI score0.74703EPSS
Exploits12
Gentoo Linux
Gentoo Linux
added 2006/03/21 12:0 a.m.27 views

PeerCast: Buffer overflow

Background PeerCast is a Peer to Peer broadcasting technology for listening to radio and watching video on the Internet. Description INFIGO discovered a problem in the URL handling code. Buffers that are allocated on the stack can be overflowed inside of nextCGIarg function. Impact By sending a...

7.5CVSS6.8AI score0.72496EPSS
Exploits9
Gentoo Linux
Gentoo Linux
added 2006/03/17 12:0 a.m.27 views

Crypt::CBC: Insecure initialization vector

Background Crypt::CBC is a Perl module to encrypt data using cipher block chaining CBC. Description Lincoln Stein discovered that Crypt::CBC fails to handle 16 bytes long initializiation vectors correctly when running in the RandomIV mode, resulting in a weaker encryption because the second part ...

2.6CVSS6.4AI score0.01397EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/01/30 12:0 a.m.27 views

MyDNS: Denial of service

Background MyDNS is a DNS server using a MySQL database as a backend. It is designed to allow for fast updates and small resource usage. Description MyDNS contains an unspecified flaw that may allow a remote Denial of Service. Impact An attacker could cause a Denial of Service by sending malforme...

5CVSS6.3AI score0.02806EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/01/29 12:0 a.m.27 views

Paros: Default administrator password

Background Paros is an intercepting proxy between a web server and a client meant to be used for security assessments. It allows the user to watch and modify the HTTPS traffic. Description Andrew Christensen discovered that in older versions of Paros the database component HSQLDB is installed wit...

7.5CVSS6.8AI score0.02154EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/11/28 12:0 a.m.27 views

Inkscape: Buffer overflow

Background Inkscape is an Open Source vector graphics editor using the W3C standard Scalable Vector Graphics SVG file format. Description Joxean Koret has discovered that Inkscape incorrectly allocates memory when opening an SVG file, creating the possibility of a buffer overflow if the SVG file...

5.1CVSS7.3AI score0.13419EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/11/13 12:0 a.m.27 views

linux-ftpd-ssl: Remote buffer overflow

Background linux-ftpd-ssl is the netkit FTP server with encryption support. Description A buffer overflow vulnerability has been found in the linux-ftpd-ssl package. A command that generates an excessively long response from the server may overrun a stack buffer. Impact An attacker that has...

10CVSS7.2AI score0.21478EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/10/06 12:0 a.m.27 views

Ruby: Security bypass vulnerability

Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. Ruby supports the safe execution of untrusted code using a safe level and taint flag mechanism. Description Dr. Yutaka Oiwa discovered that Ruby fails to properly enforce safe level protections...

7.5CVSS7.1AI score0.03256EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/09/19 12:0 a.m.27 views

Clam AntiVirus: Multiple vulnerabilities

Background Clam AntiVirus is a GPL anti-virus toolkit, designed for integration with mail servers to perform attachment scanning. Clam AntiVirus also provides a command line scanner and a tool for fetching updates of the virus database. Description Clam AntiVirus is vulnerable to a buffer overflo...

7.5CVSS7.6AI score0.08227EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/07/22 12:0 a.m.27 views

zlib: Buffer overflow

Background zlib is a widely used free and patent unencumbered data compression library. Description zlib improperly handles invalid data streams which could lead to a buffer overflow. Impact By creating a specially crafted compressed data stream, attackers can overwrite data structures for...

5CVSS9.7AI score0.03999EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/05/06 12:0 a.m.27 views

Ethereal: Numerous vulnerabilities

Background Ethereal is a feature rich network protocol analyzer. Description There are numerous vulnerabilities in versions of Ethereal prior to 0.10.11, including: The ANSI A and DHCP dissectors are vulnerable to format string vulnerabilities. The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF,...

7.5CVSS7.4AI score0.07119EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/01/30 12:0 a.m.27 views

f2c: Insecure temporary file creation

Background f2c is a Fortran to C translator. Portage uses this package in some ebuilds to build Fortran sources. Description Javier Fernandez-Sanguino Pena from the Debian Security Audit Team discovered that f2c creates temporary files in world-writeable directories with predictable names. Impact...

2.1CVSS6.1AI score0.00352EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/28 12:0 a.m.27 views

ngIRCd: Buffer overflow

Background ngIRCd is a free open source daemon for Internet Relay Chat IRC. Description Florian Westphal discovered a buffer overflow caused by an integer underflow in the ListsMakeMask function of lists.c. Impact A remote attacker can exploit this buffer overflow to crash the ngIRCd daemon and...

9.8CVSS7.7AI score0.18767EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/01/26 12:0 a.m.27 views

GraphicsMagick: PSD decoding heap overflow

Background GraphicsMagick is a collection of tools to read, write and manipulate images in many formats. GraphicsMagick is originally derived from ImageMagick 5.5.2. Description Andrei Nigmatulin discovered that handling a Photoshop Document PSD file with more than 24 layers in ImageMagick could...

7.5CVSS7.2AI score0.04378EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/12/17 12:0 a.m.27 views

Samba: Integer overflow

Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Description Samba contains a bug when unmarshalling specific MS-RPC requests from clients. Impact A remote attacker may be able to execute...

10CVSS4.9AI score0.13196EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/12/16 12:0 a.m.27 views

Cscope: Insecure creation of temporary files

Background Cscope is a developer utility used to browse and manage source code. Description Cscope creates temporary files in world-writable directories with predictable names. Impact A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere...

2.1CVSS0.4AI score0.01145EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2004/10/15 12:0 a.m.27 views

BNC: Input validation flaw

Background BNC is an IRC proxying server Description A flaw exists in the input parsing of BNC where part of the sbufgetmsg function handles the backspace character incorrectly. Impact A remote user could issue commands using fake authentication credentials and possibly gain access to scripts...

7.5CVSS1.5AI score0.01895EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/10/10 12:0 a.m.27 views

gettext: Insecure temporary file handling

Background gettext is a set of utilities for the GNU Translation Project which provides a set of tools and documentation to help produce multi-lingual messages in programs. Description gettext insecurely creates temporary files in world-writeable directories with predictable names. Impact A local...

2.1CVSS6.1AI score0.00399EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/05/27 12:0 a.m.27 views

Heimdal: Kerberos 4 buffer overflow in kadmin

Background Heimdal is a free implementation of Kerberos. Description A buffer overflow was discovered in kadmind, a server for administrative access to the Kerberos database. Impact By sending a specially formatted message to kadmind, a remote attacker may be able to crash kadmind causing a denia...

10CVSS7.7AI score0.07159EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/05/25 12:0 a.m.27 views

Insecure Temporary File Creation In MySQL

Background MySQL is a popular open-source multi-threaded, multi-user SQL database server. Description The MySQL bug reporting utility mysqlbug creates a temporary file to log bug reports to. A malicious local user with write access to the /tmp directory could create a symbolic link of the name...

2.1CVSS6.5AI score0.00604EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/04/19 12:0 a.m.27 views

Multiple new security vulnerabilities in monit

Background Monit is a system administration utility that allows management and monitoring of processes, files, directories and devices on a Unix system. Description Monit has several vulnerabilities in its HTTP interface : a buffer overflow vulnerability in the authentication handling code and a...

1.7AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/08/07 12:0 a.m.26 views

Go: Multiple Vulnerabilities

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.8CVSS8.2AI score0.91969EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/07/06 12:0 a.m.26 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

8.8CVSS7.6AI score0.00847EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2024/05/08 12:0 a.m.26 views

U-Boot tools: double free vulnerability

Background U-Boot tools provides utiiities for working with Das U-Boot. Description A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier referenced below for details. Impact In Das U-Boot a double free has been found in the cmd/gpt.c dorenamegptparts function...

10CVSS7.5AI score0.03701EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/05/04 12:0 a.m.26 views

strongSwan: Multiple Vulnerabilities

Background strongSwan is an IPSec implementation for Linux. Description Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

9.8CVSS7.6AI score0.04804EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/01/06 12:0 a.m.26 views

R: Directory Traversal

Background R is a language and environment for statistical computing and graphics. Description The native R package installation mechanisms do not sufficiently validate installed source packages for path traversal. Impact Installation of a malicious R package could result in an arbitrary file...

10CVSS7.7AI score0.0224EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/12/22 12:0 a.m.26 views

NASM: Multiple Vulnerabilities

Background NASM is a 80x86 assembler that has been created for portability and modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It also supports a wide range of objects formats ELF, a.out, COFF, etc, and has its own disassembler. Description Multiple vulnerabilities have been...

7.8CVSS7.4AI score0.01143EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.26 views

systemd: Multiple Vulnerabilities

Background A system and service manager. Description Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

5.5CVSS6.3AI score0.01561EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2022/11/10 12:0 a.m.26 views

lesspipe: Arbitrary Code Exeecution

Background lesspipe is a preprocessor for less. Description lesspipe has support for parsing Perl storable "PST" files, Impact A crafted Perl storable file which is passed into lesspipe could result in arbitrary code execution. Workaround There is no known workaround at this time. Resolution All...

9.8CVSS3.1AI score0.0115EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2022/09/25 12:0 a.m.26 views

HarfBuzz: Multiple vulnerabilities

Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...

6.5CVSS1.6AI score0.0178EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2022/08/31 12:0 a.m.26 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

8.8CVSS2.7AI score0.00905EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/08/26 12:0 a.m.26 views

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

9.3CVSS2AI score0.02296EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2020/07/29 12:0 a.m.26 views

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

8.8CVSS2AI score0.22868EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/04/30 12:0 a.m.26 views

Cacti: Multiple vulnerabilities

Background Cacti is a complete frontend to rrdtool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...

9.3CVSS3.7AI score0.73779EPSS
Exploits24
Gentoo Linux
Gentoo Linux
added 2017/01/01 12:0 a.m.26 views

Mutt: Heap-based buffer overflow

Background Mutt is a small but very powerful text-based mail client. Description A heap-based buffer overflow was discovered in Mutt’s muttsubstrdup function. Impact A remote attacker could cause a Denial of Service condition. Workaround There is no known workaround at this time. Resolution All...

5CVSS9.7AI score0.09694EPSS
Exploits1
Total number of security vulnerabilities3816