Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gentoo vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2015-8556
Local privilege escalation vulnerability in the Gentoo QEMU package prior to 2.5.0-r1.
Qemu Qemu
1 EDB exploit
9.8
CVSSv3
CVE-2024-3273
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The mani...
Dlink Dns-320l Firmware -
Dlink Dns-120 Firmware -
Dlink Dnr-202l Firmware -
Dlink Dns-315l Firmware -
Dlink Dns-320 Firmware -
Dlink Dns-320lw Firmware -
Dlink Dns-321 Firmware -
Dlink Dnr-322l Firmware -
Dlink Dns-323 Firmware -
Dlink Dns-325 Firmware -
Dlink Dns-326 Firmware -
Dlink Dns-327l Firmware -
Dlink Dnr-326 Firmware -
Dlink Dns-340l Firmware -
Dlink Dns-343 Firmware -
Dlink Dns-345 Firmware -
Dlink Dns-726-4 Firmware -
Dlink Dns-1100-4 Firmware -
Dlink Dns-1200-05 Firmware -
Dlink Dns-1550-04 Firmware -
6 Github repositories
2 Articles
9.8
CVSSv3
CVE-2020-36770
pkg_postinst in the Gentoo ebuild for Slurm up to and including 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.
Gentoo Ebuild For Slurm
9.8
CVSSv3
CVE-2016-20021
In Gentoo Portage prior to 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.
Gentoo Portage
9.8
CVSSv3
CVE-2023-28424
Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, unauthenticated attackers...
Gentoo Soko
9.8
CVSSv3
CVE-2017-20148
In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.
Debian Logcheck
9.8
CVSSv3
CVE-2017-16638
The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.
Vde Project Vde
9.1
CVSSv3
CVE-2023-26033
Gentoo soko is the code that powers packages.gentoo.org. Versions before 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects (in user preferences) the "Recently Visited Packages" view for the index page, the value of the `search_hi...
Gentoo Soko
8.8
CVSSv3
CVE-2020-5208
It's been found that multiple functions in ipmitool prior to 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitoo...
Ipmitool Project Ipmitool 1.8.18
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Opensuse Leap 15.1
7.8
CVSSv3
CVE-2020-36657
uptimed prior to 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.
Uptimed Project Uptimed
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »