Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2005/10/28 12:0 a.m.21 views

SELinux PAM: Local password guessing attack

Background PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. SELinux is an operating system based on Linux which includes Mandatory Access Control...

2.1CVSS6.6AI score0.00428EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/10/06 12:0 a.m.21 views

Dia: Arbitrary code execution through SVG import

Background Dia is a gtk+ based diagram creation program released under the GPL license. Description Joxean Koret discovered that the SVG import plugin in Dia fails to properly sanitise data read from an SVG file. Impact An attacker could create a specially crafted SVG file, which, when imported...

5.1CVSS6.5AI score0.02614EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/09/30 12:0 a.m.21 views

Hylafax: Insecure temporary file creation in xferfaxstats script

Background Hylafax is a client-server fax package for class 1 and 2 fax modems. Description Javier Fernandez-Sanguino has discovered that xferfaxstats cron script supplied by Hylafax insecurely creates temporary files with predictable filenames. Impact A local attacker could create symbolic links...

2.1CVSS6.1AI score0.00383EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/08/23 12:0 a.m.21 views

Evolution: Format string vulnerabilities

Background Evolution is a GNOME groupware application. Description Ulf Harnhammar discovered that Evolution is vulnerable to format string bugs when viewing attached vCards and when displaying contact information from remote LDAP servers or task list data from remote servers CAN-2005-2549. He als...

7.5CVSS7AI score0.04426EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/05/23 12:0 a.m.21 views

Qpopper: Multiple Vulnerabilities

Background Qpopper is a widely used server for the POP3 protocol. Description Jens Steube discovered that Qpopper doesn't drop privileges to process local files from normal users CAN-2005-1151. The upstream developers discovered that Qpopper can be forced to create group or world writeable files...

7.2CVSS6.3AI score0.00367EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/04/06 12:0 a.m.22 views

sharutils: Insecure temporary file creation

Background sharutils is a collection of tools to deal with shar archives. Description Joey Hess has discovered that the program unshar, which is a part of sharutils, creates temporary files in a world-writable directory with predictable names. Impact A local attacker could create symbolic links i...

7AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/21 12:0 a.m.21 views

Xzabite dyndnsupdate: Multiple vulnerabilities

Background dyndnsupdate is a dyndns.org data updater written by Fredrik "xzabite" Haglund. Description Toby Dickenson discovered that dyndnsupdate suffers from multiple overflows. Impact A remote attacker, posing as a dyndns.org server, could execute arbitrary code with the rights of the user...

7.5CVSS7.3AI score0.03135EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/10 12:0 a.m.21 views

mpg123: Buffer overflow

Background mpg123 is a real-time MPEG audio player. Description mpg123 improperly parses frame headers in input streams. Impact By inducing a user to play a malicious file, an attacker may be able to exploit a buffer overflow to execute arbitrary code with the permissions of the user running...

7.5CVSS7.6AI score0.03584EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/05 12:0 a.m.21 views

Shoutcast Server: Remote code execution

Background Shoutcast Server is Nullsoft's streaming audio server. It runs on a variety of platforms, including Linux, and is extremely popular with Internet broadcasters. Description Part of the Shoutcast Server Linux binary has been found to improperly handle sprintf parsing. Impact A malicious...

7.5CVSS2.9AI score0.70066EPSS
Exploits8
Gentoo Linux
Gentoo Linux
added 2004/12/15 12:0 a.m.21 views

ncpfs: Buffer overflow in ncplogin and ncpmap

Background ncpfs is a NCP protocol network filesystem that allows access to Netware services, for example to mount volumes of NetWare servers or print to NetWare print queues. Description Karol Wiesek discovered a buffer overflow in the handling of the '-T' option in the ncplogin and ncpmap...

7.2CVSS2.7AI score0.004EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/11/11 12:0 a.m.21 views

ez-ipupdate: Format string vulnerability

Background ez-ipupdate is a utility for updating host name information for a large number of dynamic DNS services. Description Ulf Harnhammar from the Debian Security Audit Project discovered a format string vulnerability in ez-ipupdate. Impact An attacker could exploit this to execute arbitrary...

10CVSS7AI score0.03818EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/10/27 12:0 a.m.21 views

mpg123: Buffer overflow vulnerabilities

Background mpg123 is a MPEG Audio Player. Description Buffer overflow vulnerabilities in the getauthfromURL and httpopen functions have been reported by Carlos Barros. Additionally, the Gentoo Linux Sound Team fixed additional boundary checks which were found to be lacking. Impact By enticing a...

10CVSS7.5AI score0.06527EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/10/04 12:0 a.m.21 views

Netpbm: Multiple temporary file issues

Background Netpbm is a toolkit containing more than 200 separate utilities for manipulation and conversion of graphic images. Description Utilities contained in the Netpbm package prior to the 9.25 version contain defects in temporary file handling. They create temporary files with predictable...

3.7CVSS6.1AI score0.00413EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/12 12:0 a.m.21 views

gv: Exploitable Buffer Overflow

Background gv is a PostScript and PDF viewer for X which provides a user interface for the ghostscript interpreter. Description gv contains a buffer overflow vulnerability where an unsafe sscanf call is used to interpret PDF and PostScript files. Impact By enticing a user to view a malformed PDF ...

4.6CVSS7.5AI score0.02025EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/04/19 12:0 a.m.21 views

XChat 2.0.x SOCKS5 Vulnerability

Background XChat is a multiplatform IRC client. Description The SOCKS 5 proxy code in XChat is vulnerable to a remote exploit. Users would have to be using XChat through a SOCKS 5 server, enable SOCKS 5 traversal which is disabled by default and also connect to an attacker's custom proxy server...

7.5CVSS6.7AI score0.08961EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/03/30 12:0 a.m.21 views

Fetchmail 6.2.5 fixes a remote DoS

Background Fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. Description Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user. This problem occurs because Fetchmail does not...

5CVSS6.4AI score0.01943EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2025/06/12 12:0 a.m.20 views

Python, PyPy: Multiple Vulnerabilities

Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Multiple vulnerabilities have been discovered in Python, PyPy3. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers f...

9.4CVSS7.7AI score0.02303EPSS
Exploits16
Gentoo Linux
Gentoo Linux
added 2024/11/17 12:0 a.m.20 views

Perl: Multiple Vulnerabilities

Background Perl is Larry Wall’s Practical Extraction and Report Language. Description Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...

8.1CVSS7.7AI score0.01742EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.20 views

PostgreSQL: Privilege Escalation

Background PostgreSQL is an open source object-relational database management system. Description A vulnerability has been discovered in PostgreSQL. Please review the CVE identifier referenced below for details. Impact An attacker able to create and drop non-temporary objects could inject SQL cod...

8.8CVSS8AI score0.01565EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.20 views

stb: Multiple Vulnerabilities

Background A set of single-file public domain or MIT licensed libraries for C/C++ Description Multiple vulnerabilities have been discovered in stb. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is ...

8.8CVSS7.6AI score0.02069EPSS
Exploits6
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.20 views

Mbed TLS: Multiple Vulnerabilities

Background Mbed TLS previously PolarSSL is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. Description Multiple vulnerabilities have been discovered in Mbed TLS. Please review the...

9.8CVSS7.8AI score0.01147EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.20 views

pypy, pypy3: Multiple Vulnerabilities

Background A fast, compliant alternative implementation of the Python language. Description Multiple vulnerabilities have been discovered in pypy. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is n...

9.8CVSS7.7AI score0.08235EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/08/12 12:0 a.m.20 views

protobuf, protobuf-python: Denial of Service

Background Google's Protocol Buffers are an extensible mechanism for serializing structured data. Description A vulnerability has been discovered in protobuf and protobuf-python. Please review the CVE identifiers referenced below for details. Impact A parsing vulnerability for the MessageSet type...

7.5CVSS7.2AI score0.01191EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/08/07 12:0 a.m.20 views

PostgreSQL: Multiple Vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...

8.8CVSS7.7AI score0.04322EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/07/05 12:0 a.m.20 views

TigerVNC: Multiple Vulnerabilities

Background TigerVNC is a high-performance VNC server/client. Description Multiple vulnerabilities have been discovered in TigerVNC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

8.1CVSS7.6AI score0.04773EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2024/07/01 12:0 a.m.20 views

SDL_ttf: Arbitrary Memory Write

Background SDLttf is a wrapper around the FreeType and Harfbuzz libraries, allowing you to use TrueType fonts to render text in SDL applications. Description A vulnerability has been discovered in SDLttf. Please review the CVE identifier referenced below for details. Impact SDLttf was discovered ...

7.8CVSS7.4AI score0.00946EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/02/26 12:0 a.m.20 views

btrbk: Remote Code Execution

Background btrbk is a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Description A vulnerability has been discovered in btrbk. Please review the CVE identifier referenced below...

9.8CVSS7.2AI score0.03155EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2023/11/25 12:0 a.m.20 views

MiniDLNA: Multiple Vulnerabilities

Background MiniDLNA is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients. Description Multiple vulnerabilities have been discovered in MiniDLNA. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.8CVSS7.3AI score0.02061EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.20 views

slixmpp: Insufficient Certificate Validation

Background slixmpp is a Python 3 library for XMPP. Description slixmpp does not validate hostnames in certificates used by connected servers. Impact An attacker could perform a man-in-the-middle attack on users' connections to servers with slixmpp. Workaround There is no known workaround at this...

7.5CVSS6.6AI score0.00469EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/12/30 12:0 a.m.20 views

MPFR: User-assisted execution of arbitrary code

Background MPFR is a library for multiple-precision floating-point computations with exact rounding. Description MPFR fails to adequately check user-supplied input, which could lead to a buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...

9.8CVSS9.8AI score0.0429EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2015/11/02 12:0 a.m.20 views

MirBSD Korn Shell: Arbitrary code execution

Background MirBSD Korn Shell is an actively developed free implementation of the Korn Shell programming language and a successor to the Public Domain Korn Shell. Description Improper sanitation of environment import allows for appending of values to passed parameters. Impact An attacker who alrea...

3AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/04/07 12:0 a.m.20 views

OptiPNG: User-assisted execution of arbitrary code

Background OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Description A use-after-free vulnerability exists in the palette reduction functionality of OptiPNG. Impact A remote attacker could entice a user to open a specially crafted imag...

7.5CVSS7AI score0.05236EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2013/10/06 12:0 a.m.20 views

GEGL: User-assisted execution of arbitrary code

Background GEGL is a graph-based image processing framework. Description Multiple integer overflows in GEGL may cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted PPM image using an application linked against GEGL, possibly resulting in...

7.5CVSS7.1AI score0.1326EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2013/09/15 12:0 a.m.20 views

libotr: Arbitrary code execution

Background libotr is a portable off-the-record messaging library. Description Multiple heap-based buffer overflows are present in the Base64 decoder of libotr. Impact A remote attacker could send a specially crafted OTR message, resulting in arbitrary code execution with the privileges of the...

4.3CVSS7.3AI score0.03441EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/03/06 12:0 a.m.20 views

foomatic-filters: User-assisted execution of arbitrary code

Background The foomatic-filters package contains wrapper scripts which are designed to be used with Foomatic. Description The foomatic-rip filter improperly handles command-line arguments, including those issued by FoomaticRIPCommandLine fields in PPD files. Impact A remote attacker could entice ...

6.8CVSS7.5AI score0.10795EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2010/09/06 12:0 a.m.20 views

Maildrop: privilege escalation

Background maildrop is the mail filter/mail delivery agent that is used by the Courier Mail Server. Description Christoph Anton Mitterer reported that maildrop does not properly drop its privileges when run as root. Impact A local attacker could create a specially crafted .mailfilter file, possib...

6.9CVSS6.6AI score0.00423EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2010/01/13 12:0 a.m.20 views

Blender: Untrusted search path

Background Blender is a 3D Creation/Animation/Publishing System. Description Steffen Joeris reported that Blender's BPYinterface calls PySysSetArgv in such a way that Python prepends sys.path with an empty string. Impact A local attacker could entice a user to run "blender" from a directory...

6.9CVSS6.7AI score0.00394EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/04/04 12:0 a.m.20 views

WeeChat: Denial of service

Background Wee Enhanced Environment for Chat WeeChat is a light and extensible console IRC client. Description Sebastien Helleu reported an array out-of-bounds error in the colored message handling. Impact A remote attacker could send a specially crafted PRIVMSG command, possibly leading to a...

5CVSS1.8AI score0.03105EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/11/09 12:0 a.m.20 views

Graphviz: User-assisted execution of arbitrary code

Background Graphviz is an open source graph visualization software. Description Roee Hay reported a stack-based buffer overflow in the pushsubg function in parser.y when processing a DOT file with a large number of Agrapht elements. Impact A remote attacker could entice a user or automated system...

8.5CVSS7.1AI score0.05061EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/06/03 12:0 a.m.20 views

mtr: Stack-based buffer overflow

Background mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool. Description Adam Zabrocki reported a boundary error within the splitredraw function in the file split.c, possibly leading to a stack-based buffer overflow. Impact A remote attack...

6.8CVSS7.4AI score0.04705EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/05/14 12:0 a.m.20 views

libid3tag: Denial of service

Background libid3tag is an ID3 tag manipulation library. Description Kentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3FIELDTYPESTRINGLIST field that ends in '\0'. Impact A remote attacker could entice a user to open a specially crafted MP3 file, possib...

5CVSS7.3AI score0.07267EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2008/05/09 12:0 a.m.20 views

Linux Terminal Server Project: Multiple vulnerabilities

Background The Linux Terminal Server Project adds thin-client support to Linux servers. Description LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server GLSA 200705-06, GLSA 200710-16, GLSA 200801-09, libpng GLSA 200705-24, GLSA 200711-08, Freetype GL...

0.9AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/02/14 12:0 a.m.20 views

Boost: Denial of service

Background Boost is a set of C++ libraries, including the Boost.Regex library to process regular expressions. Description Tavis Ormandy and Will Drewry from the Google Security Team reported a failed assertion in file regex/v4/perlmatchernonrecursive.hpp CVE-2008-0171 and a NULL pointer dereferen...

5CVSS6.3AI score0.02686EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/10/25 12:0 a.m.20 views

Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code

Background Sylpheed and Claws Mail are two GTK based e-mail clients. Description Ulf Harnhammar from Secunia Research discovered a format string error in the incputerror function in file src/inc.c. Impact A remote attacker could entice a user to connect to a malicious POP server sending specially...

6.8CVSS7.1AI score0.03167EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/09/13 12:0 a.m.20 views

po4a: Insecure temporary file creation

Background po4a is a set of tools for helping with the translation of documentation. Description The po4a development team reported a race condition in the gettextize function when creating the file "/tmp/gettextization.failed.po". Impact A local attacker could perform a symlink attack, possibly...

3.3CVSS6.2AI score0.00302EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/13 12:0 a.m.20 views

Amarok: User-assisted remote execution of arbitrary code

Background Amarok is an advanced music player. Description The Magnatune downloader doesn't quote the "mcurrentAlbumFileName" parameter while calling the "unzip" shell command. Impact A compromised or malicious Magnatune server can remotely execute arbitrary shell code with the rights of the user...

3.5AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/02/27 12:0 a.m.20 views

CHMlib: User-assisted remote execution of arbitrary code

Background CHMlib is a library for the MS CHM Compressed HTML file format plus extracting and HTTP server utils. Description When certain CHM files that contain tables and objects stored in pages are parsed by CHMlib, an unsanitized value is passed to the alloca function resulting in a shift of t...

9.3CVSS6.8AI score0.0458EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/12/14 12:0 a.m.20 views

Links: Arbitrary Samba command execution

Background Links is a web browser running in both graphics and text modes. Description Teemu Salmela discovered that Links does not properly validate "smb://" URLs when it runs smbclient commands. Impact A remote attacker could entice a user to browse to a specially crafted "smb://" URL and execu...

7.5CVSS6.8AI score0.0805EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/10/24 12:0 a.m.20 views

ClamAV: Multiple Vulnerabilities

Background ClamAV is a GPL virus scanner. Description Damian Put and an anonymous researcher reported a potential heap-based buffer overflow vulnerability in rebuildpe.c responsible for the rebuilding of an unpacked PE file, and a possible crash in chmunpack.c in the CHM unpacker. Impact By sendi...

7.5CVSS7.3AI score0.19739EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/06/07 12:0 a.m.20 views

Tor: Several vulnerabilities

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Some integer overflows exist when adding elements to the smartlists. Non-printable characters received from the network are not properly sanitised before...

5CVSS7.5AI score0.02893EPSS
Exploits0
Total number of security vulnerabilities3816