gentoo linux · threatengine.sh

CVE-2024-12084

all versions

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled che

9.8CRITICAL

CVE-2024-12088

all versions

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link dest

6.5MEDIUM

CVE-2024-12087

all versions

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled

6.5MEDIUM

CVE-2024-12086

all versions

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This

6.1MEDIUM

CVE-2024-12085

all versions

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate

7.5HIGH

CVE-2014-4909

all versions

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers

CVE-2013-0348

all versions

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local u

CVE-2013-2032

all versions

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:

CVE-2013-2031

all versions

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonst

CVE-2010-1159

all versions

Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and exe

CVE-2008-1383

all versions

The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, w

CVE-2008-1078

all versions

expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitra

CVE-2007-4074

all versions

The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE

CVE-2007-1500

all versions

The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, a

CVE-2007-0476

all versions

The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild

CVE-2006-3005

all versions

The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-d

CVE-2006-1390

all versions

The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Lin

CVE-2006-0071

all versions

The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read o

CVE-2005-3626

all versions

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause

CVE-2005-3625

all versions

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause

CVE-2005-3624

all versions

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and

CVE-2005-2557

all versions

Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject

CVE-2005-1267

all versions

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which al

CVE-2005-1121

all versions

Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth func

CVE-2005-0988

all versions

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of a

CVE-2005-0077

all versions

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID fil

CVE-2005-0005

all versions

Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute

CVE-2005-0206

all versions

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certa

CVE-2005-0754

all versions

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to ex

CVE-2004-1176

all versions

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and

CVE-2004-1175

all versions

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using

CVE-2004-1174

all versions

direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existi

CVE-2004-1093

all versions

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

CVE-2004-1092

all versions

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated

CVE-2004-1091

all versions

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

CVE-2004-1090

all versions

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

CVE-2004-1009

all versions

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack

CVE-2004-1005

all versions

Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

CVE-2004-1004

all versions

Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown imp

CVE-2005-0470

all versions

Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via inval

CVE-2005-0667

all versions

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an

CVE-2004-1055

all versions

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary

CVE-2004-1052

all versions

Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute ar

CVE-2004-1037

all versions

The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search s

CVE-2004-1036

all versions

Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a an

CVE-2004-1034

all versions

Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote att

CVE-2004-1033

all versions

Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access r

CVE-2004-1032

all versions

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary

CVE-2004-1031

all versions

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbi

CVE-2004-1030

all versions

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcron

CVE-2004-1029

all versions

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not pro

CVE-2004-1027

all versions

Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary

CVE-2004-0990

all versions

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a den

CVE-2004-0983

all versions

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop

CVE-2005-0535

all versions

Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attacke

CVE-2004-0981

all versions

Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a ce

CVE-2004-0980

all versions

Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain ser

CVE-2004-0975

all versions

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users

CVE-2004-0972

all versions

The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allo

CVE-2004-0969

all versions

The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly oth

CVE-2004-0947

all versions

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long f

CVE-2004-0937

all versions

Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass

CVE-2004-0936

all versions

RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set

CVE-2004-0935

all versions

Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file wi

CVE-2004-0934

all versions

Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global heade

CVE-2004-0933

all versions

Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTru

CVE-2004-0932

all versions

McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows re

CVE-2004-0930

all versions

The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial o

CVE-2004-0918

all versions

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to

CVE-2004-0891

all versions

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (applicati

CVE-2004-0889

all versions

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a deni

CVE-2004-0888

all versions

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow r

CVE-2004-0881

all versions

getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary direct

CVE-2004-0880

all versions

getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.

CVE-2004-1304

all versions

Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a cr

CVE-2004-1162

all versions

The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticat

CVE-2004-1161

all versions

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass

CVE-2004-1117

all versions

The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gai

CVE-2004-1116

all versions

The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges

CVE-2004-1115

all versions

The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with r

CVE-2004-1110

all versions

The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on t

CVE-2004-1108

all versions

qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary dir

CVE-2004-1107

all versions

dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary f

CVE-2004-1106

all versions

Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script

CVE-2004-1096

all versions

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antiv

CVE-2004-1026

all versions

Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers

CVE-2004-1025

all versions

Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remo

CVE-2004-0996

all versions

main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary

CVE-2004-0914

all versions

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer over

CVE-2004-1901

all versions

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.

5.5MEDIUM

CVE-2004-1491

all versions

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code v

CVE-2004-1471

all versions

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVS

CVE-2004-1452

all versions

Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the script

CVE-2004-1336

all versions

The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite

CVE-2004-0834

all versions

Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run,

CVE-2004-0749

all versions

The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, wh

CVE-2004-1307

all versions

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitra

CVE-2004-0635

all versions

The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1

CVE-2004-0634

all versions

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash)

CVE-2004-0633

all versions

The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an

CVE-2004-0626

all versions

The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows rem

CVE-2004-0608

all versions

The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena

CVE-2004-0604

all versions

The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possi

CVE-2004-0565

all versions

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH own

CVE-2004-0497

all versions

Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in ker

CVE-2004-0496

all versions

Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set

CVE-2004-0456

all versions

Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary co

CVE-2004-0333

all versions

Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote

CVE-2004-0746

all versions

Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.u

CVE-2004-0500

all versions

Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a den

CVE-2004-0809

all versions

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a c

CVE-2004-0432

all versions

ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clie

CVE-2004-0419

all versions

XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to conne

CVE-2004-0232

all versions

Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or

CVE-2004-0231

all versions

Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and dir

CVE-2004-0229

all versions

The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact.

CVE-2004-0226

all versions

Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbi

CVE-2004-1737

all versions

SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass

CVE-2004-0667

all versions

Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which

CVE-2004-0649

all versions

Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitrary code.

CVE-2004-0557

all versions

Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote a

CVE-2004-0554

all versions

Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop

CVE-2004-0548

all versions

Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execut

CVE-2004-0535

all versions

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users

CVE-2004-0495

all versions

Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as foun

CVE-2004-0493

all versions

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhausti

CVE-2004-0418

all versions

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow

CVE-2004-0417

all versions

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.1

CVE-2004-0416

all versions

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remot

CVE-2004-0414

all versions

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL ter

CVE-2004-0700

all versions

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache befor

CVE-2004-0386

all versions

Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary co

CVE-2004-1983

all versions

The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (AS

CVE-2004-0224

all versions

Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail b

CVE-2003-0694

all versions

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstr

CVE-2003-0681

all versions

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final

CVE-2002-1337

all versions

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields,