Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
GentooLinux

136 matches found

CVE
CVEadded 2025/01/14 6:15 p.m.264 views

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

7.5CVSS7.5AI score0.01186EPSS
CVE
CVEadded 2025/01/14 6:15 p.m.140 views

CVE-2024-12088

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the d...

7.5CVSS8AI score0.0052EPSS
CVE
CVEadded 2004/08/06 4:0 a.m.126 views

CVE-2004-0495

Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.

7.2CVSS6.5AI score0.00056EPSS
CVE
CVEadded 2005/03/01 5:0 a.m.118 views

CVE-2004-1036

Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.

6.8CVSS5.9AI score0.04171EPSS
CVE
CVEadded 2025/01/15 3:15 p.m.113 views

CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.

9.8CVSS9.6AI score0.02911EPSS
CVE
CVEadded 2025/01/14 6:15 p.m.113 views

CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper symli...

7.5CVSS6.5AI score0.00661EPSS
CVE
CVEadded 2005/01/27 5:0 a.m.103 views

CVE-2004-0930

The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.

5CVSS5.9AI score0.06058EPSS
CVE
CVEadded 2004/08/06 4:0 a.m.100 views

CVE-2004-0554

Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.

2.1CVSS5.9AI score0.00665EPSS
CVE
CVEadded 2004/08/06 4:0 a.m.98 views

CVE-2004-0557

Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.

10CVSS7.5AI score0.4451EPSS
CVE
CVEadded 2013/12/13 6:7 p.m.97 views

CVE-2013-0348

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.

2.1CVSS6AI score0.00048EPSS
CVE
CVEadded 2025/01/14 6:15 p.m.97 views

CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with...

6.8CVSS6.1AI score0.00172EPSS
CVE
CVEadded 2003/10/06 4:0 a.m.92 views

CVE-2003-0694

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

10CVSS7.7AI score0.7608EPSS
CVE
CVEadded 2005/02/09 5:0 a.m.92 views

CVE-2004-0975

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

2.1CVSS5.4AI score0.00071EPSS
CVE
CVEadded 2004/07/27 4:0 a.m.89 views

CVE-2004-0700

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function...

7.5CVSS7AI score0.30648EPSS
CVE
CVEadded 2005/06/20 4:0 a.m.89 views

CVE-2005-1267

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

5CVSS6AI score0.1127EPSS
CVE
CVEadded 2004/12/06 5:0 a.m.86 views

CVE-2004-0604

The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference.

5CVSS6.5AI score0.01271EPSS
CVE
CVEadded 2005/01/27 5:0 a.m.83 views

CVE-2004-0889

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

10CVSS7.3AI score0.04443EPSS
CVE
CVEadded 2005/04/27 4:0 a.m.81 views

CVE-2005-0206

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

7.5CVSS6.7AI score0.06529EPSS
CVE
CVEadded 2004/09/01 4:0 a.m.79 views

CVE-2002-1337

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

10CVSS7.6AI score0.51022EPSS
CVE
CVEadded 2006/01/06 10:0 p.m.79 views

CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

5CVSS6.3AI score0.07223EPSS
CVE
CVEadded 2004/08/06 4:0 a.m.78 views

CVE-2004-0535

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.

2.1CVSS5.7AI score0.0009EPSS
CVE
CVEadded 2005/01/10 5:0 a.m.78 views

CVE-2004-0996

main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.

2.1CVSS6AI score0.00393EPSS
CVE
CVEadded 2006/01/06 10:0 p.m.78 views

CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

5CVSS6.1AI score0.09167EPSS
CVE
CVEadded 2004/08/06 4:0 a.m.76 views

CVE-2004-0493

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab charact...

6.4CVSS6.8AI score0.89211EPSS
CVE
CVEadded 2005/01/10 5:0 a.m.75 views

CVE-2004-1106

Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.

6.8CVSS5.9AI score0.01631EPSS
CVE
CVEadded 2006/01/06 10:0 p.m.75 views

CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

10CVSS6.2AI score0.11286EPSS
CVE
CVEadded 2003/10/06 4:0 a.m.72 views

CVE-2003-0681

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

7.5CVSS6.8AI score0.1288EPSS
CVE
CVEadded 2004/09/17 4:0 a.m.72 views

CVE-2004-0809

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

5CVSS7.2AI score0.11986EPSS
CVE
CVEadded 2005/01/27 5:0 a.m.72 views

CVE-2004-0888

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

10CVSS7.6AI score0.04443EPSS
CVE
CVEadded 2004/08/18 4:0 a.m.69 views

CVE-2004-0226

Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

10CVSS7AI score0.01177EPSS
CVE
CVEadded 2004/12/06 5:0 a.m.69 views

CVE-2004-0496

Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.

7.2CVSS6.5AI score0.0006EPSS
CVE
CVEadded 2004/12/06 5:0 a.m.69 views

CVE-2004-0497

Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.

2.1CVSS5.7AI score0.00293EPSS
CVE
CVEadded 2004/08/06 4:0 a.m.69 views

CVE-2004-0548

Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.

7.2CVSS7.3AI score0.00184EPSS
CVE
CVEadded 2005/01/27 5:0 a.m.69 views

CVE-2004-0881

getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.

2.1CVSS6AI score0.00071EPSS
CVE
CVEadded 2005/05/02 4:0 a.m.69 views

CVE-2005-0988

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

3.7CVSS5.9AI score0.00115EPSS
CVE
CVEadded 2005/01/27 5:0 a.m.67 views

CVE-2004-0891

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer...

10CVSS8AI score0.05439EPSS
CVE
CVEadded 2005/01/10 5:0 a.m.67 views

CVE-2004-1304

Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.

10CVSS7.6AI score0.0572EPSS
CVE
CVEadded 2005/01/10 5:0 a.m.66 views

CVE-2004-1026

Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

10CVSS7.4AI score0.02681EPSS
CVE
CVEadded 2004/12/06 5:0 a.m.65 views

CVE-2004-0456

Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.

7.6CVSS7.7AI score0.01293EPSS
CVE
CVEadded 2005/03/01 5:0 a.m.65 views

CVE-2004-0990

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPng...

10CVSS7.9AI score0.34839EPSS
CVE
CVEadded 2005/03/01 5:0 a.m.65 views

CVE-2004-1052

Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.

10CVSS7.7AI score0.01472EPSS
CVE
CVEadded 2005/01/10 5:0 a.m.64 views

CVE-2004-1161

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.

7.5CVSS6.8AI score0.04734EPSS
CVE
CVEadded 2013/11/18 2:55 a.m.64 views

CVE-2013-2031

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.

4.3CVSS6.7AI score0.01547EPSS
CVE
CVEadded 2004/08/06 4:0 a.m.63 views

CVE-2004-0418

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

10CVSS7.3AI score0.14279EPSS
CVE
CVEadded 2005/05/02 4:0 a.m.63 views

CVE-2005-0005

Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.

7.5CVSS7.8AI score0.03499EPSS
CVE
CVEadded 2004/12/06 5:0 a.m.62 views

CVE-2004-0565

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.

2.1CVSS5.7AI score0.00074EPSS
CVE
CVEadded 2005/01/10 5:0 a.m.62 views

CVE-2004-0914

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers t...

10CVSS7.6AI score0.0079EPSS
CVE
CVEadded 2005/02/09 5:0 a.m.62 views

CVE-2004-0981

Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.

10CVSS7.3AI score0.07221EPSS
CVE
CVEadded 2005/03/01 5:0 a.m.62 views

CVE-2004-0983

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

5CVSS6.2AI score0.01117EPSS
CVE
CVEadded 2004/05/04 4:0 a.m.61 views

CVE-2004-0386

Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.

10CVSS7.7AI score0.34063EPSS
Total number of security vulnerabilities136