Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2014/01/21 12:0 a.m.•26 views

OpenSC: Arbitrary code execution

Background OpenSC is a tools and libraries for smart cards. Description Multiple stack-based buffer overflow errors have been discovered in OpenSC. Impact A physically proximate attacker could possibly execute arbitrary code using a specially crafted smart card. Workaround There is no known...

7.2CVSS7.6AI score0.00862EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2014/01/10 12:0 a.m.•26 views

Git: Privilege escalation

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Git contains a stack-based buffer overflow in the isgitdirectory function in setup.c. Impact A local attacker could ga...

7.5CVSS6.7AI score0.02507EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/12/14 12:0 a.m.•26 views

cabextract: Multiple vulnerabilities

Background cabextract is free software for extracting Microsoft cabinet files. Description Multiple vulnerabilities have been discovered in cabextract. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially-crafted archive ...

5.1CVSS7.4AI score0.04027EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/12/06 12:0 a.m.•26 views

SWI-Prolog : Multiple vulnerabilities

Background SWI-Prolog is a free, small, and standard compliant Prolog compiler. Description Multiple vulnerabilities have been discovered in SWI-Prolog: An error in the canoniseFileName function could cause a stack-based buffer overflow CVE-2012-6089. An error in the expand function could cause a...

7.5CVSS7.8AI score0.04019EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/11/28 12:0 a.m.•26 views

Unbound: Denial of service

Background Unbound is a validating, recursive, and caching DNS resolver. Description Multiple vulnerabilities have been discovered in Unbound. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition via a speciall...

7.8CVSS6.7AI score0.03097EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/07/11 12:0 a.m.•26 views

HAProxy: Multiple vulnerabilities

Background HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. Description Multiple vulnerabilities have been discovered in HAProxy. Please review the CVE identifiers referenced below for details. Impact ...

5.1CVSS7.4AI score0.05464EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/08/14 12:0 a.m.•26 views

libgdata: Man-in-the-Middle attack

Background libgdata is a GLib-based library for accessing online service APIs using the GData protocol. Description An error in the "gdataservicebuildsession" function of gdata-service.c prevents libgdata from properly validating certificates. Impact A remote attacker could perform...

5.1CVSS6.1AI score0.01904EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/08/14 12:0 a.m.•26 views

Puppet: Multiple vulnerabilities

Background Puppet is a system configuration management tool written in Ruby. Description Multiple vulnerabilities have been found in Puppet: Puppet uses predictable file names for temporary files CVE-2012-1906. REST requests for a file in a remote filebucket are not handled properly by overriding...

6CVSS7.6AI score0.02632EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/08/14 12:0 a.m.•26 views

socat: Arbitrary code execution

Background socat is a multipurpose bidirectional relay, similar to netcat. Description A vulnerability in the "xioscanreadline" function in xio-readline.c could cause a heap-based buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the socat...

6.2CVSS7.4AI score0.00455EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/04/17 12:0 a.m.•26 views

Perl DBD-Pg Module: Arbitrary code execution

Background DBD-Pg is a PostgreSQL interface module for Perl. Description Format string vulnerabilities have been found in the the "pgwarn" and "dbdstprepare" functions in dbdimp.c. Impact A remote PostgreSQL server could send specially crafted database warnings or DBD statements, possibly resulti...

5CVSS7.1AI score0.02744EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2011/10/13 12:0 a.m.•26 views

Conky: Privilege escalation

Background Conky is an advanced, highly configurable system monitor for X. Description A privilege escalation vulnerability due to an insecure temporary file was found in Conky. Impact A local attacker could possibly overwrite arbitrary files with the privileges of the user running Conky...

6.3CVSS6.7AI score0.00424EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/09/12 12:0 a.m.•26 views

irssi: Execution of arbitrary code

Background irssi is a modular textUI IRC client with IPv6 support. Description Nemo discovered an off-by-one error leading to a heap overflow in irssi's eventwallops parsing function. Impact A remote attacker might entice a user to connect to a malicious IRC server, use a man-in-the-middle attack...

5CVSS7.2AI score0.08385EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/09/09 12:0 a.m.•26 views

LMBench: Insecure temporary file usage

Background LMBench is a suite of simple, portable benchmarks for UNIX platforms. Description Dmitry E. Oboukhov reported that the rccs and STUFF scripts do not handle "/tmp/sdiff." temporary files securely. NOTE: There might be further occurances of insecure temporary file usage. Impact A local...

6.9CVSS6.3AI score0.00406EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/06/28 12:0 a.m.•26 views

Ruby: Denial of service

Background Ruby is an interpreted object-oriented programming language. The elaborate standard library includes the "BigDecimal" class. Description Tadayoshi Funaba reported that BigDecimal in ext/bigdecimal/bigdecimal.c does not properly handle string arguments containing overly long numbers...

5CVSS5AI score0.08375EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/03/07 12:0 a.m.•26 views

nfs-utils: Access restriction bypass

Background nfs-utils contains the client and daemon implementations for the NFS protocol. Description Michele Marcionelli reported that nfs-utils invokes the hostsctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups. Impact A remote attacker could bypass...

7.5CVSS6.9AI score0.02295EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/02/12 12:0 a.m.•26 views

Valgrind: Untrusted search path

Background Valgrind is an open-source memory debugger. Description Tavis Ormandy reported that Valgrind loads a .valgrindrc file in the current working directory, executing commands specified there. Impact A local attacker could prepare a specially crafted .valgrindrc file and entice a user to ru...

7.2CVSS6.8AI score0.00433EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/12/23 12:0 a.m.•26 views

Ampache: Insecure temporary file usage

Background Ampache is a PHP based tool for managing, updating and playing audio files via a web interface. Description Dmitry E. Oboukhov reported an insecure temporary file usage within the gather-messages.sh script. Impact A local attacker could perform symlink attacks to overwrite arbitrary...

7.2CVSS6.4AI score0.00392EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/12/29 12:0 a.m.•26 views

Exiv2: Integer overflow

Background Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered an integer...

7.5CVSS7.3AI score0.04871EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/11/20 12:0 a.m.•26 views

Net-SNMP: Denial of service

Background Net-SNMP is a collection of tools for generating and retrieving SNMP data. Description The SNMP agent snmpd does not properly handle GETBULK requests with an overly large "max-repetitions" field. Impact A remote unauthenticated attacker could send a specially crafted SNMP request to th...

7.8CVSS8.6AI score0.26183EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/11/18 12:0 a.m.•26 views

teTeX: Multiple vulnerabilities

Background teTeX is a complete TeX distribution for editing documents. Description Joachim Schrod discovered several buffer overflow vulnerabilities and an insecure temporary file creation in the "dvilj" application that is used by dvips to convert DVI files to printer formats CVE-2007-5937,...

6.8CVSS7.4AI score0.03953EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/11/07 12:0 a.m.•26 views

MadWifi: Denial of service

Background The MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards. Description Clemens Kolbitsch and Sylvester Keil reported an error when processing beacon frames with an overly large "length" value in the "xrates" element. Impact A remote attacker could act as an...

4.3CVSS6.4AI score0.01968EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/10/07 12:0 a.m.•26 views

libsndfile: Buffer overflow

Background libsndfile is a library for reading and writing various formats of audio files including WAV and FLAC. Description Robert Buchholz of the Gentoo Security team discovered that the flacbuffercopy function does not correctly handle FLAC streams with variable block sizes which leads to a...

7.5CVSS7.2AI score0.04488EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/09/15 12:0 a.m.•26 views

Eggdrop: Buffer overflow

Background Eggdrop is an IRC bot extensible with C or Tcl. Description Bow Sineath discovered a boundary error in the file mod/server.mod/servrmsg.c when processing overly long private messages sent by an IRC server. Impact A remote attacker could entice an Eggdrop user to connect the bot to a...

6.8CVSS7AI score0.09979EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2007/07/24 12:0 a.m.•27 views

NVClock: Insecure file usage

Background NVClock is an utility for changing NVidia graphic chipsets internal frequency. Description Tavis Ormandy of the Gentoo Linux Security Team discovered that NVClock makes usage of an insecure temporary file in the /tmp directory. Impact A local attacker could create a specially crafted...

6.6CVSS7.1AI score0.00285EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/05/10 12:0 a.m.•26 views

PostgreSQL: Privilege escalation

Background PostgreSQL is an open source object-relational database management system. Description An error involving insecure searchpath settings in the SECURITY DEFINER functions has been reported in PostgreSQL. Impact If allowed to call a SECURITY DEFINER function, an attacker could gain the SQ...

6CVSS8.9AI score0.03184EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/03/02 12:0 a.m.•26 views

SpamAssassin: Long URI Denial of service

Background SpamAssassin is an extensible email filter used to identify junk email. Description SpamAssassin does not correctly handle very long URIs when scanning emails. Impact An attacker could cause SpamAssassin to consume large amounts of CPU and memory resources by sending one or more emails...

4.3CVSS6.4AI score0.06659EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/12/14 12:0 a.m.•26 views

McAfee VirusScan: Insecure DT_RPATH

Background McAfee VirusScan for Linux is a commercial antivirus solution for Linux. Description Jakub Moc of Gentoo Linux discovered that McAfee VirusScan was distributed with an insecure DTRPATH which included the current working directory, rather than $ORIGIN which was probably intended. Impact...

4.6CVSS7.2AI score0.004EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/28 12:0 a.m.•26 views

OpenLDAP: Denial of Service vulnerability

Background OpenLDAP is a suite of LDAP-related applications and development tools. Description Evgeny Legerov has discovered that the truncation of an incoming authcid longer than 255 characters and ending with a space as the 255th character will lead to an improperly computed name length. This...

7.5CVSS6.4AI score0.75373EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/11/24 12:0 a.m.•26 views

TIN: Multiple buffer overflows

Background TIN is a threaded NNTP and spool based UseNet newsreader for a variety of platforms. Description Urs Janssen and Aleksey Salow have reported multiple buffer overflows in TIN. Additionally, the OpenPKG project has reported an allocation off-by-one flaw which can lead to a buffer overflo...

7.5CVSS7.3AI score0.02814EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/20 12:0 a.m.•26 views

TikiWiki: Multiple vulnerabilities

Background TikiWiki is an open source content management system written in PHP. Description In numerous files TikiWiki provides an empty sortmode parameter, causing TikiWiki to display additional information, including database authentication credentials, in certain error messages. TikiWiki also...

5CVSS6.6AI score0.53067EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2006/11/06 12:0 a.m.•26 views

Qt: Integer overflow

Background Qt is a cross-platform GUI toolkit, which is used e.g. by KDE. Description An integer overflow flaw has been found in the pixmap handling of Qt. Impact By enticing a user to open a specially crafted pixmap image in an application using Qt, e.g. Konqueror, a remote attacker could be abl...

6.8CVSS7AI score0.04146EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/10/17 12:0 a.m.•26 views

Python: Buffer Overflow

Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Benjamin C. Wiley Sittler discovered a buffer overflow in Python's "repr" function when handling UTF-32/UCS-4 encoded strings. Impact If a Python application processes...

7.5CVSS7.4AI score0.05195EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/10 12:0 a.m.•26 views

Warzone 2100 Resurrection: Multiple buffer overflows

Background Warzone 2100 Resurrection is a real-time strategy game, developed by Pumpkin Studios and published by Eidos Interactive. Description Luigi Auriemma discovered two buffer overflow vulnerabilities in Warzone 2100 Resurrection. The recvTextMessage function of the Warzone 2100 Resurrection...

7.5CVSS7.4AI score0.04416EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/07/03 12:0 a.m.•26 views

mpg123: Heap overflow

Background mpg123 is a real time audio player designed for the MPEG format. Description In httpdget.c, a variable is assigned to the heap, and is supposed to receive a smaller allocation. As this variable was not terminated properly, strncpy will overwrite the data assigned next in memory. Impact...

7.5CVSS7.2AI score0.06398EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/04/14 12:0 a.m.•26 views

Cacti: Multiple vulnerabilities in included ADOdb

Background Cacti is a complete web-based frontend to rrdtool. ADOdb is a PHP-based database abstraction layer which is included in Cacti. Description Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation...

7.5CVSS8.3AI score0.13237EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2006/03/21 12:0 a.m.•26 views

cURL/libcurl: Buffer overflow in the handling of TFTP URLs

Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. libcurl is the corresponding client-side library. Description Ulf Harnhammar reported a possible buffer overflow in the handling of TFTP URLs in libcurl due to the lack of boundary checks...

7.5CVSS6.8AI score0.0509EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/03/13 12:0 a.m.•26 views

Cube: Multiple vulnerabilities

Background Cube is an open source first person shooter game engine supporting multiplayer via LAN or internet. Description Luigi Auriemma reported that Cube is vulnerable to a buffer overflow in the sgetstr function CVE-2006-1100 and that the sgetstr and getint functions fail to verify the length...

7.5CVSS7.7AI score0.08114EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2005/12/23 12:0 a.m.•26 views

Dropbear: Privilege escalation

Background Dropbear is an SSH server and client with a small memory footprint. Description Under certain conditions Dropbear could fail to allocate a sufficient amount of memory, possibly resulting in a buffer overflow. Impact By sending specially crafted data to the server, authenticated users...

6.5CVSS7.3AI score0.03441EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/20 12:0 a.m.•26 views

AbiWord: New RTF import buffer overflows

Background AbiWord is a free and cross-platform word processing program. It allows to import RTF files into AbiWord documents. Description Chris Evans discovered a different set of buffer overflows than the one described in GLSA 200509-20 in the RTF import function in AbiWord. Impact An attacker...

5.1CVSS7.1AI score0.04101EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/10/14 12:0 a.m.•26 views

KOffice, KWord: RTF import buffer overflow

Background KOffice is an integrated office suite for KDE. KWord is the KOffice word processor. Description Chris Evans discovered that the KWord RTF importer was vulnerable to a heap-based buffer overflow. Impact An attacker could entice a user to open a specially-crafted RTF file, potentially...

7.5CVSS7AI score0.06414EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/09/07 12:0 a.m.•26 views

Squid: Denial of Service vulnerabilities

Background Squid is a full-featured Web proxy cache designed to run on Unix-like systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many more features. Description Certain malformed...

5CVSS6.3AI score0.07829EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/25 12:0 a.m.•26 views

sandbox: Insecure temporary file handling

Background sandbox is a Gentoo Linux utility used by the Portage package management system. Description The Gentoo Linux Security Audit Team discovered that the sandbox utility was vulnerable to multiple TOCTOU Time of Check, Time of Use file creation race conditions. Impact Local users may be ab...

1.2CVSS6.6AI score0.00304EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/29 12:0 a.m.•26 views

Heimdal: Buffer overflow vulnerabilities

Background Heimdal is a free implementation of Kerberos 5 that includes a telnetd server. Description It has been reported that the "getterminaltype" function of Heimdal's telnetd server is vulnerable to buffer overflows. Impact An attacker could exploit this vulnerability to execute arbitrary co...

5CVSS7.3AI score0.02843EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/19 12:0 a.m.•26 views

gFTP: Directory traversal vulnerability

Background gFTP is a GNOME based, multi-threaded file transfer client. Description gFTP lacks input validation of filenames received by remote servers. Impact An attacker could entice a user to connect to a malicious FTP server and conduct a directory traversal attack by making use of specially...

5CVSS6.5AI score0.03648EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/10 12:0 a.m.•26 views

Mailman: Directory traversal vulnerability

Background Mailman is a Python-based mailing list server with an extensive web interface. Description Mailman contains an error in private.py which fails to properly sanitize input paths. Impact An attacker could exploit this flaw to obtain arbitrary files on the web server. Workaround There is n...

5CVSS6.3AI score0.02856EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/03 12:0 a.m.•26 views

Newspost: Buffer overflow vulnerability

Background Newspost is a Usenet News binary autoposter. Description Niels Heinen has discovered a buffer overflow in the socketgetline function of Newspost, which can be triggered by providing long strings that do not end with a newline character. Impact A remote attacker could setup a malicious...

7.5CVSS7.4AI score0.15874EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/01/06 12:0 a.m.•26 views

xine-lib: Multiple overflows

Background xine-lib is a multimedia library which can be utilized to create multimedia frontends. Description Ariel Berkman discovered that xine-lib reads specific input data into an array without checking the input size in demuxaiff.c, making it vulnerable to a buffer overflow CAN-2004-1300...

10CVSS2.6AI score0.09107EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/01/06 12:0 a.m.•26 views

phpGroupWare: Various vulnerabilities

Background phpGroupWare is a web-based suite of group applications including a calendar, todo-list, addressbook, email, wiki, news headlines, and a file manager. Description Several flaws were discovered in phpGroupWare making it vulnerable to cross-site scripting attacks, SQL injection, and full...

7.5CVSS2.3AI score0.07324EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2004/12/15 12:0 a.m.•26 views

Vim, gVim: Vulnerable options in modelines

Background Vim is an efficient, highly configurable improved version of the classic 'vi' text editor. gVim is the GUI version of Vim. Description Gentoo's Vim maintainer, Ciaran McCreesh, found several vulnerabilities related to the use of options in Vim modelines. Options like 'termcap',...

7.2CVSS1.1AI score0.0041EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/12/06 12:0 a.m.•26 views

imlib: Buffer overflows in image decoding

Background imlib is an advanced replacement library for image manipulation libraries like libXpm. It is called by numerous programs, including gkrellm and several window managers, to help in displaying images. Description Pavel Kankovsky discovered that several overflows found in the libXpm libra...

10CVSS3.7AI score0.04934EPSS
Exploits0
Total number of security vulnerabilities3816