gentoo

Top products

The 15 most recently published vulnerabilities affecting gentoo.

• CVE-2024-12084Rsync: heap buffer overflow in rsync due to improper checksum length handling9.8Jan 15, 2025
• CVE-2024-12087Rsync: path traversal vulnerability in rsync6.5Jan 14, 2025
• CVE-2024-12088Rsync: --safe-links option bypass leads to path traversal6.5Jan 14, 2025
• CVE-2024-12086Rsync: rsync server leaks arbitrary client files6.1Jan 14, 2025
• CVE-2024-12085Rsync: info leak via uninitialized stack contents7.5Jan 14, 2025
• CVE-2020-36770pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to b...9.8Jan 15, 2024
• CVE-2016-20021In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge...9.8Jan 12, 2024
• CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (fr...5.9Dec 18, 2023
• CVE-2023-28424Soko SQL Injection vulnerability9.1Mar 20, 2023
• CVE-2023-26033Gentoo soko contains DoS attack based on SQL Injection7.5Feb 24, 2023
• CVE-2019-20384Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is...5.5Jan 20, 2020
• CVE-2017-14484The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because...7.3Sep 15, 2017
• CVE-2017-14483flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by le...5.5Sep 15, 2017
• CVE-2004-2778Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted co...7.1Jun 27, 2017
• CVE-2014-9622Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.6.8Jan 21, 2015