Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2008/02/12 12:0 a.m.•21 views

Gnumeric: User-assisted execution of arbitrary code

Background The Gnumeric spreadsheet is a versatile application developed as part of the GNOME Office project. Description Multiple integer overflow and signedness errors have been reported in the excelreadHLINK function in file plugins/excel/ms-excel-read.c when processing XLS HLINK opcodes. Impa...

9.3CVSS7.3AI score0.04981EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/01/27 12:0 a.m.•21 views

ngIRCd: Denial of service

Background ngIRCd is a free open source daemon for Internet Relay Chat IRC. Description The IRCPART function in the file irc-channel.c does not properly check the number of parameters, referencing an invalid pointer if no channel is supplied. Impact A remote attacker can exploit this vulnerabilit...

5CVSS6.4AI score0.01802EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/06/06 12:0 a.m.•21 views

ELinks: User-assisted execution of arbitrary code

Background ELinks is a text-mode web browser. Description Arnaud Giersch discovered that the "addfilenametostring" function in file intl/gettext/loadmsgcat.c uses an untrusted relative path, allowing for a format string attack with a malicious .po file. Impact A local attacker could entice a user...

4.4CVSS6.8AI score0.00841EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/03/13 12:0 a.m.•21 views

Amarok: User-assisted remote execution of arbitrary code

Background Amarok is an advanced music player. Description The Magnatune downloader doesn't quote the "mcurrentAlbumFileName" parameter while calling the "unzip" shell command. Impact A compromised or malicious Magnatune server can remotely execute arbitrary shell code with the rights of the user...

3.5AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/10/24 12:0 a.m.•21 views

ClamAV: Multiple Vulnerabilities

Background ClamAV is a GPL virus scanner. Description Damian Put and an anonymous researcher reported a potential heap-based buffer overflow vulnerability in rebuildpe.c responsible for the rebuilding of an unpacked PE file, and a possible crash in chmunpack.c in the CHM unpacker. Impact By sendi...

7.5CVSS7.3AI score0.19739EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/06/09 12:0 a.m.•21 views

Vixie Cron: Privilege Escalation

Background Vixie Cron is a command scheduler with extended syntax over cron. Description Roman Veretelnikov discovered that Vixie Cron fails to properly check whether it can drop privileges accordingly if setuid in docommand.c fails due to a user exceeding assigned resource limits. Impact Local...

7.2CVSS6.9AI score0.00565EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2006/05/21 12:0 a.m.•21 views

Quagga Routing Suite: Multiple vulnerabilities

Background The Quagga Routing Suite implements three major routing protocols: RIP v1/v2/v3, OSPF v2/v3 and BGP4. Description Konstantin V. Gavrilenko discovered two flaws in the Routing Information Protocol RIP daemon that allow the processing of RIP v1 packets carrying no authentication even whe...

5CVSS6.7AI score0.1128EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2006/04/04 12:0 a.m.•21 views

FreeRADIUS: Authentication bypass in EAP-MSCHAPv2 module

Background FreeRADIUS is an open source RADIUS authentication server implementation. Description FreeRADIUS suffers from insufficient input validation in the EAP-MSCHAPv2 state machine. Impact An attacker could cause the server to bypass authentication checks by manipulating the EAP-MSCHAPv2 clie...

7.5CVSS6.6AI score0.0276EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/02/16 12:0 a.m.•21 views

BomberClone: Remote execution of arbitrary code

Background BomberClone is a remake of the classic game "BomberMan". It supports multiple players via IP network connection. Description Stefan Cornelius of the Gentoo Security team discovered multiple missing buffer checks in BomberClone's code. Impact By sending overly long error messages to the...

7.5CVSS7.4AI score0.67754EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2005/11/04 12:0 a.m.•21 views

giflib: Multiple vulnerabilities

Background giflib is a library for reading and writing GIF images. Description Chris Evans and Daniel Eisenbud independently discovered two out-of-bounds memory write operations and a NULL pointer dereference in giflib. Impact An attacker could craft a malicious GIF image and entice users to load...

7.5CVSS6.7AI score0.04418EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/28 12:0 a.m.•21 views

SELinux PAM: Local password guessing attack

Background PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. SELinux is an operating system based on Linux which includes Mandatory Access Control...

2.1CVSS6.6AI score0.00428EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/10/06 12:0 a.m.•21 views

Dia: Arbitrary code execution through SVG import

Background Dia is a gtk+ based diagram creation program released under the GPL license. Description Joxean Koret discovered that the SVG import plugin in Dia fails to properly sanitise data read from an SVG file. Impact An attacker could create a specially crafted SVG file, which, when imported...

5.1CVSS6.5AI score0.02614EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/09/30 12:0 a.m.•21 views

Hylafax: Insecure temporary file creation in xferfaxstats script

Background Hylafax is a client-server fax package for class 1 and 2 fax modems. Description Javier Fernandez-Sanguino has discovered that xferfaxstats cron script supplied by Hylafax insecurely creates temporary files with predictable filenames. Impact A local attacker could create symbolic links...

2.1CVSS6.1AI score0.00383EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/23 12:0 a.m.•21 views

Evolution: Format string vulnerabilities

Background Evolution is a GNOME groupware application. Description Ulf Harnhammar discovered that Evolution is vulnerable to format string bugs when viewing attached vCards and when displaying contact information from remote LDAP servers or task list data from remote servers CAN-2005-2549. He als...

7.5CVSS7AI score0.04426EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/05/23 12:0 a.m.•21 views

Qpopper: Multiple Vulnerabilities

Background Qpopper is a widely used server for the POP3 protocol. Description Jens Steube discovered that Qpopper doesn't drop privileges to process local files from normal users CAN-2005-1151. The upstream developers discovered that Qpopper can be forced to create group or world writeable files...

7.2CVSS6.3AI score0.00367EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/06 12:0 a.m.•22 views

sharutils: Insecure temporary file creation

Background sharutils is a collection of tools to deal with shar archives. Description Joey Hess has discovered that the program unshar, which is a part of sharutils, creates temporary files in a world-writable directory with predictable names. Impact A local attacker could create symbolic links i...

7AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/21 12:0 a.m.•21 views

Xzabite dyndnsupdate: Multiple vulnerabilities

Background dyndnsupdate is a dyndns.org data updater written by Fredrik "xzabite" Haglund. Description Toby Dickenson discovered that dyndnsupdate suffers from multiple overflows. Impact A remote attacker, posing as a dyndns.org server, could execute arbitrary code with the rights of the user...

7.5CVSS7.3AI score0.03135EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/10 12:0 a.m.•21 views

mpg123: Buffer overflow

Background mpg123 is a real-time MPEG audio player. Description mpg123 improperly parses frame headers in input streams. Impact By inducing a user to play a malicious file, an attacker may be able to exploit a buffer overflow to execute arbitrary code with the permissions of the user running...

7.5CVSS7.6AI score0.03584EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/05 12:0 a.m.•21 views

Shoutcast Server: Remote code execution

Background Shoutcast Server is Nullsoft's streaming audio server. It runs on a variety of platforms, including Linux, and is extremely popular with Internet broadcasters. Description Part of the Shoutcast Server Linux binary has been found to improperly handle sprintf parsing. Impact A malicious...

7.5CVSS2.9AI score0.70066EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2004/12/15 12:0 a.m.•21 views

ncpfs: Buffer overflow in ncplogin and ncpmap

Background ncpfs is a NCP protocol network filesystem that allows access to Netware services, for example to mount volumes of NetWare servers or print to NetWare print queues. Description Karol Wiesek discovered a buffer overflow in the handling of the '-T' option in the ncplogin and ncpmap...

7.2CVSS2.7AI score0.004EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/11/11 12:0 a.m.•21 views

ez-ipupdate: Format string vulnerability

Background ez-ipupdate is a utility for updating host name information for a large number of dynamic DNS services. Description Ulf Harnhammar from the Debian Security Audit Project discovered a format string vulnerability in ez-ipupdate. Impact An attacker could exploit this to execute arbitrary...

10CVSS7AI score0.03818EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/27 12:0 a.m.•21 views

mpg123: Buffer overflow vulnerabilities

Background mpg123 is a MPEG Audio Player. Description Buffer overflow vulnerabilities in the getauthfromURL and httpopen functions have been reported by Carlos Barros. Additionally, the Gentoo Linux Sound Team fixed additional boundary checks which were found to be lacking. Impact By enticing a...

10CVSS7.5AI score0.06527EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/10/04 12:0 a.m.•21 views

Netpbm: Multiple temporary file issues

Background Netpbm is a toolkit containing more than 200 separate utilities for manipulation and conversion of graphic images. Description Utilities contained in the Netpbm package prior to the 9.25 version contain defects in temporary file handling. They create temporary files with predictable...

3.7CVSS6.1AI score0.00413EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/08/12 12:0 a.m.•21 views

gv: Exploitable Buffer Overflow

Background gv is a PostScript and PDF viewer for X which provides a user interface for the ghostscript interpreter. Description gv contains a buffer overflow vulnerability where an unsafe sscanf call is used to interpret PDF and PostScript files. Impact By enticing a user to view a malformed PDF ...

4.6CVSS7.5AI score0.02025EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/04/19 12:0 a.m.•21 views

XChat 2.0.x SOCKS5 Vulnerability

Background XChat is a multiplatform IRC client. Description The SOCKS 5 proxy code in XChat is vulnerable to a remote exploit. Users would have to be using XChat through a SOCKS 5 server, enable SOCKS 5 traversal which is disabled by default and also connect to an attacker's custom proxy server...

7.5CVSS6.7AI score0.08961EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2025/06/12 12:0 a.m.•20 views

Python, PyPy: Multiple Vulnerabilities

Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Multiple vulnerabilities have been discovered in Python, PyPy3. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers f...

9.4CVSS7.7AI score0.02303EPSS
Exploits16
Gentoo Linux
Gentoo Linux
•added 2025/05/14 12:0 a.m.•20 views

FreeType: Remote Code Execution

Background FreeType is a high-quality and portable font engine. Description Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact An out of bounds write exists in FreeType when attempting to parse font subglyph structures...

8.1CVSS9AI score0.26049EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/12/07 12:0 a.m.•21 views

Cacti: Multiple Vulnerabilities

Background Cacti is a web-based network graphing and reporting tool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

9.8CVSS8AI score0.99826EPSS
Exploits71
Gentoo Linux
Gentoo Linux
•added 2024/11/17 12:0 a.m.•20 views

Perl: Multiple Vulnerabilities

Background Perl is Larry Wall’s Practical Extraction and Report Language. Description Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...

8.1CVSS7.7AI score0.01742EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/09/22 12:0 a.m.•20 views

PostgreSQL: Privilege Escalation

Background PostgreSQL is an open source object-relational database management system. Description A vulnerability has been discovered in PostgreSQL. Please review the CVE identifier referenced below for details. Impact An attacker able to create and drop non-temporary objects could inject SQL cod...

8.8CVSS8AI score0.01565EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/09/22 12:0 a.m.•20 views

stb: Multiple Vulnerabilities

Background A set of single-file public domain or MIT licensed libraries for C/C++ Description Multiple vulnerabilities have been discovered in stb. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is ...

8.8CVSS7.6AI score0.02069EPSS
Exploits6
Gentoo Linux
Gentoo Linux
•added 2024/09/22 12:0 a.m.•20 views

VLC: Multiple Vulnerabilities

Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

7.8CVSS7.6AI score0.00649EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/09/22 12:0 a.m.•20 views

pypy, pypy3: Multiple Vulnerabilities

Background A fast, compliant alternative implementation of the Python language. Description Multiple vulnerabilities have been discovered in pypy. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is n...

9.8CVSS7.7AI score0.08235EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/08/12 12:0 a.m.•20 views

protobuf, protobuf-python: Denial of Service

Background Google's Protocol Buffers are an extensible mechanism for serializing structured data. Description A vulnerability has been discovered in protobuf and protobuf-python. Please review the CVE identifiers referenced below for details. Impact A parsing vulnerability for the MessageSet type...

7.5CVSS7.2AI score0.01191EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/08/07 12:0 a.m.•20 views

PostgreSQL: Multiple Vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...

8.8CVSS7.7AI score0.04322EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/08/07 12:0 a.m.•20 views

Bitcoin: Denial of Service

Background Bitcoin Core consists of both "full-node" software for fully validating the blockchain as well as a bitcoin wallet. Description Please review the CVE identifier referenced below for details. Impact Bitcoin Core, when debug mode is not used, allows attackers to cause a denial of service...

7.5CVSS7.2AI score0.014EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/07/05 12:0 a.m.•20 views

TigerVNC: Multiple Vulnerabilities

Background TigerVNC is a high-performance VNC server/client. Description Multiple vulnerabilities have been discovered in TigerVNC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

8.1CVSS7.6AI score0.04773EPSS
Exploits4
Gentoo Linux
Gentoo Linux
•added 2024/07/01 12:0 a.m.•20 views

SDL_ttf: Arbitrary Memory Write

Background SDLttf is a wrapper around the FreeType and Harfbuzz libraries, allowing you to use TrueType fonts to render text in SDL applications. Description A vulnerability has been discovered in SDLttf. Please review the CVE identifier referenced below for details. Impact SDLttf was discovered ...

7.8CVSS7.4AI score0.00946EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/02/26 12:0 a.m.•20 views

btrbk: Remote Code Execution

Background btrbk is a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Description A vulnerability has been discovered in btrbk. Please review the CVE identifier referenced below...

9.8CVSS7.2AI score0.03155EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2023/05/03 12:0 a.m.•20 views

slixmpp: Insufficient Certificate Validation

Background slixmpp is a Python 3 library for XMPP. Description slixmpp does not validate hostnames in certificates used by connected servers. Impact An attacker could perform a man-in-the-middle attack on users' connections to servers with slixmpp. Workaround There is no known workaround at this...

7.5CVSS6.6AI score0.00469EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/07/26 12:0 a.m.•20 views

Transmission: Remote code execution

Background Transmission is a cross-platform BitTorrent client. Description Transmission mishandles some memory management which may allow manipulation of the heap. Impact A remote attacker could entice a user to open a specially crafted torrent file using Transmission, possibly resulting in...

7.8CVSS5.6AI score0.02632EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2016/03/12 12:0 a.m.•20 views

FlightGear, SimGear: Multiple vulnerabilities

Background FlightGear is an open-source flight simulator. It supports a variety of popular platforms Windows, Mac, Linux, etc. and is developed by skilled volunteers from around the world. Source code for the entire project is available and licensed under the GNU General Public License. SimGear i...

9.3CVSS7.5AI score0.06463EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2015/12/30 12:0 a.m.•20 views

MPFR: User-assisted execution of arbitrary code

Background MPFR is a library for multiple-precision floating-point computations with exact rounding. Description MPFR fails to adequately check user-supplied input, which could lead to a buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...

9.8CVSS9.8AI score0.0429EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2015/11/02 12:0 a.m.•20 views

MirBSD Korn Shell: Arbitrary code execution

Background MirBSD Korn Shell is an actively developed free implementation of the Korn Shell programming language and a successor to the Public Domain Korn Shell. Description Improper sanitation of environment import allows for appending of values to passed parameters. Impact An attacker who alrea...

3AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/04/07 12:0 a.m.•20 views

OptiPNG: User-assisted execution of arbitrary code

Background OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Description A use-after-free vulnerability exists in the palette reduction functionality of OptiPNG. Impact A remote attacker could entice a user to open a specially crafted imag...

7.5CVSS7AI score0.05236EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2013/10/06 12:0 a.m.•20 views

GEGL: User-assisted execution of arbitrary code

Background GEGL is a graph-based image processing framework. Description Multiple integer overflows in GEGL may cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted PPM image using an application linked against GEGL, possibly resulting in...

7.5CVSS7.1AI score0.1326EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/09/25 12:0 a.m.•20 views

TPP: User-assisted execution of arbitrary code

Background TPP is an ncurses-based text presentation tool. Description TPP templates may contain a --exec clause, the contents of which are automatically executed without confirmation from the user. Impact A remote attacker could entice a user to open a specially crafted file using TPP, possibly...

6.8CVSS7AI score0.02602EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2011/01/15 12:0 a.m.•20 views

aria2: Directory traversal

Background aria2 is a download utility with resuming and segmented downloading with HTTP/HTTPS/FTP/BitTorrent support. Description A directory traversal vulnerability was discovered in aria2. Impact A remote attacker could entice a user to download from a specially crafted metalink file, resultin...

4.3CVSS6.4AI score0.03159EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2010/09/06 12:0 a.m.•20 views

Maildrop: privilege escalation

Background maildrop is the mail filter/mail delivery agent that is used by the Courier Mail Server. Description Christoph Anton Mitterer reported that maildrop does not properly drop its privileges when run as root. Impact A local attacker could create a specially crafted .mailfilter file, possib...

6.9CVSS6.6AI score0.00423EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/04/04 12:0 a.m.•20 views

WeeChat: Denial of service

Background Wee Enhanced Environment for Chat WeeChat is a light and extensible console IRC client. Description Sebastien Helleu reported an array out-of-bounds error in the colored message handling. Impact A remote attacker could send a specially crafted PRIVMSG command, possibly leading to a...

5CVSS1.8AI score0.03105EPSS
Exploits1
Total number of security vulnerabilities3816