Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2013/09/25 12:0 a.m.20 views

TPP: User-assisted execution of arbitrary code

Background TPP is an ncurses-based text presentation tool. Description TPP templates may contain a --exec clause, the contents of which are automatically executed without confirmation from the user. Impact A remote attacker could entice a user to open a specially crafted file using TPP, possibly...

6.8CVSS7AI score0.02602EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2013/01/09 12:0 a.m.20 views

dhcpcd: Arbitrary code execution

Background dhcpcd is a fully featured, yet light weight RFC2131 compliant DHCP client. Description A vulnerability has been discovered in dhcpcd. Please review the CVE identifier referenced below for details. Impact The vulnerability might allow an attacker to execute arbitrary code on the DHCP...

6.8CVSS3.4AI score0.03748EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2011/01/15 12:0 a.m.20 views

aria2: Directory traversal

Background aria2 is a download utility with resuming and segmented downloading with HTTP/HTTPS/FTP/BitTorrent support. Description A directory traversal vulnerability was discovered in aria2. Impact A remote attacker could entice a user to download from a specially crafted metalink file, resultin...

4.3CVSS6.4AI score0.03159EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2010/09/06 12:0 a.m.20 views

Maildrop: privilege escalation

Background maildrop is the mail filter/mail delivery agent that is used by the Courier Mail Server. Description Christoph Anton Mitterer reported that maildrop does not properly drop its privileges when run as root. Impact A local attacker could create a specially crafted .mailfilter file, possib...

6.9CVSS6.6AI score0.00423EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2009/03/17 12:0 a.m.20 views

libcdaudio: User-assisted execution of arbitrary code

Background libcdaudio is a library of CD audio related routines. Description A heap-based buffer overflow has been reported in the cddbreaddiscdata function in cddb.c when processing overly long CDDB data. Impact A remote attacker could entice a user to connect to a malicious CDDB server, possibl...

10CVSS7.3AI score0.04933EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/06/03 12:0 a.m.20 views

mtr: Stack-based buffer overflow

Background mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool. Description Adam Zabrocki reported a boundary error within the splitredraw function in the file split.c, possibly leading to a stack-based buffer overflow. Impact A remote attack...

6.8CVSS7.4AI score0.04705EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/05/14 12:0 a.m.20 views

libid3tag: Denial of service

Background libid3tag is an ID3 tag manipulation library. Description Kentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3FIELDTYPESTRINGLIST field that ends in '\0'. Impact A remote attacker could entice a user to open a specially crafted MP3 file, possib...

5CVSS7.3AI score0.07267EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2008/05/09 12:0 a.m.20 views

Linux Terminal Server Project: Multiple vulnerabilities

Background The Linux Terminal Server Project adds thin-client support to Linux servers. Description LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server GLSA 200705-06, GLSA 200710-16, GLSA 200801-09, libpng GLSA 200705-24, GLSA 200711-08, Freetype GL...

0.9AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/02/14 12:0 a.m.20 views

Boost: Denial of service

Background Boost is a set of C++ libraries, including the Boost.Regex library to process regular expressions. Description Tavis Ormandy and Will Drewry from the Google Security Team reported a failed assertion in file regex/v4/perlmatchernonrecursive.hpp CVE-2008-0171 and a NULL pointer dereferen...

5CVSS6.3AI score0.02686EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/11/06 12:0 a.m.20 views

Evolution: User-assisted remote execution of arbitrary code

Background Evolution is the mail client of the GNOME desktop environment. Camel is the Evolution Data Server module that handles mail functions. Description The imaprescan function of the file camel-imap-folder.c does not properly sanitize the "SEQUENCE" response sent by an IMAP server before bei...

6.8CVSS7.2AI score0.03122EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/10/25 12:0 a.m.20 views

Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code

Background Sylpheed and Claws Mail are two GTK based e-mail clients. Description Ulf Harnhammar from Secunia Research discovered a format string error in the incputerror function in file src/inc.c. Impact A remote attacker could entice a user to connect to a malicious POP server sending specially...

6.8CVSS7.1AI score0.03167EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/09/13 12:0 a.m.20 views

po4a: Insecure temporary file creation

Background po4a is a set of tools for helping with the translation of documentation. Description The po4a development team reported a race condition in the gettextize function when creating the file "/tmp/gettextization.failed.po". Impact A local attacker could perform a symlink attack, possibly...

3.3CVSS6.2AI score0.00302EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/08/09 12:0 a.m.20 views

ClamAV: Denial of service

Background ClamAV is a GPL virus scanner. Description Metaeye Security Group reported a NULL pointer dereference in ClamAV when processing RAR archives. Impact A remote attacker could send a specially crafted RAR archive to the clamd daemon, resulting in a crash and a Denial of Service. Workaroun...

4.3CVSS6.3AI score0.07692EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/02/27 12:0 a.m.20 views

CHMlib: User-assisted remote execution of arbitrary code

Background CHMlib is a library for the MS CHM Compressed HTML file format plus extracting and HTTP server utils. Description When certain CHM files that contain tables and objects stored in pages are parsed by CHMlib, an unsanitized value is passed to the alloca function resulting in a shift of t...

9.3CVSS6.8AI score0.0458EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/12/14 12:0 a.m.20 views

Links: Arbitrary Samba command execution

Background Links is a web browser running in both graphics and text modes. Description Teemu Salmela discovered that Links does not properly validate "smb://" URLs when it runs smbclient commands. Impact A remote attacker could entice a user to browse to a specially crafted "smb://" URL and execu...

7.5CVSS6.8AI score0.0805EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/06/07 12:0 a.m.20 views

Tor: Several vulnerabilities

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Some integer overflows exist when adding elements to the smartlists. Non-printable characters received from the network are not properly sanitised before...

5CVSS7.5AI score0.02893EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/11/13 12:0 a.m.20 views

RAR: Format string and buffer overflow vulnerabilities

Background RAR is a powerful archive manager that can decompress RAR, ZIP and other files, and can create new archives in RAR and ZIP file format. Description Tan Chew Keong reported about two vulnerabilities found in RAR: A format string error exists when displaying a diagnostic error message th...

8AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/08/05 12:0 a.m.20 views

Netpbm: Arbitrary code execution in pstopnm

Background Netpbm is a package of 220 graphics programs and a programming libraries, including pstopnm. pstopnm is a tool which converts PostScript files to PNM image files. Description Max Vozeler reported that pstopnm calls the GhostScript interpreter on untrusted PostScript files without...

7.5CVSS6.7AI score0.03741EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/07/26 12:0 a.m.20 views

Clam AntiVirus: Integer overflows

Background Clam AntiVirus is a GPL anti-virus toolkit, designed for integration with mail servers to perform attachment scanning. Clam AntiVirus also provides a command line scanner and a tool for fetching updates of the virus database. Description Neel Mehta and Alex Wheeler discovered that Clam...

7.5CVSS7.3AI score0.03877EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/04/13 12:0 a.m.20 views

rsnapshot: Local privilege escalation

Background rsnapshot is a filesystem snapshot utility based on rsync, allowing local and remote systems backups. Description The copysymlink subroutine in rsnapshot follows symlinks when changing file ownership, instead of changing the ownership of the symlink itself. Impact Under certain...

4.6CVSS6.4AI score0.0036EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/04/02 12:0 a.m.20 views

Sylpheed, Sylpheed-claws: Buffer overflow on message display

Background Sylpheed is a lightweight email client and newsreader. Sylpheed-claws is a 'bleeding edge' version of Sylpheed. Description Sylpheed and Sylpheed-claws fail to properly handle messages containing attachments with MIME-encoded filenames. Impact An attacker can send a malicious email...

1.9AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/15 12:0 a.m.20 views

Ringtone Tools: Buffer overflow vulnerability

Background Ringtone Tools is a program for creating ringtones and logos for mobile phones. Description Qiao Zhang has discovered a buffer overflow vulnerability in the 'parseemelody' function in 'parseemelody.c'. Impact A remote attacker could entice a Ringtone Tools user to open a specially...

10CVSS4.6AI score0.16185EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/01/06 12:0 a.m.20 views

Vilistextum: Buffer overflow vulnerability

Background Vilistextum is an HTML to text converter. Description Ariel Berkman discovered that Vilistextum unsafely reads data into an array without checking the length. This code vulnerability may lead to a buffer overflow. Impact A remote attacker could craft a malicious webpage which, when...

10CVSS3.3AI score0.12253EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2004/08/24 12:0 a.m.20 views

kdelibs: Cross-domain cookie injection vulnerability

Background KDE is a widely-used desktop environment based on the Qt toolkit. kcookiejar in kdelibs is responsible for storing and managing HTTP cookies. Konqueror uses kcookiejar for storing and managing cookies. Description kcookiejar contains a vulnerability which may allow a malicious website ...

0.4AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/07/22 12:0 a.m.20 views

mod_ssl: Format string vulnerability

Background modssl provides Secure Sockets Layer encryption and authentication to Apache 1.3. Description A bug in sslengineext.c makes modssl vulnerable to a ssllog related format string vulnerability in the modproxy hook functions. Impact Given the right server configuration, an attacker could...

1.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/07/20 12:0 a.m.20 views

Opera: Multiple spoofing vulnerabilities

Background Opera is a multi-platform web browser. Description Opera fails to remove illegal characters from an URI of a link and to check that the target frame of a link belongs to the same website as the link. Opera also updates the address bar before loading a page. Additionally, Opera contains...

2.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/04/27 12:0 a.m.20 views

Buffer overflows and format string vulnerabilities in LCDproc

Background LCDproc is a program that displays various bits of real-time system information on an LCD. It makes use of a local server LCDd to collect information to display on the LCD. Description Due to insufficient checking of client-supplied data, the LCDd server is susceptible to two buffer...

1.9AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/04/04 12:0 a.m.20 views

Insecure sandbox temporary lockfile vulnerabilities in Portage

Background Portage is Gentoo's package management system which is responsible for installing, compiling and updating any ebuilds on the system through the Gentoo rsync tree. Under default configurations, most ebuilds run under a sandbox which prevent the build process writing to the "real" system...

0.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/01/27 12:0 a.m.20 views

Apache mod_python Denial of Service vulnerability

Background Modpython is an Apache module that embeds the Python interpreter within the server allowing Python-based web-applications to be created. Description The Apache Foundation has reported that modpython may be prone to Denial of Service attacks when handling a malformed query. Modpython...

2.5AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/12/08 12:0 a.m.19 views

Spidermonkey: Multiple Vulnerabilities

Background SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell. Description Multiple vulnerabilities have be...

9.8CVSS7.6AI score0.04395EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/12/07 12:0 a.m.19 views

icinga2: Multiple Vulnerabilities

Background Icinga2 is a distributed, general purpose, network monitoring engine. Description Multiple vulnerabilities have been discovered in Icinga2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There ...

9.8CVSS7.3AI score0.02934EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.19 views

OpenVPN: Multiple Vulnerabilities

Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...

9.8CVSS7.6AI score0.03519EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/07/06 12:0 a.m.19 views

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.8CVSS7.6AI score0.22935EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2024/07/06 12:0 a.m.19 views

X.Org X11 library: Multiple Vulnerabilities

Background X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files. Description Multiple vulnerabilities have been discovered in X.Org X11 library. Please review the CVE identifiers referenced below for details. Impact Please review the...

7.8CVSS7.7AI score0.01656EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/05/05 12:0 a.m.19 views

borgmatic: Shell Injection

Background borgmatic is simple, configuration-driven backup software for servers and workstations. Description Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the "borgmatic borg" action, and command hook variable/constant interpolation. Impact Shell...

8.3AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/02/19 12:0 a.m.19 views

Glade: Denial of Service

Background Glade is a RAD tool to enable quick & easy development of user interfaces for the GTK+ toolkit Version 3 only and the GNOME desktop environment. Description A vulnerability has been found in Glade which can lead to a denial of service when working with specific glade files. Impact A...

5.5CVSS5.4AI score0.00214EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/02/04 12:0 a.m.19 views

libwww-perl: Multiple vulnerabilities

Background libwww is a collection of Perl modules providing a consistent interface to the World-Wide Web. Description Multiple vulnerabilities have been discovered in libwww-perl. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to...

6.8CVSS7.5AI score0.04246EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/01/26 12:0 a.m.19 views

VIPS: Privilege Escalation

Background VIPS is a free image processing system. Description VIPS places a zero-length directory name in the LDLIBRARYPATH, which might result in the current working directory . to be included when searching for dynamically linked libraries. Impact A local attacker could gain escalated privileg...

6.9CVSS6.2AI score0.00432EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2013/12/27 12:0 a.m.19 views

Xfig: Arbitrary code execution

Background Xfig is an interactive drawing tool. Description Xfig contains a buffer overflow vulnerability in processing certain FIG images. Impact A remote attacker could entice a user to open a specially-crafted file, potentially resulting in arbitrary code execution or a Denial of Service...

6.8CVSS7.4AI score0.0582EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2013/09/01 12:0 a.m.19 views

Cyrus-SASL: Denial of service

Background Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Description In the GNU C Library glibc from version 2.17 onwards, the crypt function call can return NULL when the salt violates specifications or the system is in FIPS-140 mode and a DES or MD5 hashed...

4.3CVSS6.6AI score0.03589EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2012/09/28 12:0 a.m.19 views

libgssglue: Privilege escalation

Background libgssglue exports a GSSAPI interface which calls other random GSSAPI libraries. Description libgssglue does not securely use getenv when loading a library for a setuid application. Impact A local attacker could gain escalated privileges. Workaround There is no known workaround at this...

6.2CVSS3.2AI score0.0044EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2010/09/21 12:0 a.m.19 views

python-updater: Untrusted search path

Background python-updater is a script used to remerge python packages when changing Python version. Description Robert Buchholz of the Gentoo Security Team reported that python-updater includes the current working directory and subdirectories in the Python module search path sys.path before calli...

2.7AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/03/06 12:0 a.m.19 views

ZNC: Privilege escalation

Background ZNC is an advanced IRC bouncer. Description cnu discovered multiple CRLF injection vulnerabilities in ZNC's webadmin module. Impact A remote authenticated attacker could modify the znc.conf configuration file and gain privileges via newline characters in e.g. the QuitMessage field, and...

6.5CVSS4.3AI score0.02095EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/05/12 12:0 a.m.19 views

PTeX: Multiple vulnerabilities

Background PTeX is a TeX distribution with Japanese support. It is used for creating and manipulating LaTeX documents. Description Multiple issues were found in the teTeX 2 codebase that PTeX builds upon GLSA 200709-17, GLSA 200711-26. PTeX also includes vulnerable code from the GD library GLSA...

3.4AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/04/06 12:0 a.m.19 views

NX: User-assisted execution of arbitrary code

Background NoMachine's NX establishes remote connections to X11 desktops over small bandwidth links. NX and NX Node are the compression core libraries, whereas NX is used by FreeNX and NX Node by the binary-only NX servers. Description Multiple integer overflow and buffer overflow vulnerabilities...

4.2AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/03/05 12:0 a.m.19 views

Evolution: Format string vulnerability

Background Evolution is a GNOME groupware application. Description Ulf Harnhammar from Secunia Research discovered a format string error in the emfmultipartencrypted function in the file mail/em-format.c when reading certain data e.g. the "Version:" field from an encrypted e-mail. Impact A remote...

6.8CVSS6.9AI score0.06018EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/02/13 12:0 a.m.19 views

Pulseaudio: Privilege escalation

Background Pulseaudio is a networked sound server with an advanced plugin system. Description Marcus Meissner from SUSE reported that the padroproot function does not properly check the return value of the system calls setuid, seteuid, setresuid and setreuid when dropping its privileges. Impact A...

7.2CVSS6.1AI score0.00556EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/01/09 12:0 a.m.19 views

R: Multiple vulnerabilities

Background R is a GPL licensed implementation of S, a language and environment for statistical computing and graphics. PCRE is a library providing functions for Perl-compatible regular expressions. Description R includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory...

4.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/12/09 12:0 a.m.19 views

AMD64 x86 emulation Qt library: Multiple vulnerabilities

Background Qt is a cross-platform GUI framework, which is used e.g. by KDE. The AMD64 x86 emulation Qt library packages Qt libraries for 32bit x86 emulation on AMD64. Description The Qt versions used by the AMD64 x86 emulation Qt libraries were vulnerable to several flaws GLSA 200708-16, GLSA...

2.9AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/29 12:0 a.m.19 views

Ekiga: Format string vulnerability

Background Ekiga is an open source VoIP and video conferencing application. Description Mu Security has discovered that Ekiga fails to implement formatted printing correctly. Impact An attacker could exploit this vulnerability to crash Ekiga and potentially execute arbitrary code by sending a...

10CVSS7.1AI score0.0364EPSS
Exploits0
Total number of security vulnerabilities3816