Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2009/09/09 12:0 a.m.24 views

Openswan: Denial of service

Background Openswan is an implementation of IPsec for Linux. Description Multiple vulnerabilities have been discovered in Openswan: Gerd v. Egidy reported a NULL pointer dereference in the Dead Peer Detection of the pluto IKE daemon as included in Openswan CVE-2009-0790. The Orange Labs...

5CVSS8.4AI score0.03205EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2009/07/12 12:0 a.m.24 views

Multiple Ralink wireless drivers: Execution of arbitrary code

Background All listed packages are external kernel modules that provide drivers for multiple Ralink devices. ralink-rt61 is released by ralinktech.com, the other packages by the rt2x00.serialmonkey.com project. Description Aviv reported an integer overflow in multiple Ralink wireless card drivers...

9.3CVSS4.9AI score0.05829EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/04/08 12:0 a.m.24 views

Avahi: Denial of service

Background Avahi is a system that facilitates service discovery on a local network. Description Rob Leslie reported that the originatesfromlocallegacyunicastsocket function in avahi-core/server.c does not account for the network byte order of a port number when processing incoming multicast...

7.8CVSS3.3AI score0.02011EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/03/29 12:0 a.m.24 views

Analog: Denial of service

Background Analog is a a webserver log analyzer. Description Diego E. Petteno reported that the Analog package in Gentoo is built with its own copy of bzip2, making it vulnerable to CVE-2008-1372 GLSA 200804-02. Impact A local attacker could place specially crafted log files into a log directory...

4.3CVSS6.1AI score0.04519EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2009/03/09 12:0 a.m.24 views

Openswan: Insecure temporary file creation

Background Openswan is an implementation of IPsec for Linux. Description Dmitry E. Oboukhov reported that the IPSEC livetest tool does not handle the ipseclive.conn and ipsec.olts.remote.log temporary files securely. Impact A local attacker could perform symlink attacks to execute arbitrary code...

4.4CVSS7.2AI score0.01115EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2009/01/11 12:0 a.m.24 views

Streamripper: Multiple vulnerabilities

Background Streamripper is a tool for extracting and recording mp3 files from a Shoutcast stream. Description Stefan Cornelius from Secunia Research reported multiple buffer overflows in the httpparsescheader, httpgetpls and httpgetm3u functions in lib/http.c when parsing overly long HTTP headers...

9.3CVSS7.2AI score0.06477EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/12/10 12:0 a.m.24 views

OpenSC: Insufficient protection of smart card PIN

Background OpenSC is a smart card application that allows reading and writing via PKCS11. Description Chaskiel M Grundman reported that OpenSC uses weak permissions ADMIN file control information of 00 for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4. Impact A...

4.9CVSS6.2AI score0.00393EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/10/07 12:0 a.m.24 views

WordNet: Execution of arbitrary code

Background WordNet is a large lexical database of English. Description Jukka Ruohonen initially reported a boundary error within the searchwn function in src/wn.c. A thorough investigation by the oCERT team revealed several other vulnerabilities in WordNet: Jukka Ruohonen and Rob Holland oCERT...

10CVSS7.4AI score0.04429EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2008/07/01 12:0 a.m.24 views

Motion: Execution of arbitrary code

Background Motion is a program that monitors the video signal from one or more cameras and is able to detect motions. Description Nico Golde reported an off-by-one error within the readclient function in the webhttpd.c file, leading to a stack-based buffer overflow. Stefan Cornelius Secunia...

10CVSS7.3AI score0.08015EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/04/25 12:0 a.m.24 views

Comix: Multiple vulnerabilities

Background Comix is a GTK comic book viewer. Description Comix does not properly sanitize filenames containing shell metacharacters when they are passed to the rar, unrar, or jpegtran programs CVE-2008-1568. Comix also creates directories with predictable names CVE-2008-1796. Impact A remote...

7.5CVSS6.4AI score0.02304EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/04/24 12:0 a.m.24 views

JRockit: Multiple vulnerabilities

Background JRockit is BEA WebLogic's J2SE Development Kit. Description Because of sharing the same codebase, JRockit is affected by the vulnerabilities mentioned in GLSA 200804-20. Impact A remote attacker could entice a user to run a specially crafted applet on a website or start an application ...

4.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/03/08 12:0 a.m.24 views

Ghostscript: Buffer overflow

Background Ghostscript is a suite of software based on an interpreter for PostScript and PDF. Description Chris Evans Google Security discovered a stack-based buffer overflow within the zseticcspace function in the file zicc.c when processing a PostScript file containing a long "Range" array in a...

6.8CVSS7.3AI score0.14409EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/01/30 12:0 a.m.24 views

PeerCast: Buffer overflow

Background PeerCast is a client and server for P2P-radio network Description Luigi Auriemma reported a heap-based buffer overflow within the "handshakeHTTP" function when processing HTTP requests. Impact A remote attacker could send a specially crafted request to the vulnerable server, possibly...

10CVSS7.4AI score0.16796EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/12/09 12:0 a.m.24 views

PEAR::MDB2: Information disclosure

Background PEAR::MDB2 is a database abstraction layer for PHP aimed to provide a common API for all supported relational database management systems. A LOB "large object" is a database field holding binary data. Description priyadi discovered that the request to store a URL string as a LOB is...

4.3CVSS6.2AI score0.01621EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/12/05 12:0 a.m.24 views

Hugin: Insecure temporary file creation

Background Hugin is a GUI for creating and processing panoramic images. Description Suse Linux reported that Hugin creates the "hugindebugoptimresults.txt" temporary file in an insecure manner. Impact A local attacker could exploit this vulnerability with a symlink attack, potentially overwriting...

3.3CVSS6.2AI score0.00356EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/11/25 12:0 a.m.24 views

nss_ldap: Information disclosure

Background nssldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. Description Josh Burley reported that nssldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded...

4.3CVSS6AI score0.01164EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/09/20 12:0 a.m.24 views

rsync: Two buffer overflows

Background rsync is a file transfer program to keep remote directories synchronized. Description Sebastian Krahmer from the SUSE Security Team discovered two off-by-one errors in the function "fname" in file sender.c when processing overly long directory names. Impact A remote attacker could enti...

6.8CVSS7AI score0.03345EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/12/20 12:0 a.m.24 views

pam_ldap: Authentication bypass vulnerability

Background pamldap is a Pluggable Authentication Module which allows authentication against LDAP directories. Description Steve Rigler discovered that pamldap does not correctly handle "PasswordPolicyResponse" control responses from an LDAP directory. This causes the pamauthenticate function to...

7.5CVSS6.7AI score0.03831EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/12/18 12:0 a.m.24 views

ClamAV: Denial of service

Background ClamAV is a GPL virus scanner. Description Hendrik Weimer discovered that ClamAV fails to properly handle deeply nested MIME multipart/mixed content. Impact By sending a specially crafted email with deeply nested MIME multipart/mixed content an attacker could cause ClamAV to crash...

5CVSS6.3AI score0.03544EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/12/12 12:0 a.m.24 views

libgsf: Buffer overflow

Background The GNOME Structured File Library is an I/O library that can read and write common file types and handle structured formats that provide file-system-in-a-file semantics. Description "infamous41md" has discovered that the "oleinitinfo" function may allocate too little memory for storing...

7.5CVSS7.3AI score0.04065EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/12/10 12:0 a.m.24 views

SeaMonkey: Multiple vulnerabilities

Background The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as 'Mozilla Application Suite'. Description The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode execution and arbitrary code execution...

7.5CVSS7.5AI score0.05531EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/11/20 12:0 a.m.24 views

TORQUE: Insecure temporary file creation

Background TORQUE is a resource manager providing control over batch jobs and distributed compute nodes. Description TORQUE creates temporary files with predictable names. Please note that the TORQUE package shipped in Gentoo Portage is not vulnerable in the default configuration. Only systems wi...

7.2CVSS6.8AI score0.00337EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/10/22 12:0 a.m.24 views

libmusicbrainz: Multiple buffer overflows

Background libmusicbrainz is a client library used to access MusicBrainz music meta data. Description Luigi Auriemma reported a possible buffer overflow in the MBHttp::Download function of lib/http.cpp as well as several possible buffer overflows in lib/rdfparse.c. Impact A remote attacker could ...

7.5CVSS7.6AI score0.1364EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/10/17 12:0 a.m.24 views

CAPI4Hylafax fax receiver: Execution of arbitrary code

Background CAPI4Hylafax makes it possible to send and receive faxes via CAPI and AVM Fritz!Cards. Description Lionel Elie Mamane discovered an error in c2faxrecv, which doesn't properly sanitize TSI strings when handling incoming calls. Impact A remote attacker can send null \0 and shell...

7.5CVSS7.1AI score0.02701EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/03/17 12:0 a.m.24 views

Heimdal: rshd privilege escalation

Background Heimdal is a free implementation of Kerberos 5. Description An unspecified privilege escalation vulnerability in the rshd server of Heimdal has been reported. Impact Authenticated users could exploit the vulnerability to escalate privileges or to change the ownership and content of...

2.1CVSS6.9AI score0.00442EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/02/05 12:0 a.m.24 views

GStreamer FFmpeg plugin: Heap-based buffer overflow

Background The GStreamer FFmpeg plugin uses code from the FFmpeg library to provide fast colorspace conversion and multimedia decoders to the GStreamer open source media framework. Description The GStreamer FFmpeg plugin contains derived code from the FFmpeg library, which is vulnerable to a heap...

7.5CVSS7.2AI score0.05209EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/10/20 12:0 a.m.24 views

Netpbm: Buffer overflow in pnmtopng

Background Netpbm is a package of 220 graphics programs and a programming library, including pnmtopng, a tool to convert PNM image files to the PNG format. Description RedHat reported that pnmtopng is vulnerable to a buffer overflow. Impact An attacker could craft a malicious PNM file and entice ...

7.5CVSS7.1AI score0.04873EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/08/16 12:0 a.m.24 views

Xpdf, Kpdf, GPdf: Denial of Service vulnerability

Background Xpdf, Kpdf and GPdf are PDF file viewers that run under the X Window System. Kpdf and GPdf both contain Xpdf code. Kpdf is also part of kdegraphics. Description Xpdf, Kpdf and GPdf do not handle a broken table of embedded TrueType fonts correctly. After detecting such a table, Xpdf, Kp...

2.1CVSS6.2AI score0.00429EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/07/22 12:0 a.m.24 views

Shorewall: Security policy bypass

Background Shorewall is a high level tool for configuring Netfilter, the firewall facility included in the Linux Kernel. Description Shorewall fails to enforce security policies if configured with "MACLISTDISPOSITION" set to "ACCEPT" or "MACLISTTTL" set to a value greater or equal to 0. Impact A...

7.5CVSS6.5AI score0.02305EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/07/15 12:0 a.m.24 views

dhcpcd: Denial of Service vulnerability

Background dhcpcd is a standards compliant DHCP client daemon. It requests an IP address and other information from the DHCP server, automatically configures the network interface, and tries to renew the lease time. Description infamous42md discovered that dhcpcd can be tricked to read past the e...

5CVSS6.1AI score0.01926EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/07/06 12:0 a.m.24 views

RealPlayer: Heap overflow vulnerability

Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Description RealPlayer is vulnerable to a heap overflow when opening RealMedia files which make use of RealText. Impact By enticing a user to play a specially crafted RealMedia file an attacker coul...

5.1CVSS7.4AI score0.04105EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/06/21 12:0 a.m.24 views

SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability

Background SpamAssassin is an extensible email filter which is used to identify junk email. Vipul's Razor is a client for a distributed, collaborative spam detection and filtering network. Description SpamAssassin and Vipul's Razor contain a Denial of Service vulnerability when handling special...

5CVSS6.3AI score0.08349EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/06/13 12:0 a.m.24 views

MediaWiki: Cross-site scripting vulnerability

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki incorrectly handles page template inclusions, rendering it vulnerable to cross-site scripting attacks. Impact A remote attacker could exploit this vulnerability to inject malicious...

2.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/20 12:0 a.m.24 views

OpenSLP: Multiple buffer overflows

Background OpenSLP is an open-source implementation of Service Location Protocol SLP. Description Multiple buffer overflows have been found in OpenSLP, when handling malformed SLP packets. Impact By sending specially crafted SLP packets, a remote attacker could potentially execute arbitrary code...

7.5CVSS7.4AI score0.02603EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/02 12:0 a.m.24 views

Squid: Multiple vulnerabilities

Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Squid contains several...

7.5CVSS6.9AI score0.50775EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/14 12:0 a.m.24 views

tnftp: Arbitrary file overwriting

Background tnftp is a NetBSD FTP client with several advanced features. Description The 'mget' function in cmds.c lacks validation of the filenames that are supplied by the server. Impact An attacker running an FTP server could supply clients with malicious filenames, potentially allowing the...

5CVSS2.9AI score0.00999EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/11/04 12:0 a.m.24 views

shadow: Unauthorized modification of account information

Background shadow provides a set of utilities to deal with user accounts. Description Martin Schulze reported a flaw in the passwdcheck function in "libmisc/pwdcheck.c" which is used by chfn and chsh. Impact A logged-in local user with an expired password may be able to use chfn and chsh to chang...

4.6CVSS1.4AI score0.00347EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/08 12:0 a.m.24 views

LHa: Multiple vulnerabilities

Background LHa is a console-based program for packing and unpacking LHarc archives. Description The command line argument as well as the archive parsing code of LHa lack sufficient bounds checking. Furthermore, a shell meta character command execution vulnerability exists in LHa, since it does no...

10CVSS7.4AI score0.18827EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/09/02 12:0 a.m.24 views

eGroupWare: Multiple XSS vulnerabilities

Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description Joxean Koret recently discovered multiple cross site scripting vulnerabilities in various modules for the eGroupWare suite. This includes the calendar, address book,...

4.3CVSS2.9AI score0.0362EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/08/26 12:0 a.m.24 views

MoinMoin: Group ACL bypass

Background MoinMoin is a Python clone of WikiWiki, based on PikiPiki. Description MoinMoin contains two unspecified bugs, one allowing anonymous users elevated access when not using ACLs, and the other in the ACL handling in the PageEditor. Impact Restrictions on anonymous users were not properly...

10CVSS2.2AI score0.02264EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/09 12:0 a.m.24 views

SpamAssassin: Denial of Service vulnerability

Background SpamAssassin is an extensible email filter which is used to identify spam. Description SpamAssassin contains an unspecified Denial of Service vulnerability. Impact By sending a specially crafted message an attacker could cause a Denial of Service attack against the SpamAssassin service...

5CVSS6.3AI score0.01943EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/05 12:0 a.m.24 views

PuTTY: Pre-authentication arbitrary code execution

Background PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. Description PuTTY contains a vulnerability allowing a malicious server to execute arbitrary code on the connecting client before host key verification. Impact When...

7.5CVSS3.8AI score0.04114EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/06/29 12:0 a.m.24 views

mit-krb5: Multiple buffer overflows in krb5_aname_to_localname

Background mit-krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description The library function krb5anametolocalname contains multiple buffer overflows. This is only exploitable if explicit mapping or rules-based mappin...

10CVSS7.5AI score0.11665EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/04/09 12:0 a.m.24 views

Multiple Vulnerabilities in pwlib

Background pwlib is a multi-platform library designed for OpenH323. Description Multiple vulnerabilities have been found in the implimentation of protocol H.323 contained in pwlib. Most of the vulnerabilies are in the parsing of ASN.1 elements which would allow an attacker to use a maliciously...

10CVSS7.5AI score0.10309EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.23 views

GPL Ghostscript: Multiple Vulnerabilities

Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...

8.8CVSS7.7AI score0.27974EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.23 views

Slurm: Multiple Vulnerabilities

Background Slurm is a highly scalable resource manager. Description Multiple vulnerabilities have been discovered in Slurm. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at...

9.8CVSS7.6AI score0.01386EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.23 views

PJSIP: Heap Buffer Overflow

Background PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Description Please review the CVE identifier referenced below for details. Impact Please review the CVE identifier...

7.5CVSS7.3AI score0.0233EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/08/07 12:0 a.m.23 views

Nokogiri: Denial of Service

Background Nokogiri is an HTML, XML, SAX, and Reader parser. Description A denial of service vulnerability has been discovered in Nokogiri. Please review the CVE identifier referenced below for details. Impact Nokogiri fails to check the return value from xmlTextReaderExpand in the method...

7.5CVSS7.4AI score0.0168EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/07/01 12:0 a.m.23 views

Liferea: Remote Code Execution

Background Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser. Description A...

9.8CVSS7.3AI score0.02385EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/06/22 12:0 a.m.23 views

GLib: Privilege Escalation

Background GLib is a library providing a number of GNOME's core objects and functions. Description A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for details. Impact When a GDBus-based client subscribes to signals from a trusted system service such ...

5.2CVSS6.9AI score0.00756EPSS
Exploits1
Total number of security vulnerabilities3816