Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2023/12/22 12:0 a.m.•26 views

NASM: Multiple Vulnerabilities

Background NASM is a 80x86 assembler that has been created for portability and modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It also supports a wide range of objects formats ELF, a.out, COFF, etc, and has its own disassembler. Description Multiple vulnerabilities have been...

7.8CVSS7.4AI score0.01143EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2023/05/03 12:0 a.m.•26 views

systemd: Multiple Vulnerabilities

Background A system and service manager. Description Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

5.5CVSS6.3AI score0.01561EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2022/11/10 12:0 a.m.•26 views

lesspipe: Arbitrary Code Exeecution

Background lesspipe is a preprocessor for less. Description lesspipe has support for parsing Perl storable "PST" files, Impact A crafted Perl storable file which is passed into lesspipe could result in arbitrary code execution. Workaround There is no known workaround at this time. Resolution All...

9.8CVSS3.1AI score0.0115EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2022/09/25 12:0 a.m.•26 views

HarfBuzz: Multiple vulnerabilities

Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...

6.5CVSS1.6AI score0.0178EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2022/08/31 12:0 a.m.•26 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

8.8CVSS2.7AI score0.00905EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/04/30 12:0 a.m.•26 views

Cacti: Multiple vulnerabilities

Background Cacti is a complete frontend to rrdtool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...

9.3CVSS3.7AI score0.73779EPSS
Exploits24
Gentoo Linux
Gentoo Linux
•added 2016/07/30 12:0 a.m.•26 views

BeanShell: Arbitrary code execution

Background BeanShell is a small, free, embeddable Java source interpreter with object scripting language features, written in Java. Description An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to...

8.1CVSS4.9AI score0.70425EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2015/12/30 12:0 a.m.•26 views

KDE Systemsettings: Privilege escalation

Background KDE workspace configuration module for setting the date and time has a helper program which runs as root for performing actions. Description KDE Systemsettings fails to properly validate user input before passing it as argument in context of higher privilege. Impact A local attacker...

7.2CVSS6.2AI score0.00388EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2015/07/10 12:0 a.m.•26 views

t1utils: Arbitrary code execution

Background t1utils is a collection of simple Type 1 font manipulation programs. Description t1utils has a buffer overflow in the setcsstart function in t1disasm.c. Impact A remote attacker could cause a denial of service and possibly execute arbitrary code via a crafted font file. Workaround Ther...

7.5CVSS7.5AI score0.06905EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2015/07/07 12:0 a.m.•26 views

Exiv2: Denial of service

Background Exiv2 is a C++ library and a command line utility to manage image metadata. Description Exiv2 has a buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp. Impact A remote attacker could possibly cause a Denial of Service condition via a specially crafted AVI file...

5CVSS6.8AI score0.03654EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2015/02/07 12:0 a.m.•26 views

libevent: User-assisted execution of arbitrary code

Background libevent is a library to execute a function when a specific event occurs on a file descriptor. Description Multiple integer overflow errors in libevent could cause a heap-based buffer overflow. Impact A context-dependent attacker could cause an application linked against libevent to pa...

7.5CVSS7.5AI score0.02084EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/11/23 12:0 a.m.•26 views

Aircrack-ng: User-assisted execution of arbitrary code

Background Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. Description Multiple vulnerabilities have been discovered in Aircrack-ng. Please review the CVE identifiers referenced below for details. Impact A local...

9.8CVSS9.6AI score0.23925EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2014/08/14 12:0 a.m.•26 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

10CVSS7.7AI score0.07552EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/02/09 12:0 a.m.•26 views

DjVu: User-assisted execution of arbitrary code

Background DjVu is a web-centric format and software platform for distributing documents and images. Description A vulnerability has been discovered in DjVu. Please review the CVE identifier referenced below for details. Impact A remote attacker could entice a user to open a specially crafted DjV...

9.3CVSS7.1AI score0.04642EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/01/19 12:0 a.m.•26 views

libexif, exif: Multiple vulnerabilities

Background libexif is a library for parsing, editing and saving Exif metadata from images. exif is a small command line interface for libexif. Description Multiple vulnerabilities have been discovered in libexif and exif. Please review the CVE identifiers referenced below for details. Impact A...

7.5CVSS7.5AI score0.07557EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/01/18 12:0 a.m.•26 views

Openswan: User-assisted execution of arbitrary code

Background Openswan is an implementation of IPsec for Linux. Description A buffer overflow flaw has been discovered in Openswan when using Opportunistic Encryption. Impact A remote attacker could send a specially crafted DNS TXT record, possibly resulting in execution of arbitrary code with the...

6.8CVSS7.4AI score0.02427EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/01/10 12:0 a.m.•26 views

Git: Privilege escalation

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Git contains a stack-based buffer overflow in the isgitdirectory function in setup.c. Impact A local attacker could ga...

7.5CVSS6.7AI score0.02507EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/01/05 12:0 a.m.•26 views

Libgdiplus: Arbitrary code execution

Background Libgdiplus is the Mono library that provide a GDI+ comptible API on non-Windows operating systems. Description An integer overflow flaw has been discovered in Libgdiplus. Impact A remote attacker could entice a user to open a specially-crafted TIFF/JPEG/BMP file, potentially resulting ...

6.8CVSS7.1AI score0.01914EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/12/14 12:0 a.m.•26 views

cabextract: Multiple vulnerabilities

Background cabextract is free software for extracting Microsoft cabinet files. Description Multiple vulnerabilities have been discovered in cabextract. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially-crafted archive ...

5.1CVSS7.4AI score0.04027EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/12/06 12:0 a.m.•26 views

SWI-Prolog : Multiple vulnerabilities

Background SWI-Prolog is a free, small, and standard compliant Prolog compiler. Description Multiple vulnerabilities have been discovered in SWI-Prolog: An error in the canoniseFileName function could cause a stack-based buffer overflow CVE-2012-6089. An error in the expand function could cause a...

7.5CVSS7.8AI score0.04019EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/11/07 12:0 a.m.•26 views

Vixie cron: Denial of service

Background Paul Vixie’s cron daemon, a fully featured crond implementation. Description Vixie cron contains a race condition relating to atime and mtime values of temporary files. Impact A local attacker could change the modification time of files, possibly resulting in a Denial of Service...

3.3CVSS7.3AI score0.00346EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/10/26 12:0 a.m.•26 views

TPTEST: Arbitrary code execution

Background TPTEST is a tool to measure the speed of a user’s Internet connection. Description The GetStatsFromLine function in TPTEST is vulnerable to buffer overflows from STATS lines with long email and pwd fields. Impact A remote attacker could send a specially-crafted STATS line, possibly...

10CVSS7.3AI score0.12776EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2012/08/14 12:0 a.m.•26 views

libgdata: Man-in-the-Middle attack

Background libgdata is a GLib-based library for accessing online service APIs using the GData protocol. Description An error in the "gdataservicebuildsession" function of gdata-service.c prevents libgdata from properly validating certificates. Impact A remote attacker could perform...

5.1CVSS6.1AI score0.01904EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/08/14 12:0 a.m.•26 views

Puppet: Multiple vulnerabilities

Background Puppet is a system configuration management tool written in Ruby. Description Multiple vulnerabilities have been found in Puppet: Puppet uses predictable file names for temporary files CVE-2012-1906. REST requests for a file in a remote filebucket are not handled properly by overriding...

6CVSS7.6AI score0.02632EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/08/14 12:0 a.m.•26 views

socat: Arbitrary code execution

Background socat is a multipurpose bidirectional relay, similar to netcat. Description A vulnerability in the "xioscanreadline" function in xio-readline.c could cause a heap-based buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the socat...

6.2CVSS7.4AI score0.00455EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2011/10/13 12:0 a.m.•26 views

Conky: Privilege escalation

Background Conky is an advanced, highly configurable system monitor for X. Description A privilege escalation vulnerability due to an insecure temporary file was found in Conky. Impact A local attacker could possibly overwrite arbitrary files with the privileges of the user running Conky...

6.3CVSS6.7AI score0.00424EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/09/09 12:0 a.m.•26 views

LMBench: Insecure temporary file usage

Background LMBench is a suite of simple, portable benchmarks for UNIX platforms. Description Dmitry E. Oboukhov reported that the rccs and STUFF scripts do not handle "/tmp/sdiff." temporary files securely. NOTE: There might be further occurances of insecure temporary file usage. Impact A local...

6.9CVSS6.3AI score0.00406EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/09/07 12:0 a.m.•26 views

libvorbis: User-assisted execution of arbitrary code

Background libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Description Lucas Adamski reported that libvorbis does not correctly process file headers, related to static mode headers and encodi...

9.3CVSS7.1AI score0.02715EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/07/12 12:0 a.m.•26 views

GStreamer plug-ins: User-assisted execution of arbitrary code

Background The GStreamer plug-ins provide decoders to the GStreamer open source media framework. Description Multiple vulnerabilities have been reported in several GStreamer plug-ins: Tobias Klein reported two heap-based buffer overflows and an array index error in the qtdemuxparsesamples functio...

9.3CVSS8.7AI score0.07147EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2009/07/02 12:0 a.m.•26 views

libwmf: User-assisted execution of arbitrary code

Background libwmf is a library for converting WMF files. Description The embedded fork of the GD library introduced a "use-after-free" vulnerability in a modification which is specific to libwmf. Impact A remote attacker could entice a user to open a specially crafted WMF file, possibly resulting...

7.5CVSS7.3AI score0.03463EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/05/24 12:0 a.m.•26 views

IPSec Tools: Denial of service

Background The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. They include racoon, an Internet Key Exchange daemon for automatically keying IPsec connections. Description The following vulnerabilities have been found in the racoon daemon as shipped with...

5CVSS8.1AI score0.11631EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/03/07 12:0 a.m.•26 views

nfs-utils: Access restriction bypass

Background nfs-utils contains the client and daemon implementations for the NFS protocol. Description Michele Marcionelli reported that nfs-utils invokes the hostsctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups. Impact A remote attacker could bypass...

7.5CVSS6.9AI score0.02295EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/02/12 12:0 a.m.•26 views

Valgrind: Untrusted search path

Background Valgrind is an open-source memory debugger. Description Tavis Ormandy reported that Valgrind loads a .valgrindrc file in the current working directory, executing commands specified there. Impact A local attacker could prepare a specially crafted .valgrindrc file and entice a user to ru...

7.2CVSS6.8AI score0.00433EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/12/23 12:0 a.m.•26 views

Ampache: Insecure temporary file usage

Background Ampache is a PHP based tool for managing, updating and playing audio files via a web interface. Description Dmitry E. Oboukhov reported an insecure temporary file usage within the gather-messages.sh script. Impact A local attacker could perform symlink attacks to overwrite arbitrary...

7.2CVSS6.4AI score0.00392EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/09/23 12:0 a.m.•26 views

GNU ed: User-assisted execution of arbitrary code

Background GNU ed is a basic line editor. red is a restricted version of ed that does not allow shell command execution. Description Alfredo Ortega from Core Security Technologies reported a heap-based buffer overflow in the stripescapes function when processing overly long filenames. Impact A...

9.3CVSS7.6AI score0.03595EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/07/21 12:0 a.m.•27 views

PeerCast: Buffer overflow

Background PeerCast is a client and server for P2P-radio networks. Description Nico Golde reported a boundary error in the HTTP::getAuthUserPass function when processing overly long HTTP Basic authentication requests. Impact A remote attacker could send a specially crafted HTTP request to the...

7.5CVSS7.2AI score0.14863EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/07/08 12:0 a.m.•26 views

Poppler: User-assisted execution of arbitrary code

Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. Description Felipe Andres Manzano reported a memory management issue in the Page class constructor/destructor. Impact A remote attacker could entice a user to open a specially crafted PDF file with a...

7.5CVSS7AI score0.14253EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/05/21 12:0 a.m.•26 views

GnuTLS: Execution of arbitrary code

Background GnuTLS is an implementation of Secure Sockets Layer SSL 3.0 and Transport Layer Security TLS 1.0, 1.1 and 1.2. Description Ossi Herrala and Jukka Taimisto of Codenomicon reported three vulnerabilities in libgnutls of GnuTLS: "Client Hello" messages containing an invalid server name can...

10CVSS10AI score0.12018EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2008/03/03 12:0 a.m.•26 views

Mantis: Cross-Site Scripting

Background Mantis is a web-based bug tracking system. Description seiji reported that the filename for the uploaded file in bugreport.php is not properly sanitised before being stored. Impact A remote attacker could upload a file with a specially crafted to a bug report, resulting in the executio...

4.3CVSS6.7AI score0.01745EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/01/27 12:0 a.m.•26 views

CherryPy: Directory traversal vulnerability

Background CherryPy is a Python-based, object-oriented web development framework. Description CherryPy does not sanitize the session id, provided as a cookie value, in the FileSession.getfilepath function before using it as part of the file name. Impact A remote attacker could exploit this...

7.5CVSS6.3AI score0.02647EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/01/09 12:0 a.m.•27 views

OpenAFS: Denial of service

Background OpenAFS is a distributed network filesystem. Description Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a race condition due to an improper handling of the clients callbacks lists. Impact A remote attacker could construct cases which trigger the race condition,...

4.3CVSS6.3AI score0.01661EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/12/29 12:0 a.m.•26 views

Exiv2: Integer overflow

Background Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered an integer...

7.5CVSS7.3AI score0.04871EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/12/29 12:0 a.m.•26 views

Syslog-ng: Denial of service

Background Syslog-ng is a flexible and scalable system logger. Description Oriol Carreras reported a NULL pointer dereference in the logmsgparse function when processing timestamps without a terminating whitespace character. Impact A remote attacker could send a specially crafted event to a...

5CVSS6.3AI score0.03348EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/11/07 12:0 a.m.•26 views

MadWifi: Denial of service

Background The MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards. Description Clemens Kolbitsch and Sylvester Keil reported an error when processing beacon frames with an overly large "length" value in the "xrates" element. Impact A remote attacker could act as an...

4.3CVSS6.4AI score0.01968EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/08/11 12:0 a.m.•26 views

Net::DNS: Multiple vulnerabilities

Background Net::DNS is a Perl implementation of a DNS resolver. Description hjp discovered an error when handling DNS query IDs which make them partially predictable. Steffen Ullrich discovered an error in the dnexpand function which could lead to an endless loop. Impact A remote attacker could...

7.5CVSS6.3AI score0.03489EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/07/24 12:0 a.m.•27 views

NVClock: Insecure file usage

Background NVClock is an utility for changing NVidia graphic chipsets internal frequency. Description Tavis Ormandy of the Gentoo Linux Security Team discovered that NVClock makes usage of an insecure temporary file in the /tmp directory. Impact A local attacker could create a specially crafted...

6.6CVSS7.1AI score0.00285EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/03/02 12:0 a.m.•26 views

SpamAssassin: Long URI Denial of service

Background SpamAssassin is an extensible email filter used to identify junk email. Description SpamAssassin does not correctly handle very long URIs when scanning emails. Impact An attacker could cause SpamAssassin to consume large amounts of CPU and memory resources by sending one or more emails...

4.3CVSS6.4AI score0.06659EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/12/14 12:0 a.m.•26 views

McAfee VirusScan: Insecure DT_RPATH

Background McAfee VirusScan for Linux is a commercial antivirus solution for Linux. Description Jakub Moc of Gentoo Linux discovered that McAfee VirusScan was distributed with an insecure DTRPATH which included the current working directory, rather than $ORIGIN which was probably intended. Impact...

4.6CVSS7.2AI score0.004EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/24 12:0 a.m.•26 views

TIN: Multiple buffer overflows

Background TIN is a threaded NNTP and spool based UseNet newsreader for a variety of platforms. Description Urs Janssen and Aleksey Salow have reported multiple buffer overflows in TIN. Additionally, the OpenPKG project has reported an allocation off-by-one flaw which can lead to a buffer overflo...

7.5CVSS7.3AI score0.02814EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/20 12:0 a.m.•26 views

TikiWiki: Multiple vulnerabilities

Background TikiWiki is an open source content management system written in PHP. Description In numerous files TikiWiki provides an empty sortmode parameter, causing TikiWiki to display additional information, including database authentication credentials, in certain error messages. TikiWiki also...

5CVSS6.6AI score0.53067EPSS
Exploits4
Total number of security vulnerabilities3816