Lucene search

K

Gentoo Security Vulnerabilities

cve
cve

CVE-2007-3508

Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code...

7.4AI Score

0.0004EPSS

2007-07-03 09:30 PM
60
cve
cve

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a...

5.9CVSS

6.7AI Score

0.962EPSS

2023-12-18 04:15 PM
401
cve
cve

CVE-2004-1106

Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in...

5.9AI Score

0.049EPSS

2005-01-10 05:00 AM
54
cve
cve

CVE-2004-0634

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null...

6.1AI Score

0.023EPSS

2004-12-06 05:00 AM
26
cve
cve

CVE-2004-0633

The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer...

6.3AI Score

0.026EPSS

2004-12-06 05:00 AM
25
cve
cve

CVE-2004-0635

The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds...

6.2AI Score

0.022EPSS

2004-12-06 05:00 AM
30
cve
cve

CVE-2002-1337

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of...

7.6AI Score

0.902EPSS

2004-09-01 04:00 AM
52
cve
cve

CVE-2004-1901

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the...

5.5CVSS

5.4AI Score

0.0004EPSS

2005-05-10 04:00 AM
19
cve
cve

CVE-2020-36770

pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned...

9.8CVSS

9.3AI Score

0.001EPSS

2024-01-15 07:15 AM
10
cve
cve

CVE-2016-20021

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not...

9.8CVSS

9.4AI Score

0.001EPSS

2024-01-12 03:15 AM
13
cve
cve

CVE-2008-0386

Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2)...

7.3AI Score

0.037EPSS

2008-02-04 11:00 PM
20
cve
cve

CVE-2022-23220

USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects...

7.8CVSS

7.8AI Score

0.0004EPSS

2022-01-21 04:15 PM
79
cve
cve

CVE-2008-1078

expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as...

6AI Score

0.0004EPSS

2008-02-29 02:44 AM
23
cve
cve

CVE-2004-0834

Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3)...

7AI Score

0.001EPSS

2004-12-23 05:00 AM
24
cve
cve

CVE-2007-4137

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function,...

6AI Score

0.016EPSS

2007-09-18 07:17 PM
29
cve
cve

CVE-2004-0493

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab...

6.8AI Score

0.962EPSS

2004-08-06 04:00 AM
51
cve
cve

CVE-2004-0809

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring...

7.2AI Score

0.009EPSS

2004-09-17 04:00 AM
40
cve
cve

CVE-2004-1027

Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot)...

6.5AI Score

0.003EPSS

2005-03-01 05:00 AM
31
cve
cve

CVE-2004-0667

Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated...

7AI Score

0.0004EPSS

2004-08-06 04:00 AM
31
cve
cve

CVE-2023-28424

Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, are affected by a SQL injection via the q parameter. As a result, unauthenticated attackers can execute arbitrary SQL....

9.8CVSS

9.9AI Score

0.003EPSS

2023-03-20 01:15 PM
23
cve
cve

CVE-2023-26033

Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects (in user preferences) the "Recently Visited Packages" view for the index page, the value of the search_history cookie is used as a...

9.1CVSS

9.1AI Score

0.001EPSS

2023-02-25 12:15 AM
60
cve
cve

CVE-2008-4579

The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary...

5.9AI Score

0.0004EPSS

2008-10-15 08:08 PM
33
cve
cve

CVE-2008-4580

fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary...

6AI Score

0.0004EPSS

2008-10-15 08:08 PM
22
cve
cve

CVE-2011-1098

Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in...

5.7AI Score

0.0005EPSS

2011-03-30 10:55 PM
45
cve
cve

CVE-2013-0348

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the...

6AI Score

0.0004EPSS

2013-12-13 06:07 PM
69
cve
cve

CVE-2012-4893

Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than...

7.2AI Score

0.973EPSS

2022-10-03 04:15 PM
28
cve
cve

CVE-2011-1550

The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as...

6.6AI Score

0.0004EPSS

2022-10-03 04:15 PM
21
cve
cve

CVE-2007-5714

The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary...

7.3AI Score

0.007EPSS

2022-10-03 04:14 PM
21
cve
cve

CVE-2019-20384

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to...

5.5CVSS

5.3AI Score

0.0004EPSS

2020-01-21 12:15 AM
53
cve
cve

CVE-2017-18284

The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a...

7.1CVSS

6.8AI Score

0.0004EPSS

2018-06-04 06:29 AM
31
cve
cve

CVE-2017-18285

The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf...

7.1CVSS

6.7AI Score

0.0004EPSS

2018-06-04 06:29 AM
34
cve
cve

CVE-2017-18225

The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of....

7.8CVSS

8AI Score

0.0004EPSS

2018-03-12 04:29 AM
28
cve
cve

CVE-2017-18226

The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM cat...

5.5CVSS

5.7AI Score

0.0004EPSS

2018-03-12 04:29 AM
24
cve
cve

CVE-2017-15945

The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql...

7.8CVSS

7.6AI Score

0.0004EPSS

2017-10-27 09:29 PM
150
cve
cve

CVE-2017-14730

The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard...

7.8CVSS

7.6AI Score

0.0004EPSS

2017-09-25 05:29 PM
23
cve
cve

CVE-2017-14484

The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is...

7.3CVSS

7.3AI Score

0.0004EPSS

2017-09-15 10:29 AM
21
cve
cve

CVE-2017-14483

flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a...

5.5CVSS

5.4AI Score

0.0004EPSS

2017-09-15 10:29 AM
21
cve
cve

CVE-2004-2778

Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected...

7.1CVSS

7AI Score

0.0004EPSS

2017-06-27 08:29 PM
23
cve
cve

CVE-2014-9622

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to...

8.7AI Score

0.01EPSS

2015-01-21 06:59 PM
36
cve
cve

CVE-2013-2100

The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted...

6.4AI Score

0.001EPSS

2014-09-29 10:55 PM
23
cve
cve

CVE-2014-4909

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds...

7.7AI Score

0.04EPSS

2014-07-29 02:55 PM
36
cve
cve

CVE-2013-4223

The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the...

6.6AI Score

0.0004EPSS

2014-05-23 02:55 PM
17
cve
cve

CVE-2013-2031

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and...

6.7AI Score

0.004EPSS

2013-11-18 02:55 AM
39
cve
cve

CVE-2013-2032

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these...

7.5AI Score

0.007EPSS

2013-11-18 02:55 AM
29
cve
cve

CVE-2010-1159

Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL...

7.8AI Score

0.426EPSS

2013-10-28 10:55 PM
25
cve
cve

CVE-2012-2981

Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name)...

7.1AI Score

0.006EPSS

2012-09-11 06:55 PM
28
cve
cve

CVE-2012-2982

file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe)...

7.1AI Score

0.973EPSS

2012-09-11 06:55 PM
125
4
cve
cve

CVE-2012-2983

file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file...

6.6AI Score

0.017EPSS

2012-09-11 06:55 PM
109
cve
cve

CVE-2011-1549

The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by...

6.4AI Score

0.0004EPSS

2011-03-30 10:55 PM
26
cve
cve

CVE-2011-1154

The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine...

7.2AI Score

0.001EPSS

2011-03-30 10:55 PM
42
Total number of security vulnerabilities193