Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2005/06/29 12:0 a.m.26 views

Heimdal: Buffer overflow vulnerabilities

Background Heimdal is a free implementation of Kerberos 5 that includes a telnetd server. Description It has been reported that the "getterminaltype" function of Heimdal's telnetd server is vulnerable to buffer overflows. Impact An attacker could exploit this vulnerability to execute arbitrary co...

5CVSS7.3AI score0.02843EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/16 12:0 a.m.26 views

curl: NTLM response buffer overflow

Background curl is a command line tool for transferring files via many different protocols. Description curl fails to properly check boundaries when handling NTLM authentication. Impact With a malicious server an attacker could send a carefully crafted NTLM response to a connecting client leading...

8.8CVSS7.2AI score0.05732EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/19 12:0 a.m.26 views

gFTP: Directory traversal vulnerability

Background gFTP is a GNOME based, multi-threaded file transfer client. Description gFTP lacks input validation of filenames received by remote servers. Impact An attacker could entice a user to connect to a malicious FTP server and conduct a directory traversal attack by making use of specially...

5CVSS6.5AI score0.03648EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/10 12:0 a.m.26 views

Mailman: Directory traversal vulnerability

Background Mailman is a Python-based mailing list server with an extensive web interface. Description Mailman contains an error in private.py which fails to properly sanitize input paths. Impact An attacker could exploit this flaw to obtain arbitrary files on the web server. Workaround There is n...

5CVSS6.3AI score0.02856EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/03 12:0 a.m.26 views

Newspost: Buffer overflow vulnerability

Background Newspost is a Usenet News binary autoposter. Description Niels Heinen has discovered a buffer overflow in the socketgetline function of Newspost, which can be triggered by providing long strings that do not end with a newline character. Impact A remote attacker could setup a malicious...

7.5CVSS7.4AI score0.15874EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/01/06 12:0 a.m.26 views

xine-lib: Multiple overflows

Background xine-lib is a multimedia library which can be utilized to create multimedia frontends. Description Ariel Berkman discovered that xine-lib reads specific input data into an array without checking the input size in demuxaiff.c, making it vulnerable to a buffer overflow CAN-2004-1300...

10CVSS2.6AI score0.09107EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/01/06 12:0 a.m.26 views

phpGroupWare: Various vulnerabilities

Background phpGroupWare is a web-based suite of group applications including a calendar, todo-list, addressbook, email, wiki, news headlines, and a file manager. Description Several flaws were discovered in phpGroupWare making it vulnerable to cross-site scripting attacks, SQL injection, and full...

7.5CVSS2.3AI score0.07324EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2004/12/15 12:0 a.m.26 views

Vim, gVim: Vulnerable options in modelines

Background Vim is an efficient, highly configurable improved version of the classic 'vi' text editor. gVim is the GUI version of Vim. Description Gentoo's Vim maintainer, Ciaran McCreesh, found several vulnerabilities related to the use of options in Vim modelines. Options like 'termcap',...

7.2CVSS1.1AI score0.0041EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/12/06 12:0 a.m.26 views

imlib: Buffer overflows in image decoding

Background imlib is an advanced replacement library for image manipulation libraries like libXpm. It is called by numerous programs, including gkrellm and several window managers, to help in displaying images. Description Pavel Kankovsky discovered that several overflows found in the libXpm libra...

10CVSS3.7AI score0.04934EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/11/10 12:0 a.m.26 views

Pavuk: Multiple buffer overflows

Background Pavuk is web spider and website mirroring tool. Description Pavuk contains several buffer overflow vulnerabilities in the code handling digest authentication and HTTP header processing. This issue is similar to GLSA 200407-19, but contains more vulnerabilities. Impact A remote attacker...

7.6CVSS7.8AI score0.0292EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/11/01 12:0 a.m.26 views

Cherokee: Format string vulnerability

Background Cherokee is an extra-light web server. Description Florian Schilhabel from the Gentoo Linux Security Audit Team found a format string vulnerability in the cherokeeloggerncsawritestring function. Impact Using a specially crafted URL when authenticating via authpam, a malicious user may ...

10CVSS3.3AI score0.05563EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/03/30 12:0 a.m.26 views

Squid ACL [url_regex] bypass vulnerability

Background Squid is a fully-featured Web Proxy Cache designed to run on Unix systems that supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description A bug in Squid allows use...

7.5CVSS6.3AI score0.13809EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/12/07 12:0 a.m.25 views

Dnsmasq: Multiple Vulnerabilities

Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Description Multiple vulnerabilities have been discovered in Dnsmasq. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

7.5CVSS8AI score0.99995EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/09/28 12:0 a.m.25 views

Docker: Multiple Vulnerabilities

Background Docker contains the the core functions you need to create Docker images and run Docker containers Description Multiple vulnerabilities have been discovered in Docker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

10CVSS7.7AI score0.05623EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.25 views

file: Stack Buffer Overread

Background The file utility attempts to identify a file’s format by scanning binary data for patterns. Description Multiple vulnerabilities have been discovered in file. Please review the CVE identifiers referenced below for details. Impact File has an stack-based buffer over-read in filecopystr ...

5.5CVSS7.8AI score0.00656EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/08/10 12:0 a.m.25 views

GnuPG: Multiple Vulnerabilities

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Multiple vulnerabilities have been discovered in GnuPG. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

6.5CVSS7.6AI score0.02551EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/07/05 12:0 a.m.25 views

Sofia-SIP: Multiple Vulnerabilities

Background Sofia-SIP is an RFC3261 compliant SIP User-Agent library. Description Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details. Impact Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE...

9.8CVSS7.3AI score0.0238EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/05/12 12:0 a.m.25 views

Rebar3: Command Injection

Background A sophisticated build-tool for Erlang projects that follows OTP principles. Description Rebar3 is vulnerable to OS command injection via the URL parameter of a dependency specification. Impact A vulnerability has been discovered in Rebar3. Please review the CVE identifier referenced...

10CVSS7.7AI score0.0675EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2024/05/07 12:0 a.m.25 views

xar: Unsafe Extraction

Background xar provides an easily extensible archive format. Description A vulnerability has been discovered in xar. Please review the CVE identifier referenced below for details. Impact xar allows for a forward-slash separated path to be specified in the file name property, e.g. x/foo – as long ...

5.5CVSS6.7AI score0.42674EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/02/18 12:0 a.m.25 views

TACACS+: Remote Code Execution

Background An updated version of Cisco's TACACS+ server. Description A vulnerabilitiy has been discovered in TACACS+. Please review the CVE identifier referenced below for details. Impact A lack of input validation exists in tacplus which, when pre or post auth commands are enabled, allows an...

9.8CVSS8.1AI score0.01813EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/01/15 12:0 a.m.25 views

libspf2: Multiple vulnerabilities

Background libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Description Multiple vulnerabilities have been discovered in libspf2. Please review the CVE identifiers...

9.8CVSS8.3AI score0.09643EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2023/12/23 12:0 a.m.25 views

Ceph: Root Privilege Escalation

Background Ceph is a distributed network file system designed to provide excellent performance, reliability, and scalability. Description A vulnerability has been discovered in Ceph. Please review the CVE identifier referenced below for details. Impact The ceph-crash.service runs the ceph-crash...

7.8CVSS6.8AI score0.00327EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.25 views

uptimed: Root Privilege Escalation

Background uptimed is a system uptime record daemon that keeps track of your highest uptimes. Description Via unnecessary file ownership modifications in the pkgpostinst ebuild phase, the uptimed user could change arbitrary files to be owned by the uptimed user at emerge-time. Impact The uptimed...

7.8CVSS6.9AI score0.0041EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2019/04/24 12:0 a.m.25 views

Ming: Multiple vulnerabilities

Background A library for generating Macromedia Flash files. Description Multiple vulnerabilities have been discovered in Ming. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...

8.8CVSS2.6AI score0.02489EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2019/04/08 12:0 a.m.25 views

Portage: Man-in-the-middle

Background Portage is the package management and distribution system for Gentoo. Description A vulnerability was discovered in emerge-delta-webrsync and Portage that did not properly validate the revocation status of GPG keys. Impact A remote attacker could conduct a man-in-the-middle attack...

2.7AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/07/20 12:0 a.m.25 views

Ansible: Privilege escalation

Background Ansible is a radically simple IT automation platform. Description The createscript function in the lxccontainer module of Ansible uses predictable temporary file names, making it vulnerable to a symlink attack. Impact Local attackers could write arbitrary files or gain escalated...

7.8CVSS3.3AI score0.00468EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/07/20 12:0 a.m.25 views

arpwatch: Privilege escalation

Background The ethernet monitor program; for keeping track of ethernet/ip address pairings. Description Arpwatch does not properly drop supplementary groups. Impact Attackers, if able to exploit arpwatch, could escalate privileges outside of the running process. Workaround There is no known...

10CVSS9.2AI score0.03202EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/06/26 12:0 a.m.25 views

PLIB: Buffer overflow vulnerability

Background PLIB includes sound effects, music, a complete 3D engine, font rendering, a simple Windowing library, a game scripting language, a GUI, networking, 3D math library and a collection of handy utility functions. Description A buffer overflow in PLIB allows user-assisted remote attackers t...

9.3CVSS7.5AI score0.12795EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2015/12/30 12:0 a.m.25 views

Firebird: Buffer Overflow

Background Firebird is a multi-platform, open source relational database. Description The vulnerability is caused due to an error when processing requests from remote clients. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of...

6.8CVSS7.3AI score0.42166EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2015/07/09 12:0 a.m.25 views

PyPAM: Arbitrary code execution

Background PyPAM is a PAM binding for Python. Description PyPAM does not handle passwords correctly if there is NULL byte in the string. Impact A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition. Workaround There is no known workaround at this time...

7.5CVSS7.2AI score0.14294EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2015/02/07 12:0 a.m.25 views

Antiword: User-assisted execution of arbitrary code

Background Antiword is a free MS Word reader. Description A buffer overflow vulnerability has been found in wordole.c in Antiword. Impact A remote attacker could entice a user to open a specially crafted document using Antiword, possibly resulting in execution of arbitrary code with the privilege...

5CVSS7.3AI score0.03569EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/09/01 12:0 a.m.25 views

Wireshark: Multiple vulnerabilities

Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause a Denial of Service condition via specially...

5CVSS6.8AI score0.03252EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2014/08/09 12:0 a.m.25 views

FreeType: Arbitrary code execution

Background FreeType is a high-quality and portable font engine. Description A stack-based buffer overflow exists in Freetype’s cf2hintmapbuild function in cff/cf2hints.c. Impact A remote attacker may be able to execute arbitrary code or cause a Denial of Service condition via specially crafted fo...

7.5CVSS7.7AI score0.06275EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/06/17 12:0 a.m.25 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

10CVSS6.9AI score0.10912EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/06/06 12:0 a.m.25 views

Mumble: Multiple vulnerabilities

Background Mumble is low-latency voice chat software intended for use with gaming. Description Multiple vulnerabilities have been discovered in Mumble: A crafted length prefix value can trigger a heap-based buffer overflow or NULL pointer dereference in the opuspacketgetsamplesperframe function...

7.5CVSS7.5AI score0.04025EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2014/05/18 12:0 a.m.25 views

MCrypt: User-assisted execution of arbitrary code

Background MCrypt is a replacement of the old unix crypt1 utility. Description Multiple vulnerabilities have been discovered in MCrypt: A boundary error in MCrypt could cause a stack-based buffer overflow CVE-2012-4409. MCrypt contains multiple format string errors CVE-2012-4426. MCrypt does not...

6.8CVSS7.9AI score0.15019EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2014/02/21 12:0 a.m.25 views

libtar: Arbitraty code execution

Background libtar is a C library for manipulating POSIX tar files. Description An integer overflow error within the “thread” function when processing long names or link extensions can be exploited to cause a heap-based buffer overflow via a specially crafted archive. Impact A remote attacker coul...

6.8CVSS7.5AI score0.05485EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/02/07 12:0 a.m.25 views

Links: Denial of service

Background Links is a web browser which runs in both graphics and text modes. Description An integer overflow vulnerability was found in the parsing of HTML tables in the Links web browser when running in graphical mode. Impact A remote attacker could possibly cause a Denial of Service condition...

4.3CVSS6.5AI score0.01221EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/01/21 12:0 a.m.25 views

CCID: Arbitrary code execution

Background CCID is a generic USB Chip/Smart Card Interface Devices driver. Description CCID contains an integer overflow vulnerability in ccidserial.c. Impact A physically proximate attacker could execute arbitrary code via a smart card with a specially crafted serial number. Workaround There is ...

4.4CVSS7.2AI score0.00542EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/01/21 12:0 a.m.25 views

Asterisk: Multiple vulnerabilities

Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code with the privileges of the process, caus...

7.5CVSS7.8AI score0.14715EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2013/11/13 12:0 a.m.25 views

Blender: Multiple vulnerabilities

Background Blender is a 3D Creation/Animation/Publishing System. Description Multiple vulnerabilities have been discovered in Blender. Please review the CVE identifier referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, ...

9.3CVSS7.7AI score0.09439EPSS
Exploits10
Gentoo Linux
Gentoo Linux
added 2013/10/28 12:0 a.m.25 views

pmake: Insecure temporary file usage

Background pmake is Debian’s version of NetBSD’s make, a tool to build programs in parallel. Description /usr/share/mk/bsd.lib.mk and /usr/share/mk/bsd.prog.mk create temporary files insecurely, with predictable names /tmp/dependPID, and without using $TMPDIR. Impact The make include files allow...

3.3CVSS6.3AI score0.00438EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2013/10/07 12:0 a.m.25 views

Aircrack-ng: User-assisted execution of arbitrary code

Background Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. Description A buffer overflow vulnerability has been discovered in Aircrack-ng. Impact A remote attacker could entice a user to open a specially crafted dum...

6.8CVSS7.5AI score0.07263EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/10/18 12:0 a.m.25 views

rdesktop: Directory Traversal

Background rdesktop is a Remote Desktop Protocol RDP Client. Description A vulnerability has been discovered in rdesktop. Please review the CVE identifier referenced below for details. Impact Remote RDP servers may be able to read or overwrite arbitrary files via a .. dot dot in a pathname...

4.3CVSS1.9AI score0.01094EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2012/09/28 12:0 a.m.25 views

fastjar: Directory traversal

Background fastjar is a Java archiver written in C. Description Two directory traversal vulnerabilities have been discovered in fastjar. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted JAR file, possibly...

5.8CVSS6.9AI score0.03681EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2012/09/24 12:0 a.m.25 views

SquidClamav: Denial of service

Background SquidClamav is a HTTP anti-virus for Squid based on ClamAV and ICAP. Description SquidClamav does not properly escape URLs before passing them to the system command call. Impact A remote attacker could send a specially crafted URL to SquidClamav, possibly resulting in a Denial of Servi...

5CVSS6.5AI score0.03333EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2012/04/17 12:0 a.m.25 views

SWFTools: User-assisted execution of arbitrary code

Background SWFTools is a collection of SWF manipulation and generation utilities written by Rainer Böhme and Matthias Kramm. Description Integer overflow errors in the "getPNG" function in png.c and the "jpegload" function in jpeg.c could cause a heap-based buffer overflow. Impact A remote attack...

9.3CVSS7.5AI score0.03472EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/02/29 12:0 a.m.25 views

stunnel: Arbitrary code execution

Background The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server. Description An unspecified heap vulnerability was discovered in stunnel. Impact The vulnerability may possibly be leveraged to perform remote code execution or a Denial o...

9.3CVSS7.2AI score0.05711EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/01/23 12:0 a.m.25 views

FontForge: User-assisted execution of arbitrary code

Background FontForge is a PostScript font editor and converter. Description FontForge is vulnerable to an error when processing the "CHARSETREGISTRY" header in font files, which could cause a stack-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted BDF...

6.8CVSS7AI score0.10853EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2011/10/22 12:0 a.m.25 views

rgmanager: Privilege escalation

Background rgmanager is a clustered resource group manager. Description A vulnerability has been discovered in rgmanager. Please review the CVE identifier referenced below for details. Impact A local attacker could gain escalated privileges. Workaround There is no known workaround at this time...

6.9CVSS9.1AI score0.00417EPSS
Exploits1
Total number of security vulnerabilities3816