Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2004/05/21 12:0 a.m.•25 views

Multiple vulnerabilities in metamail

Background Metamail is a program that decodes MIME encoded mail. It is therefore often automatically called when an email is received or read. Description Ulf Harnhammar found two format string bugs and two buffer overflow bugs in Metamail. Impact A remote attacker could send a malicious email...

7.5CVSS7.5AI score0.2622EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2003/12/13 12:0 a.m.•25 views

Two buffer overflows in lftp

Background lftp is a multithreaded command-line based FTP client. It allows you to execute multiple commands simultaneously or in the background. If features mirroring capabilities, resuming downloads, etc. Description Two buffer overflows exist in lftp. Both can occur when the user connects to a...

0.9AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/12/07 12:0 a.m.•24 views

Asterisk: Multiple Vulnerabilities

Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

9.8CVSS7.6AI score0.4557EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2024/09/23 12:0 a.m.•24 views

curl: Multiple Vulnerabilities

Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

8.6CVSS7.4AI score0.36081EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2024/08/10 12:0 a.m.•24 views

GnuPG: Multiple Vulnerabilities

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Multiple vulnerabilities have been discovered in GnuPG. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

6.5CVSS7.6AI score0.02551EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/08/06 12:0 a.m.•24 views

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.8CVSS7.6AI score0.00857EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2024/05/12 12:0 a.m.•24 views

Rebar3: Command Injection

Background A sophisticated build-tool for Erlang projects that follows OTP principles. Description Rebar3 is vulnerable to OS command injection via the URL parameter of a dependency specification. Impact A vulnerability has been discovered in Rebar3. Please review the CVE identifier referenced...

10CVSS7.7AI score0.0675EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2024/02/18 12:0 a.m.•24 views

e2fsprogs: Arbitrary Code Execution

Background e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Description Multiple vulnerabilities have been discovered in e2fsprogs. Please review the CVE identifiers referenced below for details. Impact An out-of-bounds read/write vulnerability was found in...

7.8CVSS8.1AI score0.01382EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/07/26 12:0 a.m.•24 views

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

9.3CVSS2.7AI score0.03034EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2020/07/26 12:0 a.m.•24 views

JHead: Multiple vulnerabilities

Background JHead is an exif jpeg header manipulation tool. Description Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...

5.5CVSS1.9AI score0.01211EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2019/04/08 12:0 a.m.•24 views

Portage: Man-in-the-middle

Background Portage is the package management and distribution system for Gentoo. Description A vulnerability was discovered in emerge-delta-webrsync and Portage that did not properly validate the revocation status of GPG keys. Impact A remote attacker could conduct a man-in-the-middle attack...

2.7AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/09/01 12:0 a.m.•24 views

Wireshark: Multiple vulnerabilities

Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause a Denial of Service condition via specially...

5CVSS6.8AI score0.03252EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2014/08/13 12:0 a.m.•24 views

Catfish: Multiple Vulnerabilities

Background Catfish is a versatile file searching tool. Description Multiple vulnerabilities have been discovered in Catfish. Please review the CVE identifiers referenced below for details. Impact A local attacker could gain escalated privileges via a specially crafted shared library. Workaround...

4.6CVSS6.6AI score0.00417EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/08/09 12:0 a.m.•24 views

FreeType: Arbitrary code execution

Background FreeType is a high-quality and portable font engine. Description A stack-based buffer overflow exists in Freetype’s cf2hintmapbuild function in cff/cf2hints.c. Impact A remote attacker may be able to execute arbitrary code or cause a Denial of Service condition via specially crafted fo...

7.5CVSS7.7AI score0.06275EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2014/06/17 12:0 a.m.•24 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

10CVSS6.9AI score0.10912EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/06/06 12:0 a.m.•24 views

Mumble: Multiple vulnerabilities

Background Mumble is low-latency voice chat software intended for use with gaming. Description Multiple vulnerabilities have been discovered in Mumble: A crafted length prefix value can trigger a heap-based buffer overflow or NULL pointer dereference in the opuspacketgetsamplesperframe function...

7.5CVSS7.5AI score0.04025EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2014/02/07 12:0 a.m.•24 views

Links: Denial of service

Background Links is a web browser which runs in both graphics and text modes. Description An integer overflow vulnerability was found in the parsing of HTML tables in the Links web browser when running in graphical mode. Impact A remote attacker could possibly cause a Denial of Service condition...

4.3CVSS6.5AI score0.01221EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/02/02 12:0 a.m.•24 views

Pixman: User-assisted execution of arbitrary code

Background Pixman is a pixel manipulation library. Description The trapezoid handling code in Pixman contains an integer underflow vulnerability. Impact A context-dependent attacker could entice a user to open a specially crafted file using an application linked against Pixman, possibly resulting...

5CVSS7AI score0.0288EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/01/21 12:0 a.m.•24 views

Asterisk: Multiple vulnerabilities

Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code with the privileges of the process, caus...

7.5CVSS7.8AI score0.14715EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2013/12/09 12:0 a.m.•24 views

Festival: Arbitrary code execution

Background Festival is a Text to Speech Engine from The Centre for Speech Technology Research. Description A vulnerability in Festival Server has an incorrect path in LDLIBRARYPATH, which allows local users to place a Trojan horse shared library in the current working directory. Impact A local...

6.9CVSS7.3AI score0.00328EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/10/18 12:0 a.m.•24 views

rdesktop: Directory Traversal

Background rdesktop is a Remote Desktop Protocol RDP Client. Description A vulnerability has been discovered in rdesktop. Please review the CVE identifier referenced below for details. Impact Remote RDP servers may be able to read or overwrite arbitrary files via a .. dot dot in a pathname...

4.3CVSS1.9AI score0.01094EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2012/09/28 12:0 a.m.•24 views

fastjar: Directory traversal

Background fastjar is a Java archiver written in C. Description Two directory traversal vulnerabilities have been discovered in fastjar. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted JAR file, possibly...

5.8CVSS6.9AI score0.03681EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2012/09/27 12:0 a.m.•24 views

NUT: Arbitrary code execution

Background The Network UPS Tools NUT provide support for power devices. Description An error in the addchar function in parseconf.c may cause a buffer overflow. Impact A remote attacker could send a specially crafted string to upsd, possibly resulting in execution of arbitrary code with the...

7.5CVSS7.2AI score0.06243EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2011/11/20 12:0 a.m.•24 views

MaraDNS: Arbitrary code execution

Background MaraDNS is a proxy DNS server with permanent caching. Description A long DNS hostname with a large number of labels could trigger a buffer overflow in the compressadddlabelpoints function of dns/Compress.c. Impact A remote unauthenticated attacker could execute arbitrary code or cause ...

7.5CVSS4.1AI score0.05169EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2010/06/03 12:0 a.m.•24 views

XEmacs: User-assisted execution of arbitrary code

Background XEmacs is a highly extensible and customizable text editor. Description Tielei Wang reported multiple integer overflow vulnerabilities in the tiffinstantiate, pnginstantiate and jpeginstantiate functions in glyphs-eimage.c, all possibly leading to heap-based buffer overflows. Impact A...

10CVSS7.3AI score0.08636EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/09/09 12:0 a.m.•24 views

C* music player: Insecure temporary file usage

Background The C Music Player cmus is a modular and very configurable ncurses-based audio player. Description Dmitry E. Oboukhov reported that cmus-status-display does not handle the "/tmp/cmus-status" temporary file securely. Impact A local attacker could perform symlink attacks to overwrite...

6.9CVSS6.3AI score0.00323EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/01/11 12:0 a.m.•24 views

Streamripper: Multiple vulnerabilities

Background Streamripper is a tool for extracting and recording mp3 files from a Shoutcast stream. Description Stefan Cornelius from Secunia Research reported multiple buffer overflows in the httpparsescheader, httpgetpls and httpgetm3u functions in lib/http.c when parsing overly long HTTP headers...

9.3CVSS7.2AI score0.06477EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/10/07 12:0 a.m.•24 views

WordNet: Execution of arbitrary code

Background WordNet is a large lexical database of English. Description Jukka Ruohonen initially reported a boundary error within the searchwn function in src/wn.c. A thorough investigation by the oCERT team revealed several other vulnerabilities in WordNet: Jukka Ruohonen and Rob Holland oCERT...

10CVSS7.4AI score0.04429EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2008/07/01 12:0 a.m.•24 views

Motion: Execution of arbitrary code

Background Motion is a program that monitors the video signal from one or more cameras and is able to detect motions. Description Nico Golde reported an off-by-one error within the readclient function in the webhttpd.c file, leading to a stack-based buffer overflow. Stefan Cornelius Secunia...

10CVSS7.3AI score0.08015EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/04/25 12:0 a.m.•24 views

Comix: Multiple vulnerabilities

Background Comix is a GTK comic book viewer. Description Comix does not properly sanitize filenames containing shell metacharacters when they are passed to the rar, unrar, or jpegtran programs CVE-2008-1568. Comix also creates directories with predictable names CVE-2008-1796. Impact A remote...

7.5CVSS6.4AI score0.02304EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/01/30 12:0 a.m.•24 views

PeerCast: Buffer overflow

Background PeerCast is a client and server for P2P-radio network Description Luigi Auriemma reported a heap-based buffer overflow within the "handshakeHTTP" function when processing HTTP requests. Impact A remote attacker could send a specially crafted request to the vulnerable server, possibly...

10CVSS7.4AI score0.16796EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/12/09 12:0 a.m.•24 views

PEAR::MDB2: Information disclosure

Background PEAR::MDB2 is a database abstraction layer for PHP aimed to provide a common API for all supported relational database management systems. A LOB "large object" is a database field holding binary data. Description priyadi discovered that the request to store a URL string as a LOB is...

4.3CVSS6.2AI score0.01621EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/12/05 12:0 a.m.•24 views

Hugin: Insecure temporary file creation

Background Hugin is a GUI for creating and processing panoramic images. Description Suse Linux reported that Hugin creates the "hugindebugoptimresults.txt" temporary file in an insecure manner. Impact A local attacker could exploit this vulnerability with a symlink attack, potentially overwriting...

3.3CVSS6.2AI score0.00356EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/11/12 12:0 a.m.•24 views

FLAC: Buffer overflow

Background The Xiph.org Free Lossless Audio Codec FLAC library is the reference implementation of the FLAC audio file format. It contains encoders and decoders in library and executable form. Description Sean de Regge reported multiple integer overflows when processing FLAC media files that could...

9.3CVSS7AI score0.06748EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/11/08 12:0 a.m.•24 views

Tomboy: User-assisted execution of arbitrary code

Background Tomboy is a GTK-based desktop note-taking application written in C and the Mono C. Description Jan Oravec reported that the "/usr/bin/tomboy" script sets the "LDLIBRARYPATH" environment variable incorrectly, which might result in the current working directory . to be included when...

6.9CVSS7AI score0.00481EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/09/20 12:0 a.m.•24 views

rsync: Two buffer overflows

Background rsync is a file transfer program to keep remote directories synchronized. Description Sebastian Krahmer from the SUSE Security Team discovered two off-by-one errors in the function "fname" in file sender.c when processing overly long directory names. Impact A remote attacker could enti...

6.8CVSS7AI score0.03345EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/07/28 12:0 a.m.•24 views

tcpdump: Integer overflow

Background tcpdump is a tool for capturing and inspecting network traffic. Description mu-b from Digital Labs discovered that the return value of a snprintf call is not properly checked before being used. This could lead to an integer overflow. Impact A remote attacker could send specially crafte...

9.8CVSS7.1AI score0.70386EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/12/20 12:0 a.m.•24 views

pam_ldap: Authentication bypass vulnerability

Background pamldap is a Pluggable Authentication Module which allows authentication against LDAP directories. Description Steve Rigler discovered that pamldap does not correctly handle "PasswordPolicyResponse" control responses from an LDAP directory. This causes the pamauthenticate function to...

7.5CVSS6.7AI score0.03831EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/12/18 12:0 a.m.•24 views

ClamAV: Denial of service

Background ClamAV is a GPL virus scanner. Description Hendrik Weimer discovered that ClamAV fails to properly handle deeply nested MIME multipart/mixed content. Impact By sending a specially crafted email with deeply nested MIME multipart/mixed content an attacker could cause ClamAV to crash...

5CVSS6.3AI score0.03544EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/12/12 12:0 a.m.•24 views

libgsf: Buffer overflow

Background The GNOME Structured File Library is an I/O library that can read and write common file types and handle structured formats that provide file-system-in-a-file semantics. Description "infamous41md" has discovered that the "oleinitinfo" function may allocate too little memory for storing...

7.5CVSS7.3AI score0.04065EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/12/10 12:0 a.m.•24 views

SeaMonkey: Multiple vulnerabilities

Background The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as 'Mozilla Application Suite'. Description The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode execution and arbitrary code execution...

7.5CVSS7.5AI score0.05531EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/10/22 12:0 a.m.•24 views

libmusicbrainz: Multiple buffer overflows

Background libmusicbrainz is a client library used to access MusicBrainz music meta data. Description Luigi Auriemma reported a possible buffer overflow in the MBHttp::Download function of lib/http.cpp as well as several possible buffer overflows in lib/rdfparse.c. Impact A remote attacker could ...

7.5CVSS7.6AI score0.1364EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/10/17 12:0 a.m.•24 views

CAPI4Hylafax fax receiver: Execution of arbitrary code

Background CAPI4Hylafax makes it possible to send and receive faxes via CAPI and AVM Fritz!Cards. Description Lionel Elie Mamane discovered an error in c2faxrecv, which doesn't properly sanitize TSI strings when handling incoming calls. Impact A remote attacker can send null \0 and shell...

7.5CVSS7.1AI score0.02701EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/04/27 12:0 a.m.•24 views

Ethereal: Multiple vulnerabilities in protocol dissectors

Background Ethereal is a feature-rich network protocol analyzer. Description Coverity discovered numerous vulnerabilities in versions of Ethereal prior to 0.99.0, including: buffer overflows in the ALCAP CVE-2006-1934, COPS CVE-2006-1935 and telnet CVE-2006-1936 dissectors. buffer overflows in th...

10CVSS9.3AI score0.05028EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/04/14 12:0 a.m.•24 views

Cacti: Multiple vulnerabilities in included ADOdb

Background Cacti is a complete web-based frontend to rrdtool. ADOdb is a PHP-based database abstraction layer which is included in Cacti. Description Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation...

7.5CVSS8.3AI score0.13237EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2006/03/17 12:0 a.m.•24 views

Heimdal: rshd privilege escalation

Background Heimdal is a free implementation of Kerberos 5. Description An unspecified privilege escalation vulnerability in the rshd server of Heimdal has been reported. Impact Authenticated users could exploit the vulnerability to escalate privileges or to change the ownership and content of...

2.1CVSS6.9AI score0.00442EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/02/05 12:0 a.m.•24 views

GStreamer FFmpeg plugin: Heap-based buffer overflow

Background The GStreamer FFmpeg plugin uses code from the FFmpeg library to provide fast colorspace conversion and multimedia decoders to the GStreamer open source media framework. Description The GStreamer FFmpeg plugin contains derived code from the FFmpeg library, which is vulnerable to a heap...

7.5CVSS7.2AI score0.05209EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/20 12:0 a.m.•24 views

Netpbm: Buffer overflow in pnmtopng

Background Netpbm is a package of 220 graphics programs and a programming library, including pnmtopng, a tool to convert PNM image files to the PNG format. Description RedHat reported that pnmtopng is vulnerable to a buffer overflow. Impact An attacker could craft a malicious PNM file and entice ...

7.5CVSS7.1AI score0.04873EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/07/22 12:0 a.m.•24 views

Shorewall: Security policy bypass

Background Shorewall is a high level tool for configuring Netfilter, the firewall facility included in the Linux Kernel. Description Shorewall fails to enforce security policies if configured with "MACLISTDISPOSITION" set to "ACCEPT" or "MACLISTTTL" set to a value greater or equal to 0. Impact A...

7.5CVSS6.5AI score0.02305EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/15 12:0 a.m.•24 views

dhcpcd: Denial of Service vulnerability

Background dhcpcd is a standards compliant DHCP client daemon. It requests an IP address and other information from the DHCP server, automatically configures the network interface, and tries to renew the lease time. Description infamous42md discovered that dhcpcd can be tricked to read past the e...

5CVSS6.1AI score0.01926EPSS
Exploits0
Total number of security vulnerabilities3816