Known Vulnerabilities for products from Gentoo
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Gentoo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23220 | USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certa... | 7.8 - HIGH | 2022-01-21 | 2023-11-09 |
| CVE-2019-20384 | Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by... | 5.5 - MEDIUM | 2020-01-21 | 2021-07-21 |
| CVE-2017-18285 | The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow ... | 7.1 - HIGH | 2018-06-04 | 2019-10-03 |
| CVE-2017-18284 | The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which migh... | 7.1 - HIGH | 2018-06-04 | 2019-10-03 |
| CVE-2017-18226 | The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might all... | 5.5 - MEDIUM | 2018-03-12 | 2019-10-03 |
| CVE-2017-18225 | The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-... | 7.8 - HIGH | 2018-03-12 | 2019-10-03 |
| CVE-2017-15945 | The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/... | 7.8 - HIGH | 2017-10-27 | 2019-10-03 |
| CVE-2017-14730 | The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for use... | 7.8 - HIGH | 2017-09-25 | 2019-10-03 |
| CVE-2017-14484 | The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users ... | 7.3 - HIGH | 2017-09-15 | 2019-10-03 |
| CVE-2017-14483 | flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root ... | 5.5 - MEDIUM | 2017-09-15 | 2019-10-03 |
| CVE-2014-9622 | Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-depe... | 6.8 - MEDIUM | 2015-01-21 | 2017-07-01 |
| CVE-2014-4909 | Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attac... | 6.8 - MEDIUM | 2014-07-29 | 2014-11-14 |
| CVE-2013-4223 | The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local ... | 5 - MEDIUM | 2014-05-23 | 2017-08-29 |
| CVE-2013-2100 | The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certif... | 9.3 - HIGH | 2014-09-29 | 2017-08-29 |
| CVE-2013-2032 | MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Spe... | 5 - MEDIUM | 2013-11-18 | 2016-10-18 |
| CVE-2013-2031 | MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as de... | 4.3 - MEDIUM | 2013-11-18 | 2016-12-31 |
| CVE-2013-0348 | thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows lo... | 2.1 - LOW | 2013-12-13 | 2023-02-13 |
| CVE-2012-4893 | Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attacker... | 6.8 - MEDIUM | 2012-09-11 | 2012-09-12 |
| CVE-2012-2983 | file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited conte... | 5 - MEDIUM | 2012-09-11 | 2013-05-30 |
| CVE-2012-2982 | file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid char... | 6.5 - MEDIUM | 2012-09-11 | 2013-05-30 |
Known software with vulnerabilities from Gentoo
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Gentoo | App-crypt Pinentry | - |
| Application | Gentoo | File | 4.20 |
| Application | Gentoo | Glibc | - |
| Application | Gentoo | Libsndfile | - |
| Operating System | Gentoo | Linux | - |
| Application | Gentoo | Linux Eix | - |
| Application | Gentoo | Linux Webapp-config | - |
| Application | Gentoo | Media-libs Jpeg | - |
| Application | Gentoo | Mirrorselect | - |
| Application | Gentoo | Mldonkey Ebuild | - |
| Application | Gentoo | Nullmailer | 1.11 |
| Application | Gentoo | Nvclock | - |
| Application | Gentoo | Nview | - |
| Application | Gentoo | Pax-utils | 0.0.1 |
| Application | Gentoo | Poppassd Pam | - |
| Application | Gentoo | Portage | - |
| Application | Gentoo | Qt-unixodbc | - |
| Application | Gentoo | Rootkit Hunter | - |
| Application | Gentoo | Security | - |
| Application | Gentoo | Syslinux | - |