Filtered by vendor Gentoo
Subscriptions
Total
199 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0700 | 3 Gentoo, Mod Ssl, Redhat | 5 Linux, Mod Ssl, Enterprise Linux and 2 more | 2026-04-16 | N/A |
| Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function. | ||||
| CVE-2004-0746 | 5 Gentoo, Kde, Mandrakesoft and 2 more | 6 Linux, Kde, Konqueror and 3 more | 2026-04-16 | N/A |
| Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | ||||
| CVE-2006-0071 | 1 Gentoo | 2 App-crypt Pinentry, Linux | 2026-04-16 | N/A |
| The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0. | ||||
| CVE-2004-0880 | 3 Gentoo, Getmail, Slackware | 3 Linux, Getmail, Slackware Linux | 2026-04-16 | N/A |
| getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file. | ||||
| CVE-2004-0881 | 3 Gentoo, Getmail, Slackware | 3 Linux, Getmail, Slackware Linux | 2026-04-16 | N/A |
| getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir. | ||||
| CVE-2024-36451 | 2 Gentoo, Webmin | 2 Webmin, Webmin | 2025-10-08 | 8.8 High |
| Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted. | ||||
| CVE-2020-36770 | 1 Gentoo | 1 Ebuild For Slurm | 2025-06-20 | 7.8 High |
| pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files. | ||||
| CVE-2016-20021 | 1 Gentoo | 1 Portage | 2025-06-03 | 9.8 Critical |
| In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable. | ||||
| CVE-2004-2778 | 1 Gentoo | 1 Portage | 2025-04-20 | N/A |
| Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands. | ||||
| CVE-2017-14484 | 1 Gentoo | 1 Sci-mathematics-gimps | 2025-04-20 | N/A |
| The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed. | ||||
| CVE-2017-15945 | 3 Gentoo, Mariadb, Mysql | 3 Linux, Mariadb, Mysql | 2025-04-20 | N/A |
| The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. | ||||
| CVE-2017-14730 | 2 Elasticsearch, Gentoo | 2 Logstash, Linux | 2025-04-20 | N/A |
| The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. | ||||
| CVE-2017-14483 | 1 Gentoo | 1 Dev-python-flower | 2025-04-20 | N/A |
| flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. | ||||
| CVE-2014-4909 | 4 Canonical, Fedoraproject, Gentoo and 1 more | 4 Ubuntu Linux, Fedora, Linux and 1 more | 2025-04-12 | N/A |
| Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write. | ||||
| CVE-2014-9622 | 1 Gentoo | 1 Xdg-utils | 2025-04-12 | N/A |
| Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. | ||||
| CVE-2013-2100 | 1 Gentoo | 1 Portage | 2025-04-12 | N/A |
| The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate. | ||||
| CVE-2013-4223 | 1 Gentoo | 1 Nullmailer | 2025-04-12 | N/A |
| The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file. | ||||
| CVE-2023-28424 | 1 Gentoo | 1 Soko | 2025-04-11 | 9.1 Critical |
| Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on `https://packages.gentoo.org/`. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container. The issue was addressed in commit `4fa6e4b619c0362728955b6ec56eab0e0cbf1e23y` of version 1.0.2 using prepared statements to interpolate user-controlled data in SQL queries. | ||||
| CVE-2013-0348 | 5 Acme, Fedoraproject, Gentoo and 2 more | 5 Thttpd, Fedora, Linux and 2 more | 2025-04-11 | N/A |
| thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2011-1549 | 1 Gentoo | 2 Linux, Logrotate | 2025-04-11 | N/A |
| The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages. | ||||