Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2023/11/26 12:0 a.m.23 views

LibreOffice: Multiple Vulnerabilities

Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact...

7.8CVSS7.3AI score0.02244EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.23 views

xfce4-settings: Browser Argument Injection

Background xfce4-settings contains the configuration system for the Xfce desktop environment. Description xfce4-settings does not sufficiently sanitize URLs opened via xdg4-mime-helper-tool which is called when a user clicks a link in e.g. Firefox. Impact The vulnerability can be leveraged into...

9.8CVSS6.5AI score0.01406EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2020/12/23 12:0 a.m.23 views

D-Bus: Denial of service

Background D-Bus is a message bus system which processes can use to talk to each other. Description It was discovered that D-Bus did not properly handle the situation when two usernames have the same numeric UID. Impact An attacker could possibly cause a Denial of Service condition or trigger oth...

2.7AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/11/12 12:0 a.m.23 views

VDE: Privilege escalation

Background VDE is an ethernet compliant virtual network that can be spawned over a set of physical computer over the Internet. Description It was discovered that Gentoo’s default VDE installation suffered from a privilege escalation vulnerability in the init script. This script calls an unsafe...

10CVSS9.7AI score0.01354EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2017/05/26 12:0 a.m.23 views

Smb4K: Arbitrary command execution as root

Background Smb4K is a SMB/CIFS Windows share browser for KDE. Description Smb4k contains a logic flaw in which mount helper binary does not properly verify the mount command it is being asked to run. Impact A local user can execute commands with the root privilege due to the mount helper being...

7.8CVSS4.4AI score0.01948EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2016/09/26 12:0 a.m.23 views

Bundler: Insecure installation

Background Bundler provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed. Description Bundler, allows the installation of gems from different sources with the same names, when multiple top-level gem sources are used. Impact Remo...

5CVSS9.4AI score0.03851EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/06/27 12:0 a.m.23 views

kwalletd: Information disclosure

Background Kwalletd is is a credentials management application for KDE. Description Kwalletd in KWallet uses Blowfish with ECB mode instead of CBC mode when encrypting the password store. Impact Local attackers, with access to the password store, could conduct a codebook attack in order to obtain...

5CVSS6.4AI score0.02147EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2015/07/07 12:0 a.m.23 views

UnRTF: Multiple vulnerabilities

Background UnRTF is a command-line program which converts RTF documents to other formats. Description Multiple vulnerabilities have been discovered in UnRTF. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code with the...

7.5CVSS7.7AI score0.05826EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2015/07/05 12:0 a.m.23 views

chrony: Multiple vulnerabilities

Background chrony is a versatile implementation of the Network Time Protocol NTP. Description Multiple vulnerabilities have been discovered in chrony. Please review the CVE identifiers referenced below for details. Impact A remote attacker can cause arbitrary remote code execution or Denial of...

6.5CVSS7.9AI score0.03439EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/03/06 12:0 a.m.23 views

usbmuxd: User-assisted execution of arbitrary code

Background usbmuxd is a USB multiplex daemon for use with Apple iPhone and iPod Touch devices. Description The "receivepacket" function in libusbmuxd.c contains a boundary error when parsing the "SerialNumber" field of a USB device, which could cause a heap-based buffer overflow. Impact An attack...

4.6CVSS7.1AI score0.00757EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/11/26 12:0 a.m.23 views

PEAR Net_Traceroute: Command injection

Background PEAR NetTraceroute is an OS independent wrapper class for executing traceroute calls from PHP. Description Pasquale Imperato reported that the $host parameter to the traceroute function in Traceroute.php is not properly sanitized before being passed to exec. Impact A remote attacker...

10CVSS6.8AI score0.06149EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/09/09 12:0 a.m.23 views

GCC-XML: Insecure temporary file usage

Background GCC-XML is an XML output extension to the C++ front-end of GCC. Description Dmitry E. Oboukhov reported that findflags in GCC-XML does not handle "/tmp/.cxx" temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges...

6.9CVSS6.4AI score0.00411EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2009/04/10 12:0 a.m.23 views

Wicd: Information disclosure

Background Wicd is an open source wired and wireless network manager for Linux. Description Tiziano Mueller of Gentoo discovered that the DBus configuration file for Wicd allows arbitrary users to own the org.wicd.daemon object. Impact A local attacker could exploit this vulnerability to receive...

2.1CVSS3.2AI score0.00329EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/03/20 12:0 a.m.23 views

Amarok: User-assisted execution of arbitrary code

Background Amarok is an advanced music player. Description Tobias Klein has discovered multiple vulnerabilities in Amarok: Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp trigger heap-based buffer overflows CVE-2009-0135. Multiple array index...

9.3CVSS8.3AI score0.06903EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2009/03/07 12:0 a.m.23 views

gEDA: Insecure temporary file creation

Background gEDA is an Electronic Design Automation tool used for electrical circuit design. Description Dmitry E. Oboukhov reported an insecure temporary file usage within the sch2eaglepos.sh script. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the...

6.9CVSS6.4AI score0.0039EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/12/14 12:0 a.m.23 views

aview: Insecure temporary file usage

Background aview is an ASCII image viewer and animation player. Description Dmitry E. Oboukhov reported that aview uses the "/tmp/aview$$.pgm" file in an insecure manner when processing files. Impact A local attacker could perform symlink attacks to overwrite arbitrary files on the system with th...

6.9CVSS6.4AI score0.00405EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/09/21 12:0 a.m.23 views

HAVP: Denial of service

Background HAVP is a HTTP AntiVirus Proxy. Description Peter Warasin reported an infinite loop in sockethandler.cpp when connecting to a non-responsive HTTP server. Impact A remote attacker could send requests to unavailable servers, resulting in a Denial of Service. Workaround There is no known...

7.5CVSS6.4AI score0.03001EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/04/09 12:0 a.m.23 views

PECL APC: Buffer Overflow

Background PECL Alternative PHP Cache PECL APC is a free, open, and robust framework for caching and optimizing PHP intermediate code. Description Daniel Papasian discovered a stack-based buffer overflow in the apcsearchpaths function in the file apc.c when processing long filenames. Impact A...

6.8CVSS7.6AI score0.07811EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/03/20 12:0 a.m.23 views

ssl-cert eclass: Certificate disclosure

Background The ssl-cert eclass is a code module used by Gentoo ebuilds to generate SSL certificates. Description Robin Johnson reported that the docert function provided by ssl-cert.eclass can be called by source building stages of an ebuild, such as srccompile or srcinstall, which will result in...

1.9CVSS6.5AI score0.00212EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/02/11 12:0 a.m.23 views

Horde IMP: Security bypass

Background Horde IMP provides a web-based access to IMAP and POP3 mailboxes. Description Ulf Harnhammar, Secunia Research discovered that the "frame" and "frameset" HTML tags are not properly filtered out. He also reported that certain HTTP requests are executed without being checked. Impact A...

5.8CVSS6.4AI score0.01774EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/11/20 12:0 a.m.23 views

Feynmf: Insecure temporary file creation

Background Feynmf is a combined LaTeX and Metafont package for easy drawing of professional quality Feynman and maybe other diagrams. Description Kevin B. McCarty discovered that the feynmf.pl script creates a temporary "properly list" file at the location "$TMPDIR/feynmf$PID.pl", where $PID is t...

4.6CVSS6.1AI score0.00403EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/11/08 12:0 a.m.23 views

Nagios Plugins: Two buffer overflows

Background The Nagios Plugins are an official set of plugins for Nagios, an open source host, service and network monitoring program. Description fabiodds reported a boundary checking error in the "checksnmp" plugin when processing SNMP "GET" replies that could lead to a stack-based buffer overfl...

6.8CVSS7.7AI score0.08017EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/10/07 12:0 a.m.23 views

Tk: Buffer overflow

Background Tk is a toolkit for creating graphical user interfaces. Description Reinhard Max discovered a boundary error in Tk when processing an interlaced GIF with two frames where the second is smaller than the first one. Impact A remote attacker could entice a user to open a specially crafted...

3.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/06/26 12:0 a.m.23 views

libexif: Buffer overflow

Background libexif is a library for parsing, editing and saving EXIF metadata from images. Description iDefense Labs have discovered that the exifdataloaddataentry function in libexif/exif-data.c improperly handles integer data while working with an image with many EXIF components, allowing an...

6.8CVSS7.2AI score0.04301EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/11/07 12:0 a.m.23 views

NVIDIA binary graphics driver: Privilege escalation vulnerability

Background The NVIDIA binary graphics driver from NVIDIA Corporation provides the kernel module and the GL modules for graphic acceleration on the NVIDIA based graphic cards. Description Rapid7 reported a boundary error in the NVIDIA binary graphics driver that leads to a buffer overflow in the...

7.5CVSS7.3AI score0.26046EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/08/08 12:0 a.m.23 views

DUMB: Heap buffer overflow

Background DUMB Dynamic Universal Music Bibliotheque is an IT, XM, S3M and MOD player library. Description Luigi Auriemma found a heap-based buffer overflow in the itreadenvelope function which reads the envelope values for volume, pan and pitch of the instruments referenced in a ".it" Impulse...

7.6CVSS7.6AI score0.09936EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/07/20 12:0 a.m.23 views

xine-lib: Buffer overflow

Background xine-lib is the core library of xine, a multimedia player. Description There is a stack based overflow in the libmms library included with xine-lib which can be triggered by malicious use of the sendcommand, stringutf16, getdata and getmediapacket functions. Impact A remote attacker...

5.1CVSS6.9AI score0.04262EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/06/26 12:0 a.m.23 views

Hashcash: Possible heap overflow

Background Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam. Description Andreas Seltenreich has reported a possible heap overflow in the arraypush function in hashcash.c, as a result of an incorrect amount of allocated memory for the "ARRA...

7.5CVSS7.3AI score0.03586EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/04/23 12:0 a.m.23 views

fbida: Insecure temporary file creation

Background fbida is a collection of image viewers and editors for the framebuffer console and X11. Description Jan Braun has discovered that the "fbgs" script provided by fbida insecurely creates temporary files in the "/var/tmp" directory. Impact A local attacker could create links in the...

1.2CVSS6.1AI score0.00361EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/04/04 12:0 a.m.23 views

MediaWiki: Cross-site scripting vulnerability

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to decode certain encoded URLs correctly. Impact By supplying specially crafted links, a remote attacker could exploit this vulnerability to inject malicious HTML or JavaScri...

4.3CVSS6.3AI score0.01749EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/01/13 12:0 a.m.23 views

ClamAV: Remote execution of arbitrary code

Background ClamAV is a GPL virus scanner. Description Zero Day Initiative ZDI reported a heap buffer overflow vulnerability. The vulnerability is due to an incorrect boundary check of the user-supplied data prior to copying it to an insufficiently sized memory buffer. The flaw occurs when the...

7.5CVSS6.9AI score0.10094EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/11/06 12:0 a.m.23 views

fetchmail: Password exposure in fetchmailconf

Background fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. It ships with fetchmailconf, a graphical utility used to create configuration files. Description Thomas Wolff discovered that fetchmailconf opens the configuration file wit...

2.1CVSS5.9AI score0.00453EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/10/03 12:0 a.m.23 views

gtkdiskfree: Insecure temporary file creation

Background gtkdiskfree is a GTK-based GUI to show free disk space. Description Eric Romang discovered that gtkdiskfree insecurely creates a predictable temporary file to handle command output. Impact A local attacker could create a symbolic link in the temporary files directory, pointing to a val...

5CVSS6.3AI score0.01342EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/09/18 12:0 a.m.23 views

Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities

Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project. Gecko is the layout engine used in both products. Description The Mozilla Suite and Firefox are both vulnerable to the...

7.5CVSS7.9AI score0.21112EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2005/08/16 12:0 a.m.23 views

Xpdf, Kpdf, GPdf: Denial of Service vulnerability

Background Xpdf, Kpdf and GPdf are PDF file viewers that run under the X Window System. Kpdf and GPdf both contain Xpdf code. Kpdf is also part of kdegraphics. Description Xpdf, Kpdf and GPdf do not handle a broken table of embedded TrueType fonts correctly. After detecting such a table, Xpdf, Kp...

2.1CVSS6.2AI score0.00429EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/08/07 12:0 a.m.23 views

Heartbeat: Insecure temporary file creation

Background Heartbeat is a component of the High-Availability Linux project. It it used to perform death-of-node detection, communications and cluster management. Description Eric Romang has discovered that Heartbeat insecurely creates temporary files with predictable filenames. Impact A local...

2.1CVSS6.1AI score0.00358EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/06/11 12:0 a.m.23 views

gedit: Format string vulnerability

Background gedit is the official text editor of the GNOME desktop environement. Description A format string vulnerability exists when opening files with names containing format specifiers. Impact A specially crafted file with format specifiers in the filename can cause arbitrary code execution...

2.6CVSS7AI score0.07655EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/04 12:0 a.m.23 views

xv: Filename handling vulnerability

Background xv is an interactive image manipulation package for X11. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv. Impact Successful exploitation would require a victim to process a specially crafted image with a...

5.1CVSS6.7AI score0.01926EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/23 12:0 a.m.23 views

Cyrus IMAP Server: Multiple overflow vulnerabilities

Background The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail server. Description Possible single byte overflows have been found in the imapd annotate extension and mailbox handling code. Furthermore stack buffer overflows have been found in fetchnews, the backend and imapd. Impac...

7.5CVSS7.6AI score0.04244EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/30 12:0 a.m.23 views

TikiWiki: Arbitrary command execution

Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki does not validate files uploaded to the "temp" directory. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...

7.5CVSS6.7AI score0.02447EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/30 12:0 a.m.23 views

VDR: Arbitrary file overwriting issue

Background Video Disk Recorder VDR is a Linux-based digital video recorder. The VDR program handles the On Screen Menu system that offers complete control over channel settings, timers and recordings. Description Javier Fernandez-Sanguino Pena from the Debian Security Audit Team discovered that V...

5CVSS6.3AI score0.01372EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/10 12:0 a.m.23 views

TikiWiki: Arbitrary command execution

Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki lacks a check on uploaded images in the Wiki edit page. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...

7.5CVSS2.3AI score0.01807EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/12/21 12:0 a.m.23 views

mpg123: Playlist buffer overflow

Background mpg123 is a MPEG Audio Player. Description Bartlomiej Sieka discovered that mpg123 contains an unsafe strcat to an array in playlist.c. This code vulnerability may lead to a buffer overflow. Impact A remote attacker could craft a malicious playlist which, when used, would result in the...

10CVSS4.6AI score0.14458EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/10/09 12:0 a.m.23 views

ncompress: Buffer overflow

Background ncompress is a utility handling compression and decompression of Lempel-Ziv archives, compatible with the original nix compress and uncompress utilities .Z extensions. Description compress and uncompress do not properly check bounds on command line options, including the filename. Larg...

7.5CVSS7.3AI score0.04775EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/03/29 12:0 a.m.23 views

Buffer overflow in Midnight Commander

Background Midnight Commander is a visual file manager. Description A stack-based buffer overflow has been found in Midnight Commander's virtual filesystem. Impact This overflow allows an attacker to run arbitrary code on the user's computer during the symlink conversion process. Workaround While...

7.5CVSS7.1AI score0.05138EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/03/29 12:0 a.m.23 views

oftpd DoS vulnerability

Background Quote from http://www.time-travellers .org/oftpd/ "oftpd is designed to be as secure as an anonymous FTP server can possibly be. It runs as non-root for most of the time, and uses the Unix chroot command to hide most of the systems directories from external users - they cannot change...

5CVSS7.1AI score0.01798EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/09/24 12:0 a.m.22 views

GCC: Flawed Code Generation

Background The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Ada, Go, D and Modula-2 as well as libraries for these languages libstdc++,.... Description A vulnerability has been discovered in GCC. Please review the CVE identifier referenced below for details. Impac...

7.5CVSS6.8AI score0.03207EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/08/09 12:0 a.m.22 views

ncurses: Multiple Vulnerabilities

Background Free software emulation of curses in System V. Description Multiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround ...

7.8CVSS7.7AI score0.01341EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2024/07/01 12:0 a.m.22 views

SDL_ttf: Arbitrary Memory Write

Background SDLttf is a wrapper around the FreeType and Harfbuzz libraries, allowing you to use TrueType fonts to render text in SDL applications. Description A vulnerability has been discovered in SDLttf. Please review the CVE identifier referenced below for details. Impact SDLttf was discovered ...

7.8CVSS7.4AI score0.00946EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/06/22 12:0 a.m.22 views

RDoc: Remote Code Execution

Background RDoc produces HTML and command-line documentation for Ruby projects. Description A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details. Impact When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection...

4.5CVSS8.3AI score0.01571EPSS
Exploits0
Total number of security vulnerabilities3816