Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gentoo vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-20021
In Gentoo Portage prior to 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.
Gentoo Portage
NA
CVE-2007-3531
The set_default_speeds function in backend/backend.c in NVidia NVClock prior to 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.
Gentoo Nvclock
7.1
CVSSv3
CVE-2004-2778
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected comman...
Gentoo Portage
NA
CVE-2007-5714
The Gentoo ebuild of MLDonkey prior to 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote malicious users to obtain login access and execute arbitrary code.
Gentoo Mldonkey Ebuild
NA
CVE-2003-1422
Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors.
Gentoo Syslinux 2.0.1
NA
CVE-2005-4279
Untrusted search path vulnerability in Qt-UnixODBC prior to 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
Gentoo Qt-unixodbc
NA
CVE-2007-2194
Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote malicious users to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.
Gentoo Xnview 1.90.3
1 EDB exploit
NA
CVE-2008-0386
Xdg-utils 1.0.2 and previous versions allows user-assisted remote malicious users to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.
Gentoo Xdg-utils
NA
CVE-2005-3785
Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) prior to 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program.
Gentoo Linux Eix
NA
CVE-2013-4223
The Gentoo Nullmailer package prior to 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file.
Gentoo Nullmailer 1.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »