Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2009/03/20 12:0 a.m.22 views

Amarok: User-assisted execution of arbitrary code

Background Amarok is an advanced music player. Description Tobias Klein has discovered multiple vulnerabilities in Amarok: Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp trigger heap-based buffer overflows CVE-2009-0135. Multiple array index...

9.3CVSS8.3AI score0.06903EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2009/03/09 12:0 a.m.22 views

MPFR: Denial of service

Background MPFR is a library for multiple-precision floating-point computations with exact rounding. Description Multiple buffer overflows have been reported in the mpfrsnprintf and mpfrvsnprintf functions. Impact A remote user could exploit the vulnerability to cause a Denial of Service in an...

7.5CVSS4AI score0.01549EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/08/08 12:0 a.m.22 views

stunnel: Security bypass

Background The stunnel program is designed to work as an SSL encryption wrapper between a remote client and a local or remote server. OCSP Online Certificate Status Protocol, as described in RFC 2560, is an internet protocol used for obtaining the revocation status of an X.509 digital certificate...

6.8CVSS6.2AI score0.01364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/01/29 12:0 a.m.22 views

MaraDNS: CNAME Denial of service

Background MaraDNS is a package that implements the Domain Name Service DNS with resolver and caching ability. Description Michael Krieger reported that a specially crafted DNS could prevent an authoritative canonical name CNAME record from being resolved because of an "improper rotation of...

5CVSS6.3AI score0.02113EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/12/30 12:0 a.m.22 views

Wireshark: Multiple vulnerabilities

Background Wireshark is a network protocol analyzer with a graphical front-end. Description Multiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP CVE-2007-6111, PPP CVE-2007-6112, DNP CVE-2007-6113, SSL and iSerie...

10CVSS7.4AI score0.06981EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/11/08 12:0 a.m.22 views

Nagios Plugins: Two buffer overflows

Background The Nagios Plugins are an official set of plugins for Nagios, an open source host, service and network monitoring program. Description fabiodds reported a boundary checking error in the "checksnmp" plugin when processing SNMP "GET" replies that could lead to a stack-based buffer overfl...

6.8CVSS7.7AI score0.08017EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/10/07 12:0 a.m.22 views

Tk: Buffer overflow

Background Tk is a toolkit for creating graphical user interfaces. Description Reinhard Max discovered a boundary error in Tk when processing an interlaced GIF with two frames where the second is smaller than the first one. Impact A remote attacker could entice a user to open a specially crafted...

3.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/07/24 12:0 a.m.22 views

MPlayer: Multiple buffer overflows

Background MPlayer is a media player incuding support for a wide range of audio and video formats. Description Stefan Cornelius and Reimar Doffinger of Secunia Research discovered several boundary errors in the functions cddbqueryparse, cddbparsematcheslist and cddbreadparse, each allowing for a...

9.3CVSS7.1AI score0.05748EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/06/26 12:0 a.m.22 views

libexif: Buffer overflow

Background libexif is a library for parsing, editing and saving EXIF metadata from images. Description iDefense Labs have discovered that the exifdataloaddataentry function in libexif/exif-data.c improperly handles integer data while working with an image with many EXIF components, allowing an...

6.8CVSS7.2AI score0.04301EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/12/07 12:0 a.m.22 views

wv library: Multiple integer overflows

Background wv is a library for conversion of MS Word DOC and RTF files. Description The wv library fails to do proper arithmetic checks in multiple places, possibly leading to integer overflows. Impact An attacker could craft a malicious file that, when handled with the wv library, could lead to...

5.1CVSS7AI score0.03385EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/10/24 12:0 a.m.22 views

ClamAV: Multiple Vulnerabilities

Background ClamAV is a GPL virus scanner. Description Damian Put and an anonymous researcher reported a potential heap-based buffer overflow vulnerability in rebuildpe.c responsible for the rebuilding of an unpacked PE file, and a possible crash in chmunpack.c in the CHM unpacker. Impact By sendi...

7.5CVSS7.3AI score0.19739EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/07/29 12:0 a.m.22 views

Audacious: Multiple heap and buffer overflows

Background Audacious is a media player that has been forked from Beep Media Player. Description Luigi Auriemma has found that the adplug library fails to verify the size of the destination buffers in the unpacking instructions, resulting in various possible heap and buffer overflows. Impact An...

5.1CVSS6.8AI score0.1277EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2006/06/09 12:0 a.m.22 views

Vixie Cron: Privilege Escalation

Background Vixie Cron is a command scheduler with extended syntax over cron. Description Roman Veretelnikov discovered that Vixie Cron fails to properly check whether it can drop privileges accordingly if setuid in docommand.c fails due to a user exceeding assigned resource limits. Impact Local...

7.2CVSS6.9AI score0.00565EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/02/16 12:0 a.m.22 views

BomberClone: Remote execution of arbitrary code

Background BomberClone is a remake of the classic game "BomberMan". It supports multiple players via IP network connection. Description Stefan Cornelius of the Gentoo Security team discovered multiple missing buffer checks in BomberClone's code. Impact By sending overly long error messages to the...

7.5CVSS7.4AI score0.67754EPSS
Exploits8
Gentoo Linux
Gentoo Linux
added 2006/02/16 12:0 a.m.22 views

libtasn1, GNU TLS: Security flaw in DER decoding

Background Libtasn1 is a library used to parse ASN.1 Abstract Syntax Notation One objects, and perform DER Distinguished Encoding Rules decoding. Libtasn1 is included with the GNU TLS library, which is used by applications to provide a cryptographically secure communications channel. Description...

7.5CVSS7.2AI score0.03507EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/01/13 12:0 a.m.22 views

ClamAV: Remote execution of arbitrary code

Background ClamAV is a GPL virus scanner. Description Zero Day Initiative ZDI reported a heap buffer overflow vulnerability. The vulnerability is due to an incorrect boundary check of the user-supplied data prior to copying it to an insufficiently sized memory buffer. The flaw occurs when the...

7.5CVSS6.9AI score0.10094EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/01/10 12:0 a.m.22 views

mod_auth_pgsql: Multiple format string vulnerabilities

Background modauthpgsql is an Apache2 module that allows user authentication against a PostgreSQL database. Description The error logging functions of modauthpgsql fail to validate certain strings before passing them to syslog, resulting in format string vulnerabilities. Impact An unauthenticated...

10CVSS7.7AI score0.089EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/12/23 12:0 a.m.22 views

NBD Tools: Buffer overflow in NBD server

Background The NBD Tools are the Network Block Device utilities allowing one to use remote block devices over a TCP/IP network. It includes a userland NBD server. Description Kurt Fitzner discovered that the NBD server allocates a request buffer that fails to take into account the size of the rep...

7.5CVSS7.2AI score0.05988EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/12/14 12:0 a.m.22 views

Xmail: Privilege escalation through sendmail

Background Xmail is an Internet and intranet mail server. Description iDEFENSE reported that the AddressFromAtPtr function in the sendmail program fails to check bounds on arguments passed from other functions, and as a result an exploitable stack overflow condition occurs when specifying the "-t...

7.5CVSS7AI score0.1534EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/11/06 12:0 a.m.22 views

fetchmail: Password exposure in fetchmailconf

Background fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. It ships with fetchmailconf, a graphical utility used to create configuration files. Description Thomas Wolff discovered that fetchmailconf opens the configuration file wit...

2.1CVSS5.9AI score0.00453EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/10/28 12:0 a.m.22 views

TikiWiki: XSS vulnerability

Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description Due to improper input validation, TikiWiki can be exploited to perform cross-site scripting attacks. Impact A remote attacker could exploit this to inject and execute malicious...

4.3CVSS6.4AI score0.0185EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/09/18 12:0 a.m.22 views

Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities

Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project. Gecko is the layout engine used in both products. Description The Mozilla Suite and Firefox are both vulnerable to the...

7.5CVSS7.9AI score0.21112EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2005/09/17 12:0 a.m.22 views

Mailutils: Format string vulnerability in imap4d

Background The GNU Mailutils are a collection of mail-related utilities, including an IMAP4 server imap4d. Description The imap4d server contains a format string bug in the handling of IMAP SEARCH requests. Impact An authenticated IMAP user could exploit the format string error in imap4d to execu...

7.5CVSS7.2AI score0.14567EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/03/07 12:0 a.m.22 views

mlterm: Integer overflow vulnerability

Background mlterm is a multi-lingual terminal emulator. Description mlterm is vulnerable to an integer overflow that can be triggered by specifying a large image file as a background. This only effects users that have compiled mlterm with the 'gtk' USE flag, which enables gdk-pixbuf support. Impa...

7.5CVSS7.2AI score0.02435EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/23 12:0 a.m.22 views

Cyrus IMAP Server: Multiple overflow vulnerabilities

Background The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail server. Description Possible single byte overflows have been found in the imapd annotate extension and mailbox handling code. Furthermore stack buffer overflows have been found in fetchnews, the backend and imapd. Impac...

7.5CVSS7.6AI score0.04244EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/02/01 12:0 a.m.22 views

FireHOL: Insecure temporary file creation

Background FireHOL is an iptables rules generator. Description FireHOL insecurely creates temporary files with predictable names. Impact A local attacker could create malicious symbolic links to arbitrary system files. When FireHOL is executed, this could lead to these files being overwritten wit...

2.1CVSS6.4AI score0.00348EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/11/28 12:0 a.m.22 views

Open DC Hub: Remote code execution

Background Open DC Hub is the hub software for the Direct Connect file sharing network. Description Donato Ferrante discovered a buffer overflow vulnerability in the RedirectAll command of the Open DC Hub. Impact Upon exploitation, a remote user with administrative privileges can execute arbitrar...

10CVSS2.6AI score0.14614EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/10/04 12:0 a.m.22 views

Netpbm: Multiple temporary file issues

Background Netpbm is a toolkit containing more than 200 separate utilities for manipulation and conversion of graphic images. Description Utilities contained in the Netpbm package prior to the 9.25 version contain defects in temporary file handling. They create temporary files with predictable...

3.7CVSS6.1AI score0.00413EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/02 12:0 a.m.22 views

Gallery: Arbitrary command execution

Background Gallery is a PHP script for maintaining online photo albums. Description The upload handling code in Gallery places uploaded files in a temporary directory. After 30 seconds, these files are deleted if they are not valid images. However, since the file exists for 30 seconds, a carefull...

7.5CVSS6.8AI score0.05233EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/04/09 12:0 a.m.22 views

Scorched 3D server chat box format string vulnerability

Background Scorched 3D is a game based loosely on the classic DOS game "Scorched Earth". Scorched 3D adds amongst other new features a 3D island environment and LAN and internet play. Scorched 3D is totally free and is available for multiple operating systems. Description Scorched 3D build 36.2 a...

8.2AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/03/30 12:0 a.m.22 views

Fetchmail 6.2.5 fixes a remote DoS

Background Fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. Description Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user. This problem occurs because Fetchmail does not...

5CVSS6.4AI score0.01943EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/01/08 12:0 a.m.22 views

Linux kernel do_mremap() local privilege escalation vulnerability

Background The Linux kernel is responsible for memory management in a working system - to allow this, processes are allowed to allocate and unallocate memory. Description The memory subsystem allows for shrinking, growing, and moving of chunks of memory along any of the allocated memory areas whi...

0.5AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.21 views

Mbed TLS: Multiple Vulnerabilities

Background Mbed TLS previously PolarSSL is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. Description Multiple vulnerabilities have been discovered in Mbed TLS. Please review the...

9.8CVSS7.8AI score0.01147EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.21 views

PostgreSQL: Privilege Escalation

Background PostgreSQL is an open source object-relational database management system. Description A vulnerability has been discovered in PostgreSQL. Please review the CVE identifier referenced below for details. Impact An attacker able to create and drop non-temporary objects could inject SQL cod...

8.8CVSS8AI score0.01565EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/07/24 12:0 a.m.21 views

Freenet: Deanonymization Vulnerability

Background Freenet is an encrypted network without censorship. Description This release fixes a severe vulnerability in path folding that allowed to distinguish between downloaders and forwarders with an adapted node that is directly connected via opennet. Impact This release fixes a severe...

7.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/07/10 12:0 a.m.21 views

HarfBuzz: Denial of Service

Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact hb-ot-layout-gsubgpos.hh in HarfBuzz allows attackers to trigger On^2 growth via consecutive marks...

7.5CVSS7.6AI score0.01812EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/07/06 12:0 a.m.21 views

KDE Plasma Workspaces: Privilege Escalation

Background KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient. Description Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the CVE identifiers referenced below for details. Impact KSmserver, KDE's XSMP manager,...

7.8CVSS8.4AI score0.00293EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/02/18 12:0 a.m.21 views

libcaca: Arbitary Code Execution

Background libcaca is a library that creates colored ASCII-art graphics. Description A vulnerability has been discovered in libcaca. Please review the CVE identifier referenced below for details. Impact A buffer overflow issue in cacaresize function in libcaca/caca/canvas.c may lead to local...

7.8CVSS7.8AI score0.00565EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/01/05 12:0 a.m.21 views

CUPS filters: Remote Code Execution

Background CUPS filters provides backends, filters, and other software that was once part of the core CUPS distribution. Description A vulnerability has been discovered in cups-filters. Please review the CVE identifier referenced below for details. Impact If you use beh to create an accessible...

8.8CVSS7.9AI score0.03697EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/11/25 12:0 a.m.21 views

MiniDLNA: Multiple Vulnerabilities

Background MiniDLNA is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients. Description Multiple vulnerabilities have been discovered in MiniDLNA. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.8CVSS7.3AI score0.02061EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2023/05/30 12:0 a.m.21 views

CGAL: Multiple Vulnerabilities

Background CGAL is a C++ library for geometric algorithms and data structures. Description Multiple vulnerabilities have been discovered in CGAL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

10CVSS7.4AI score0.03265EPSS
Exploits41
Gentoo Linux
Gentoo Linux
added 2020/07/26 12:0 a.m.21 views

Transmission: Remote code execution

Background Transmission is a cross-platform BitTorrent client. Description Transmission mishandles some memory management which may allow manipulation of the heap. Impact A remote attacker could entice a user to open a specially crafted torrent file using Transmission, possibly resulting in...

7.8CVSS5.6AI score0.02632EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2017/06/06 12:0 a.m.21 views

MUNGE: Privilege escalation

Background An authentication service for creating and validating credentials. Description It was discovered that Gentoo’s default MUNGE installation suffered from a privilege escalation vulnerability munge user to root due to improper permissions and a runscript which called chown on a user...

7.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/12/30 12:0 a.m.21 views

MPFR: User-assisted execution of arbitrary code

Background MPFR is a library for multiple-precision floating-point computations with exact rounding. Description MPFR fails to adequately check user-supplied input, which could lead to a buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...

9.8CVSS9.8AI score0.0429EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/06/06 12:0 a.m.21 views

Echoping: Buffer Overflow Vulnerabilities

Background Echoping is a small program to test performances of a remote host by sending it TCP packets. Description A boundary error exists within the “TLSreadline” function, which can be exploited to overflow a global buffer by sending an overly long encrypted HTTP reply to Echoping. Also, a...

6.8CVSS6.9AI score0.03459EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/02/06 12:0 a.m.21 views

stunnel: Arbitrary code execution

Background The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server. Description A buffer overflow vulnerability has been discovered in stunnel. Please review the CVE identifier referenced below for details. Impact A remote attacker could...

6.6CVSS7.2AI score0.02932EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2013/10/28 12:0 a.m.21 views

X2Go Server: Arbitrary code execution

Background X2Go is an open source terminal server project. Description A vulnerability in the setgid wrapper x2gosqlitewrapper.c does not hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote attacker to change that path. Impact A remote attacker may be able to execute arbitrary co...

7.5CVSS7.3AI score0.02748EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2013/10/06 12:0 a.m.21 views

GEGL: User-assisted execution of arbitrary code

Background GEGL is a graph-based image processing framework. Description Multiple integer overflows in GEGL may cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted PPM image using an application linked against GEGL, possibly resulting in...

7.5CVSS7.1AI score0.1326EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2013/09/15 12:0 a.m.21 views

libotr: Arbitrary code execution

Background libotr is a portable off-the-record messaging library. Description Multiple heap-based buffer overflows are present in the Base64 decoder of libotr. Impact A remote attacker could send a specially crafted OTR message, resulting in arbitrary code execution with the privileges of the...

4.3CVSS7.3AI score0.03441EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/03/06 12:0 a.m.21 views

foomatic-filters: User-assisted execution of arbitrary code

Background The foomatic-filters package contains wrapper scripts which are designed to be used with Foomatic. Description The foomatic-rip filter improperly handles command-line arguments, including those issued by FoomaticRIPCommandLine fields in PPD files. Impact A remote attacker could entice ...

6.8CVSS7.5AI score0.10795EPSS
Exploits2
Total number of security vulnerabilities3816