Vulnerabilities > Gentoo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-20 | CVE-2023-28424 | SQL Injection vulnerability in Gentoo Soko Soko if the code that powers packages.gentoo.org. | 9.8 |
| 2023-02-25 | CVE-2023-26033 | SQL Injection vulnerability in Gentoo Soko Gentoo soko is the code that powers packages.gentoo.org. | 9.1 |
| 2020-01-21 | CVE-2019-20384 | Improper Preservation of Permissions vulnerability in Gentoo Portage Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners. | 2.1 |
| 2018-06-04 | CVE-2017-18285 | Incorrect Permission Assignment for Critical Resource vulnerability in Burp Project Burp The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change. | 3.6 |
| 2018-06-04 | CVE-2017-18284 | Incorrect Permission Assignment for Critical Resource vulnerability in Burp Project Burp The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL. | 3.6 |
| 2018-03-12 | CVE-2017-18226 | Incorrect Permission Assignment for Critical Resource vulnerability in Jabberd2 The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command. | 2.1 |
| 2018-03-12 | CVE-2017-18225 | Incorrect Permission Assignment for Critical Resource vulnerability in Jabberd2 The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs. | 4.6 |
| 2017-10-27 | CVE-2017-15945 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. | 7.2 |
| 2017-09-25 | CVE-2017-14730 | Incorrect Permission Assignment for Critical Resource vulnerability in Elasticsearch Logstash The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. | 7.2 |
| 2017-09-15 | CVE-2017-14484 | Improper Privilege Management vulnerability in Gentoo Sci-Mathematics-Gimps 28.10 The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed. | 6.9 |