Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gentoo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-2194
Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote malicious users to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.
Gentoo Xnview 1.90.3
1 EDB exploit
NA
CVE-2013-2100
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and modify binary package lists via a crafted certificate.
Gentoo Portage 2.1.12
5.5
CVSSv3
CVE-2017-14483
flower.initd in the Gentoo dev-python/flower package prior to 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root ...
Gentoo Dev-python-flower
NA
CVE-2014-9622
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent malicious users to execute arbitrary code via the URL argument to xdg-open.
Gentoo Xdg-utils 1.1.0
9.8
CVSSv3
CVE-2020-36770
pkg_postinst in the Gentoo ebuild for Slurm up to and including 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.
Gentoo Ebuild For Slurm
NA
CVE-2008-1078
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.
Rpath Rpath Linux
Gentoo Linux
NA
CVE-2005-1707
The fn_show_postinst function in Gentoo webapp-config prior to 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.
Gentoo Linux Webapp-config 1.10
1 EDB exploit
7.3
CVSSv3
CVE-2017-14484
The Gentoo sci-mathematics/gimps package prior to 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed.
Gentoo Sci-mathematics-gimps 28.10
NA
CVE-2004-1336
The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
Debian Tetex-bin 2.0.2
Gentoo Linux
NA
CVE-2004-0548
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" d...
Gnu Aspell 0.50.5
Gentoo Linux 1.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »