Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2006/11/06 12:0 a.m.•26 views

Qt: Integer overflow

Background Qt is a cross-platform GUI toolkit, which is used e.g. by KDE. Description An integer overflow flaw has been found in the pixmap handling of Qt. Impact By enticing a user to open a specially crafted pixmap image in an application using Qt, e.g. Konqueror, a remote attacker could be abl...

6.8CVSS7AI score0.04146EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/10/17 12:0 a.m.•26 views

Python: Buffer Overflow

Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Benjamin C. Wiley Sittler discovered a buffer overflow in Python's "repr" function when handling UTF-32/UCS-4 encoded strings. Impact If a Python application processes...

7.5CVSS7.4AI score0.05195EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/08/10 12:0 a.m.•26 views

Warzone 2100 Resurrection: Multiple buffer overflows

Background Warzone 2100 Resurrection is a real-time strategy game, developed by Pumpkin Studios and published by Eidos Interactive. Description Luigi Auriemma discovered two buffer overflow vulnerabilities in Warzone 2100 Resurrection. The recvTextMessage function of the Warzone 2100 Resurrection...

7.5CVSS7.4AI score0.04416EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/07/25 12:0 a.m.•26 views

Wireshark: Multiple vulnerabilities

Background Wireshark, formerly known as Ethereal, is a popular network protocol analyzer. Description Wireshark dissectors have been found vulnerable to a large number of exploits, including off-by-one errors, buffer overflows, format string overflows and an infinite loop. Impact Running an...

10CVSS7.5AI score0.0733EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/07/03 12:0 a.m.•26 views

mpg123: Heap overflow

Background mpg123 is a real time audio player designed for the MPEG format. Description In httpdget.c, a variable is assigned to the heap, and is supposed to receive a smaller allocation. As this variable was not terminated properly, strncpy will overwrite the data assigned next in memory. Impact...

7.5CVSS7.2AI score0.06398EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/22 12:0 a.m.•26 views

KDM: Symlink vulnerability

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KDM is the KDE Display Manager and is part of the kdebase package. Description Ludwig Nussel discovered that KDM could be tricked into allowing users to read files that would otherwise not be...

4CVSS5.7AI score0.00376EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/04/14 12:0 a.m.•26 views

Cacti: Multiple vulnerabilities in included ADOdb

Background Cacti is a complete web-based frontend to rrdtool. ADOdb is a PHP-based database abstraction layer which is included in Cacti. Description Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation...

7.5CVSS8.3AI score0.13237EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2006/03/21 12:0 a.m.•26 views

cURL/libcurl: Buffer overflow in the handling of TFTP URLs

Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. libcurl is the corresponding client-side library. Description Ulf Harnhammar reported a possible buffer overflow in the handling of TFTP URLs in libcurl due to the lack of boundary checks...

7.5CVSS6.8AI score0.0509EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/03/16 12:0 a.m.•26 views

Freeciv: Denial of service

Background Freeciv is an open source turn-based multiplayer strategy game, similar to the famous Civilization series. Description Luigi Auriemma discovered that Freeciv could be tricked into the allocation of enormous chunks of memory when trying to uncompress malformed data packages, possibly...

5CVSS6.4AI score0.07701EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/03/13 12:0 a.m.•26 views

Cube: Multiple vulnerabilities

Background Cube is an open source first person shooter game engine supporting multiplayer via LAN or internet. Description Luigi Auriemma reported that Cube is vulnerable to a buffer overflow in the sgetstr function CVE-2006-1100 and that the sgetstr and getint functions fail to verify the length...

7.5CVSS7.7AI score0.08114EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2005/12/23 12:0 a.m.•26 views

Dropbear: Privilege escalation

Background Dropbear is an SSH server and client with a small memory footprint. Description Under certain conditions Dropbear could fail to allocate a sufficient amount of memory, possibly resulting in a buffer overflow. Impact By sending specially crafted data to the server, authenticated users...

6.5CVSS7.3AI score0.03441EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/20 12:0 a.m.•26 views

AbiWord: New RTF import buffer overflows

Background AbiWord is a free and cross-platform word processing program. It allows to import RTF files into AbiWord documents. Description Chris Evans discovered a different set of buffer overflows than the one described in GLSA 200509-20 in the RTF import function in AbiWord. Impact An attacker...

5.1CVSS7.1AI score0.04101EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/10/14 12:0 a.m.•26 views

KOffice, KWord: RTF import buffer overflow

Background KOffice is an integrated office suite for KDE. KWord is the KOffice word processor. Description Chris Evans discovered that the KWord RTF importer was vulnerable to a heap-based buffer overflow. Impact An attacker could entice a user to open a specially-crafted RTF file, potentially...

7.5CVSS7AI score0.06414EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/09/07 12:0 a.m.•26 views

Squid: Denial of Service vulnerabilities

Background Squid is a full-featured Web proxy cache designed to run on Unix-like systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many more features. Description Certain malformed...

5CVSS6.3AI score0.07829EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/29 12:0 a.m.•26 views

Heimdal: Buffer overflow vulnerabilities

Background Heimdal is a free implementation of Kerberos 5 that includes a telnetd server. Description It has been reported that the "getterminaltype" function of Heimdal's telnetd server is vulnerable to buffer overflows. Impact An attacker could exploit this vulnerability to execute arbitrary co...

5CVSS7.3AI score0.02843EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/12 12:0 a.m.•26 views

Gaim: Denial of Service vulnerabilities

Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Jacopo Ottaviani discovered a vulnerability in the Yahoo! file transfer code when being offered files with names containing non-ASCII characters CAN-2005-1269. Hugo de...

5CVSS6.6AI score0.02481EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/02 12:0 a.m.•26 views

xli, xloadimage: Multiple vulnerabilities

Background xli and xloadimage are X11 utilities for displaying and manipulating a wide range of image formats. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has reported that xli and xloadimage contain a flaw in the handling of compressed images, where shell meta-characters ar...

7.5CVSS7.4AI score0.16344EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/02/19 12:0 a.m.•26 views

gFTP: Directory traversal vulnerability

Background gFTP is a GNOME based, multi-threaded file transfer client. Description gFTP lacks input validation of filenames received by remote servers. Impact An attacker could entice a user to connect to a malicious FTP server and conduct a directory traversal attack by making use of specially...

5CVSS6.5AI score0.03648EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/13 12:0 a.m.•26 views

ht://Dig: Cross-site scripting vulnerability

Background ht://Dig is an HTTP/HTML indexing and searching system. Description Michael Krax discovered that ht://Dig fails to validate the 'config' parameter before displaying an error message containing the parameter. This flaw could allow an attacker to conduct cross-site scripting attacks...

6.8CVSS5.9AI score0.02273EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/10 12:0 a.m.•26 views

Mailman: Directory traversal vulnerability

Background Mailman is a Python-based mailing list server with an extensive web interface. Description Mailman contains an error in private.py which fails to properly sanitize input paths. Impact An attacker could exploit this flaw to obtain arbitrary files on the web server. Workaround There is n...

5CVSS6.3AI score0.02856EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/03 12:0 a.m.•26 views

Newspost: Buffer overflow vulnerability

Background Newspost is a Usenet News binary autoposter. Description Niels Heinen has discovered a buffer overflow in the socketgetline function of Newspost, which can be triggered by providing long strings that do not end with a newline character. Impact A remote attacker could setup a malicious...

7.5CVSS7.4AI score0.15874EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/01/06 12:0 a.m.•26 views

xine-lib: Multiple overflows

Background xine-lib is a multimedia library which can be utilized to create multimedia frontends. Description Ariel Berkman discovered that xine-lib reads specific input data into an array without checking the input size in demuxaiff.c, making it vulnerable to a buffer overflow CAN-2004-1300...

10CVSS2.6AI score0.09107EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/12/06 12:0 a.m.•26 views

imlib: Buffer overflows in image decoding

Background imlib is an advanced replacement library for image manipulation libraries like libXpm. It is called by numerous programs, including gkrellm and several window managers, to help in displaying images. Description Pavel Kankovsky discovered that several overflows found in the libXpm libra...

10CVSS3.7AI score0.04934EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/10 12:0 a.m.•26 views

Pavuk: Multiple buffer overflows

Background Pavuk is web spider and website mirroring tool. Description Pavuk contains several buffer overflow vulnerabilities in the code handling digest authentication and HTTP header processing. This issue is similar to GLSA 200407-19, but contains more vulnerabilities. Impact A remote attacker...

7.6CVSS7.8AI score0.0292EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/01 12:0 a.m.•26 views

Cherokee: Format string vulnerability

Background Cherokee is an extra-light web server. Description Florian Schilhabel from the Gentoo Linux Security Audit Team found a format string vulnerability in the cherokeeloggerncsawritestring function. Impact Using a specially crafted URL when authenticating via authpam, a malicious user may ...

10CVSS3.3AI score0.05563EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/07/30 12:0 a.m.•26 views

SoX: Multiple buffer overflows

Background SoX is a command line utility that can convert various formats of computer audio files in to other formats. Description Ulf Harnhammar discovered two buffer overflows in the sox and play commands when handling WAV files with specially crafted header fields. Impact By enticing a user to...

10CVSS7.4AI score0.2508EPSS
Exploits7
Gentoo Linux
Gentoo Linux
•added 2004/03/30 12:0 a.m.•26 views

Squid ACL [url_regex] bypass vulnerability

Background Squid is a fully-featured Web Proxy Cache designed to run on Unix systems that supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description A bug in Squid allows use...

7.5CVSS6.3AI score0.13809EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/12/07 12:0 a.m.•25 views

Dnsmasq: Multiple Vulnerabilities

Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Description Multiple vulnerabilities have been discovered in Dnsmasq. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

7.5CVSS8AI score0.99995EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/09/28 12:0 a.m.•25 views

Docker: Multiple Vulnerabilities

Background Docker contains the the core functions you need to create Docker images and run Docker containers Description Multiple vulnerabilities have been discovered in Docker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

10CVSS7.7AI score0.05623EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2024/09/22 12:0 a.m.•25 views

file: Stack Buffer Overread

Background The file utility attempts to identify a file’s format by scanning binary data for patterns. Description Multiple vulnerabilities have been discovered in file. Please review the CVE identifiers referenced below for details. Impact File has an stack-based buffer over-read in filecopystr ...

5.5CVSS7.8AI score0.00656EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/08/06 12:0 a.m.•25 views

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.8CVSS7.6AI score0.00857EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2024/07/05 12:0 a.m.•25 views

Sofia-SIP: Multiple Vulnerabilities

Background Sofia-SIP is an RFC3261 compliant SIP User-Agent library. Description Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details. Impact Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE...

9.8CVSS7.3AI score0.0238EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/05/07 12:0 a.m.•25 views

xar: Unsafe Extraction

Background xar provides an easily extensible archive format. Description A vulnerability has been discovered in xar. Please review the CVE identifier referenced below for details. Impact xar allows for a forward-slash separated path to be specified in the file name property, e.g. x/foo – as long ...

5.5CVSS6.7AI score0.42674EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/02/18 12:0 a.m.•25 views

TACACS+: Remote Code Execution

Background An updated version of Cisco's TACACS+ server. Description A vulnerabilitiy has been discovered in TACACS+. Please review the CVE identifier referenced below for details. Impact A lack of input validation exists in tacplus which, when pre or post auth commands are enabled, allows an...

9.8CVSS8.1AI score0.01813EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/01/15 12:0 a.m.•25 views

libspf2: Multiple vulnerabilities

Background libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Description Multiple vulnerabilities have been discovered in libspf2. Please review the CVE identifiers...

9.8CVSS8.3AI score0.09643EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2023/12/23 12:0 a.m.•25 views

Ceph: Root Privilege Escalation

Background Ceph is a distributed network file system designed to provide excellent performance, reliability, and scalability. Description A vulnerability has been discovered in Ceph. Please review the CVE identifier referenced below for details. Impact The ceph-crash.service runs the ceph-crash...

7.8CVSS6.8AI score0.00327EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2023/11/25 12:0 a.m.•25 views

RenderDoc: Multiple Vulnerabilities

Background RenderDoc is a free MIT licensed stand-alone graphics debugger that allows quick and easy single-frame capture and detailed introspection of any application using Vulkan, D3D11, OpenGL & OpenGL ES or D3D12 across Windows, Linux, Android, or Nintendo Switchâ„¢. Description Multiple...

9.8CVSS9.4AI score0.03648EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2023/10/10 12:0 a.m.•25 views

libcue: Arbitrary Code Execution

Background libcue is a CUE Sheet Parser Library. Description libcue does not check bounds in a loop and suffers from an integer overflow flaw which can be exploited to take over the program. Impact Untrusted CUE sheet files can lead to arbitrary code execution. app-misc/tracker-minerscue uses...

8.8CVSS7.9AI score0.1657EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2023/10/08 12:0 a.m.•25 views

dav1d: Denial of Service

Background dav1d is an AV1 decoder. Description In some circumstances, dav1d might treat an invalid frame as valid, resulting in a crash. Impact Malformed frame data can result in a denial of service. Workaround Users should avoid parsing untrusted video with dav1d. Resolution All dav1d users...

5.9CVSS6.9AI score0.00743EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2023/05/03 12:0 a.m.•25 views

uptimed: Root Privilege Escalation

Background uptimed is a system uptime record daemon that keeps track of your highest uptimes. Description Via unnecessary file ownership modifications in the pkgpostinst ebuild phase, the uptimed user could change arbitrary files to be owned by the uptimed user at emerge-time. Impact The uptimed...

7.8CVSS6.9AI score0.0041EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2022/09/29 12:0 a.m.•25 views

Kitty: Arbitrary Code Execution

Background Kitty is a fast, feature-rich, GPU-based terminal. Description Carter Sande discovered that maliciously constructed control sequences can cause Kitty to display a notification that, when clicked, can cause Kitty to execute arbitrary commands. Impact Kitty can produce notifications that...

7.8CVSS4.4AI score0.00499EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2020/09/29 12:0 a.m.•25 views

gpsd: Arbitrary code execution

Background gpsd is a GPS daemon and library for USB/serial GPS devices and GPS/mapping clients. Description A stack-based buffer overflow was discovered in gpsd on port 2947/TCP or crafted JSON inputs. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...

8.8CVSS5.4AI score0.02656EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/09/13 12:0 a.m.•25 views

GNOME File Roller: Directory traversal

Background File Roller is an archive manager for the GNOME desktop environment. Description It was discovered that GNOME File Roller incorrectly handled symlinks. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution All...

3.9CVSS1.6AI score0.00768EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/07/28 12:0 a.m.•25 views

Claws Mail: Improper STARTTLS handling

Background Claws Mail is a GTK based e-mail client. Description It was discovered that Claws Mail was not properly handling state within the STARTTLS protocol handshake. Impact There may be a breach of integrity or confidentiality in connections made using Claws Mail with STARTTLS. Workaround The...

9.8CVSS1.4AI score0.02592EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/07/26 12:0 a.m.•25 views

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

9.3CVSS2.7AI score0.03034EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2020/07/26 12:0 a.m.•25 views

JHead: Multiple vulnerabilities

Background JHead is an exif jpeg header manipulation tool. Description Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...

5.5CVSS1.9AI score0.01211EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2019/04/24 12:0 a.m.•25 views

Ming: Multiple vulnerabilities

Background A library for generating Macromedia Flash files. Description Multiple vulnerabilities have been discovered in Ming. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...

8.8CVSS2.6AI score0.02489EPSS
Exploits5
Gentoo Linux
Gentoo Linux
•added 2019/04/08 12:0 a.m.•25 views

Portage: Man-in-the-middle

Background Portage is the package management and distribution system for Gentoo. Description A vulnerability was discovered in emerge-delta-webrsync and Portage that did not properly validate the revocation status of GPG keys. Impact A remote attacker could conduct a man-in-the-middle attack...

2.7AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2017/05/26 12:0 a.m.•25 views

Teeworlds: Remote execution of arbitrary code on client

Background Teeworlds is an online multi-player platform 2D shooter. Description Teeworlds client contains a vulnerability allowing a malicious server to execute arbitrary code, or write to arbitrary physical memory via the CClient::ProcessServerPacket method. Impact A remote malicious server can...

9.8CVSS5AI score0.03646EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2016/03/09 12:0 a.m.•25 views

Background FUSE provides an interface for filesystems implemented in userspace. Description The fusermount binary calls setuidgeteuid to reset the RUID when it invokes /bin/mount so that it can use privileged mount options that are normally restricted if RUID != EUID. FUSE does not properly clear...

3.6CVSS6.6AI score0.01008EPSS
Exploits5
Total number of security vulnerabilities3816