Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gentoo vulnerabilities and exploits
(subscribe to this query)
641
VMScore
CVE-2007-3508
Integer overflow in the process_envvars function in elf/rtld.c in glibc prior to 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitab...
Gentoo Glibc
187
VMScore
CVE-2004-1107
dispatch-conf in Portage 2.0.51-r2 and previous versions allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Gentoo Linux
187
VMScore
CVE-2004-1108
qpkg in Gentoolkit 0.2.0_pre10 and previous versions allows local users to overwrite arbitrary files via a symlink attack on a temporary directory.
Gentoo Linux
641
VMScore
CVE-2004-1115
The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and previous versions execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
Gentoo Linux
641
VMScore
CVE-2004-1117
The init scripts in ChessBrain 20407 and previous versions execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
Gentoo Linux
587
VMScore
CVE-2007-3531
The set_default_speeds function in backend/backend.c in NVidia NVClock prior to 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.
Gentoo Nvclock
NA
CVE-2023-26033
Gentoo soko is the code that powers packages.gentoo.org. Versions before 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects (in user preferences) the "Recently Visited Packages" view for the index page, the value of the `search_hi...
Gentoo Soko
383
VMScore
CVE-2007-1500
The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat.
Gentoo Linux
NA
CVE-2016-20021
In Gentoo Portage prior to 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.
Gentoo Portage
187
VMScore
CVE-2007-6249
etc-update in Portage prior to 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.
Gentoo Portage
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »