Vulnerabilities > Gentoo > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
5.9
2020-01-21 CVE-2019-20384 Race Condition vulnerability in Gentoo Portage
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.
local
low complexity
gentoo CWE-362
5.5
2017-09-15 CVE-2017-14483 Race Condition vulnerability in Gentoo Dev-Python-Flower
flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
local
low complexity
gentoo CWE-362
5.5
2004-12-31 CVE-2004-1901 Link Following vulnerability in Gentoo Linux and Portage
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
local
low complexity
gentoo CWE-59
5.5