Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2007/10/25 12:0 a.m.•20 views

Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code

Background Sylpheed and Claws Mail are two GTK based e-mail clients. Description Ulf Harnhammar from Secunia Research discovered a format string error in the incputerror function in file src/inc.c. Impact A remote attacker could entice a user to connect to a malicious POP server sending specially...

6.8CVSS7.1AI score0.03167EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/09/13 12:0 a.m.•20 views

po4a: Insecure temporary file creation

Background po4a is a set of tools for helping with the translation of documentation. Description The po4a development team reported a race condition in the gettextize function when creating the file "/tmp/gettextization.failed.po". Impact A local attacker could perform a symlink attack, possibly...

3.3CVSS6.2AI score0.00302EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/03/13 12:0 a.m.•20 views

Amarok: User-assisted remote execution of arbitrary code

Background Amarok is an advanced music player. Description The Magnatune downloader doesn't quote the "mcurrentAlbumFileName" parameter while calling the "unzip" shell command. Impact A compromised or malicious Magnatune server can remotely execute arbitrary shell code with the rights of the user...

3.5AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/02/27 12:0 a.m.•20 views

CHMlib: User-assisted remote execution of arbitrary code

Background CHMlib is a library for the MS CHM Compressed HTML file format plus extracting and HTTP server utils. Description When certain CHM files that contain tables and objects stored in pages are parsed by CHMlib, an unsanitized value is passed to the alloca function resulting in a shift of t...

9.3CVSS6.8AI score0.0458EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/12/14 12:0 a.m.•20 views

Links: Arbitrary Samba command execution

Background Links is a web browser running in both graphics and text modes. Description Teemu Salmela discovered that Links does not properly validate "smb://" URLs when it runs smbclient commands. Impact A remote attacker could entice a user to browse to a specially crafted "smb://" URL and execu...

7.5CVSS6.8AI score0.0805EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/06/07 12:0 a.m.•20 views

Tor: Several vulnerabilities

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Some integer overflows exist when adding elements to the smartlists. Non-printable characters received from the network are not properly sanitised before...

5CVSS7.5AI score0.02893EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/13 12:0 a.m.•20 views

RAR: Format string and buffer overflow vulnerabilities

Background RAR is a powerful archive manager that can decompress RAR, ZIP and other files, and can create new archives in RAR and ZIP file format. Description Tan Chew Keong reported about two vulnerabilities found in RAR: A format string error exists when displaying a diagnostic error message th...

8AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/02 12:0 a.m.•20 views

libgda: Format string vulnerabilities

Background libgda is the library handling the data abstraction layer in the Gnome data access architecture GNOME-DB. It can also be used by non-GNOME applications to manage data stored in databases or XML files. Description Steve Kemp discovered two format string vulnerabilities in the gdalogerro...

7.5CVSS7.1AI score0.03611EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/05 12:0 a.m.•20 views

Netpbm: Arbitrary code execution in pstopnm

Background Netpbm is a package of 220 graphics programs and a programming libraries, including pstopnm. pstopnm is a tool which converts PostScript files to PNM image files. Description Max Vozeler reported that pstopnm calls the GhostScript interpreter on untrusted PostScript files without...

7.5CVSS6.7AI score0.03741EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/07/26 12:0 a.m.•20 views

Clam AntiVirus: Integer overflows

Background Clam AntiVirus is a GPL anti-virus toolkit, designed for integration with mail servers to perform attachment scanning. Clam AntiVirus also provides a command line scanner and a tool for fetching updates of the virus database. Description Neel Mehta and Alex Wheeler discovered that Clam...

7.5CVSS7.3AI score0.03877EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/13 12:0 a.m.•20 views

rsnapshot: Local privilege escalation

Background rsnapshot is a filesystem snapshot utility based on rsync, allowing local and remote systems backups. Description The copysymlink subroutine in rsnapshot follows symlinks when changing file ownership, instead of changing the ownership of the symlink itself. Impact Under certain...

4.6CVSS6.4AI score0.0036EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/15 12:0 a.m.•20 views

Ringtone Tools: Buffer overflow vulnerability

Background Ringtone Tools is a program for creating ringtones and logos for mobile phones. Description Qiao Zhang has discovered a buffer overflow vulnerability in the 'parseemelody' function in 'parseemelody.c'. Impact A remote attacker could entice a Ringtone Tools user to open a specially...

10CVSS4.6AI score0.16185EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2005/01/06 12:0 a.m.•20 views

Vilistextum: Buffer overflow vulnerability

Background Vilistextum is an HTML to text converter. Description Ariel Berkman discovered that Vilistextum unsafely reads data into an array without checking the length. This code vulnerability may lead to a buffer overflow. Impact A remote attacker could craft a malicious webpage which, when...

10CVSS3.3AI score0.12253EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2004/08/24 12:0 a.m.•20 views

kdelibs: Cross-domain cookie injection vulnerability

Background KDE is a widely-used desktop environment based on the Qt toolkit. kcookiejar in kdelibs is responsible for storing and managing HTTP cookies. Konqueror uses kcookiejar for storing and managing cookies. Description kcookiejar contains a vulnerability which may allow a malicious website ...

0.4AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/07/22 12:0 a.m.•20 views

mod_ssl: Format string vulnerability

Background modssl provides Secure Sockets Layer encryption and authentication to Apache 1.3. Description A bug in sslengineext.c makes modssl vulnerable to a ssllog related format string vulnerability in the modproxy hook functions. Impact Given the right server configuration, an attacker could...

1.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/07/20 12:0 a.m.•20 views

Opera: Multiple spoofing vulnerabilities

Background Opera is a multi-platform web browser. Description Opera fails to remove illegal characters from an URI of a link and to check that the target frame of a link belongs to the same website as the link. Opera also updates the address bar before loading a page. Additionally, Opera contains...

2.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/04/27 12:0 a.m.•20 views

Buffer overflows and format string vulnerabilities in LCDproc

Background LCDproc is a program that displays various bits of real-time system information on an LCD. It makes use of a local server LCDd to collect information to display on the LCD. Description Due to insufficient checking of client-supplied data, the LCDd server is susceptible to two buffer...

1.9AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/04/04 12:0 a.m.•20 views

Insecure sandbox temporary lockfile vulnerabilities in Portage

Background Portage is Gentoo's package management system which is responsible for installing, compiling and updating any ebuilds on the system through the Gentoo rsync tree. Under default configurations, most ebuilds run under a sandbox which prevent the build process writing to the "real" system...

0.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/01/27 12:0 a.m.•20 views

Apache mod_python Denial of Service vulnerability

Background Modpython is an Apache module that embeds the Python interpreter within the server allowing Python-based web-applications to be created. Description The Apache Foundation has reported that modpython may be prone to Denial of Service attacks when handling a malformed query. Modpython...

2.5AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/12/08 12:0 a.m.•19 views

Spidermonkey: Multiple Vulnerabilities

Background SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell. Description Multiple vulnerabilities have be...

9.8CVSS7.6AI score0.04395EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/12/07 12:0 a.m.•19 views

icinga2: Multiple Vulnerabilities

Background Icinga2 is a distributed, general purpose, network monitoring engine. Description Multiple vulnerabilities have been discovered in Icinga2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There ...

9.8CVSS7.3AI score0.02934EPSS
Exploits3
Gentoo Linux
Gentoo Linux
•added 2024/08/07 12:0 a.m.•19 views

Bitcoin: Denial of Service

Background Bitcoin Core consists of both "full-node" software for fully validating the blockchain as well as a bitcoin wallet. Description Please review the CVE identifier referenced below for details. Impact Bitcoin Core, when debug mode is not used, allows attackers to cause a denial of service...

7.5CVSS7.2AI score0.014EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/07/06 12:0 a.m.•19 views

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.8CVSS7.6AI score0.22935EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2024/07/06 12:0 a.m.•19 views

X.Org X11 library: Multiple Vulnerabilities

Background X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files. Description Multiple vulnerabilities have been discovered in X.Org X11 library. Please review the CVE identifiers referenced below for details. Impact Please review the...

7.8CVSS7.7AI score0.01656EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/05/05 12:0 a.m.•19 views

borgmatic: Shell Injection

Background borgmatic is simple, configuration-driven backup software for servers and workstations. Description Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the "borgmatic borg" action, and command hook variable/constant interpolation. Impact Shell...

8.3AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/02/19 12:0 a.m.•19 views

Glade: Denial of Service

Background Glade is a RAD tool to enable quick & easy development of user interfaces for the GTK+ toolkit Version 3 only and the GNOME desktop environment. Description A vulnerability has been found in Glade which can lead to a denial of service when working with specific glade files. Impact A...

5.5CVSS5.4AI score0.00214EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2020/07/26 12:0 a.m.•19 views

Transmission: Remote code execution

Background Transmission is a cross-platform BitTorrent client. Description Transmission mishandles some memory management which may allow manipulation of the heap. Impact A remote attacker could entice a user to open a specially crafted torrent file using Transmission, possibly resulting in...

7.8CVSS5.6AI score0.02632EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2016/03/12 12:0 a.m.•19 views

FlightGear, SimGear: Multiple vulnerabilities

Background FlightGear is an open-source flight simulator. It supports a variety of popular platforms Windows, Mac, Linux, etc. and is developed by skilled volunteers from around the world. Source code for the entire project is available and licensed under the GNU General Public License. SimGear i...

9.3CVSS7.5AI score0.06463EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/02/04 12:0 a.m.•19 views

libwww-perl: Multiple vulnerabilities

Background libwww is a collection of Perl modules providing a consistent interface to the World-Wide Web. Description Multiple vulnerabilities have been discovered in libwww-perl. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to...

6.8CVSS7.5AI score0.04246EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2014/01/26 12:0 a.m.•19 views

VIPS: Privilege Escalation

Background VIPS is a free image processing system. Description VIPS places a zero-length directory name in the LDLIBRARYPATH, which might result in the current working directory . to be included when searching for dynamically linked libraries. Impact A local attacker could gain escalated privileg...

6.9CVSS6.2AI score0.00432EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2013/11/28 12:0 a.m.•19 views

rssh: Access restriction bypass

Background rssh is a restricted shell, allowing only a few commands like scp or sftp. It is often used as a complement to OpenSSH to provide limited access to users. Description Multiple command line parsing and validation vulnerabilities have been discovered in rssh. Please review the CVE...

4.4CVSS6.9AI score0.00388EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2013/09/01 12:0 a.m.•19 views

Cyrus-SASL: Denial of service

Background Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Description In the GNU C Library glibc from version 2.17 onwards, the crypt function call can return NULL when the salt violates specifications or the system is in FIPS-140 mode and a DES or MD5 hashed...

4.3CVSS6.6AI score0.03589EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2013/01/09 12:0 a.m.•19 views

dhcpcd: Arbitrary code execution

Background dhcpcd is a fully featured, yet light weight RFC2131 compliant DHCP client. Description A vulnerability has been discovered in dhcpcd. Please review the CVE identifier referenced below for details. Impact The vulnerability might allow an attacker to execute arbitrary code on the DHCP...

6.8CVSS3.4AI score0.03748EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2012/09/28 12:0 a.m.•19 views

libgssglue: Privilege escalation

Background libgssglue exports a GSSAPI interface which calls other random GSSAPI libraries. Description libgssglue does not securely use getenv when loading a library for a setuid application. Impact A local attacker could gain escalated privileges. Workaround There is no known workaround at this...

6.2CVSS3.2AI score0.0044EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2011/01/15 12:0 a.m.•19 views

aria2: Directory traversal

Background aria2 is a download utility with resuming and segmented downloading with HTTP/HTTPS/FTP/BitTorrent support. Description A directory traversal vulnerability was discovered in aria2. Impact A remote attacker could entice a user to download from a specially crafted metalink file, resultin...

4.3CVSS6.4AI score0.03159EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2009/03/17 12:0 a.m.•19 views

libcdaudio: User-assisted execution of arbitrary code

Background libcdaudio is a library of CD audio related routines. Description A heap-based buffer overflow has been reported in the cddbreaddiscdata function in cddb.c when processing overly long CDDB data. Impact A remote attacker could entice a user to connect to a malicious CDDB server, possibl...

10CVSS7.3AI score0.04933EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2009/03/06 12:0 a.m.•19 views

ZNC: Privilege escalation

Background ZNC is an advanced IRC bouncer. Description cnu discovered multiple CRLF injection vulnerabilities in ZNC's webadmin module. Impact A remote authenticated attacker could modify the znc.conf configuration file and gain privileges via newline characters in e.g. the QuitMessage field, and...

6.5CVSS4.3AI score0.02095EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/05/12 12:0 a.m.•19 views

PTeX: Multiple vulnerabilities

Background PTeX is a TeX distribution with Japanese support. It is used for creating and manipulating LaTeX documents. Description Multiple issues were found in the teTeX 2 codebase that PTeX builds upon GLSA 200709-17, GLSA 200711-26. PTeX also includes vulnerable code from the GD library GLSA...

3.4AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/04/06 12:0 a.m.•19 views

NX: User-assisted execution of arbitrary code

Background NoMachine's NX establishes remote connections to X11 desktops over small bandwidth links. NX and NX Node are the compression core libraries, whereas NX is used by FreeNX and NX Node by the binary-only NX servers. Description Multiple integer overflow and buffer overflow vulnerabilities...

4.2AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/03/05 12:0 a.m.•19 views

Evolution: Format string vulnerability

Background Evolution is a GNOME groupware application. Description Ulf Harnhammar from Secunia Research discovered a format string error in the emfmultipartencrypted function in the file mail/em-format.c when reading certain data e.g. the "Version:" field from an encrypted e-mail. Impact A remote...

6.8CVSS6.9AI score0.06018EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/02/13 12:0 a.m.•19 views

Pulseaudio: Privilege escalation

Background Pulseaudio is a networked sound server with an advanced plugin system. Description Marcus Meissner from SUSE reported that the padroproot function does not properly check the return value of the system calls setuid, seteuid, setresuid and setreuid when dropping its privileges. Impact A...

7.2CVSS6.1AI score0.00556EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/12/09 12:0 a.m.•19 views

AMD64 x86 emulation Qt library: Multiple vulnerabilities

Background Qt is a cross-platform GUI framework, which is used e.g. by KDE. The AMD64 x86 emulation Qt library packages Qt libraries for 32bit x86 emulation on AMD64. Description The Qt versions used by the AMD64 x86 emulation Qt libraries were vulnerable to several flaws GLSA 200708-16, GLSA...

2.9AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/08/09 12:0 a.m.•19 views

ClamAV: Denial of service

Background ClamAV is a GPL virus scanner. Description Metaeye Security Group reported a NULL pointer dereference in ClamAV when processing RAR archives. Impact A remote attacker could send a specially crafted RAR archive to the clamd daemon, resulting in a crash and a Denial of Service. Workaroun...

4.3CVSS6.3AI score0.07692EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/03/29 12:0 a.m.•19 views

Ekiga: Format string vulnerability

Background Ekiga is an open source VoIP and video conferencing application. Description Mu Security has discovered that Ekiga fails to implement formatted printing correctly. Impact An attacker could exploit this vulnerability to crash Ekiga and potentially execute arbitrary code by sending a...

10CVSS7.1AI score0.0364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/15 12:0 a.m.•19 views

Sylpheed, Sylpheed-Claws: Buffer overflow in LDIF importer

Background Sylpheed is a lightweight email client and newsreader. Sylpheed-Claws is a 'bleeding edge' version of Sylpheed. They both support the import of address books in LDIF Lightweight Directory Interchange Format. Description Colin Leroy reported buffer overflow vulnerabilities in Sylpheed a...

5.1CVSS7.4AI score0.03788EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/30 12:0 a.m.•19 views

lm_sensors: Insecure temporary file creation

Background lmsensors is a software package that provides drivers for monitoring the temperatures, voltages, and fans of Linux systems with hardware monitoring devices. Description Javier Fernandez-Sanguino Pena has discovered that lmsensors insecurely creates temporary files with predictable...

2.1CVSS6.1AI score0.00426EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/01 12:0 a.m.•19 views

ProFTPD: Format string vulnerabilities

Background ProFTPD is a configurable GPL-licensed FTP server software. Description "infamous42md" reported that ProFTPD is vulnerable to format string vulnerabilities when displaying a shutdown message containing the name of the current directory, and when displaying response messages to the clie...

6.4CVSS6.9AI score0.09198EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/19 12:0 a.m.•19 views

XV: Multiple vulnerabilities

Background XV is an interactive image manipulation program for the X Window System. Description Greg Roelofs has reported multiple input validation errors in XV image decoders. Tavis Ormandy of the Gentoo Linux Security Audit Team has reported insufficient validation in the PDS Planetary Data...

2.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/04/02 12:0 a.m.•19 views

Sylpheed, Sylpheed-claws: Buffer overflow on message display

Background Sylpheed is a lightweight email client and newsreader. Sylpheed-claws is a 'bleeding edge' version of Sylpheed. Description Sylpheed and Sylpheed-claws fail to properly handle messages containing attachments with MIME-encoded filenames. Impact An attacker can send a malicious email...

1.9AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/06 12:0 a.m.•19 views

Hashcash: Format string vulnerability

Background Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the Hashcash utility that an attacker could expose by specifying a malformed reply address...

7.5CVSS6.9AI score0.02884EPSS
Exploits0
Total number of security vulnerabilities3816