Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gentoo vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2022-23220
USBView 2.1 prior to 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option....
Usbview Project Usbview
7.8
CVSSv3
CVE-2019-19882
shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing -...
Shadow Project Shadow 4.8
7.8
CVSSv3
CVE-2017-18225
The Gentoo net-im/jabberd2 package up to and including 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then wait...
Jabberd2 Jabberd2
7.8
CVSSv3
CVE-2017-16659
The Gentoo mail-filter/assp package 1.9.8.13030 and previous versions allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.
Anti-spam Smtp Proxy Project Anti-spam Smtp Proxy
7.8
CVSSv3
CVE-2017-15945
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages prior to 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging a...
Mysql Mysql
Mariadb Mariadb
7.8
CVSSv3
CVE-2017-14730
The init script in the Gentoo app-admin/logstash-bin package prior to 5.5.3 and 5.6.x prior to 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard lin...
Elasticsearch Logstash 5.0.2
Elasticsearch Logstash 5.1.2
Elasticsearch Logstash 5.4.2
Elasticsearch Logstash 5.5.0
Elasticsearch Logstash 5.2.1
Elasticsearch Logstash 5.3.0
Elasticsearch Logstash 5.3.1
Elasticsearch Logstash 5.3.2
Elasticsearch Logstash 5.5.1
Elasticsearch Logstash 5.5.2
Elasticsearch Logstash 5.6.0
Elasticsearch Logstash 5.0.0
Elasticsearch Logstash 5.0.1
Elasticsearch Logstash 5.1.1
Elasticsearch Logstash 5.2.0
Elasticsearch Logstash 5.4.1
Elasticsearch Logstash 5.4.3
7.5
CVSSv3
CVE-2016-20015
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown.
Smokeping Smokeping
7.5
CVSSv3
CVE-2013-1771
The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.
Monkey-project Monkey -
7.3
CVSSv3
CVE-2017-14484
The Gentoo sci-mathematics/gimps package prior to 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed.
Gentoo Sci-mathematics-gimps 28.10
7.1
CVSSv3
CVE-2017-18284
The Gentoo app-backup/burp package prior to 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.
Burp Project Burp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »