Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2008/01/30 12:0 a.m.•23 views

PeerCast: Buffer overflow

Background PeerCast is a client and server for P2P-radio network Description Luigi Auriemma reported a heap-based buffer overflow within the "handshakeHTTP" function when processing HTTP requests. Impact A remote attacker could send a specially crafted request to the vulnerable server, possibly...

10CVSS7.4AI score0.16796EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/12/09 12:0 a.m.•23 views

PEAR::MDB2: Information disclosure

Background PEAR::MDB2 is a database abstraction layer for PHP aimed to provide a common API for all supported relational database management systems. A LOB "large object" is a database field holding binary data. Description priyadi discovered that the request to store a URL string as a LOB is...

4.3CVSS6.2AI score0.01621EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/11/25 12:0 a.m.•23 views

nss_ldap: Information disclosure

Background nssldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. Description Josh Burley reported that nssldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded...

4.3CVSS6AI score0.01164EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/11/20 12:0 a.m.•23 views

Feynmf: Insecure temporary file creation

Background Feynmf is a combined LaTeX and Metafont package for easy drawing of professional quality Feynman and maybe other diagrams. Description Kevin B. McCarty discovered that the feynmf.pl script creates a temporary "properly list" file at the location "$TMPDIR/feynmf$PID.pl", where $PID is t...

4.6CVSS6.1AI score0.00403EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/20 12:0 a.m.•23 views

TORQUE: Insecure temporary file creation

Background TORQUE is a resource manager providing control over batch jobs and distributed compute nodes. Description TORQUE creates temporary files with predictable names. Please note that the TORQUE package shipped in Gentoo Portage is not vulnerable in the default configuration. Only systems wi...

7.2CVSS6.8AI score0.00337EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/11/07 12:0 a.m.•23 views

NVIDIA binary graphics driver: Privilege escalation vulnerability

Background The NVIDIA binary graphics driver from NVIDIA Corporation provides the kernel module and the GL modules for graphic acceleration on the NVIDIA based graphic cards. Description Rapid7 reported a boundary error in the NVIDIA binary graphics driver that leads to a buffer overflow in the...

7.5CVSS7.3AI score0.26046EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/08/08 12:0 a.m.•23 views

DUMB: Heap buffer overflow

Background DUMB Dynamic Universal Music Bibliotheque is an IT, XM, S3M and MOD player library. Description Luigi Auriemma found a heap-based buffer overflow in the itreadenvelope function which reads the envelope values for volume, pan and pitch of the instruments referenced in a ".it" Impulse...

7.6CVSS7.6AI score0.09936EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/07/20 12:0 a.m.•23 views

xine-lib: Buffer overflow

Background xine-lib is the core library of xine, a multimedia player. Description There is a stack based overflow in the libmms library included with xine-lib which can be triggered by malicious use of the sendcommand, stringutf16, getdata and getmediapacket functions. Impact A remote attacker...

5.1CVSS6.9AI score0.04262EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/26 12:0 a.m.•23 views

Hashcash: Possible heap overflow

Background Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam. Description Andreas Seltenreich has reported a possible heap overflow in the arraypush function in hashcash.c, as a result of an incorrect amount of allocated memory for the "ARRA...

7.5CVSS7.3AI score0.03586EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/04/23 12:0 a.m.•23 views

fbida: Insecure temporary file creation

Background fbida is a collection of image viewers and editors for the framebuffer console and X11. Description Jan Braun has discovered that the "fbgs" script provided by fbida insecurely creates temporary files in the "/var/tmp" directory. Impact A local attacker could create links in the...

1.2CVSS6.1AI score0.00361EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/04/14 12:0 a.m.•23 views

Cacti: Multiple vulnerabilities in included ADOdb

Background Cacti is a complete web-based frontend to rrdtool. ADOdb is a PHP-based database abstraction layer which is included in Cacti. Description Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation...

7.5CVSS8.3AI score0.13237EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2006/04/04 12:0 a.m.•23 views

MediaWiki: Cross-site scripting vulnerability

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to decode certain encoded URLs correctly. Impact By supplying specially crafted links, a remote attacker could exploit this vulnerability to inject malicious HTML or JavaScri...

4.3CVSS6.3AI score0.01749EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/03/17 12:0 a.m.•23 views

Heimdal: rshd privilege escalation

Background Heimdal is a free implementation of Kerberos 5. Description An unspecified privilege escalation vulnerability in the rshd server of Heimdal has been reported. Impact Authenticated users could exploit the vulnerability to escalate privileges or to change the ownership and content of...

2.1CVSS6.9AI score0.00442EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/02/05 12:0 a.m.•23 views

GStreamer FFmpeg plugin: Heap-based buffer overflow

Background The GStreamer FFmpeg plugin uses code from the FFmpeg library to provide fast colorspace conversion and multimedia decoders to the GStreamer open source media framework. Description The GStreamer FFmpeg plugin contains derived code from the FFmpeg library, which is vulnerable to a heap...

7.5CVSS7.2AI score0.05209EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/20 12:0 a.m.•23 views

Netpbm: Buffer overflow in pnmtopng

Background Netpbm is a package of 220 graphics programs and a programming library, including pnmtopng, a tool to convert PNM image files to the PNG format. Description RedHat reported that pnmtopng is vulnerable to a buffer overflow. Impact An attacker could craft a malicious PNM file and entice ...

7.5CVSS7.1AI score0.04873EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/10/03 12:0 a.m.•23 views

gtkdiskfree: Insecure temporary file creation

Background gtkdiskfree is a GTK-based GUI to show free disk space. Description Eric Romang discovered that gtkdiskfree insecurely creates a predictable temporary file to handle command output. Impact A local attacker could create a symbolic link in the temporary files directory, pointing to a val...

5CVSS6.3AI score0.01342EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/16 12:0 a.m.•23 views

Xpdf, Kpdf, GPdf: Denial of Service vulnerability

Background Xpdf, Kpdf and GPdf are PDF file viewers that run under the X Window System. Kpdf and GPdf both contain Xpdf code. Kpdf is also part of kdegraphics. Description Xpdf, Kpdf and GPdf do not handle a broken table of embedded TrueType fonts correctly. After detecting such a table, Xpdf, Kp...

2.1CVSS6.2AI score0.00429EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/07 12:0 a.m.•23 views

Heartbeat: Insecure temporary file creation

Background Heartbeat is a component of the High-Availability Linux project. It it used to perform death-of-node detection, communications and cluster management. Description Eric Romang has discovered that Heartbeat insecurely creates temporary files with predictable filenames. Impact A local...

2.1CVSS6.1AI score0.00358EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/15 12:0 a.m.•23 views

dhcpcd: Denial of Service vulnerability

Background dhcpcd is a standards compliant DHCP client daemon. It requests an IP address and other information from the DHCP server, automatically configures the network interface, and tries to renew the lease time. Description infamous42md discovered that dhcpcd can be tricked to read past the e...

5CVSS6.1AI score0.01926EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/21 12:0 a.m.•23 views

SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability

Background SpamAssassin is an extensible email filter which is used to identify junk email. Vipul's Razor is a client for a distributed, collaborative spam detection and filtering network. Description SpamAssassin and Vipul's Razor contain a Denial of Service vulnerability when handling special...

5CVSS6.3AI score0.08349EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/11 12:0 a.m.•23 views

gedit: Format string vulnerability

Background gedit is the official text editor of the GNOME desktop environement. Description A format string vulnerability exists when opening files with names containing format specifiers. Impact A specially crafted file with format specifiers in the filename can cause arbitrary code execution...

2.6CVSS7AI score0.07655EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/04 12:0 a.m.•23 views

xv: Filename handling vulnerability

Background xv is an interactive image manipulation package for X11. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv. Impact Successful exploitation would require a victim to process a specially crafted image with a...

5.1CVSS6.7AI score0.01926EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/30 12:0 a.m.•23 views

TikiWiki: Arbitrary command execution

Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki does not validate files uploaded to the "temp" directory. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...

7.5CVSS6.7AI score0.02447EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/30 12:0 a.m.•23 views

VDR: Arbitrary file overwriting issue

Background Video Disk Recorder VDR is a Linux-based digital video recorder. The VDR program handles the On Screen Menu system that offers complete control over channel settings, timers and recordings. Description Javier Fernandez-Sanguino Pena from the Debian Security Audit Team discovered that V...

5CVSS6.3AI score0.01372EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/10 12:0 a.m.•23 views

TikiWiki: Arbitrary command execution

Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki lacks a check on uploaded images in the Wiki edit page. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...

7.5CVSS2.3AI score0.01807EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/12/21 12:0 a.m.•23 views

mpg123: Playlist buffer overflow

Background mpg123 is a MPEG Audio Player. Description Bartlomiej Sieka discovered that mpg123 contains an unsafe strcat to an array in playlist.c. This code vulnerability may lead to a buffer overflow. Impact A remote attacker could craft a malicious playlist which, when used, would result in the...

10CVSS4.6AI score0.14458EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/10/09 12:0 a.m.•23 views

ncompress: Buffer overflow

Background ncompress is a utility handling compression and decompression of Lempel-Ziv archives, compatible with the original nix compress and uncompress utilities .Z extensions. Description compress and uncompress do not properly check bounds on command line options, including the filename. Larg...

7.5CVSS7.3AI score0.04775EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/03/29 12:0 a.m.•23 views

Buffer overflow in Midnight Commander

Background Midnight Commander is a visual file manager. Description A stack-based buffer overflow has been found in Midnight Commander's virtual filesystem. Impact This overflow allows an attacker to run arbitrary code on the user's computer during the symlink conversion process. Workaround While...

7.5CVSS7.1AI score0.05138EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/03/29 12:0 a.m.•23 views

oftpd DoS vulnerability

Background Quote from http://www.time-travellers .org/oftpd/ "oftpd is designed to be as secure as an anonymous FTP server can possibly be. It runs as non-root for most of the time, and uses the Unix chroot command to hide most of the systems directories from external users - they cannot change...

5CVSS7.1AI score0.01798EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/09/24 12:0 a.m.•22 views

GCC: Flawed Code Generation

Background The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Ada, Go, D and Modula-2 as well as libraries for these languages libstdc++,.... Description A vulnerability has been discovered in GCC. Please review the CVE identifier referenced below for details. Impac...

7.5CVSS6.8AI score0.03207EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/09/22 12:0 a.m.•22 views

Slurm: Multiple Vulnerabilities

Background Slurm is a highly scalable resource manager. Description Multiple vulnerabilities have been discovered in Slurm. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at...

9.8CVSS7.6AI score0.01386EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/08/09 12:0 a.m.•22 views

ncurses: Multiple Vulnerabilities

Background Free software emulation of curses in System V. Description Multiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround ...

7.8CVSS7.7AI score0.01341EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2024/06/22 12:0 a.m.•22 views

RDoc: Remote Code Execution

Background RDoc produces HTML and command-line documentation for Ruby projects. Description A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details. Impact When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection...

4.5CVSS8.3AI score0.01571EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/05/08 12:0 a.m.•22 views

qtsvg: Multiple Vulnerabilities

Background qtsvg is a SVG rendering library for the Qt framework. Description Multiple vulnerabilities have been discovered in qtsvg. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

6.5CVSS7.1AI score0.01343EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/03/03 12:0 a.m.•22 views

Blender: Multiple Vulnerabilities

Background Blender is a 3D Creation/Animation/Publishing System. Description Multiple vulnerabilities have been discovered in Blender. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

7.8CVSS7.3AI score0.01135EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/01/16 12:0 a.m.•22 views

libuv: Buffer Overread

Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description libuv fails to ensure that a pointer lies within the bounds of a defined buffer in the uvidnatoascii function before reading and manipulating the memory at that address. Impact The overread can resu...

5.3CVSS6.9AI score0.23132EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2020/12/23 12:0 a.m.•22 views

D-Bus: Denial of service

Background D-Bus is a message bus system which processes can use to talk to each other. Description It was discovered that D-Bus did not properly handle the situation when two usernames have the same numeric UID. Impact An attacker could possibly cause a Denial of Service condition or trigger oth...

2.7AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2017/05/26 12:0 a.m.•22 views

Smb4K: Arbitrary command execution as root

Background Smb4K is a SMB/CIFS Windows share browser for KDE. Description Smb4k contains a logic flaw in which mount helper binary does not properly verify the mount command it is being asked to run. Impact A local user can execute commands with the root privilege due to the mount helper being...

7.8CVSS4.4AI score0.01948EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2014/01/21 12:0 a.m.•22 views

GMime: Arbitrary code execution

Background GMime is a C/C++ library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME. Description GMime contains a buffer overflow flaw in the GMIMEUUENCODELEN macro in gmime/gmime-encodings.h. Impact A context-dependent attacker could...

7.5CVSS7.6AI score0.03235EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/01/21 12:0 a.m.•22 views

PCSC-Lite: Arbitrary code execution

Background PCSC-Lite is a PC/SC Architecture smartcard middleware library. Description PCSC-Lite contains a stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset Handler atrhandler.c. Impact A physically proximate attacker could execute arbitrary code or cause a Denial o...

4.4CVSS7.5AI score0.00498EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/11/20 12:0 a.m.•22 views

CTorrent: User-assisted arbitrary code execution

Background CTorrent is a BitTorrent client implemented in C++ to be lightweight and quick. Description CTorrent contains a stack-based buffer overflow in the btFiles::BuildFromMI function in trunk/btfiles.cpp. Impact A remote attacker could entice a user to open a specially crafted torrent file...

9.3CVSS7.3AI score0.1414EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2012/07/09 12:0 a.m.•22 views

ChaSen: User-assisted execution of arbitrary code

Background ChaSen is a Japanese morphological analysis system. Description An error in chalib.c of ChaSen could cause a buffer overflow. Impact A remote attacker could entice a user to open a specially crafted text file using ChaSen or an application using the ChaSen libraries, possibly resulting...

9.3CVSS7.1AI score0.04153EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/03/06 12:0 a.m.•22 views

usbmuxd: User-assisted execution of arbitrary code

Background usbmuxd is a USB multiplex daemon for use with Apple iPhone and iPod Touch devices. Description The "receivepacket" function in libusbmuxd.c contains a boundary error when parsing the "SerialNumber" field of a USB device, which could cause a heap-based buffer overflow. Impact An attack...

4.6CVSS7.1AI score0.00757EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/01/23 12:0 a.m.•22 views

NX Server Free Edition, NX Node: Privilege escalation

Background NX Server Free Edition is a remote display technology by No Machine. NX Node provides the shared components for NX Server. Description NX Server Free Edition and NX Node use nxconfigure.sh, a setuid script containing an unspecified vulnerability. Impact A local attacker could gain...

7.2CVSS6.3AI score0.00364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/11/26 12:0 a.m.•22 views

PEAR Net_Traceroute: Command injection

Background PEAR NetTraceroute is an OS independent wrapper class for executing traceroute calls from PHP. Description Pasquale Imperato reported that the $host parameter to the traceroute function in Traceroute.php is not properly sanitized before being passed to exec. Impact A remote attacker...

10CVSS6.8AI score0.06149EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/03/20 12:0 a.m.•22 views

Amarok: User-assisted execution of arbitrary code

Background Amarok is an advanced music player. Description Tobias Klein has discovered multiple vulnerabilities in Amarok: Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp trigger heap-based buffer overflows CVE-2009-0135. Multiple array index...

9.3CVSS8.3AI score0.06903EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2009/03/09 12:0 a.m.•22 views

MPFR: Denial of service

Background MPFR is a library for multiple-precision floating-point computations with exact rounding. Description Multiple buffer overflows have been reported in the mpfrsnprintf and mpfrvsnprintf functions. Impact A remote user could exploit the vulnerability to cause a Denial of Service in an...

7.5CVSS4AI score0.01549EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/02/11 12:0 a.m.•22 views

Horde IMP: Security bypass

Background Horde IMP provides a web-based access to IMAP and POP3 mailboxes. Description Ulf Harnhammar, Secunia Research discovered that the "frame" and "frameset" HTML tags are not properly filtered out. He also reported that certain HTTP requests are executed without being checked. Impact A...

5.8CVSS6.4AI score0.01774EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/01/29 12:0 a.m.•22 views

MaraDNS: CNAME Denial of service

Background MaraDNS is a package that implements the Domain Name Service DNS with resolver and caching ability. Description Michael Krieger reported that a specially crafted DNS could prevent an authoritative canonical name CNAME record from being resolved because of an "improper rotation of...

5CVSS6.3AI score0.02113EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/12/30 12:0 a.m.•22 views

Wireshark: Multiple vulnerabilities

Background Wireshark is a network protocol analyzer with a graphical front-end. Description Multiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP CVE-2007-6111, PPP CVE-2007-6112, DNP CVE-2007-6113, SSL and iSerie...

10CVSS7.4AI score0.06981EPSS
Exploits0
Total number of security vulnerabilities3816