Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gentoo vulnerabilities and exploits
(subscribe to this query)
187
VMScore
CVE-2019-20384
Gentoo Portage up to and including 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.
Gentoo Portage
169
VMScore
CVE-2008-1383
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.
Gentoo Linux
641
VMScore
CVE-2004-1116
The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and previous versions execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
Gentoo Linux
828
VMScore
CVE-2013-2100
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and modify binary package lists via a crafted certificate.
Gentoo Portage 2.1.12
890
VMScore
CVE-2005-0002
poppassd_pam 1.0 and previous versions, when changing a user password, does not verify that the user entered the old password correctly, which allows remote malicious users to change passwords for arbitrary users.
Gentoo Poppassd Pam
605
VMScore
CVE-2007-5714
The Gentoo ebuild of MLDonkey prior to 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote malicious users to obtain login access and execute arbitrary code.
Gentoo Mldonkey Ebuild
1000
VMScore
CVE-2007-2194
Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote malicious users to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.
Gentoo Xnview 1.90.3
1 EDB exploit
445
VMScore
CVE-2013-4223
The Gentoo Nullmailer package prior to 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file.
Gentoo Nullmailer 1.11
445
VMScore
CVE-2005-3785
Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) prior to 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program.
Gentoo Linux Eix
605
VMScore
CVE-2008-0386
Xdg-utils 1.0.2 and previous versions allows user-assisted remote malicious users to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.
Gentoo Xdg-utils
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »