Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2024/05/08 12:0 a.m.22 views

qtsvg: Multiple Vulnerabilities

Background qtsvg is a SVG rendering library for the Qt framework. Description Multiple vulnerabilities have been discovered in qtsvg. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

6.5CVSS7.1AI score0.01343EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/02/18 12:0 a.m.22 views

libcaca: Arbitary Code Execution

Background libcaca is a library that creates colored ASCII-art graphics. Description A vulnerability has been discovered in libcaca. Please review the CVE identifier referenced below for details. Impact A buffer overflow issue in cacaresize function in libcaca/caca/canvas.c may lead to local...

7.8CVSS7.8AI score0.00565EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2015/08/15 12:0 a.m.22 views

Icecast: Denial of service

Background Icecast is an open source alternative to shoutcast that supports mp3, ogg vorbis/theora and aac streaming. Description When streamauth handler is defined for URL authentication and a request is sent without login credentials, a Denial of Service condition can occur. Impact A remote...

5CVSS6.8AI score0.04344EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/01/21 12:0 a.m.22 views

GMime: Arbitrary code execution

Background GMime is a C/C++ library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME. Description GMime contains a buffer overflow flaw in the GMIMEUUENCODELEN macro in gmime/gmime-encodings.h. Impact A context-dependent attacker could...

7.5CVSS7.6AI score0.03235EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/01/21 12:0 a.m.22 views

PCSC-Lite: Arbitrary code execution

Background PCSC-Lite is a PC/SC Architecture smartcard middleware library. Description PCSC-Lite contains a stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset Handler atrhandler.c. Impact A physically proximate attacker could execute arbitrary code or cause a Denial o...

4.4CVSS7.5AI score0.00498EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2013/11/20 12:0 a.m.22 views

CTorrent: User-assisted arbitrary code execution

Background CTorrent is a BitTorrent client implemented in C++ to be lightweight and quick. Description CTorrent contains a stack-based buffer overflow in the btFiles::BuildFromMI function in trunk/btfiles.cpp. Impact A remote attacker could entice a user to open a specially crafted torrent file...

9.3CVSS7.3AI score0.1414EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2012/07/09 12:0 a.m.22 views

ChaSen: User-assisted execution of arbitrary code

Background ChaSen is a Japanese morphological analysis system. Description An error in chalib.c of ChaSen could cause a buffer overflow. Impact A remote attacker could entice a user to open a specially crafted text file using ChaSen or an application using the ChaSen libraries, possibly resulting...

9.3CVSS7.1AI score0.04153EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/06/22 12:0 a.m.22 views

TagLib: Multiple vulnerabilities

Background TagLib is a library for reading and editing audio meta data. Description Multiple vulnerabilities have been found in TagLib: The "analyzeCurrent" function in ape/apeproperties.cpp contains a division by zero error CVE-2012-1107. The "parse" function in inogg/xiphcomment.cpp contains an...

4.3CVSS9.3AI score0.03103EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2012/03/29 12:0 a.m.22 views

libzip: Multiple vulnerabilities

Background libzip is a library for manipulating zip archives. Description Two vulnerabilities have been found in the "zipreadcdir" function in zipopen.c of libzip: An incorrect loop construct, which could cause a heap-based buffer overflow CVE-2012-1162. An integer overflow, which may not restric...

7.5CVSS7.7AI score0.04024EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2012/01/23 12:0 a.m.22 views

NX Server Free Edition, NX Node: Privilege escalation

Background NX Server Free Edition is a remote display technology by No Machine. NX Node provides the shared components for NX Server. Description NX Server Free Edition and NX Node use nxconfigure.sh, a setuid script containing an unspecified vulnerability. Impact A local attacker could gain...

7.2CVSS6.3AI score0.00364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/03/23 12:0 a.m.22 views

MLDonkey: Information disclosure

Background MLDonkey is a multi-network P2P application written in Ocaml, coming with its own Gtk GUI, web and telnet interface. Description Michael Peselnik reported that src/utils/lib/url.ml in the web interface of MLDonkey does not handle file names with leading double slashes properly. Impact ...

5CVSS1.3AI score0.05803EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/03/09 12:0 a.m.22 views

MPFR: Denial of service

Background MPFR is a library for multiple-precision floating-point computations with exact rounding. Description Multiple buffer overflows have been reported in the mpfrsnprintf and mpfrvsnprintf functions. Impact A remote user could exploit the vulnerability to cause a Denial of Service in an...

7.5CVSS4AI score0.01549EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/08/08 12:0 a.m.22 views

stunnel: Security bypass

Background The stunnel program is designed to work as an SSL encryption wrapper between a remote client and a local or remote server. OCSP Online Certificate Status Protocol, as described in RFC 2560, is an internet protocol used for obtaining the revocation status of an X.509 digital certificate...

6.8CVSS6.2AI score0.01364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/04/17 12:0 a.m.22 views

Poppler: User-assisted execution of arbitrary code

Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. Description Kees Cook from the Ubuntu Security Team reported that the CairoFont::create function in the file CairoFontEngine.cc does not verify the type of an embedded font object inside a PDF file before...

6.8CVSS6.9AI score0.04941EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/01/29 12:0 a.m.22 views

MaraDNS: CNAME Denial of service

Background MaraDNS is a package that implements the Domain Name Service DNS with resolver and caching ability. Description Michael Krieger reported that a specially crafted DNS could prevent an authoritative canonical name CNAME record from being resolved because of an "improper rotation of...

5CVSS6.3AI score0.02113EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/12/30 12:0 a.m.22 views

Wireshark: Multiple vulnerabilities

Background Wireshark is a network protocol analyzer with a graphical front-end. Description Multiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP CVE-2007-6111, PPP CVE-2007-6112, DNP CVE-2007-6113, SSL and iSerie...

10CVSS7.4AI score0.06981EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/07/24 12:0 a.m.22 views

MPlayer: Multiple buffer overflows

Background MPlayer is a media player incuding support for a wide range of audio and video formats. Description Stefan Cornelius and Reimar Doffinger of Secunia Research discovered several boundary errors in the functions cddbqueryparse, cddbparsematcheslist and cddbreadparse, each allowing for a...

9.3CVSS7.1AI score0.05748EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/12/07 12:0 a.m.22 views

wv library: Multiple integer overflows

Background wv is a library for conversion of MS Word DOC and RTF files. Description The wv library fails to do proper arithmetic checks in multiple places, possibly leading to integer overflows. Impact An attacker could craft a malicious file that, when handled with the wv library, could lead to...

5.1CVSS7AI score0.03385EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/10/24 12:0 a.m.22 views

ClamAV: Multiple Vulnerabilities

Background ClamAV is a GPL virus scanner. Description Damian Put and an anonymous researcher reported a potential heap-based buffer overflow vulnerability in rebuildpe.c responsible for the rebuilding of an unpacked PE file, and a possible crash in chmunpack.c in the CHM unpacker. Impact By sendi...

7.5CVSS7.3AI score0.19739EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/07/29 12:0 a.m.22 views

Audacious: Multiple heap and buffer overflows

Background Audacious is a media player that has been forked from Beep Media Player. Description Luigi Auriemma has found that the adplug library fails to verify the size of the destination buffers in the unpacking instructions, resulting in various possible heap and buffer overflows. Impact An...

5.1CVSS6.8AI score0.1277EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2006/06/09 12:0 a.m.22 views

Vixie Cron: Privilege Escalation

Background Vixie Cron is a command scheduler with extended syntax over cron. Description Roman Veretelnikov discovered that Vixie Cron fails to properly check whether it can drop privileges accordingly if setuid in docommand.c fails due to a user exceeding assigned resource limits. Impact Local...

7.2CVSS6.9AI score0.00565EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/02/16 12:0 a.m.22 views

BomberClone: Remote execution of arbitrary code

Background BomberClone is a remake of the classic game "BomberMan". It supports multiple players via IP network connection. Description Stefan Cornelius of the Gentoo Security team discovered multiple missing buffer checks in BomberClone's code. Impact By sending overly long error messages to the...

7.5CVSS7.4AI score0.67754EPSS
Exploits8
Gentoo Linux
Gentoo Linux
added 2006/02/16 12:0 a.m.22 views

libtasn1, GNU TLS: Security flaw in DER decoding

Background Libtasn1 is a library used to parse ASN.1 Abstract Syntax Notation One objects, and perform DER Distinguished Encoding Rules decoding. Libtasn1 is included with the GNU TLS library, which is used by applications to provide a cryptographically secure communications channel. Description...

7.5CVSS7.2AI score0.03507EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/01/10 12:0 a.m.22 views

mod_auth_pgsql: Multiple format string vulnerabilities

Background modauthpgsql is an Apache2 module that allows user authentication against a PostgreSQL database. Description The error logging functions of modauthpgsql fail to validate certain strings before passing them to syslog, resulting in format string vulnerabilities. Impact An unauthenticated...

10CVSS7.7AI score0.089EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/12/23 12:0 a.m.22 views

NBD Tools: Buffer overflow in NBD server

Background The NBD Tools are the Network Block Device utilities allowing one to use remote block devices over a TCP/IP network. It includes a userland NBD server. Description Kurt Fitzner discovered that the NBD server allocates a request buffer that fails to take into account the size of the rep...

7.5CVSS7.2AI score0.05988EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/12/14 12:0 a.m.22 views

Xmail: Privilege escalation through sendmail

Background Xmail is an Internet and intranet mail server. Description iDEFENSE reported that the AddressFromAtPtr function in the sendmail program fails to check bounds on arguments passed from other functions, and as a result an exploitable stack overflow condition occurs when specifying the "-t...

7.5CVSS7AI score0.1534EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/10/28 12:0 a.m.22 views

TikiWiki: XSS vulnerability

Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description Due to improper input validation, TikiWiki can be exploited to perform cross-site scripting attacks. Impact A remote attacker could exploit this to inject and execute malicious...

4.3CVSS6.4AI score0.0185EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/10/28 12:0 a.m.22 views

SELinux PAM: Local password guessing attack

Background PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. SELinux is an operating system based on Linux which includes Mandatory Access Control...

2.1CVSS6.6AI score0.00428EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/09/17 12:0 a.m.22 views

Mailutils: Format string vulnerability in imap4d

Background The GNU Mailutils are a collection of mail-related utilities, including an IMAP4 server imap4d. Description The imap4d server contains a format string bug in the handling of IMAP SEARCH requests. Impact An authenticated IMAP user could exploit the format string error in imap4d to execu...

7.5CVSS7.2AI score0.14567EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/03/07 12:0 a.m.22 views

mlterm: Integer overflow vulnerability

Background mlterm is a multi-lingual terminal emulator. Description mlterm is vulnerable to an integer overflow that can be triggered by specifying a large image file as a background. This only effects users that have compiled mlterm with the 'gtk' USE flag, which enables gdk-pixbuf support. Impa...

7.5CVSS7.2AI score0.02435EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/01 12:0 a.m.22 views

FireHOL: Insecure temporary file creation

Background FireHOL is an iptables rules generator. Description FireHOL insecurely creates temporary files with predictable names. Impact A local attacker could create malicious symbolic links to arbitrary system files. When FireHOL is executed, this could lead to these files being overwritten wit...

2.1CVSS6.4AI score0.00348EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/11/28 12:0 a.m.22 views

Open DC Hub: Remote code execution

Background Open DC Hub is the hub software for the Direct Connect file sharing network. Description Donato Ferrante discovered a buffer overflow vulnerability in the RedirectAll command of the Open DC Hub. Impact Upon exploitation, a remote user with administrative privileges can execute arbitrar...

10CVSS2.6AI score0.14614EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/10/04 12:0 a.m.22 views

Netpbm: Multiple temporary file issues

Background Netpbm is a toolkit containing more than 200 separate utilities for manipulation and conversion of graphic images. Description Utilities contained in the Netpbm package prior to the 9.25 version contain defects in temporary file handling. They create temporary files with predictable...

3.7CVSS6.1AI score0.00413EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/02 12:0 a.m.22 views

Gallery: Arbitrary command execution

Background Gallery is a PHP script for maintaining online photo albums. Description The upload handling code in Gallery places uploaded files in a temporary directory. After 30 seconds, these files are deleted if they are not valid images. However, since the file exists for 30 seconds, a carefull...

7.5CVSS6.8AI score0.05233EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/04/09 12:0 a.m.22 views

Scorched 3D server chat box format string vulnerability

Background Scorched 3D is a game based loosely on the classic DOS game "Scorched Earth". Scorched 3D adds amongst other new features a 3D island environment and LAN and internet play. Scorched 3D is totally free and is available for multiple operating systems. Description Scorched 3D build 36.2 a...

8.2AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/03/30 12:0 a.m.22 views

Fetchmail 6.2.5 fixes a remote DoS

Background Fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. Description Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user. This problem occurs because Fetchmail does not...

5CVSS6.4AI score0.01943EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/01/08 12:0 a.m.22 views

Linux kernel do_mremap() local privilege escalation vulnerability

Background The Linux kernel is responsible for memory management in a working system - to allow this, processes are allowed to allocate and unallocate memory. Description The memory subsystem allows for shrinking, growing, and moving of chunks of memory along any of the allocated memory areas whi...

0.5AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.21 views

Mbed TLS: Multiple Vulnerabilities

Background Mbed TLS previously PolarSSL is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. Description Multiple vulnerabilities have been discovered in Mbed TLS. Please review the...

9.8CVSS7.8AI score0.01147EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.21 views

PostgreSQL: Privilege Escalation

Background PostgreSQL is an open source object-relational database management system. Description A vulnerability has been discovered in PostgreSQL. Please review the CVE identifier referenced below for details. Impact An attacker able to create and drop non-temporary objects could inject SQL cod...

8.8CVSS8AI score0.01565EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/07/24 12:0 a.m.21 views

Freenet: Deanonymization Vulnerability

Background Freenet is an encrypted network without censorship. Description This release fixes a severe vulnerability in path folding that allowed to distinguish between downloaders and forwarders with an adapted node that is directly connected via opennet. Impact This release fixes a severe...

7.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/07/10 12:0 a.m.21 views

HarfBuzz: Denial of Service

Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact hb-ot-layout-gsubgpos.hh in HarfBuzz allows attackers to trigger On^2 growth via consecutive marks...

7.5CVSS7.6AI score0.01812EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/07/06 12:0 a.m.21 views

KDE Plasma Workspaces: Privilege Escalation

Background KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient. Description Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the CVE identifiers referenced below for details. Impact KSmserver, KDE's XSMP manager,...

7.8CVSS8.4AI score0.00293EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/01/05 12:0 a.m.21 views

CUPS filters: Remote Code Execution

Background CUPS filters provides backends, filters, and other software that was once part of the core CUPS distribution. Description A vulnerability has been discovered in cups-filters. Please review the CVE identifier referenced below for details. Impact If you use beh to create an accessible...

8.8CVSS7.9AI score0.03697EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/11/25 12:0 a.m.21 views

MiniDLNA: Multiple Vulnerabilities

Background MiniDLNA is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients. Description Multiple vulnerabilities have been discovered in MiniDLNA. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.8CVSS7.3AI score0.02061EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2023/05/30 12:0 a.m.21 views

CGAL: Multiple Vulnerabilities

Background CGAL is a C++ library for geometric algorithms and data structures. Description Multiple vulnerabilities have been discovered in CGAL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

10CVSS7.4AI score0.03265EPSS
Exploits41
Gentoo Linux
Gentoo Linux
added 2020/07/26 12:0 a.m.21 views

Transmission: Remote code execution

Background Transmission is a cross-platform BitTorrent client. Description Transmission mishandles some memory management which may allow manipulation of the heap. Impact A remote attacker could entice a user to open a specially crafted torrent file using Transmission, possibly resulting in...

7.8CVSS5.6AI score0.02632EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2017/06/06 12:0 a.m.21 views

MUNGE: Privilege escalation

Background An authentication service for creating and validating credentials. Description It was discovered that Gentoo’s default MUNGE installation suffered from a privilege escalation vulnerability munge user to root due to improper permissions and a runscript which called chown on a user...

7.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/12/30 12:0 a.m.21 views

MPFR: User-assisted execution of arbitrary code

Background MPFR is a library for multiple-precision floating-point computations with exact rounding. Description MPFR fails to adequately check user-supplied input, which could lead to a buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...

9.8CVSS9.8AI score0.0429EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/06/06 12:0 a.m.21 views

Echoping: Buffer Overflow Vulnerabilities

Background Echoping is a small program to test performances of a remote host by sending it TCP packets. Description A boundary error exists within the “TLSreadline” function, which can be exploited to overflow a global buffer by sending an overly long encrypted HTTP reply to Echoping. Also, a...

6.8CVSS6.9AI score0.03459EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2013/10/28 12:0 a.m.21 views

X2Go Server: Arbitrary code execution

Background X2Go is an open source terminal server project. Description A vulnerability in the setgid wrapper x2gosqlitewrapper.c does not hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote attacker to change that path. Impact A remote attacker may be able to execute arbitrary co...

7.5CVSS7.3AI score0.02748EPSS
Exploits0
Total number of security vulnerabilities3816