Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gentoo vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2017-16659
The Gentoo mail-filter/assp package 1.9.8.13030 and previous versions allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.
Anti-spam Smtp Proxy Project Anti-spam Smtp Proxy
10
CVSSv2
CVE-2017-16638
The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.
Vde Project Vde
7.2
CVSSv2
CVE-2017-15945
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages prior to 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging a...
Mysql Mysql
Mariadb Mariadb
7.2
CVSSv2
CVE-2017-14730
The init script in the Gentoo app-admin/logstash-bin package prior to 5.5.3 and 5.6.x prior to 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard lin...
Elasticsearch Logstash 5.0.2
Elasticsearch Logstash 5.1.2
Elasticsearch Logstash 5.4.2
Elasticsearch Logstash 5.5.0
Elasticsearch Logstash 5.2.1
Elasticsearch Logstash 5.3.0
Elasticsearch Logstash 5.3.1
Elasticsearch Logstash 5.3.2
Elasticsearch Logstash 5.5.1
Elasticsearch Logstash 5.5.2
Elasticsearch Logstash 5.6.0
Elasticsearch Logstash 5.0.0
Elasticsearch Logstash 5.0.1
Elasticsearch Logstash 5.1.1
Elasticsearch Logstash 5.2.0
Elasticsearch Logstash 5.4.1
Elasticsearch Logstash 5.4.3
4.9
CVSSv2
CVE-2017-14483
flower.initd in the Gentoo dev-python/flower package prior to 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root ...
Gentoo Dev-python-flower
6.9
CVSSv2
CVE-2017-14484
The Gentoo sci-mathematics/gimps package prior to 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed.
Gentoo Sci-mathematics-gimps 28.10
3.6
CVSSv2
CVE-2004-2778
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected comman...
Gentoo Portage
10
CVSSv2
CVE-2015-8556
Local privilege escalation vulnerability in the Gentoo QEMU package prior to 2.5.0-r1.
Qemu Qemu
1 EDB exploit
6.8
CVSSv2
CVE-2014-9622
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent malicious users to execute arbitrary code via the URL argument to xdg-open.
Gentoo Xdg-utils 1.1.0
7.2
CVSSv2
CVE-2013-0347
The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file.
Webfs Webfs -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »