Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2008/07/15 12:0 a.m.•25 views

Mercurial: Directory traversal

Background Mercurial is a distributed Source Control Management system. Description Jakub Wilk discovered a directory traversal vulnerabilty in the applydiff function in the mercurial/patch.py file. Impact A remote attacker could entice a user to import a specially crafted patch, possibly resulti...

6.8CVSS6.5AI score0.01885EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2008/06/16 12:0 a.m.•25 views

Evolution: User-assisted execution of arbitrary code

Background Evolution is the mail client of the GNOME desktop environment. Description Alin Rad Pop Secunia Research reported two vulnerabilities in Evolution: A boundary error exists when parsing overly long timezone strings contained within iCalendar attachments and when the ITip formatter is...

9.3CVSS7AI score0.05748EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/03/02 12:0 a.m.•25 views

Audacity: Insecure temporary file creation

Background Audacity is a free cross-platform audio editor. Description Viktor Griph reported that the "AudacityApp::OnInit" method in file src/AudacityApp.cpp does not handle temporary files properly. Impact A local attacker could exploit this vulnerability to conduct symlink attacks to delete...

5CVSS6.3AI score0.03413EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/01/30 12:0 a.m.•25 views

libxml2: Denial of service

Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the Gnome project. Description Brad Fitzpatrick reported that the xmlCurrentChar function does not properly handle some UTF-8 multibyte encodings. Impact A remote attacker could entice a user to op...

5CVSS6.3AI score0.02566EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/01/23 12:0 a.m.•25 views

TikiWiki: Multiple vulnerabilities

Background TikiWiki is an open source content management system written in PHP. Description Jesus Olmos Gonzalez from isecauditors reported insufficient sanitization of the "movies" parameter in file tiki-listmovies.php CVE-2007-6528. Mesut Timur from H-Labs discovered that the input passed to th...

10CVSS6.1AI score0.09266EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/11/12 12:0 a.m.•25 views

FLAC: Buffer overflow

Background The Xiph.org Free Lossless Audio Codec FLAC library is the reference implementation of the FLAC audio file format. It contains encoders and decoders in library and executable form. Description Sean de Regge reported multiple integer overflows when processing FLAC media files that could...

9.3CVSS7AI score0.06748EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/11/08 12:0 a.m.•25 views

Tomboy: User-assisted execution of arbitrary code

Background Tomboy is a GTK-based desktop note-taking application written in C and the Mono C. Description Jan Oravec reported that the "/usr/bin/tomboy" script sets the "LDLIBRARYPATH" environment variable incorrectly, which might result in the current working directory . to be included when...

6.9CVSS7AI score0.00481EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/09/14 12:0 a.m.•25 views

RealPlayer: Buffer overflow

Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Description A stack-based buffer overflow vulnerability has been reported in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp when handling HH:mm:ss.f type time formats. Impact By...

9.3CVSS7.5AI score0.36069EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2007/07/28 12:0 a.m.•25 views

tcpdump: Integer overflow

Background tcpdump is a tool for capturing and inspecting network traffic. Description mu-b from Digital Labs discovered that the return value of a snprintf call is not properly checked before being used. This could lead to an integer overflow. Impact A remote attacker could send specially crafte...

9.8CVSS7.1AI score0.70386EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/11/28 12:0 a.m.•25 views

OpenLDAP: Denial of Service vulnerability

Background OpenLDAP is a suite of LDAP-related applications and development tools. Description Evgeny Legerov has discovered that the truncation of an incoming authcid longer than 255 characters and ending with a space as the 255th character will lead to an improperly computed name length. This...

7.5CVSS6.4AI score0.75373EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/11/20 12:0 a.m.•25 views

Avahi: "netlink" message vulnerability

Background Avahi is a system that facilitates service discovery on a local network. Description Avahi does not check that the netlink messages come from the kernel instead of a user-space process. Impact A local attacker could exploit this vulnerability by crafting malicious netlink messages and...

2.1CVSS5.9AI score0.00395EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/03 12:0 a.m.•25 views

Screen: UTF-8 character handling vulnerability

Background Screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells. Description cstone and Richard Felker discovered a flaw in Screen's UTF-8 combining character handling. Impact The vulnerability can be exploited by...

2.6CVSS7.3AI score0.02113EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/08/05 12:0 a.m.•25 views

GnuPG: Integer overflow vulnerability

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Evgeny Legerov discovered a vulnerability in GnuPG that when certain packets are handled an integer overflow may occur. Impact By sending a specially crafted email to a user...

5CVSS7.4AI score0.07083EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/07/23 12:0 a.m.•26 views

GIMP: Buffer overflow

Background GIMP is the GNU Image Manipulation Program. XCF is the native image file format used by GIMP. Description Henning Makholm discovered that the "xcfloadvector" function is vulnerable to a buffer overflow when loading a XCF file with a large "numaxes" value. Impact An attacker could explo...

5.1CVSS7.5AI score0.05044EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/29 12:0 a.m.•25 views

Horde Web Application Framework: XSS vulnerability

Background The Horde Web Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME, and more. Description Michael Marek discovered that the Horde Web Application...

6.8CVSS7.2AI score0.02197EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/06/29 12:0 a.m.•25 views

Tikiwiki: SQL injection and multiple XSS vulnerabilities

Background Tikiwiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description Tikiwiki fails to properly sanitize user input before processing it, including in SQL statements. Impact An attacker could execute arbitrary SQL statements on the underlying...

7.5CVSS7.2AI score0.01766EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/04/27 12:0 a.m.•25 views

Ethereal: Multiple vulnerabilities in protocol dissectors

Background Ethereal is a feature-rich network protocol analyzer. Description Coverity discovered numerous vulnerabilities in versions of Ethereal prior to 0.99.0, including: buffer overflows in the ALCAP CVE-2006-1934, COPS CVE-2006-1935 and telnet CVE-2006-1936 dissectors. buffer overflows in th...

10CVSS9.3AI score0.05028EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/04/04 12:0 a.m.•25 views

Horde Application Framework: Remote code execution

Background The Horde Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME and more. Description Jan Schneider of the Horde team discovered a vulnerability in the...

7.5CVSS7.7AI score0.38441EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2006/01/22 12:0 a.m.•25 views

KDE kjs: URI heap overflow vulnerability

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. kjs is the javascript interpreter used in Konqueror and other parts of KDE. Description Maksim Orlovich discovered an incorrect bounds check in kjs when handling URIs. Impact By enticing a us...

7.5CVSS7.2AI score0.0614EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/12/28 12:0 a.m.•25 views

OpenMotif, AMD64 x86 emulation X libraries: Buffer overflows in libUil library

Background OpenMotif provides a free version of the Motif toolkit for open source applications. The OpenMotif libraries are included in the AMD64 x86 emulation X libraries, which emulate the x86 32-bit architecture on the AMD64 64-bit architecture. Description xfocus discovered two potential buff...

7.5CVSS7.5AI score0.04591EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/12/15 12:0 a.m.•25 views

OpenLDAP, Gauche: RUNPATH issues

Background OpenLDAP is a suite of LDAP-related application and development tools. Gauche is an R5RS Scheme interpreter. Description Gentoo packaging for OpenLDAP and Gauche may introduce insecure paths into the list of directories that are searched for libraries at runtime. Impact A local attacke...

7.2CVSS6.3AI score0.00463EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/28 12:0 a.m.•25 views

mpg321: Format string vulnerability

Background mpg321 is a GPL replacement for mpg123, a command line audio player with support for ID3. ID3 is a tagging system that allows metadata to be embedded within media files. Description A routine security audit of the mpg321 package revealed a known security issue remained unpatched. The...

7.5CVSS6.8AI score0.0282EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/16 12:0 a.m.•25 views

curl: NTLM response buffer overflow

Background curl is a command line tool for transferring files via many different protocols. Description curl fails to properly check boundaries when handling NTLM authentication. Impact With a malicious server an attacker could send a carefully crafted NTLM response to a connecting client leading...

8.8CVSS7.2AI score0.05732EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/02/02 12:0 a.m.•25 views

UW IMAP: CRAM-MD5 authentication bypass

Background UW IMAP is the University of Washington IMAP toolkit which includes POP3 and IMAP daemons. Description A logic bug in the code handling CRAM-MD5 authentication incorrectly specifies the condition for successful authentication. Impact An attacker could exploit this vulnerability to...

7.5CVSS6.6AI score0.05091EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/12/15 12:0 a.m.•25 views

Vim, gVim: Vulnerable options in modelines

Background Vim is an efficient, highly configurable improved version of the classic 'vi' text editor. gVim is the GUI version of Vim. Description Gentoo's Vim maintainer, Ciaran McCreesh, found several vulnerabilities related to the use of options in Vim modelines. Options like 'termcap',...

7.2CVSS1.1AI score0.0041EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/12/07 12:0 a.m.•25 views

mirrorselect: Insecure temporary file creation

Background mirrorselect is a tool to help select distfiles mirrors for Gentoo. Description Ervin Nemeth discovered that mirrorselect creates temporary files in world-writable directories with predictable names. Impact A local attacker could create symbolic links in the temporary files directory,...

5CVSS0.1AI score0.0208EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/16 12:0 a.m.•25 views

Ruby: Denial of Service issue

Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. Ruby's CGI module can be used to build web applications. Description Ruby's developers found and fixed an issue in the CGI module that can be triggered remotely and cause an infinite loop. Impact ...

5CVSS6.1AI score0.01898EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/23 12:0 a.m.•25 views

jabberd 1.x: Denial of Service vulnerability

Background Jabber is a set of streaming XML protocols enabling message, presence, and other structured information exchange between two hosts. jabberd is the original implementation of the Jabber protocol server. Description Jose Antonio Calvo found a defect in routines handling XML parsing of...

5CVSS1.5AI score0.02441EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/07/14 12:0 a.m.•25 views

wv: Buffer overflow vulnerability

Background The wv library allows access to MS Word files. It can parse Word files and allow other applications, such as abiword, to import those files into their native formats. Description A use of strcat without proper bounds checking leads to an exploitable buffer overflow. The vulnerable code...

10CVSS7.3AI score0.08448EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/05/21 12:0 a.m.•25 views

Multiple vulnerabilities in metamail

Background Metamail is a program that decodes MIME encoded mail. It is therefore often automatically called when an email is received or read. Description Ulf Harnhammar found two format string bugs and two buffer overflow bugs in Metamail. Impact A remote attacker could send a malicious email...

7.5CVSS7.5AI score0.2622EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2003/12/13 12:0 a.m.•25 views

Two buffer overflows in lftp

Background lftp is a multithreaded command-line based FTP client. It allows you to execute multiple commands simultaneously or in the background. If features mirroring capabilities, resuming downloads, etc. Description Two buffer overflows exist in lftp. Both can occur when the user connects to a...

0.9AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/12/07 12:0 a.m.•24 views

Asterisk: Multiple Vulnerabilities

Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

9.8CVSS7.6AI score0.4557EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2024/09/23 12:0 a.m.•24 views

curl: Multiple Vulnerabilities

Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

8.6CVSS7.4AI score0.36081EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2024/08/10 12:0 a.m.•24 views

GnuPG: Multiple Vulnerabilities

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Multiple vulnerabilities have been discovered in GnuPG. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

6.5CVSS7.6AI score0.02551EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/02/18 12:0 a.m.•24 views

e2fsprogs: Arbitrary Code Execution

Background e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Description Multiple vulnerabilities have been discovered in e2fsprogs. Please review the CVE identifiers referenced below for details. Impact An out-of-bounds read/write vulnerability was found in...

7.8CVSS8.1AI score0.01382EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/08/13 12:0 a.m.•24 views

Catfish: Multiple Vulnerabilities

Background Catfish is a versatile file searching tool. Description Multiple vulnerabilities have been discovered in Catfish. Please review the CVE identifiers referenced below for details. Impact A local attacker could gain escalated privileges via a specially crafted shared library. Workaround...

4.6CVSS6.6AI score0.00417EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/06/06 12:0 a.m.•24 views

Mumble: Multiple vulnerabilities

Background Mumble is low-latency voice chat software intended for use with gaming. Description Multiple vulnerabilities have been discovered in Mumble: A crafted length prefix value can trigger a heap-based buffer overflow or NULL pointer dereference in the opuspacketgetsamplesperframe function...

7.5CVSS7.5AI score0.04025EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2014/04/07 12:0 a.m.•24 views

libproxy: User-assisted execution of arbitrary code

Background libproxy is a library for automatic proxy configuration management. Description A boundary error when processing the proxy.pac file could cause a stack-based buffer overflow. Impact A man-in-the-middle attacker could provide a specially crafted proxy.pac file on a remote server, possib...

10CVSS7.1AI score0.03476EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/02/07 12:0 a.m.•24 views

Links: Denial of service

Background Links is a web browser which runs in both graphics and text modes. Description An integer overflow vulnerability was found in the parsing of HTML tables in the Links web browser when running in graphical mode. Impact A remote attacker could possibly cause a Denial of Service condition...

4.3CVSS6.5AI score0.01221EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/02/06 12:0 a.m.•24 views

stunnel: Arbitrary code execution

Background The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server. Description A buffer overflow vulnerability has been discovered in stunnel. Please review the CVE identifier referenced below for details. Impact A remote attacker could...

6.6CVSS7.2AI score0.02932EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/02/02 12:0 a.m.•24 views

Pixman: User-assisted execution of arbitrary code

Background Pixman is a pixel manipulation library. Description The trapezoid handling code in Pixman contains an integer underflow vulnerability. Impact A context-dependent attacker could entice a user to open a specially crafted file using an application linked against Pixman, possibly resulting...

5CVSS7AI score0.0288EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/12/17 12:0 a.m.•24 views

libsndfile: Arbitrary code execution

Background Libsndfile is a C library for reading and writing files containing sampled sound through one standard library interface. Description An integer overflow flaw has been discovered in Libsndfile. Impact A remote attacker could entice a user to open a specially crafted PAF file using...

6.8CVSS2.5AI score0.04647EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/12/09 12:0 a.m.•24 views

Festival: Arbitrary code execution

Background Festival is a Text to Speech Engine from The Centre for Speech Technology Research. Description A vulnerability in Festival Server has an incorrect path in LDLIBRARYPATH, which allows local users to place a Trojan horse shared library in the current working directory. Impact A local...

6.9CVSS7.3AI score0.00328EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/09/24 12:0 a.m.•24 views

GNU ZRTP: Multiple vulnerabilities

Background GNU ZRTP is a C++ implementation of the ZRTP protocol. Description Multiple vulnerabilities have been discovered in GNU ZRTP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the proces...

7.5CVSS7.7AI score0.04744EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2012/09/27 12:0 a.m.•24 views

NUT: Arbitrary code execution

Background The Network UPS Tools NUT provide support for power devices. Description An error in the addchar function in parseconf.c may cause a buffer overflow. Impact A remote attacker could send a specially crafted string to upsd, possibly resulting in execution of arbitrary code with the...

7.5CVSS7.2AI score0.06243EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2011/11/20 12:0 a.m.•24 views

MaraDNS: Arbitrary code execution

Background MaraDNS is a proxy DNS server with permanent caching. Description A long DNS hostname with a large number of labels could trigger a buffer overflow in the compressadddlabelpoints function of dns/Compress.c. Impact A remote unauthenticated attacker could execute arbitrary code or cause ...

7.5CVSS4.1AI score0.05169EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2010/06/02 12:0 a.m.•24 views

Newt: User-assisted execution of arbitrary code

Background Newt is a library for displaying text mode user interfaces. Description Miroslav Lichvar reported that Newt is prone to a heap-based buffer overflow in textbox.c. Impact A remote attacker could entice a user to enter a specially crafted string into a text dialog box rendered by Newt,...

4.6CVSS7.4AI score0.00497EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/09/09 12:0 a.m.•24 views

C* music player: Insecure temporary file usage

Background The C Music Player cmus is a modular and very configurable ncurses-based audio player. Description Dmitry E. Oboukhov reported that cmus-status-display does not handle the "/tmp/cmus-status" temporary file securely. Impact A local attacker could perform symlink attacks to overwrite...

6.9CVSS6.3AI score0.00323EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/09/09 12:0 a.m.•24 views

Openswan: Denial of service

Background Openswan is an implementation of IPsec for Linux. Description Multiple vulnerabilities have been discovered in Openswan: Gerd v. Egidy reported a NULL pointer dereference in the Dead Peer Detection of the pluto IKE daemon as included in Openswan CVE-2009-0790. The Orange Labs...

5CVSS8.4AI score0.03205EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/07/12 12:0 a.m.•24 views

Multiple Ralink wireless drivers: Execution of arbitrary code

Background All listed packages are external kernel modules that provide drivers for multiple Ralink devices. ralink-rt61 is released by ralinktech.com, the other packages by the rt2x00.serialmonkey.com project. Description Aviv reported an integer overflow in multiple Ralink wireless card drivers...

9.3CVSS4.9AI score0.05829EPSS
Exploits0
Total number of security vulnerabilities3816