Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gentoo vulnerabilities and exploits
(subscribe to this query)
561
VMScore
CVE-2011-1550
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted d...
Gentoo Logrotate
587
VMScore
CVE-2007-3531
The set_default_speeds function in backend/backend.c in NVidia NVClock prior to 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.
Gentoo Nvclock
187
VMScore
CVE-2007-6249
etc-update in Portage prior to 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.
Gentoo Portage
1000
VMScore
CVE-2007-2194
Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote malicious users to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.
Gentoo Xnview 1.90.3
1 EDB exploit
890
VMScore
CVE-2003-1422
Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors.
Gentoo Syslinux 2.0.1
890
VMScore
CVE-2005-0002
poppassd_pam 1.0 and previous versions, when changing a user password, does not verify that the user entered the old password correctly, which allows remote malicious users to change passwords for arbitrary users.
Gentoo Poppassd Pam
605
VMScore
CVE-2007-5714
The Gentoo ebuild of MLDonkey prior to 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote malicious users to obtain login access and execute arbitrary code.
Gentoo Mldonkey Ebuild
445
VMScore
CVE-2013-4223
The Gentoo Nullmailer package prior to 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file.
Gentoo Nullmailer 1.11
445
VMScore
CVE-2005-3785
Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) prior to 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program.
Gentoo Linux Eix
828
VMScore
CVE-2013-2100
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and modify binary package lists via a crafted certificate.
Gentoo Portage 2.1.12
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »