Lucene search
K
GentooRecent

3816 matches found

Gentoo Linux
Gentoo Linux
added 2021/07/08 12:0 a.m.36 views

Jinja: Denial of service

Background Jinja is a template engine written in pure Python. Description The ‘urlize’ filter in Jinja utilized an inefficient regular expression that could be exploited to consume excess CPU. Impact An attacker could cause a Denial of Service condition via crafted input to the ‘urlize’ Jinja...

5.3CVSS5.9AI score0.03546EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2021/07/08 12:0 a.m.35 views

BladeEnc: Buffer overflow

Background BladeEnc is an mp3 encoder. Description A crafted file could cause a buffer overflow in the iterationloop function in BladeEnc. Impact A remote attacker could entice a user to open a specially crafted using BladeEnc, possibly resulting in execution of arbitrary code with the privileges...

9.8CVSS2.9AI score0.03406EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/07/08 12:0 a.m.32 views

rclone: Weak random number generation

Background rclone is a problem to sync files to and from various cloud storage providers. Description Passwords generated with rclone were insecurely generated and are vulnerable to brute force attacks. Impact Data kept secret with a password generated by rclone may be disclosed to a local...

7.5CVSS1.9AI score0.01336EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2021/07/08 12:0 a.m.26 views

Mechanize: Command injection

Background Mechanize is a Ruby library used for automating interaction with websites. Description Mechanize does not neutralize filename input and could allow arbitrary code execution if an attacker can control filenames used by Mechanize. Impact Please review the referenced CVE identifiers for...

8.3CVSS3.9AI score0.03507EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/07/08 12:0 a.m.57 views

Privoxy: Multiple vulnerabilities

Background Privoxy is a web proxy with advanced filtering capabilities for enhancing privacy. Description Multiple vulnerabilities have been discovered in privoxy. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a possible Denial of Service condition...

7.8CVSS2.9AI score0.02355EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/07/07 12:0 a.m.78 views

OpenDoas: Insufficient environment filtering

Background OpenDoas allows users to run commands as other users. Description OpenDoas does not properly filter the PATH variable from the resulting shell after escalating privileges. Impact A local attacker with control of a user’s PATH variable could escalate privileges if that user uses OpenDoa...

8.8CVSS8.9AI score0.02654EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2021/07/07 12:0 a.m.66 views

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

8.8CVSS3AI score0.01013EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/07/07 12:0 a.m.86 views

Schism Tracker: Multiple vulnerabilities

Background Schism Tracker is a free implementation of Impulse Tracker, a tool used to create high quality music. Description Multiple vulnerabilities have been discovered in Schism Tracker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

7.8CVSS2.5AI score0.01238EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2021/07/07 12:0 a.m.41 views

TCG TPM2 Software Stack: Information disclosure

Background TCG TPM2 Software Stack is a library to interface with trusted platform modules. Description TCG TPM2 Software Stack did not appropriately apply FAPI policies to protect data encrypted with the trusted platform module. Impact Data encrypted using TCG TPM2 Software Stack tpm2-tss may no...

6.7CVSS3.3AI score0.00588EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/07/07 12:0 a.m.83 views

GLib: Multiple vulnerabilities

Background GLib is a library providing a number of GNOME’s core objects and functions. Description Multiple vulnerabilities have been discovered in GLib. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround The...

7.5CVSS7.9AI score0.0408EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2021/07/06 12:0 a.m.129 views

glibc: Multiple vulnerabilities

Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known...

9.8CVSS7.8AI score0.03538EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2021/07/06 12:0 a.m.119 views

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

8.8CVSS2AI score0.64701EPSS
Exploits32
Gentoo Linux
Gentoo Linux
added 2021/07/06 12:0 a.m.69 views

PostSRSd: Denial of service

Background PostSRSd is a Postfix sender rewriting scheme daemon Description Multiple vulnerabilities have been discovered in PostSRSd. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no know...

7.5CVSS3.2AI score0.02657EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/07/06 12:0 a.m.106 views

libxml2: Multiple vulnerabilities

Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the GNOME project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user...

8.8CVSS8.3AI score0.0828EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2021/07/03 12:0 a.m.130 views

Background Graphviz is an open source graph visualization software. Description Multiple vulnerabilities have been discovered in Graphviz. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially crafted file using Graphvi...

7.8CVSS4.2AI score0.027EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2021/07/03 12:0 a.m.123 views

corosync: Denial of service

Background The Corosync Cluster Engine is a Group Communication System with additional features for implementing high availability within applications. Description It was discovered that corosync allowed an unauthenticated user to cause a Denial of Service by application crash. Impact A remote...

7.5CVSS3.4AI score0.03172EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/07/03 12:0 a.m.106 views

libqb: Insecure temporary file

Background libqb is a library with the primary purpose of providing high-performance, reusable features for client-server architecture, such as logging, tracing, inter-process communication IPC, and polling. Description It was discovered that libqb used predictable filenames under /dev/shm and /t...

7.1CVSS2.2AI score0.00655EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2021/07/03 12:0 a.m.117 views

FreeImage: Multiple vulnerabilities

Background FreeImage is an Open Source library project for developers who would like to support popular graphics image formats like PNG, BMP, JPEG, TIFF and others as needed by today’s multimedia applications. Description Multiple vulnerabilities have been discovered in FreeImage. Please review t...

7.5CVSS7.7AI score0.0421EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.91 views

Bash: Privilege escalation

Background Bash is the standard GNU Bourne Again SHell. Description It was discovered that Bash incorrectly dropped privileges by setting its effective UID to its real UID. Impact A local attacker could possibly escalate privileges. Workaround There is no known workaround at this time. Resolution...

7.8CVSS7.7AI score0.02608EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.54 views

Mutt, NeoMutt: Denial of service

Background Mutt is a small but very powerful text-based mail client. NeoMutt is a command line mail reader or MUA. It’s a fork of Mutt with added features. Description It was discovered that Mutt, and NeoMutt did not properly handle certain situations where an IMAP sequence set ends with a comma...

9.1CVSS9.4AI score0.02551EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.71 views

GNU Screen: User-assisted execution of arbitrary code

Background GNU Screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells. Description It was discovered that GNU screen did not properly handle certain UTF-8 character sequences. Impact A remote attacker could entice a user...

9.8CVSS2.9AI score0.09147EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.65 views

Smarty: Multiple vulnerabilities

Background Smarty is a template engine for PHP. Description Multiple vulnerabilities have been discovered in Smarty template engine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

9.8CVSS2AI score0.82316EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.43 views

ICU: Multiple vulnerabilities

Background ICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Multiple vulnerabilities have been discovered in ICU. Please review the upstream bugs referenced below for details. Impact Remote attackers...

4.3AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.79 views

FFmpeg: Multiple vulnerabilities

Background FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...

8.8CVSS4.3AI score0.03403EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.58 views

Boost: Buffer overflow

Background Boost is a set of C++ libraries, including the Boost.Regex library to process regular expressions. Description It was discovered that Boost incorrectly sanitized ‘nextsize’ and ‘maxsize’ parameter in orderedmalloc function when allocating memory. Impact A remote attacker could provide ...

5CVSS7.3AI score0.03889EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.73 views

MariaDB: Multiple vulnerabilities

Background MariaDB is an enhanced, drop-in replacement for MySQL. Description Multiple vulnerabilities have been discovered in MariaDB. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

9CVSS7.3AI score0.38179EPSS
Exploits9
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.50 views

Nettle: Denial of service

Background Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Description It was discovered that Nettle incorrect...

8.1CVSS8.1AI score0.01607EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.62 views

LittleCMS: User-assisted execution of arbitrary code

Background LittleCMS, or short lcms, is a color management system for working with ICC profiles. It is used by many applications including GIMP, Firefox and Chromium. Description It was discovered that LittleCMS aka Little Color Management System had an integer overflow in the AllocateDataSet...

5.5CVSS4.6AI score0.01746EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.122 views

containerd: Multiple vulnerabilities

Background Containerd is a daemon with an API and a command line client, to manage containers on one machine. It uses runC to run containers according to the OCI specification. Description Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced...

6.3CVSS6.9AI score0.03236EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.61 views

Tar: Denial of service

Background The Tar program provides the ability to create and manipulate tar archives. Description It was discovered that GNU Tar had a memory leak when processing archive headers. Impact A remote attacker could entice a user to open a specially crafted archive using Tar, possibly resulting in a...

4.3CVSS6.1AI score0.01092EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.41 views

rxvt-unicode: User-assisted execution of arbitrary code

Background rxvt-unicode urxvt is a clone of the rxvt terminal emulator. Description It was discovered that rxvt-unicode did not properly handle certain escape sequences. Impact A remote attacker could entice a user to run a program where attacker controls the output inside a rxvt terminal window,...

8.8CVSS3.8AI score0.04012EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.472 views

OpenSSH: Multiple vulnerabilities

Background OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact A remote attacker, able to access the socket of t...

7.1CVSS2.8AI score0.03422EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.59 views

GPT fdisk: Integer underflow

Background GPT fdisk consisting of the gdisk, cgdisk, sgdisk, and fixparts programs is a set of text-mode partitioning tools for Linux, FreeBSD, Mac OS X, and Windows. Description It was discovered that ReadLogicalParts function in basicmbr.cc was missing a bounds check. Impact A local attacker...

7.2CVSS2.7AI score0.00436EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.50 views

Ceph: Multiple vulnerabilities

Background Ceph is a distributed network file system designed to provide excellent performance, reliability, and scalability. Description Multiple vulnerabilities have been discovered in Ceph. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

8.8CVSS2.8AI score0.0211EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.50 views

Dnsmasq: DNS cache poisoning

Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Description It was discovered that Dnsmasq, when configured with --server=@ or similar e.g. through dbus, configured a fixed UDP port for all outgoing queries to the specified upstream DNS server. Impact An...

4.3CVSS5AI score0.01988EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.58 views

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact An authenticated remote attacker, by executing malicious crafted...

4.3CVSS2.6AI score0.01466EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.326 views

nginx: Remote code execution

Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description It was discovered that nginx did not properly handle DNS responses when “resolver” directive is used. Impact A remote attacker, able to provide DNS responses to a nginx instance, could cause the...

7.7CVSS7.5AI score0.52838EPSS
Exploits10
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.59 views

X.Org X11 library: Denial of service

Background X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files. Description It was discovered that XLookupColor and other X.Org X11 library functions lacked proper validation of the length of their string parameters. Impact An attacker...

9.8CVSS4.2AI score0.10634EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.55 views

BusyBox: Denial of service

Background BusyBox is a set of tools for embedded systems and is a replacement for GNU Coreutils. Description It was discovered that BusyBox mishandled the error bit on the huftbuild result pointer when decompressing GZIP compressed data. Impact A remote attacker could entice a user to open a...

7.5CVSS2.5AI score0.02719EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.97 views

Firejail: Privilege escalation

Background A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Description It was discovered that a flaw in Firejail’s OverlayFS code allowed restricted programs to escape sandbox. Impac...

7.8CVSS7.6AI score0.00444EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.74 views

PHP: Multiple vulnerabilities

Background PHP is an open source general-purpose scripting language that is especially suited for web development. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers and bugs referenced below for details. Impact Please review the referenced CVE...

7.5CVSS1.8AI score0.03179EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.67 views

Prosŏdy IM: Multiple vulnerabilities

Background Prosŏdy IM is a modern XMPP communication server. It aims to be easy to set up and configure, and efficient with system resources. Description Multiple vulnerabilities have been discovered in Prosŏdy IM. Please review the CVE identifiers referenced below for details. Impact Please revi...

7.8CVSS7AI score0.02261EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.57 views

Telegram: Security bypass

Background Telegram is a cloud-based mobile and desktop messaging app with a focus on security and speed. Description It was discovered that Telegram failed to invalidate a recently active session. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

5.3CVSS2AI score0.00843EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.66 views

Mumble: User-assisted execution of arbitrary code

Background Mumble is low-latency voice chat software intended for use with gaming. Description Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted server list web page using Mumble, possibly resulting in executio...

8.8CVSS4.5AI score0.03203EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.69 views

Squid: Multiple vulnerabilities

Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Multiple vulnerabilities ha...

8.6CVSS1.5AI score0.95785EPSS
Exploits5
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.54 views

stunnel: Improper certificate validation

Background The stunnel program is designed to work as an SSL/TLS encryption wrapper between a client and a local or remote server. Description It was discovered that stunnel did not correctly verified the client certificate when options “redirect” and “verifyChain” are used. Impact A remote...

7.5CVSS7.7AI score0.01179EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.72 views

SpamAssassin: Arbitrary command execution

Background SpamAssassin is an extensible email filter used to identify junk email. Description It was discovered that SpamAssassin incorrectly handled certain CF files. Impact A remote attacker could entice a user or automated system to process a specially crafted CF file using SpamAssassin,...

10CVSS3.7AI score0.06132EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.71 views

OpenSMTPD: Multiple vulnerabilities

Background OpenSMTPD is a lightweight but featured SMTP daemon from OpenBSD. Description Multiple vulnerabilities have been discovered in OpenSMTPD. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by connecting to the SMTP listener daemon, could possibly...

7.5CVSS2.4AI score0.03578EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.45 views

Tcpreplay: Multiple vulnerabilities

Background Tcpreplay is a suite of utilities for UNIX systems for editing and replaying network traffic which was previously captured by tools like tcpdump and ethereal/wireshark. Description Multiple vulnerabilities have been discovered in Tcpreplay. Please review the CVE identifiers referenced...

7.5CVSS2.5AI score0.02531EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.72 views

Nextcloud Desktop Client: User-assisted execution of arbitrary code

Background The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. Description It was discovered that Nextcloud Desktop Client did not validate URLs. Impact A remote attacker could entice a user to connect to a malicious Nextcloud server to cause the...

8.8CVSS3.2AI score0.04698EPSS
Exploits1
Total number of security vulnerabilities3816