Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2005/07/06 12:0 a.m.24 views

RealPlayer: Heap overflow vulnerability

Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Description RealPlayer is vulnerable to a heap overflow when opening RealMedia files which make use of RealText. Impact By enticing a user to play a specially crafted RealMedia file an attacker coul...

5.1CVSS7.4AI score0.04105EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/06/21 12:0 a.m.24 views

SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability

Background SpamAssassin is an extensible email filter which is used to identify junk email. Vipul's Razor is a client for a distributed, collaborative spam detection and filtering network. Description SpamAssassin and Vipul's Razor contain a Denial of Service vulnerability when handling special...

5CVSS6.3AI score0.08349EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/06/13 12:0 a.m.24 views

MediaWiki: Cross-site scripting vulnerability

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki incorrectly handles page template inclusions, rendering it vulnerable to cross-site scripting attacks. Impact A remote attacker could exploit this vulnerability to inject malicious...

2.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/20 12:0 a.m.24 views

OpenSLP: Multiple buffer overflows

Background OpenSLP is an open-source implementation of Service Location Protocol SLP. Description Multiple buffer overflows have been found in OpenSLP, when handling malformed SLP packets. Impact By sending specially crafted SLP packets, a remote attacker could potentially execute arbitrary code...

7.5CVSS7.4AI score0.02603EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/02 12:0 a.m.24 views

Squid: Multiple vulnerabilities

Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Squid contains several...

7.5CVSS6.9AI score0.50775EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/14 12:0 a.m.24 views

tnftp: Arbitrary file overwriting

Background tnftp is a NetBSD FTP client with several advanced features. Description The 'mget' function in cmds.c lacks validation of the filenames that are supplied by the server. Impact An attacker running an FTP server could supply clients with malicious filenames, potentially allowing the...

5CVSS2.9AI score0.00999EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/11/04 12:0 a.m.24 views

shadow: Unauthorized modification of account information

Background shadow provides a set of utilities to deal with user accounts. Description Martin Schulze reported a flaw in the passwdcheck function in "libmisc/pwdcheck.c" which is used by chfn and chsh. Impact A logged-in local user with an expired password may be able to use chfn and chsh to chang...

4.6CVSS1.4AI score0.00347EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/08 12:0 a.m.24 views

LHa: Multiple vulnerabilities

Background LHa is a console-based program for packing and unpacking LHarc archives. Description The command line argument as well as the archive parsing code of LHa lack sufficient bounds checking. Furthermore, a shell meta character command execution vulnerability exists in LHa, since it does no...

10CVSS7.4AI score0.18827EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/09/02 12:0 a.m.24 views

eGroupWare: Multiple XSS vulnerabilities

Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description Joxean Koret recently discovered multiple cross site scripting vulnerabilities in various modules for the eGroupWare suite. This includes the calendar, address book,...

4.3CVSS2.9AI score0.0362EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/08/26 12:0 a.m.24 views

MoinMoin: Group ACL bypass

Background MoinMoin is a Python clone of WikiWiki, based on PikiPiki. Description MoinMoin contains two unspecified bugs, one allowing anonymous users elevated access when not using ACLs, and the other in the ACL handling in the PageEditor. Impact Restrictions on anonymous users were not properly...

10CVSS2.2AI score0.02264EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/09 12:0 a.m.24 views

SpamAssassin: Denial of Service vulnerability

Background SpamAssassin is an extensible email filter which is used to identify spam. Description SpamAssassin contains an unspecified Denial of Service vulnerability. Impact By sending a specially crafted message an attacker could cause a Denial of Service attack against the SpamAssassin service...

5CVSS6.3AI score0.01943EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/05 12:0 a.m.24 views

PuTTY: Pre-authentication arbitrary code execution

Background PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. Description PuTTY contains a vulnerability allowing a malicious server to execute arbitrary code on the connecting client before host key verification. Impact When...

7.5CVSS3.8AI score0.04114EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/06/29 12:0 a.m.24 views

mit-krb5: Multiple buffer overflows in krb5_aname_to_localname

Background mit-krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description The library function krb5anametolocalname contains multiple buffer overflows. This is only exploitable if explicit mapping or rules-based mappin...

10CVSS7.5AI score0.11665EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/04/09 12:0 a.m.24 views

Multiple Vulnerabilities in pwlib

Background pwlib is a multi-platform library designed for OpenH323. Description Multiple vulnerabilities have been found in the implimentation of protocol H.323 contained in pwlib. Most of the vulnerabilies are in the parsing of ASN.1 elements which would allow an attacker to use a maliciously...

10CVSS7.5AI score0.10309EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.23 views

GPL Ghostscript: Multiple Vulnerabilities

Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...

8.8CVSS7.7AI score0.27974EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.23 views

Slurm: Multiple Vulnerabilities

Background Slurm is a highly scalable resource manager. Description Multiple vulnerabilities have been discovered in Slurm. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at...

9.8CVSS7.6AI score0.01386EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.23 views

PJSIP: Heap Buffer Overflow

Background PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Description Please review the CVE identifier referenced below for details. Impact Please review the CVE identifier...

7.5CVSS7.3AI score0.0233EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/08/07 12:0 a.m.23 views

Nokogiri: Denial of Service

Background Nokogiri is an HTML, XML, SAX, and Reader parser. Description A denial of service vulnerability has been discovered in Nokogiri. Please review the CVE identifier referenced below for details. Impact Nokogiri fails to check the return value from xmlTextReaderExpand in the method...

7.5CVSS7.4AI score0.0168EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/07/01 12:0 a.m.23 views

Liferea: Remote Code Execution

Background Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser. Description A...

9.8CVSS7.3AI score0.02385EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/06/22 12:0 a.m.23 views

GLib: Privilege Escalation

Background GLib is a library providing a number of GNOME's core objects and functions. Description A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for details. Impact When a GDBus-based client subscribes to signals from a trusted system service such ...

5.2CVSS6.9AI score0.00756EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/06/22 12:0 a.m.23 views

LZ4: Memory Corruption

Background LZ4 is a lossless compression algorithm, providing compression speed 500 MB/s per core, scalable with multi-cores CPU. It features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems. Description An attacker who...

9.8CVSS9.7AI score0.03216EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/03/03 12:0 a.m.23 views

Blender: Multiple Vulnerabilities

Background Blender is a 3D Creation/Animation/Publishing System. Description Multiple vulnerabilities have been discovered in Blender. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

7.8CVSS7.3AI score0.01135EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/01/16 12:0 a.m.23 views

libuv: Buffer Overread

Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description libuv fails to ensure that a pointer lies within the bounds of a defined buffer in the uvidnatoascii function before reading and manipulating the memory at that address. Impact The overread can resu...

5.3CVSS6.9AI score0.23132EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/11/26 12:0 a.m.23 views

LibreOffice: Multiple Vulnerabilities

Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact...

7.8CVSS7.3AI score0.02244EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.23 views

xfce4-settings: Browser Argument Injection

Background xfce4-settings contains the configuration system for the Xfce desktop environment. Description xfce4-settings does not sufficiently sanitize URLs opened via xdg4-mime-helper-tool which is called when a user clicks a link in e.g. Firefox. Impact The vulnerability can be leveraged into...

9.8CVSS6.5AI score0.01406EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/12/23 12:0 a.m.23 views

D-Bus: Denial of service

Background D-Bus is a message bus system which processes can use to talk to each other. Description It was discovered that D-Bus did not properly handle the situation when two usernames have the same numeric UID. Impact An attacker could possibly cause a Denial of Service condition or trigger oth...

2.7AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/11/12 12:0 a.m.23 views

VDE: Privilege escalation

Background VDE is an ethernet compliant virtual network that can be spawned over a set of physical computer over the Internet. Description It was discovered that Gentoo’s default VDE installation suffered from a privilege escalation vulnerability in the init script. This script calls an unsafe...

10CVSS9.7AI score0.01354EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/09/26 12:0 a.m.23 views

Bundler: Insecure installation

Background Bundler provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed. Description Bundler, allows the installation of gems from different sources with the same names, when multiple top-level gem sources are used. Impact Remo...

5CVSS9.4AI score0.03851EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/07/20 12:0 a.m.23 views

Ansible: Privilege escalation

Background Ansible is a radically simple IT automation platform. Description The createscript function in the lxccontainer module of Ansible uses predictable temporary file names, making it vulnerable to a symlink attack. Impact Local attackers could write arbitrary files or gain escalated...

7.8CVSS3.3AI score0.00468EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/07/20 12:0 a.m.23 views

arpwatch: Privilege escalation

Background The ethernet monitor program; for keeping track of ethernet/ip address pairings. Description Arpwatch does not properly drop supplementary groups. Impact Attackers, if able to exploit arpwatch, could escalate privileges outside of the running process. Workaround There is no known...

10CVSS9.2AI score0.03202EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/06/27 12:0 a.m.23 views

kwalletd: Information disclosure

Background Kwalletd is is a credentials management application for KDE. Description Kwalletd in KWallet uses Blowfish with ECB mode instead of CBC mode when encrypting the password store. Impact Local attackers, with access to the password store, could conduct a codebook attack in order to obtain...

5CVSS6.4AI score0.02147EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2016/06/26 12:0 a.m.23 views

PLIB: Buffer overflow vulnerability

Background PLIB includes sound effects, music, a complete 3D engine, font rendering, a simple Windowing library, a game scripting language, a GUI, networking, 3D math library and a collection of handy utility functions. Description A buffer overflow in PLIB allows user-assisted remote attackers t...

9.3CVSS7.5AI score0.12795EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2015/12/30 12:0 a.m.23 views

Firebird: Buffer Overflow

Background Firebird is a multi-platform, open source relational database. Description The vulnerability is caused due to an error when processing requests from remote clients. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of...

6.8CVSS7.3AI score0.42166EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2015/07/09 12:0 a.m.23 views

PyPAM: Arbitrary code execution

Background PyPAM is a PAM binding for Python. Description PyPAM does not handle passwords correctly if there is NULL byte in the string. Impact A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition. Workaround There is no known workaround at this time...

7.5CVSS7.2AI score0.14294EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2015/07/07 12:0 a.m.23 views

UnRTF: Multiple vulnerabilities

Background UnRTF is a command-line program which converts RTF documents to other formats. Description Multiple vulnerabilities have been discovered in UnRTF. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code with the...

7.5CVSS7.7AI score0.05826EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2015/07/05 12:0 a.m.23 views

chrony: Multiple vulnerabilities

Background chrony is a versatile implementation of the Network Time Protocol NTP. Description Multiple vulnerabilities have been discovered in chrony. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause arbitrary remote code execution or Denial of...

6.5CVSS7.9AI score0.03439EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/04/07 12:0 a.m.23 views

libproxy: User-assisted execution of arbitrary code

Background libproxy is a library for automatic proxy configuration management. Description A boundary error when processing the proxy.pac file could cause a stack-based buffer overflow. Impact A man-in-the-middle attacker could provide a specially crafted proxy.pac file on a remote server, possib...

10CVSS7.1AI score0.03476EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/02/21 12:0 a.m.23 views

libtar: Arbitraty code execution

Background libtar is a C library for manipulating POSIX tar files. Description An integer overflow error within the “thread” function when processing long names or link extensions can be exploited to cause a heap-based buffer overflow via a specially crafted archive. Impact A remote attacker coul...

6.8CVSS7.5AI score0.05485EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2013/12/17 12:0 a.m.23 views

libsndfile: Arbitrary code execution

Background Libsndfile is a C library for reading and writing files containing sampled sound through one standard library interface. Description An integer overflow flaw has been discovered in Libsndfile. Impact A remote attacker could entice a user to open a specially crafted PAF file using...

6.8CVSS2.5AI score0.04647EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2013/09/24 12:0 a.m.23 views

GNU ZRTP: Multiple vulnerabilities

Background GNU ZRTP is a C++ implementation of the ZRTP protocol. Description Multiple vulnerabilities have been discovered in GNU ZRTP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the proces...

7.5CVSS7.7AI score0.04744EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2012/01/23 12:0 a.m.23 views

FontForge: User-assisted execution of arbitrary code

Background FontForge is a PostScript font editor and converter. Description FontForge is vulnerable to an error when processing the "CHARSETREGISTRY" header in font files, which could cause a stack-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted BDF...

6.8CVSS7AI score0.10853EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2011/10/22 12:0 a.m.23 views

rgmanager: Privilege escalation

Background rgmanager is a clustered resource group manager. Description A vulnerability has been discovered in rgmanager. Please review the CVE identifier referenced below for details. Impact A local attacker could gain escalated privileges. Workaround There is no known workaround at this time...

6.9CVSS9.1AI score0.00417EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2011/01/15 12:0 a.m.23 views

Tor: Remote heap-based buffer overflow

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Tor contains a heap-based buffer overflow in the processing of user or attacker supplied data. No additional information is available. Impact Successful...

10CVSS7.7AI score0.07876EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2010/12/17 12:0 a.m.23 views

Chromium: Multiple vulnerabilities

Background Chromium is an open-source web browser project. Description Multiple vulnerabilities were found in Chromium. For further information please consult the release notes referenced below. Impact A remote attacker could trick a user to perform a set of UI actions that trigger a possibly...

1.3AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2010/09/07 12:0 a.m.23 views

sudo: Privilege Escalation

Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been reported in sudo: Evan Broder and Anders Kaseorg of Ksplice, Inc. reported that the sudo 'secure path' feature does not properly handle multiple...

6.2CVSS10AI score0.00457EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2010/06/02 12:0 a.m.23 views

Newt: User-assisted execution of arbitrary code

Background Newt is a library for displaying text mode user interfaces. Description Miroslav Lichvar reported that Newt is prone to a heap-based buffer overflow in textbox.c. Impact A remote attacker could entice a user to enter a specially crafted string into a text dialog box rendered by Newt,...

4.6CVSS7.4AI score0.00497EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/11/26 12:0 a.m.23 views

PEAR Net_Traceroute: Command injection

Background PEAR NetTraceroute is an OS independent wrapper class for executing traceroute calls from PHP. Description Pasquale Imperato reported that the $host parameter to the traceroute function in Traceroute.php is not properly sanitized before being passed to exec. Impact A remote attacker...

10CVSS6.8AI score0.06149EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/09/09 12:0 a.m.23 views

Openswan: Denial of service

Background Openswan is an implementation of IPsec for Linux. Description Multiple vulnerabilities have been discovered in Openswan: Gerd v. Egidy reported a NULL pointer dereference in the Dead Peer Detection of the pluto IKE daemon as included in Openswan CVE-2009-0790. The Orange Labs...

5CVSS8.4AI score0.03205EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2009/09/09 12:0 a.m.23 views

GCC-XML: Insecure temporary file usage

Background GCC-XML is an XML output extension to the C++ front-end of GCC. Description Dmitry E. Oboukhov reported that findflags in GCC-XML does not handle "/tmp/.cxx" temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges...

6.9CVSS6.4AI score0.00411EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2009/07/12 12:0 a.m.23 views

Multiple Ralink wireless drivers: Execution of arbitrary code

Background All listed packages are external kernel modules that provide drivers for multiple Ralink devices. ralink-rt61 is released by ralinktech.com, the other packages by the rt2x00.serialmonkey.com project. Description Aviv reported an integer overflow in multiple Ralink wireless card drivers...

9.3CVSS4.9AI score0.05829EPSS
Exploits0
Total number of security vulnerabilities3816