Lucene search
K
GentooMost viewed

3816 matches found

Gentoo Linux
Gentoo Linux
added 2025/06/12 12:0 a.m.16 views

YAML-LibYAML: Shell injection

Background YAML-LibYAML provides YAML Serialization using XS and libyaml for Perl. Description YAML-LibYAML uses the legacy '2-arg' open call which is susceptible to shell injection via malicious filenames. Impact Shell injection may be used to execute arbitrary code using a malicious filename...

9.1CVSS8.5AI score0.00368EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2025/05/14 12:0 a.m.16 views

Tracker miners: Sandbox weakness

Background The Tracker miners are a collection of data extractors for the GNOME Tracker. Description A vulnerability has been discovered in Tracker minders. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround...

7.7CVSS7.2AI score0.00867EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.16 views

Portage: Unverified PGP Signatures

Background Portage is the default Gentoo package management system. Description Multiple vulnerabilities have been discovered in Portage. Please review the CVE identifiers referenced below for details. Impact When using the webrsync mechanism to sync the tree the PGP signatures that protect the...

9.8CVSS7.3AI score0.00464EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/07/01 12:0 a.m.16 views

Pixman: Heap Buffer Overflow

Background Pixman is a pixel manipulation library. Description A vulnerability has been discovered in Pixman. Please review the CVE identifiers referenced below for details. Impact An out-of-bounds write aka heap-based buffer overflow in rasterizeedges8 can occur due to an integer overflow in...

8.8CVSS7.6AI score0.0144EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/05/21 12:0 a.m.16 views

Tinyproxy: Memory Disclosure

Background Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems. Description Tinyproxy's request processing does not sufficiently null-initialize variables used in error pages. Impact Contents of the Tinyproxy server's memory could be disclosed via generated error pages...

7.5CVSS6.9AI score0.01413EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2020/09/13 12:0 a.m.16 views

ProFTPD: Denial of service

Background ProFTPD is an advanced and very configurable FTP server. Description It was found that ProFTPD did not properly handle invalid SCP commands. Impact An authenticated remote attacker could issue invalid SCP commands, possibly resulting in a Denial of Service condition. Workaround There i...

2.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/01/27 12:0 a.m.16 views

OpenSMTPD: Multiple vulnerabilities

Background OpenSMTPD is a lightweight but featured SMTP daemon from OpenBSD. Description Multiple vulnerabilities have been discovered in OpenSMTPD. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges o...

2.9AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/12/08 12:0 a.m.16 views

nfs-utils: Information disclosure

Background nfs-utils contains the client and daemon implementations for the NFS protocol. Description rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending on PTR resolution for GSSAPI authentication, allowing for data to be submitted to a malicious server without the knowledge ...

3.2CVSS6.2AI score0.01045EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/07/07 12:0 a.m.16 views

OpenTTD: Denial of service

Background OpenTTD is a clone of Transport Tycoon Deluxe. Description The vulnerability is caused due to missing out-of-bound check within the “HandleCrashedAircraft” function. Impact A remote attacker could possibly cause a Denial of Service condition. Workaround There is no known workaround at...

5CVSS6.4AI score0.03305EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2012/06/25 12:0 a.m.16 views

Links: SSL verification vulnerability

Background Links is a fast lightweight text and graphic web-browser. Description A SSL verification vulnerability and two unspecified vulnerabilities have been discovered in Links. Please review the Secunia Advisory referenced below for details. Impact An attacker might conduct man-in-the-middle...

2.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/01/30 12:0 a.m.16 views

Kazehakase: Multiple vulnerabilities

Background Kazehakase is a web browser based on the Gecko engine. Description Kazehakase includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruptions vulnerabilities GLSA 200711-30. Impact A remote attacker could entice a user to open specially crafted input e.g...

4.7AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/11/25 12:0 a.m.16 views

CSTeX: Multiple vulnerabilities

Background CSTeX is a TeX distribution with Czech and Slovak support. It is used for creating and manipulating LaTeX documents. Description Multiple issues were found in the teTeX 2 codebase that CSTeX builds upon GLSA 200709-17, GLSA 200711-26. CSTeX also includes vulnerable code from the GD...

3.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/03 12:0 a.m.16 views

Mozilla Suite: Multiple vulnerabilities

Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Description Several vulnerabilities ranging from code execution with elevated privileges to information leaks affect the Mozilla Suite. Impact A remote attacker could entice a user to browse to ...

1.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/04/05 12:0 a.m.16 views

Kaffeine: Buffer overflow

Background Kaffeine is a graphical front-end for the xine-lib multimedia library. Description Kaffeine uses an unchecked buffer when fetching remote RAM playlists via HTTP. Impact A remote attacker could entice a user to play a specially-crafted RAM playlist resulting in the execution of arbitrar...

5.1CVSS7.1AI score0.03493EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/04/04 12:0 a.m.17 views

Dnsmasq: Poisoning and Denial of Service vulnerabilities

Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Description Dnsmasq does not properly detect that DNS replies received do not correspond to any DNS query that was sent. Rob Holland of the Gentoo Linux Security Audit team also discovered two off-by-one...

1.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/03/20 12:0 a.m.16 views

LTris: Buffer overflow

Background LTris is a Tetris clone. Description LTris is vulnerable to a buffer overflow when reading the global highscores file. Impact By modifying the global highscores file a malicious user could trick another user to execute arbitrary code. Workaround There is no known workaround at this tim...

3.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/11/03 12:0 a.m.16 views

Proxytunnel: Format string vulnerability

Background Proxytunnel is a program that tunnels connections to a remote server through a standard HTTPS proxy. Description Florian Schilhabel of the Gentoo Linux Security Audit project found a format string vulnerability in Proxytunnel. When the program is started in daemon mode -a port, it...

10CVSS6.9AI score0.04278EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/21 12:0 a.m.16 views

glFTPd: Local buffer overflow vulnerability

Background glFTPd is a highly configurable FTP server with many features. Description The glFTPd server is vulnerable to a buffer overflow in the 'dupescan' program. This vulnerability is due to an unsafe strcpy call which can cause the program to crash when a large argument is passed. Impact A...

1.9AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/09/01 12:0 a.m.16 views

vpopmail: Multiple vulnerabilities

Background vpopmail handles virtual mail domains for qmail and Postfix. Description vpopmail is vulnerable to several unspecified SQL injection exploits. Furthermore when using Sybase as the backend database vpopmail is vulnerable to a buffer overflow and format string exploit. Impact These...

1.7AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/06/05 12:0 a.m.16 views

sitecopy: Multiple vulnerabilities in included libneon

Background sitecopy easily maintains remote websites. It makes it simple to keep a remote site synchronized with the local site with one command. Description Multiple format string vulnerabilities and a heap overflow vulnerability were discovered in the code of the neon library GLSA 200405-01 and...

2.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2025/07/08 12:0 a.m.15 views

Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...

9.8CVSS8.4AI score0.07435EPSS
Exploits14
Gentoo Linux
Gentoo Linux
added 2025/05/12 12:0 a.m.15 views

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.8CVSS10AI score0.00824EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2025/05/12 12:0 a.m.15 views

PAM: Multiple Vulnerabilities

Background PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description Multiple vulnerabilities have been discovered in PAM. Please review the C...

4.7CVSS5.7AI score0.00265EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/12/11 12:0 a.m.15 views

OpenSC: Multiple Vulnerabilities

Background OpenSC contains tools and libraries for smart cards. Description Multiple vulnerabilities have been discovered in OpenSC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

7.1CVSS7.7AI score0.01174EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/12/07 12:0 a.m.15 views

OpenJDK: Multiple Vulnerabilities

Background OpenJDK is an open source implementation of the Java programming language. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

7.5CVSS8AI score0.014EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.15 views

Oracle VirtualBox: Multiple Vulnerabilities

Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in Oracle VirtualBox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...

8.2CVSS7.3AI score0.0055EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.15 views

Emacs, org-mode: Command Execution Vulnerability

Background Emacs is the extensible, customizable, self-documenting real-time display editor. org-mode is an Emacs mode for notes and project planning. Description %... link abbreviations could specify unsafe functions. Impact Opening a malicious org-mode file could result in arbitrary code...

9.8CVSS7.7AI score0.01323EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/08/12 12:0 a.m.15 views

MuPDF: Multiple Vulnerabilities

Background A lightweight PDF, XPS, and E-book viewer. Description Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at thi...

5.5CVSS7.7AI score0.01331EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/08/12 12:0 a.m.15 views

dpkg: Directory Traversal

Background Debian package management system. Description Please review the CVE indentifier referenced below for details. Impact Dpkg::Source::Archive in dpkg, the Debian package management system, is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and...

9.8CVSS7.2AI score0.02871EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/05/04 12:0 a.m.15 views

MediaInfo, MediaInfoLib: Multiple Vulnerabilities

Background MediaInfo supplies technical and tag information about media files. MediaInfoLib contains MediaInfo libraries. Description Multiple vulnerabilities have been discovered in MediaInfo and MediaInfoLib. Please review the CVE identifiers referenced below for details. Impact Please review t...

7.4AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/06/26 12:0 a.m.15 views

ImageMagick: Multiple vulnerabilities

Background Imagemagick is a collection of tools and libraries for many image formats. Description Multiple vulnerabilities have been discovered in ImageMagick including, but not limited to, various overflows and potential Denials of Service. Please visit the references and related bug reports for...

2.7AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2014/02/09 12:0 a.m.15 views

PAM S/Key: Information disclosure

Background PAM S/Key is a pluggable authentication module for the OpenBSD Single-key Password system. Description Ulrich Müller reported that a Gentoo patch to PAM S/Key does not remove credentials provided by the user from memory. Impact A local attacker with privileged access could inspect a...

2.1CVSS6.6AI score0.00321EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/03/06 12:0 a.m.15 views

DevIL: User-assisted execution of arbitrary code

Background Developer's Image Library DevIL is a cross-platform image library. Description Stefan Cornelius Secunia Research discovered two boundary errors within the iGetHdrHeader function in src-IL/src/ilhdr.c. Impact A remote attacker could entice a user to open a specially crafted Radiance RGB...

7.5CVSS6.7AI score0.03153EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/05/12 12:0 a.m.15 views

Chicken: Multiple vulnerabilities

Background Chicken is a Scheme interpreter and native Scheme to C compiler. Description Chicken includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruption vulnerabilities GLSA 200711-30. Impact An attacker could entice a user to process specially crafted regula...

4.4AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/11/18 12:0 a.m.15 views

Link Grammar: User-assisted execution of arbitrary code

Background The Link Grammar parser is a syntactic parser of English, based on link grammar, an original theory of English syntax. Description Alin Rad Pop from Secunia Research discovered a boundary error in the function separatesentence in file tokenize.c when processing an overly long word whic...

10CVSS7AI score0.06997EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/01/22 12:0 a.m.16 views

Mod_auth_kerb: Denial of service

Background Modauthkerb is an Apache authentication module using Kerberos. Description Modauthkerb improperly handles component byte encoding in the dergetoid function, allowing for a buffer overflow to occur if there are no components which require more than one byte for encoding. Impact An...

5CVSS7AI score0.03737EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/09/28 12:0 a.m.15 views

Opera: RSA signature forgery

Background Opera is a multi-platform web browser. Description Opera makes use of OpenSSL, which fails to correctly verify PKCS 1 v1.5 RSA signatures signed by a key with exponent 3. Some CAs in Opera's list of trusted signers are using root certificates with exponent 3. Impact An attacker could...

3AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/06/23 12:0 a.m.15 views

wv2: Integer overflow

Background wv2 is a filter library for Microsoft Word files, used in many Office suites. Description A boundary checking error was found in wv2, which could lead to an integer overflow. Impact An attacker could execute arbitrary code with the rights of the user running the program that uses the...

6.5CVSS7AI score0.02523EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/04/26 12:0 a.m.16 views

xine-lib: Two heap overflow vulnerabilities

Background xine-lib is a multimedia library which can be utilized to create multimedia frontends. Description Heap overflows have been found in the code handling RealMedia RTSP and Microsoft Media Services streams over TCP MMST. Impact By setting up a malicious server and enticing a user to use i...

4.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/12/20 12:0 a.m.15 views

NASM: Buffer overflow vulnerability

Background NASM is a 80x86 assembler that has been created for portability and modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It also supports a wide range of objects formats ELF, a.out, COFF, ..., and has its own disassembler. Description Jonathan Rockway discovered that...

3.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/11/16 12:0 a.m.15 views

BNC: Buffer overflow vulnerability

Background BNC BouNCe is an IRC proxy server. Description Leon Juranic discovered that BNC fails to do proper bounds checking when checking server response. Impact An attacker could exploit this to cause a Denial of Service and potentially execute arbitary code with the permissions of the user...

4.2AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/12 12:0 a.m.15 views

kdebase, kdelibs: Multiple security issues

Background KDE is a powerful Free Software graphical desktop environment for Linux and Unix-like Operating Systems. Description KDE contains three security issues: Insecure handling of temporary files when running KDE applications outside of the KDE environment DCOPServer creates temporary files ...

7.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2025/06/15 12:0 a.m.14 views

Konsole: Code execution

Background Konsole is KDE's terminal emulator. Description Konsole supports loading URLs from the scheme handlers such as telnet://URL. This can be executed regardless of whether the telnet binary is available. It would fallback to bash in that case and execute arbitrary code. Impact Clicking a...

8.2CVSS8.7AI score0.00551EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/12/11 12:0 a.m.14 views

eza: Arbitrary Code Execution

Background eza is a modern, maintained replacement for ls, written in rust. Description A vulnerability has been discovered in eza. Please review the CVE identifier referenced below for details. Impact A buffer overflow vulnerability in eza allows local attackers to execute arbitrary code via the...

8.4CVSS8.4AI score0.00267EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/12/07 12:0 a.m.14 views

OATH Toolkit: Privilege Escalation

Background OATH Toolkit provide components to build one-time password authentication systems. It contains shared C libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm RFC 4226, the time-based TOTP algorithm RFC 6238, and Portable Symmetric...

7.1CVSS7.3AI score0.00341EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/12/07 12:0 a.m.14 views

Salt: Multiple Vulnerabilities

Background Salt is a fast, intelligent and scalable automation engine. Description Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

7.8CVSS7.5AI score0.01033EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/11/17 12:0 a.m.14 views

Pillow: Arbitrary code execution

Background The friendly PIL fork. Description A vulnerability has been discovered in Pillow. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no known workaround at this time. Resolution All Pillow...

6.7CVSS6.9AI score0.00989EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/11/06 12:0 a.m.14 views

Flatpak: Sandbox Escape

Background Flatpak is a Linux application sandboxing and distribution framework. Description A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details. Impact A malicious or compromised Flatpak app using persistent directories could read and wri...

10CVSS6.9AI score0.01283EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2024/09/28 12:0 a.m.14 views

HashiCorp Consul: Multiple Vulnerabilities

Background HashiCorp Consul is a tool for service discovery, monitoring and configuration. Description Multiple vulnerabilities have been found in HashiCorp Consul. Please review the CVE identifiers referenced below for details. Impact Please review the CVE identifiers referenced below for detail...

5.3CVSS7.6AI score0.05623EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/09/22 12:0 a.m.15 views

Exo: Arbitrary Code Execution

Background Exo is an Xfce library targeted at application development, originally developed by os-cillation. It contains various custom widgets and APIs extending the functionality of GLib and GTK. It also has some helper applications that are used throughout the entire Xfce desktop to manage...

8.8CVSS7.8AI score0.0151EPSS
Exploits0
Total number of security vulnerabilities3816