Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2006/07/25 12:0 a.m.•27 views

Wireshark: Multiple vulnerabilities

Background Wireshark, formerly known as Ethereal, is a popular network protocol analyzer. Description Wireshark dissectors have been found vulnerable to a large number of exploits, including off-by-one errors, buffer overflows, format string overflows and an infinite loop. Impact Running an...

10CVSS7.5AI score0.0733EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/22 12:0 a.m.•27 views

KDM: Symlink vulnerability

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KDM is the KDE Display Manager and is part of the kdebase package. Description Ludwig Nussel discovered that KDM could be tricked into allowing users to read files that would otherwise not be...

4CVSS5.7AI score0.00376EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/11 12:0 a.m.•27 views

SpamAssassin: Execution of arbitrary code

Background SpamAssassin is an extensible email filter used to identify junk email. spamd is the daemonized version of SpamAssassin. Description When spamd is run with both the "--vpopmail" -v and "--paranoid" -P options, it is vulnerable to an unspecified issue. Impact With certain configuration...

5.1CVSS7AI score0.74703EPSS
Exploits12
Gentoo Linux
Gentoo Linux
•added 2006/03/21 12:0 a.m.•27 views

PeerCast: Buffer overflow

Background PeerCast is a Peer to Peer broadcasting technology for listening to radio and watching video on the Internet. Description INFIGO discovered a problem in the URL handling code. Buffers that are allocated on the stack can be overflowed inside of nextCGIarg function. Impact By sending a...

7.5CVSS6.8AI score0.72496EPSS
Exploits9
Gentoo Linux
Gentoo Linux
•added 2006/03/17 12:0 a.m.•27 views

Crypt::CBC: Insecure initialization vector

Background Crypt::CBC is a Perl module to encrypt data using cipher block chaining CBC. Description Lincoln Stein discovered that Crypt::CBC fails to handle 16 bytes long initializiation vectors correctly when running in the RandomIV mode, resulting in a weaker encryption because the second part ...

2.6CVSS6.4AI score0.01397EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/03/16 12:0 a.m.•27 views

Freeciv: Denial of service

Background Freeciv is an open source turn-based multiplayer strategy game, similar to the famous Civilization series. Description Luigi Auriemma discovered that Freeciv could be tricked into the allocation of enormous chunks of memory when trying to uncompress malformed data packages, possibly...

5CVSS6.4AI score0.07701EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/01/30 12:0 a.m.•27 views

MyDNS: Denial of service

Background MyDNS is a DNS server using a MySQL database as a backend. It is designed to allow for fast updates and small resource usage. Description MyDNS contains an unspecified flaw that may allow a remote Denial of Service. Impact An attacker could cause a Denial of Service by sending malforme...

5CVSS6.3AI score0.02806EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/01/29 12:0 a.m.•27 views

Paros: Default administrator password

Background Paros is an intercepting proxy between a web server and a client meant to be used for security assessments. It allows the user to watch and modify the HTTPS traffic. Description Andrew Christensen discovered that in older versions of Paros the database component HSQLDB is installed wit...

7.5CVSS6.8AI score0.02154EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/11/28 12:0 a.m.•27 views

Inkscape: Buffer overflow

Background Inkscape is an Open Source vector graphics editor using the W3C standard Scalable Vector Graphics SVG file format. Description Joxean Koret has discovered that Inkscape incorrectly allocates memory when opening an SVG file, creating the possibility of a buffer overflow if the SVG file...

5.1CVSS7.3AI score0.13419EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/11/13 12:0 a.m.•27 views

linux-ftpd-ssl: Remote buffer overflow

Background linux-ftpd-ssl is the netkit FTP server with encryption support. Description A buffer overflow vulnerability has been found in the linux-ftpd-ssl package. A command that generates an excessively long response from the server may overrun a stack buffer. Impact An attacker that has...

10CVSS7.2AI score0.21478EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/10/06 12:0 a.m.•27 views

Ruby: Security bypass vulnerability

Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. Ruby supports the safe execution of untrusted code using a safe level and taint flag mechanism. Description Dr. Yutaka Oiwa discovered that Ruby fails to properly enforce safe level protections...

7.5CVSS7.1AI score0.03256EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/09/19 12:0 a.m.•27 views

Clam AntiVirus: Multiple vulnerabilities

Background Clam AntiVirus is a GPL anti-virus toolkit, designed for integration with mail servers to perform attachment scanning. Clam AntiVirus also provides a command line scanner and a tool for fetching updates of the virus database. Description Clam AntiVirus is vulnerable to a buffer overflo...

7.5CVSS7.6AI score0.08227EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/12 12:0 a.m.•27 views

Gaim: Denial of Service vulnerabilities

Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Jacopo Ottaviani discovered a vulnerability in the Yahoo! file transfer code when being offered files with names containing non-ASCII characters CAN-2005-1269. Hugo de...

5CVSS6.6AI score0.02481EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/05/06 12:0 a.m.•27 views

Ethereal: Numerous vulnerabilities

Background Ethereal is a feature rich network protocol analyzer. Description There are numerous vulnerabilities in versions of Ethereal prior to 0.10.11, including: The ANSI A and DHCP dissectors are vulnerable to format string vulnerabilities. The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF,...

7.5CVSS7.4AI score0.07119EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/03/02 12:0 a.m.•27 views

xli, xloadimage: Multiple vulnerabilities

Background xli and xloadimage are X11 utilities for displaying and manipulating a wide range of image formats. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has reported that xli and xloadimage contain a flaw in the handling of compressed images, where shell meta-characters ar...

7.5CVSS7.4AI score0.16344EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/02/13 12:0 a.m.•27 views

ht://Dig: Cross-site scripting vulnerability

Background ht://Dig is an HTTP/HTML indexing and searching system. Description Michael Krax discovered that ht://Dig fails to validate the 'config' parameter before displaying an error message containing the parameter. This flaw could allow an attacker to conduct cross-site scripting attacks...

6.8CVSS5.9AI score0.02273EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/30 12:0 a.m.•27 views

f2c: Insecure temporary file creation

Background f2c is a Fortran to C translator. Portage uses this package in some ebuilds to build Fortran sources. Description Javier Fernandez-Sanguino Pena from the Debian Security Audit Team discovered that f2c creates temporary files in world-writeable directories with predictable names. Impact...

2.1CVSS6.1AI score0.00352EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/28 12:0 a.m.•27 views

ngIRCd: Buffer overflow

Background ngIRCd is a free open source daemon for Internet Relay Chat IRC. Description Florian Westphal discovered a buffer overflow caused by an integer underflow in the ListsMakeMask function of lists.c. Impact A remote attacker can exploit this buffer overflow to crash the ngIRCd daemon and...

9.8CVSS7.7AI score0.18767EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/01/26 12:0 a.m.•27 views

GraphicsMagick: PSD decoding heap overflow

Background GraphicsMagick is a collection of tools to read, write and manipulate images in many formats. GraphicsMagick is originally derived from ImageMagick 5.5.2. Description Andrei Nigmatulin discovered that handling a Photoshop Document PSD file with more than 24 layers in ImageMagick could...

7.5CVSS7.2AI score0.04378EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/12/16 12:0 a.m.•27 views

Cscope: Insecure creation of temporary files

Background Cscope is a developer utility used to browse and manage source code. Description Cscope creates temporary files in world-writable directories with predictable names. Impact A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere...

2.1CVSS0.4AI score0.01145EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2004/10/25 12:0 a.m.•27 views

socat: Format string vulnerability

Background socat is a multipurpose bidirectional relay, similar to netcat. Description socat contains a syslog based format string vulnerablility in the 'msg' function of 'error.c'. Exploitation of this bug is only possible when socat is run with the '-ly' option, causing it to log messages to...

5CVSS1.1AI score0.07293EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/10/15 12:0 a.m.•27 views

BNC: Input validation flaw

Background BNC is an IRC proxying server Description A flaw exists in the input parsing of BNC where part of the sbufgetmsg function handles the backspace character incorrectly. Impact A remote user could issue commands using fake authentication credentials and possibly gain access to scripts...

7.5CVSS1.5AI score0.01895EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/10 12:0 a.m.•27 views

gettext: Insecure temporary file handling

Background gettext is a set of utilities for the GNU Translation Project which provides a set of tools and documentation to help produce multi-lingual messages in programs. Description gettext insecurely creates temporary files in world-writeable directories with predictable names. Impact A local...

2.1CVSS6.1AI score0.00399EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/07/30 12:0 a.m.•27 views

SoX: Multiple buffer overflows

Background SoX is a command line utility that can convert various formats of computer audio files in to other formats. Description Ulf Harnhammar discovered two buffer overflows in the sox and play commands when handling WAV files with specially crafted header fields. Impact By enticing a user to...

10CVSS7.4AI score0.2508EPSS
Exploits7
Gentoo Linux
Gentoo Linux
•added 2004/05/27 12:0 a.m.•27 views

Heimdal: Kerberos 4 buffer overflow in kadmin

Background Heimdal is a free implementation of Kerberos. Description A buffer overflow was discovered in kadmind, a server for administrative access to the Kerberos database. Impact By sending a specially formatted message to kadmind, a remote attacker may be able to crash kadmind causing a denia...

10CVSS7.7AI score0.07159EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/04/19 12:0 a.m.•27 views

Multiple new security vulnerabilities in monit

Background Monit is a system administration utility that allows management and monitoring of processes, files, directories and devices on a Unix system. Description Monit has several vulnerabilities in its HTTP interface : a buffer overflow vulnerability in the authentication handling code and a...

1.7AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/08/07 12:0 a.m.•26 views

Go: Multiple Vulnerabilities

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.8CVSS8.2AI score0.91969EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/07/06 12:0 a.m.•26 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

8.8CVSS7.6AI score0.00847EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2024/05/08 12:0 a.m.•26 views

U-Boot tools: double free vulnerability

Background U-Boot tools provides utiiities for working with Das U-Boot. Description A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier referenced below for details. Impact In Das U-Boot a double free has been found in the cmd/gpt.c dorenamegptparts function...

10CVSS7.5AI score0.03701EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/05/04 12:0 a.m.•26 views

strongSwan: Multiple Vulnerabilities

Background strongSwan is an IPSec implementation for Linux. Description Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

9.8CVSS7.6AI score0.04804EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/01/06 12:0 a.m.•26 views

R: Directory Traversal

Background R is a language and environment for statistical computing and graphics. Description The native R package installation mechanisms do not sufficiently validate installed source packages for path traversal. Impact Installation of a malicious R package could result in an arbitrary file...

10CVSS7.7AI score0.0224EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2023/12/22 12:0 a.m.•26 views

NASM: Multiple Vulnerabilities

Background NASM is a 80x86 assembler that has been created for portability and modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It also supports a wide range of objects formats ELF, a.out, COFF, etc, and has its own disassembler. Description Multiple vulnerabilities have been...

7.8CVSS7.4AI score0.01143EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2023/11/25 12:0 a.m.•26 views

RenderDoc: Multiple Vulnerabilities

Background RenderDoc is a free MIT licensed stand-alone graphics debugger that allows quick and easy single-frame capture and detailed introspection of any application using Vulkan, D3D11, OpenGL & OpenGL ES or D3D12 across Windows, Linux, Android, or Nintendo Switchâ„¢. Description Multiple...

9.8CVSS9.4AI score0.03648EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2023/10/10 12:0 a.m.•26 views

libcue: Arbitrary Code Execution

Background libcue is a CUE Sheet Parser Library. Description libcue does not check bounds in a loop and suffers from an integer overflow flaw which can be exploited to take over the program. Impact Untrusted CUE sheet files can lead to arbitrary code execution. app-misc/tracker-minerscue uses...

8.8CVSS7.9AI score0.1657EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2023/05/03 12:0 a.m.•26 views

systemd: Multiple Vulnerabilities

Background A system and service manager. Description Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

5.5CVSS6.3AI score0.01561EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2022/11/10 12:0 a.m.•26 views

lesspipe: Arbitrary Code Exeecution

Background lesspipe is a preprocessor for less. Description lesspipe has support for parsing Perl storable "PST" files, Impact A crafted Perl storable file which is passed into lesspipe could result in arbitrary code execution. Workaround There is no known workaround at this time. Resolution All...

9.8CVSS3.1AI score0.0115EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2022/09/25 12:0 a.m.•26 views

HarfBuzz: Multiple vulnerabilities

Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...

6.5CVSS1.6AI score0.0178EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2022/08/31 12:0 a.m.•26 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

8.8CVSS2.7AI score0.00905EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/09/13 12:0 a.m.•26 views

GNOME File Roller: Directory traversal

Background File Roller is an archive manager for the GNOME desktop environment. Description It was discovered that GNOME File Roller incorrectly handled symlinks. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution All...

3.9CVSS1.6AI score0.00768EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/07/28 12:0 a.m.•26 views

Claws Mail: Improper STARTTLS handling

Background Claws Mail is a GTK based e-mail client. Description It was discovered that Claws Mail was not properly handling state within the STARTTLS protocol handshake. Impact There may be a breach of integrity or confidentiality in connections made using Claws Mail with STARTTLS. Workaround The...

9.8CVSS1.4AI score0.02592EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2017/05/26 12:0 a.m.•26 views

Teeworlds: Remote execution of arbitrary code on client

Background Teeworlds is an online multi-player platform 2D shooter. Description Teeworlds client contains a vulnerability allowing a malicious server to execute arbitrary code, or write to arbitrary physical memory via the CClient::ProcessServerPacket method. Impact A remote malicious server can...

9.8CVSS5AI score0.03646EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2016/07/30 12:0 a.m.•26 views

BeanShell: Arbitrary code execution

Background BeanShell is a small, free, embeddable Java source interpreter with object scripting language features, written in Java. Description An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to...

8.1CVSS4.9AI score0.70425EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2016/03/09 12:0 a.m.•26 views

Background FUSE provides an interface for filesystems implemented in userspace. Description The fusermount binary calls setuidgeteuid to reset the RUID when it invokes /bin/mount so that it can use privileged mount options that are normally restricted if RUID != EUID. FUSE does not properly clear...

3.6CVSS6.6AI score0.01008EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2015/12/30 12:0 a.m.•26 views

KDE Systemsettings: Privilege escalation

Background KDE workspace configuration module for setting the date and time has a helper program which runs as root for performing actions. Description KDE Systemsettings fails to properly validate user input before passing it as argument in context of higher privilege. Impact A local attacker...

7.2CVSS6.2AI score0.00388EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2015/07/10 12:0 a.m.•26 views

t1utils: Arbitrary code execution

Background t1utils is a collection of simple Type 1 font manipulation programs. Description t1utils has a buffer overflow in the setcsstart function in t1disasm.c. Impact A remote attacker could cause a denial of service and possibly execute arbitrary code via a crafted font file. Workaround Ther...

7.5CVSS7.5AI score0.06905EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2014/06/19 12:0 a.m.•26 views

rxvt-unicode: User-assisted execution of arbitrary code

Background rxvt-unicode urxvt is a clone of the rxvt terminal emulator. Description rxvt-unicode does not properly handle OSC escape sequences, including those used to read and write X window properties. Impact A remote attacker could entice a user to run a specially crafted file using...

7.6CVSS7AI score0.041EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/02/09 12:0 a.m.•26 views

DjVu: User-assisted execution of arbitrary code

Background DjVu is a web-centric format and software platform for distributing documents and images. Description A vulnerability has been discovered in DjVu. Please review the CVE identifier referenced below for details. Impact A remote attacker could entice a user to open a specially crafted DjV...

9.3CVSS7.1AI score0.04642EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/01/21 12:0 a.m.•26 views

OpenSC: Arbitrary code execution

Background OpenSC is a tools and libraries for smart cards. Description Multiple stack-based buffer overflow errors have been discovered in OpenSC. Impact A physically proximate attacker could possibly execute arbitrary code using a specially crafted smart card. Workaround There is no known...

7.2CVSS7.6AI score0.00862EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2014/01/10 12:0 a.m.•26 views

Git: Privilege escalation

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Git contains a stack-based buffer overflow in the isgitdirectory function in setup.c. Impact A local attacker could ga...

7.5CVSS6.7AI score0.02507EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/12/14 12:0 a.m.•26 views

cabextract: Multiple vulnerabilities

Background cabextract is free software for extracting Microsoft cabinet files. Description Multiple vulnerabilities have been discovered in cabextract. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially-crafted archive ...

5.1CVSS7.4AI score0.04027EPSS
Exploits0
Total number of security vulnerabilities3816