Filtered by vendor Gentoo
Subscriptions
Total
194 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-0386 | 2 Gentoo, Mandrakesoft | 2 Xdg-utils, Mandrake Linux | 2024-08-07 | N/A |
Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email. | ||||
CVE-2009-1144 | 3 Foolabs, Gentoo, Glyphandcog | 3 Xpdf, Gentoo Linux, Xpdfreader | 2024-08-07 | N/A |
Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library. | ||||
CVE-2010-1159 | 2 Aircrack-ng, Gentoo | 2 Aircrack-ng, Linux | 2024-08-07 | N/A |
Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet. | ||||
CVE-2011-1549 | 1 Gentoo | 2 Linux, Logrotate | 2024-08-06 | N/A |
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages. | ||||
CVE-2011-1548 | 2 Debian, Gentoo | 2 Linux, Logrotate | 2024-08-06 | N/A |
The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/. | ||||
CVE-2011-1154 | 2 Gentoo, Redhat | 2 Logrotate, Enterprise Linux | 2024-08-06 | N/A |
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. | ||||
CVE-2011-1155 | 2 Gentoo, Redhat | 2 Logrotate, Enterprise Linux | 2024-08-06 | N/A |
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. | ||||
CVE-2011-1098 | 2 Gentoo, Redhat | 2 Logrotate, Enterprise Linux | 2024-08-06 | N/A |
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. | ||||
CVE-2012-2981 | 1 Gentoo | 1 Webmin | 2024-08-06 | N/A |
Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter. | ||||
CVE-2012-2983 | 1 Gentoo | 1 Webmin | 2024-08-06 | N/A |
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field. | ||||
CVE-2012-2982 | 1 Gentoo | 1 Webmin | 2024-08-06 | N/A |
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character. | ||||
CVE-2013-4223 | 1 Gentoo | 1 Nullmailer | 2024-08-06 | N/A |
The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file. | ||||
CVE-2013-2100 | 1 Gentoo | 1 Portage | 2024-08-06 | N/A |
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate. | ||||
CVE-2013-2031 | 2 Gentoo, Mediawiki | 2 Linux, Mediawiki | 2024-08-06 | N/A |
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox. | ||||
CVE-2013-2032 | 3 Fedoraproject, Gentoo, Mediawiki | 3 Fedora, Linux, Mediawiki | 2024-08-06 | N/A |
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks. | ||||
CVE-2013-0348 | 5 Acme, Fedoraproject, Gentoo and 2 more | 5 Thttpd, Fedora, Linux and 2 more | 2024-08-06 | N/A |
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file. | ||||
CVE-2014-9622 | 1 Gentoo | 1 Xdg-utils | 2024-08-06 | N/A |
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. | ||||
CVE-2014-4909 | 4 Canonical, Fedoraproject, Gentoo and 1 more | 4 Ubuntu Linux, Fedora, Linux and 1 more | 2024-08-06 | N/A |
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write. | ||||
CVE-2016-20021 | 1 Gentoo | 1 Portage | 2024-08-06 | 9.8 Critical |
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable. | ||||
CVE-2017-18285 | 2 Burp Project, Gentoo | 2 Burp, Linux | 2024-08-05 | N/A |
The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change. |