Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2005/04/19 12:0 a.m.19 views

XV: Multiple vulnerabilities

Background XV is an interactive image manipulation program for the X Window System. Description Greg Roelofs has reported multiple input validation errors in XV image decoders. Tavis Ormandy of the Gentoo Linux Security Audit Team has reported insufficient validation in the PDS Planetary Data...

2.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/06 12:0 a.m.19 views

Hashcash: Format string vulnerability

Background Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the Hashcash utility that an attacker could expose by specifying a malformed reply address...

7.5CVSS6.9AI score0.02884EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/11 12:0 a.m.19 views

o3read: Buffer overflow during file conversion

Background o3read is a standalone converter for OpenOffice.org files. It allows a user to dump the contents tree o3read and convert to plain text o3totxt or to HTML o3tohtml Writer and Calc files. Description Wiktor Kopec discovered that the parsehtml function in o3read.c copies any number of byt...

10CVSS2.1AI score0.10436EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/01/09 12:0 a.m.19 views

Dillo: Format string vulnerability

Background Dillo is a small and fast multi-platform web browser based on GTK+. Description Gentoo Linux developer Tavis Ormandy found a format string bug in Dillo's handling of messages in aInterfacemsg. Impact An attacker could craft a malicious web page which, when accessed using Dillo, would...

7.5CVSS7.1AI score0.03522EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/07/01 12:0 a.m.19 views

Esearch: Insecure temp file handling

Background Esearch is a replacement for the Portage command "emerge search". It uses an index to speed up searching of the Portage tree. Description The eupdatedb utility uses a temporary file /tmp/esearchdb.py.tmp to indicate that the eupdatedb process is running. When run, eupdatedb checks to s...

7.2CVSS6.4AI score0.00337EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/03/26 12:0 a.m.19 views

UUDeview MIME Buffer Overflow

Background UUDeview is a program which is used to transmit binary files over the Internet in a text-only format. It is commonly used for email and Usenet attachments. It supports multiple encoding formats, including Base64, BinHex and UUEncoding. Description By decoding a MIME archive with...

2.9AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2025/05/12 12:0 a.m.18 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

9.8CVSS10AI score0.1307EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2025/01/23 12:0 a.m.18 views

QtWebEngine: Multiple Vulnerabilities

Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

9.8CVSS7.7AI score0.19272EPSS
Exploits23
Gentoo Linux
Gentoo Linux
added 2024/11/17 12:0 a.m.18 views

X.Org X server, XWayland: Multiple Vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

7.8CVSS7.7AI score0.01843EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/09/28 12:0 a.m.18 views

IcedTea: Multiple Vulnerabilities

Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers...

8.3CVSS7.5AI score0.14839EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.18 views

liblouis: Multiple Vulnerabilities

Background liblouis is an open-source braille translator and back-translator. Description Multiple vulnerabilities have been discovered in liblouis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is...

7.5CVSS7.7AI score0.01498EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.18 views

OpenVPN: Multiple Vulnerabilities

Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...

9.8CVSS7.6AI score0.03519EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/07/01 12:0 a.m.18 views

Zsh: Prompt Expansion Vulnerability

Background A shell designed for interactive use, although it is also a powerful scripting language. Description Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. Impact A vulnerability in prompt expansion could be exploited throu...

7.8CVSS7.7AI score0.0198EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/01/12 12:0 a.m.18 views

Asterisk: Multiple vulnerabilities

Background A Modular Open Source PBX System. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the security advisories referenced below for details. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known workaround at...

2.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/05/28 12:0 a.m.18 views

xmonad-contrib: Arbitrary code execution

Background xmonad-contrib is a set of third party tiling algorithms, configurations, and scripts for xmonad. Description A vulnerability in the Xmonad.Hooks.DynamicLog module could allow a malicious website with a specially crafted title to inject commands into the title bar which would be execut...

7.5CVSS7.4AI score0.08985EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2013/12/27 12:0 a.m.18 views

Xfig: Arbitrary code execution

Background Xfig is an interactive drawing tool. Description Xfig contains a buffer overflow vulnerability in processing certain FIG images. Impact A remote attacker could entice a user to open a specially-crafted file, potentially resulting in arbitrary code execution or a Denial of Service...

6.8CVSS7.4AI score0.0582EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/07/09 12:0 a.m.18 views

NX: User-assisted execution of arbitrary code

Background NoMachine's NX establishes remote connections to X11 desktops over small bandwidth links. NX and NX Node are the compression core libraries, whereas NX is used by FreeNX and NX Node by the binary-only NX servers. Description Multiple integer overflow and buffer overflow vulnerabilities...

4.3AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/04/17 12:0 a.m.18 views

Speex: User-assisted execution of arbitrary code

Background Speex is an audio compression format designed for speech that is free of patent restrictions. Description oCERT reported that the Speex library does not properly validate the "mode" value it derives from Speex streams, allowing for array indexing vulnerabilities inside multiple player...

9.3CVSS7.2AI score0.06136EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/01/09 12:0 a.m.18 views

R: Multiple vulnerabilities

Background R is a GPL licensed implementation of S, a language and environment for statistical computing and graphics. PCRE is a library providing functions for Perl-compatible regular expressions. Description R includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory...

4.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/10/23 12:0 a.m.18 views

OpenOffice.org: Heap-based buffer overflow

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description iDefense Labs reported that the TIFF parsing code uses untrusted values to calculate...

9.3CVSS7.2AI score0.1132EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/04/23 12:0 a.m.18 views

Dia: Arbitrary code execution through XFig import

Background Dia is a GTK+ based diagram creation program. Description infamous41md discovered multiple buffer overflows in Dia's XFig file import plugin. Impact By enticing a user to import a specially crafted XFig file into Dia, an attacker could exploit this issue to execute arbitrary code with...

7.6CVSS7.3AI score0.02412EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/03 12:0 a.m.18 views

BidWatcher: Format string vulnerability

Background BidWatcher is a free auction tool for eBay users to keep track of their auctions. Description Ulf Harnhammar discovered a format string vulnerability in "netstuff.cpp". Impact Remote attackers can potentially exploit this vulnerability by sending specially crafted responses via an eBay...

7.5CVSS6.9AI score0.01907EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/10 12:0 a.m.19 views

UnRTF: Buffer overflow

Background UnRTF is a utility to convert files in the Rich Text Format into other formats. Description An unchecked strcat in unrtf may overflow the bounds of a static buffer. Impact Using a specially crafted file, possibly delivered by e-mail or over the web, an attacker may execute arbitrary co...

4.4AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/03 12:0 a.m.18 views

Ruby: CGI::Session creates files insecurely

Background Ruby is an Object Oriented, interpreted scripting language used for many system scripting tasks. It can also be used for CGI web applications. Description The CGI::Session::FileStore implementation and presumably CGI::Session::PStore, which allow data associated with a particular Sessi...

2.1CVSS5.7AI score0.00364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/04/29 12:0 a.m.18 views

Multiple Vulnerabilities in Samba

Background Samba is a package which allows UNIX systems to act as file servers for Windows computers. It also allows UNIX systems to mount shares exported by a Samba/CIFS/Windows server. smbmount is a program in the Samba package which allows normal users on a UNIX system to mount remote shares...

3.3AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/04/09 12:0 a.m.18 views

Cross-realm trust vulnerability in Heimdal

Background Heimdal is a free implementation of Kerberos 5. Description Heimdal does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path. Impact Remote attackers with...

5CVSS6.5AI score0.01528EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/02/17 12:0 a.m.18 views

phpMyAdmin < 2.5.6-rc1: possible attack against export.php

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databased over the Web. Description One component of the phpMyAdmin software package export.php does not properly verify input that is passed to it from a remote user. Since the input is used to include...

0.5AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2003/11/23 12:0 a.m.18 views

FreeRADIUS: heap exploit and NULL pointer dereference vulnerability

Background FreeRADIUS is a popular open source RADIUS server. Description FreeRADIUS versions below 0.9.3 are vulnerable to a heap exploit, however, the attack code must be in the form of a valid RADIUS packet which limits the possible exploits. Also corrected in the 0.9.3 release is another...

2.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2025/06/12 12:0 a.m.17 views

Emacs: Multiple Vulnerabilities

Background Emacs is the extensible, customizable, self-documenting real-time display editor. org-mode is an Emacs mode for notes and project planning. Description Multiple vulnerabilities have been discovered in Emacs, org-mode. Please review the CVE identifiers referenced below for details. Impa...

8.8CVSS10AI score0.02657EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.17 views

gst-plugins-good: Multiple Vulnerabilities

Background gst-plugins-good contains a set of plugins for the GStreamer open source multimedia framework. Description Multiple vulnerabilities have been discovered in gst-plugins-good. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

7.8CVSS7.6AI score0.00465EPSS
Exploits7
Gentoo Linux
Gentoo Linux
added 2024/08/11 12:0 a.m.17 views

AFLplusplus: Arbitrary Code Execution

Background The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicornmode, and a lot more! Description In AFL++ 4.05c, the CmpLog component uses the current working directory to resolv...

7.3CVSS7.4AI score0.004EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/08/09 12:0 a.m.17 views

re2c: Denial of Service

Background re2c is a tool for generating C-based recognizers from regular expressions. Description Please review the CVE identifier referenced below for details. Impact Please review the CVE identifier referenced below for details. Workaround There is no known workaround at this time. Resolution...

5.5CVSS7.3AI score0.01432EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/01/15 12:0 a.m.17 views

QPDF: Buffer Overflow

Background QPDF: A content-preserving PDF document transformer. Description A vulnerability has been discovered in QPDF. Please review the CVE identifier referenced below for details. Impact QPDF has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and...

5.5CVSS7.8AI score0.01272EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/01/10 12:0 a.m.17 views

RedCloth: ReDoS Vulnerability

Background RedCloth is a module for using Textile in Ruby Description A vulnerability has been discovered in RedCloth. Please review the CVE identifier referenced below for details. Impact RedCloth is vulnerable to a regular expression denial of service "ReDoS" attack via the sanitizehtml functio...

7.5CVSS7.2AI score0.01513EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/05/03 12:0 a.m.17 views

libapreq2: Buffer Overflow

Background libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Description A buffer overflow could occur when processing multipart form uploads. Impact An attacker could submit a crafted multipart form to trigger the buffer overflow and...

7.5CVSS7.5AI score0.04712EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2023/01/11 12:0 a.m.17 views

jupyter_core: Arbitrary Code Execution

Background jupytercore contains core Jupyter functionality. Description jupytercore trusts files for execution in the current working directory without validating ownership of those files. Impact By writing to a directory that is used a the current working directory for jupytercore by another use...

8.8CVSS3.5AI score0.01056EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/01/27 12:0 a.m.17 views

OpenSMTPD: Multiple vulnerabilities

Background OpenSMTPD is a lightweight but featured SMTP daemon from OpenBSD. Description Multiple vulnerabilities have been discovered in OpenSMTPD. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges o...

2.9AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/07/07 12:0 a.m.17 views

OpenTTD: Denial of service

Background OpenTTD is a clone of Transport Tycoon Deluxe. Description The vulnerability is caused due to missing out-of-bound check within the “HandleCrashedAircraft” function. Impact A remote attacker could possibly cause a Denial of Service condition. Workaround There is no known workaround at...

5CVSS6.4AI score0.03305EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/05/02 12:0 a.m.17 views

udisks: Arbitrary code execution

Background udisks is an abstraction for enumerating block devices and performing operations on them. Description A stack-based buffer overflow can be triggered when udisks is given a long path name as a mount point. Impact A local attacker could possibly execute arbitrary code with the privileges...

6.9CVSS7.5AI score0.0043EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2014/01/21 12:0 a.m.17 views

ldns: Arbitrary code execution

Background ldns is a fast DNS library with the goal to simplify DNS programming and to allow developers to easily create software conforming to current RFCs and Internet drafts. Description ldns contains a heap-based buffer overflow in the ldnsrrnewfrmstrinternal function. Impact A remote attacke...

6.8CVSS7.5AI score0.04106EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/12/23 12:0 a.m.17 views

Imlib2: User-assisted execution of arbitrary code

Background Imlib2 is replacement library from the Enlightenment project for libraries like libXpm. Description Julien Danjou reported a pointer arithmetic error and a heap-based buffer overflow within the load function of the XPM image loader. Impact A remote attacker could entice a user to proce...

7.5CVSS7.3AI score0.03641EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/04/18 12:0 a.m.17 views

DBmail: Data disclosure

Background DBMail is a mail storage and retrieval daemon that uses SQL databases as its data store. IMAP and POP3 can be used to retrieve mails from the database. Description A vulnerability in DBMail's authldap module when used in conjunction with an Active Directory server has been reported by...

6.8CVSS6.9AI score0.02389EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/01/30 12:0 a.m.17 views

Kazehakase: Multiple vulnerabilities

Background Kazehakase is a web browser based on the Gecko engine. Description Kazehakase includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruptions vulnerabilities GLSA 200711-30. Impact A remote attacker could entice a user to open specially crafted input e.g...

4.7AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/12/09 12:0 a.m.17 views

Ruby-GNOME2: Format string error

Background Ruby-GNOME2 is a set of bindings for using GTK+ within the Ruby programming language. Description Chris Rohlf discovered that the "Gtk::MessageDialog.new" method in the file gtk/src/rbgtkmessagedialog.c does not properly sanitize the "message" parameter before passing it to the...

6.8CVSS7.1AI score0.0338EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/11/01 12:0 a.m.17 views

Gallery: Multiple vulnerabilities

Background Gallery is a PHP based photo album manager. Description Merrick Manalastas and Nicklous Roberts have discovered multiple vulnerabilities in the WebDAV and Reupload modules. Impact A remote attacker could exploit these vulnerabilities to bypass security restrictions and rename, replace...

6.4CVSS6.8AI score0.01695EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/09/18 12:0 a.m.17 views

GDM: Local Denial of service

Background GDM is the GNOME display manager. Description The result of a gstrsplit call is incorrectly parsed in the files daemon/gdm.c, daemon/gdmconfig.c, gui/gdmconfig.c and gui/gdmflexiserver.c, allowing for a null pointer dereference. Impact A local user could send a crafted message to...

1.5CVSS6.1AI score0.00327EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/08/11 12:0 a.m.17 views

Xfce Terminal: Remote arbitrary code execution

Background Xfce Terminal is a console tool for the Xfce desktop environment. Description Lasse Karkkainen discovered that the function terminalhelperexecute in file terminal-helper.c does not properly escape the URIs before processing. Impact A remote attacker could entice a user to open a...

7.8CVSS7AI score0.02239EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2007/03/03 12:0 a.m.17 views

Mozilla Suite: Multiple vulnerabilities

Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Description Several vulnerabilities ranging from code execution with elevated privileges to information leaks affect the Mozilla Suite. Impact A remote attacker could entice a user to browse to ...

1.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/01/25 12:0 a.m.17 views

Squid: Multiple Denial of Service vulnerabilities

Background Squid is a multi-protocol proxy server. Description Squid fails to correctly handle ftp:// URI's. There is also an error in the externalacl queue which can cause an infinite looping condition. Impact An attacker could attempt to retrieve a specially crafted URI via a Squid server causi...

5CVSS6.2AI score0.19093EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/06/19 12:0 a.m.17 views

Sun and Blackdown Java: Applet privilege escalation

Background Sun and Blackdown both provide implementations of the Java Development Kit JDK and Java Runtime Environment JRE. Description Both Sun's and Blackdown's JDK and JRE may allow untrusted applets to elevate privileges. Impact A remote attacker could embed a malicious Java applet in a web...

3.4AI score
Exploits0
Total number of security vulnerabilities3816