Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
•added 2024/09/28 12:0 a.m.•18 views

IcedTea: Multiple Vulnerabilities

Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers...

8.3CVSS7.5AI score0.14839EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/09/22 12:0 a.m.•18 views

OpenVPN: Multiple Vulnerabilities

Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...

9.8CVSS7.6AI score0.03519EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/09/22 12:0 a.m.•18 views

liblouis: Multiple Vulnerabilities

Background liblouis is an open-source braille translator and back-translator. Description Multiple vulnerabilities have been discovered in liblouis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is...

7.5CVSS7.7AI score0.01498EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2024/07/06 12:0 a.m.•18 views

X.Org X11 library: Multiple Vulnerabilities

Background X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files. Description Multiple vulnerabilities have been discovered in X.Org X11 library. Please review the CVE identifiers referenced below for details. Impact Please review the...

7.8CVSS7.7AI score0.01656EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/05/05 12:0 a.m.•18 views

borgmatic: Shell Injection

Background borgmatic is simple, configuration-driven backup software for servers and workstations. Description Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the "borgmatic borg" action, and command hook variable/constant interpolation. Impact Shell...

8.3AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2023/09/17 12:0 a.m.•18 views

Binwalk: Multiple Vulnerabilities

Background Binwalk is a tool for identifying files embedded inside firmware images. Description Multiple vulnerabilities have been discovered in Binwalk. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround The...

7.8CVSS7.4AI score0.22013EPSS
Exploits8
Gentoo Linux
Gentoo Linux
•added 2021/01/12 12:0 a.m.•18 views

Asterisk: Multiple vulnerabilities

Background A Modular Open Source PBX System. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the security advisories referenced below for details. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known workaround at...

2.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2013/12/27 12:0 a.m.•18 views

Xfig: Arbitrary code execution

Background Xfig is an interactive drawing tool. Description Xfig contains a buffer overflow vulnerability in processing certain FIG images. Impact A remote attacker could entice a user to open a specially-crafted file, potentially resulting in arbitrary code execution or a Denial of Service...

6.8CVSS7.4AI score0.0582EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2013/09/01 12:0 a.m.•18 views

Cyrus-SASL: Denial of service

Background Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Description In the GNU C Library glibc from version 2.17 onwards, the crypt function call can return NULL when the salt violates specifications or the system is in FIPS-140 mode and a DES or MD5 hashed...

4.3CVSS6.6AI score0.03589EPSS
Exploits2
Gentoo Linux
Gentoo Linux
•added 2010/09/21 12:0 a.m.•18 views

python-updater: Untrusted search path

Background python-updater is a script used to remerge python packages when changing Python version. Description Robert Buchholz of the Gentoo Security Team reported that python-updater includes the current working directory and subdirectories in the Python module search path sys.path before calli...

2.7AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/07/09 12:0 a.m.•18 views

NX: User-assisted execution of arbitrary code

Background NoMachine's NX establishes remote connections to X11 desktops over small bandwidth links. NX and NX Node are the compression core libraries, whereas NX is used by FreeNX and NX Node by the binary-only NX servers. Description Multiple integer overflow and buffer overflow vulnerabilities...

4.3AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/04/17 12:0 a.m.•18 views

Speex: User-assisted execution of arbitrary code

Background Speex is an audio compression format designed for speech that is free of patent restrictions. Description oCERT reported that the Speex library does not properly validate the "mode" value it derives from Speex streams, allowing for array indexing vulnerabilities inside multiple player...

9.3CVSS7.2AI score0.06136EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2008/03/05 12:0 a.m.•18 views

Evolution: Format string vulnerability

Background Evolution is a GNOME groupware application. Description Ulf Harnhammar from Secunia Research discovered a format string error in the emfmultipartencrypted function in the file mail/em-format.c when reading certain data e.g. the "Version:" field from an encrypted e-mail. Impact A remote...

6.8CVSS6.9AI score0.06018EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/01/09 12:0 a.m.•18 views

R: Multiple vulnerabilities

Background R is a GPL licensed implementation of S, a language and environment for statistical computing and graphics. PCRE is a library providing functions for Perl-compatible regular expressions. Description R includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory...

4.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/10/23 12:0 a.m.•18 views

OpenOffice.org: Heap-based buffer overflow

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description iDefense Labs reported that the TIFF parsing code uses untrusted values to calculate...

9.3CVSS7.2AI score0.1132EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/11/15 12:0 a.m.•18 views

Sylpheed, Sylpheed-Claws: Buffer overflow in LDIF importer

Background Sylpheed is a lightweight email client and newsreader. Sylpheed-Claws is a 'bleeding edge' version of Sylpheed. They both support the import of address books in LDIF Lightweight Directory Interchange Format. Description Colin Leroy reported buffer overflow vulnerabilities in Sylpheed a...

5.1CVSS7.4AI score0.03788EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/08/30 12:0 a.m.•18 views

lm_sensors: Insecure temporary file creation

Background lmsensors is a software package that provides drivers for monitoring the temperatures, voltages, and fans of Linux systems with hardware monitoring devices. Description Javier Fernandez-Sanguino Pena has discovered that lmsensors insecurely creates temporary files with predictable...

2.1CVSS6.1AI score0.00426EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/03/03 12:0 a.m.•18 views

BidWatcher: Format string vulnerability

Background BidWatcher is a free auction tool for eBay users to keep track of their auctions. Description Ulf Harnhammar discovered a format string vulnerability in "netstuff.cpp". Impact Remote attackers can potentially exploit this vulnerability by sending specially crafted responses via an eBay...

7.5CVSS6.9AI score0.01907EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/01/10 12:0 a.m.•19 views

UnRTF: Buffer overflow

Background UnRTF is a utility to convert files in the Rich Text Format into other formats. Description An unchecked strcat in unrtf may overflow the bounds of a static buffer. Impact Using a specially crafted file, possibly delivered by e-mail or over the web, an attacker may execute arbitrary co...

4.4AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/09/03 12:0 a.m.•18 views

Ruby: CGI::Session creates files insecurely

Background Ruby is an Object Oriented, interpreted scripting language used for many system scripting tasks. It can also be used for CGI web applications. Description The CGI::Session::FileStore implementation and presumably CGI::Session::PStore, which allow data associated with a particular Sessi...

2.1CVSS5.7AI score0.00364EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/04/29 12:0 a.m.•18 views

Multiple Vulnerabilities in Samba

Background Samba is a package which allows UNIX systems to act as file servers for Windows computers. It also allows UNIX systems to mount shares exported by a Samba/CIFS/Windows server. smbmount is a program in the Samba package which allows normal users on a UNIX system to mount remote shares...

3.3AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/04/09 12:0 a.m.•18 views

Cross-realm trust vulnerability in Heimdal

Background Heimdal is a free implementation of Kerberos 5. Description Heimdal does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path. Impact Remote attackers with...

5CVSS6.5AI score0.01528EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/02/17 12:0 a.m.•18 views

phpMyAdmin < 2.5.6-rc1: possible attack against export.php

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databased over the Web. Description One component of the phpMyAdmin software package export.php does not properly verify input that is passed to it from a remote user. Since the input is used to include...

0.5AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2003/11/23 12:0 a.m.•18 views

FreeRADIUS: heap exploit and NULL pointer dereference vulnerability

Background FreeRADIUS is a popular open source RADIUS server. Description FreeRADIUS versions below 0.9.3 are vulnerable to a heap exploit, however, the attack code must be in the form of a valid RADIUS packet which limits the possible exploits. Also corrected in the 0.9.3 release is another...

2.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2025/06/12 12:0 a.m.•17 views

Emacs: Multiple Vulnerabilities

Background Emacs is the extensible, customizable, self-documenting real-time display editor. org-mode is an Emacs mode for notes and project planning. Description Multiple vulnerabilities have been discovered in Emacs, org-mode. Please review the CVE identifiers referenced below for details. Impa...

8.8CVSS10AI score0.02657EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/11/17 12:0 a.m.•17 views

X.Org X server, XWayland: Multiple Vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

7.8CVSS7.7AI score0.01843EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/09/22 12:0 a.m.•17 views

gst-plugins-good: Multiple Vulnerabilities

Background gst-plugins-good contains a set of plugins for the GStreamer open source multimedia framework. Description Multiple vulnerabilities have been discovered in gst-plugins-good. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

7.8CVSS7.6AI score0.00465EPSS
Exploits7
Gentoo Linux
Gentoo Linux
•added 2024/08/09 12:0 a.m.•17 views

re2c: Denial of Service

Background re2c is a tool for generating C-based recognizers from regular expressions. Description Please review the CVE identifier referenced below for details. Impact Please review the CVE identifier referenced below for details. Workaround There is no known workaround at this time. Resolution...

5.5CVSS7.3AI score0.01432EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2024/07/01 12:0 a.m.•17 views

Zsh: Prompt Expansion Vulnerability

Background A shell designed for interactive use, although it is also a powerful scripting language. Description Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. Impact A vulnerability in prompt expansion could be exploited throu...

7.8CVSS7.7AI score0.0198EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2024/01/10 12:0 a.m.•17 views

RedCloth: ReDoS Vulnerability

Background RedCloth is a module for using Textile in Ruby Description A vulnerability has been discovered in RedCloth. Please review the CVE identifier referenced below for details. Impact RedCloth is vulnerable to a regular expression denial of service "ReDoS" attack via the sanitizehtml functio...

7.5CVSS7.2AI score0.01513EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2023/05/03 12:0 a.m.•17 views

libapreq2: Buffer Overflow

Background libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Description A buffer overflow could occur when processing multipart form uploads. Impact An attacker could submit a crafted multipart form to trigger the buffer overflow and...

7.5CVSS7.5AI score0.04712EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2023/01/11 12:0 a.m.•17 views

jupyter_core: Arbitrary Code Execution

Background jupytercore contains core Jupyter functionality. Description jupytercore trusts files for execution in the current working directory without validating ownership of those files. Impact By writing to a directory that is used a the current working directory for jupytercore by another use...

8.8CVSS3.5AI score0.01056EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2014/05/28 12:0 a.m.•17 views

xmonad-contrib: Arbitrary code execution

Background xmonad-contrib is a set of third party tiling algorithms, configurations, and scripts for xmonad. Description A vulnerability in the Xmonad.Hooks.DynamicLog module could allow a malicious website with a specially crafted title to inject commands into the title bar which would be execut...

7.5CVSS7.4AI score0.08985EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2014/05/02 12:0 a.m.•17 views

udisks: Arbitrary code execution

Background udisks is an abstraction for enumerating block devices and performing operations on them. Description A stack-based buffer overflow can be triggered when udisks is given a long path name as a mount point. Impact A local attacker could possibly execute arbitrary code with the privileges...

6.9CVSS7.5AI score0.0043EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2014/01/21 12:0 a.m.•17 views

ldns: Arbitrary code execution

Background ldns is a fast DNS library with the goal to simplify DNS programming and to allow developers to easily create software conforming to current RFCs and Internet drafts. Description ldns contains a heap-based buffer overflow in the ldnsrrnewfrmstrinternal function. Impact A remote attacke...

6.8CVSS7.5AI score0.04106EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/12/23 12:0 a.m.•17 views

Imlib2: User-assisted execution of arbitrary code

Background Imlib2 is replacement library from the Enlightenment project for libraries like libXpm. Description Julien Danjou reported a pointer arithmetic error and a heap-based buffer overflow within the load function of the XPM image loader. Impact A remote attacker could entice a user to proce...

7.5CVSS7.3AI score0.03641EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2008/04/18 12:0 a.m.•17 views

DBmail: Data disclosure

Background DBMail is a mail storage and retrieval daemon that uses SQL databases as its data store. IMAP and POP3 can be used to retrieve mails from the database. Description A vulnerability in DBMail's authldap module when used in conjunction with an Active Directory server has been reported by...

6.8CVSS6.9AI score0.02389EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/12/09 12:0 a.m.•17 views

Ruby-GNOME2: Format string error

Background Ruby-GNOME2 is a set of bindings for using GTK+ within the Ruby programming language. Description Chris Rohlf discovered that the "Gtk::MessageDialog.new" method in the file gtk/src/rbgtkmessagedialog.c does not properly sanitize the "message" parameter before passing it to the...

6.8CVSS7.1AI score0.0338EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/11/01 12:0 a.m.•17 views

Gallery: Multiple vulnerabilities

Background Gallery is a PHP based photo album manager. Description Merrick Manalastas and Nicklous Roberts have discovered multiple vulnerabilities in the WebDAV and Reupload modules. Impact A remote attacker could exploit these vulnerabilities to bypass security restrictions and rename, replace...

6.4CVSS6.8AI score0.01695EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2007/09/18 12:0 a.m.•17 views

GDM: Local Denial of service

Background GDM is the GNOME display manager. Description The result of a gstrsplit call is incorrectly parsed in the files daemon/gdm.c, daemon/gdmconfig.c, gui/gdmconfig.c and gui/gdmflexiserver.c, allowing for a null pointer dereference. Impact A local user could send a crafted message to...

1.5CVSS6.1AI score0.00327EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/08/11 12:0 a.m.•17 views

Xfce Terminal: Remote arbitrary code execution

Background Xfce Terminal is a console tool for the Xfce desktop environment. Description Lasse Karkkainen discovered that the function terminalhelperexecute in file terminal-helper.c does not properly escape the URIs before processing. Impact A remote attacker could entice a user to open a...

7.8CVSS7AI score0.02239EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2007/01/25 12:0 a.m.•17 views

Squid: Multiple Denial of Service vulnerabilities

Background Squid is a multi-protocol proxy server. Description Squid fails to correctly handle ftp:// URI's. There is also an error in the externalacl queue which can cause an infinite looping condition. Impact An attacker could attempt to retrieve a specially crafted URI via a Squid server causi...

5CVSS6.2AI score0.19093EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2006/04/23 12:0 a.m.•17 views

Dia: Arbitrary code execution through XFig import

Background Dia is a GTK+ based diagram creation program. Description infamous41md discovered multiple buffer overflows in Dia's XFig file import plugin. Impact By enticing a user to import a specially crafted XFig file into Dia, an attacker could exploit this issue to execute arbitrary code with...

7.6CVSS7.3AI score0.02412EPSS
Exploits0
Gentoo Linux
Gentoo Linux
•added 2005/06/19 12:0 a.m.•17 views

Sun and Blackdown Java: Applet privilege escalation

Background Sun and Blackdown both provide implementations of the Java Development Kit JDK and Java Runtime Environment JRE. Description Both Sun's and Blackdown's JDK and JRE may allow untrusted applets to elevate privileges. Impact A remote attacker could embed a malicious Java applet in a web...

3.4AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/05/30 12:0 a.m.•17 views

tla: Multiple vulnerabilities in included libneon

Background GNU Arch tla is a revision control system suited for widely distributed development. Description Multiple format string vulnerabilities and a heap overflow vulnerability were discovered in the code of the neon library GLSA 200405-01 and 200405-13. Current versions of the tla package...

2AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/04/07 12:0 a.m.•17 views

ipsec-tools contains an X.509 certificates vulnerability.

Background From http://ipsec-tools.sourceforge.net/ : "IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation." Description racoon a utility in the ipsec-tools package does not verify digital signatures on Phase1 packets. This means that anybody holding the correct...

0.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2004/02/11 12:0 a.m.•17 views

Monkeyd Denial of Service vulnerability

Background The Monkey HTTP daemon is a Web server written in C that works under Linux and is based on the HTTP/1.1 protocol. It aims to develop a fast, efficient and small web server. Description A bug in the URI processing of incoming requests allows for a Denial of Service to be launched agains...

1AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2003/12/28 12:0 a.m.•17 views

CVS: possible root compromise when using CVS pserver

Background CVS, which stands for Concurrent Versions System, is a client/server application which tracks changes to sets of files. It allows multiple users to work concurrently on files, and then merge their changes back into the main tree which can be on a remote system. It also allows branching...

3.2AI score
Exploits0
Gentoo Linux
Gentoo Linux
•added 2025/06/12 12:0 a.m.•16 views

YAML-LibYAML: Shell injection

Background YAML-LibYAML provides YAML Serialization using XS and libyaml for Perl. Description YAML-LibYAML uses the legacy '2-arg' open call which is susceptible to shell injection via malicious filenames. Impact Shell injection may be used to execute arbitrary code using a malicious filename...

9.1CVSS8.5AI score0.00368EPSS
Exploits1
Gentoo Linux
Gentoo Linux
•added 2025/05/14 12:0 a.m.•16 views

Tracker miners: Sandbox weakness

Background The Tracker miners are a collection of data extractors for the GNOME Tracker. Description A vulnerability has been discovered in Tracker minders. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround...

7.7CVSS7.2AI score0.00867EPSS
Exploits1
Total number of security vulnerabilities3816