Vulnerabilities (CVE)

Filtered by vendor Gentoo Subscribe
Filtered by product Linux
Total 154 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-0635 4 Ethereal Group, Gentoo, Mandrakesoft and 1 more 5 Ethereal, Linux, Mandrake Linux and 2 more 2024-02-14 5.0 MEDIUM N/A
The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
CVE-2004-0633 4 Ethereal Group, Gentoo, Mandrakesoft and 1 more 5 Ethereal, Linux, Mandrake Linux and 2 more 2024-02-14 5.0 MEDIUM N/A
The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.
CVE-2004-1106 2 Gallery Project, Gentoo 2 Gallery, Linux 2024-02-14 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.
CVE-2004-0634 4 Ethereal Group, Gentoo, Mandrakesoft and 1 more 5 Ethereal, Linux, Mandrake Linux and 2 more 2024-02-14 5.0 MEDIUM N/A
The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.
CVE-2002-1337 7 Gentoo, Hp, Netbsd and 4 more 9 Linux, Alphaserver Sc, Hp-ux and 6 more 2024-02-09 10.0 HIGH N/A
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
CVE-2004-1901 1 Gentoo 2 Linux, Portage 2024-01-26 4.6 MEDIUM 5.5 MEDIUM
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
CVE-2022-23220 4 Canonical, Debian, Gentoo and 1 more 4 Ubuntu Linux, Debian Linux, Linux and 1 more 2023-12-10 7.2 HIGH 7.8 HIGH
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.
CVE-2017-18285 2 Burp Project, Gentoo 2 Burp, Linux 2023-12-10 3.6 LOW 7.1 HIGH
The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change.
CVE-2017-18284 2 Burp Project, Gentoo 2 Burp, Linux 2023-12-10 3.6 LOW 7.1 HIGH
The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.
CVE-2017-18225 2 Gentoo, Jabberd2 2 Linux, Jabberd2 2023-12-10 4.6 MEDIUM 7.8 HIGH
The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs.
CVE-2017-18226 2 Gentoo, Jabberd2 2 Linux, Jabberd2 2023-12-10 2.1 LOW 5.5 MEDIUM
The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command.
CVE-2017-15945 3 Gentoo, Mariadb, Mysql 3 Linux, Mariadb, Mysql 2023-12-10 7.2 HIGH 7.8 HIGH
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
CVE-2017-14730 2 Elasticsearch, Gentoo 2 Logstash, Linux 2023-12-10 7.2 HIGH 7.8 HIGH
The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.
CVE-2014-4909 4 Canonical, Fedoraproject, Gentoo and 1 more 4 Ubuntu Linux, Fedora, Linux and 1 more 2023-12-10 6.8 MEDIUM N/A
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
CVE-2013-2031 2 Gentoo, Mediawiki 2 Linux, Mediawiki 2023-12-10 4.3 MEDIUM N/A
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.
CVE-2013-2032 3 Fedoraproject, Gentoo, Mediawiki 3 Fedora, Linux, Mediawiki 2023-12-10 5.0 MEDIUM N/A
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.
CVE-2010-1159 2 Aircrack-ng, Gentoo 2 Aircrack-ng, Linux 2023-12-10 6.8 MEDIUM N/A
Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet.
CVE-2013-0348 5 Acme, Fedoraproject, Gentoo and 2 more 5 Thttpd, Fedora, Linux and 2 more 2023-12-10 2.1 LOW N/A
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
CVE-2011-1549 1 Gentoo 2 Linux, Logrotate 2023-12-10 6.3 MEDIUM N/A
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.
CVE-2008-1291 3 Gentoo, Redhat, Viewvc 3 Linux, Fedora, Viewvc 2023-12-10 4.3 MEDIUM N/A
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.