Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gentoo vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2004-1115
The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and previous versions execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
Gentoo Linux
7.2
CVSSv2
CVE-2004-1117
The init scripts in ChessBrain 20407 and previous versions execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
Gentoo Linux
7.2
CVSSv2
CVE-2007-3508
Integer overflow in the process_envvars function in elf/rtld.c in glibc prior to 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitab...
Gentoo Glibc
1.9
CVSSv2
CVE-2008-1383
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.
Gentoo Linux
7.2
CVSSv2
CVE-2004-1116
The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and previous versions execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
Gentoo Linux
6.3
CVSSv2
CVE-2011-1549
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directorie...
Gentoo Logrotate
6.3
CVSSv2
CVE-2011-1550
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted d...
Gentoo Logrotate
3.6
CVSSv2
CVE-2004-2778
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected comman...
Gentoo Portage
NA
CVE-2016-20021
In Gentoo Portage prior to 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.
Gentoo Portage
2.1
CVSSv2
CVE-2019-20384
Gentoo Portage up to and including 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.
Gentoo Portage
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »