Known Vulnerabilities for products from Gentoo
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Gentoo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-12088 json | A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link... | Not Provided | 2025-01-14 | 2026-04-14 |
| CVE-2024-12087 json | A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-ena... | Not Provided | 2025-01-14 | 2026-04-14 |
| CVE-2024-12086 json | A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. ... | Not Provided | 2025-01-14 | 2026-04-14 |
| CVE-2024-12085 json | A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipu... | Not Provided | 2025-01-14 | 2026-04-14 |
| CVE-2023-52046 json | 4.8 - MEDIUM | 2024-01-25 | 2024-01-29 | |
| CVE-2023-48795 json | 5.9 - MEDIUM | 2023-12-18 | 2024-03-13 | |
| CVE-2023-28424 json | Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `Sear... | 9.8 - CRITICAL | 2023-03-20 | 2023-03-24 |
| CVE-2023-26033 json | Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to ... | 9.1 - CRITICAL | 2023-02-25 | 2023-03-06 |
| CVE-2022-23220 json | USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certa... | 7.8 - HIGH | 2022-01-21 | 2023-11-09 |
| CVE-2020-36770 json | USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certa... | 9.8 - CRITICAL | 2024-01-15 | 2024-01-22 |
| CVE-2019-20384 json | Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by... | 5.5 - MEDIUM | 2020-01-21 | 2021-07-21 |
| CVE-2017-18285 json | The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow ... | 7.1 - HIGH | 2018-06-04 | 2019-10-03 |
| CVE-2017-18284 json | The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which migh... | 7.1 - HIGH | 2018-06-04 | 2019-10-03 |
| CVE-2017-18226 json | The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might all... | 5.5 - MEDIUM | 2018-03-12 | 2019-10-03 |
| CVE-2017-18225 json | The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-... | 7.8 - HIGH | 2018-03-12 | 2019-10-03 |
| CVE-2017-15945 json | The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/... | 7.8 - HIGH | 2017-10-27 | 2019-10-03 |
| CVE-2017-14730 json | The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for use... | 7.8 - HIGH | 2017-09-25 | 2019-10-03 |
| CVE-2017-14484 json | The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users ... | 7.3 - HIGH | 2017-09-15 | 2019-10-03 |
| CVE-2017-14483 json | flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root ... | 5.5 - MEDIUM | 2017-09-15 | 2019-10-03 |
| CVE-2016-20021 json | flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root ... | 9.8 - CRITICAL | 2024-01-12 | 2024-01-22 |
Known software with vulnerabilities from Gentoo
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Gentoo | App-crypt Pinentry | - |
| Application | Gentoo | File | 4.20 |
| Application | Gentoo | Glibc | - |
| Application | Gentoo | Libsndfile | - |
| Operating System | Gentoo | Linux | - |
| Application | Gentoo | Linux Eix | - |
| Application | Gentoo | Linux Webapp-config | - |
| Application | Gentoo | Media-libs Jpeg | - |
| Application | Gentoo | Mirrorselect | - |
| Application | Gentoo | Mldonkey Ebuild | - |
| Application | Gentoo | Nullmailer | 1.11 |
| Application | Gentoo | Nvclock | - |
| Application | Gentoo | Nview | - |
| Application | Gentoo | Pax-utils | 0.0.1 |
| Application | Gentoo | Poppassd Pam | - |
| Application | Gentoo | Portage | - |
| Application | Gentoo | Qt-unixodbc | - |
| Application | Gentoo | Rootkit Hunter | - |
| Application | Gentoo | Security | - |
| Application | Gentoo | Syslinux | - |