Vulnerabilities > Gentoo > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-15 | CVE-2020-36770 | Unspecified vulnerability in Gentoo Ebuild for Slurm pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. | 9.8 |
| 2024-01-12 | CVE-2016-20021 | Improper Verification of Cryptographic Signature vulnerability in Gentoo Portage In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. | 9.8 |
| 2023-03-20 | CVE-2023-28424 | SQL Injection vulnerability in Gentoo Soko Soko if the code that powers packages.gentoo.org. | 9.8 |
| 2023-02-25 | CVE-2023-26033 | SQL Injection vulnerability in Gentoo Soko Gentoo soko is the code that powers packages.gentoo.org. | 9.1 |
| 2014-09-29 | CVE-2013-2100 | Cryptographic Issues vulnerability in Gentoo Portage 2.1.12 The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate. | 9.3 |
| 2007-12-31 | CVE-2007-6337 | Unspecified vulnerability in Clam Anti-Virus Clamav 0.91.2 Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors. | 10.0 |
| 2007-04-24 | CVE-2007-2194 | Buffer Overflow vulnerability in Gentoo Xnview 1.90.3 Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. | 10.0 |
| 2007-04-24 | CVE-2007-2173 | Unspecified vulnerability in Double Precision Incorporated Courier-Imap Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. | 10.0 |
| 2005-12-31 | CVE-2005-3625 | Resource Management Errors vulnerability in multiple products Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." network low complexity easy-software-products kde libextractor poppler sgi tetex xpdf conectiva debian gentoo mandrakesoft redhat sco slackware suse trustix turbolinux ubuntu CWE-399 critical | 10.0 |
| 2005-05-02 | CVE-2005-0002 | Unspecified vulnerability in Gentoo Poppassd PAM 1.0 poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users. | 10.0 |