Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gentoo vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2022-23220
USBView 2.1 prior to 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option....
Usbview Project Usbview
6.5
CVSSv2
CVE-2020-5208
It's been found that multiple functions in ipmitool prior to 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitoo...
Ipmitool Project Ipmitool 1.8.18
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Opensuse Leap 15.1
2.1
CVSSv2
CVE-2019-20384
Gentoo Portage up to and including 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.
Gentoo Portage
6.9
CVSSv2
CVE-2019-19882
shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing -...
Shadow Project Shadow 4.8
5
CVSSv2
CVE-2013-1771
The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.
Monkey-project Monkey -
3.6
CVSSv2
CVE-2017-18284
The Gentoo app-backup/burp package prior to 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.
Burp Project Burp
3.6
CVSSv2
CVE-2017-18285
The Gentoo app-backup/burp package prior to 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change.
Burp Project Burp
4.9
CVSSv2
CVE-2017-18240
The Gentoo app-admin/collectd package prior to 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL ...
Collectd Collectd
Collectd Collectd 5.7.2
4.6
CVSSv2
CVE-2017-18225
The Gentoo net-im/jabberd2 package up to and including 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then wait...
Jabberd2 Jabberd2
2.1
CVSSv2
CVE-2017-18226
The Gentoo net-im/jabberd2 package up to and including 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "...
Jabberd2 Jabberd2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »