CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-18226 – Gentoo Linux Security Advisory 201803-07
https://notcve.org/view.php?id=CVE-2017-18226
12 Mar 2018 — The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command. El paquete net-im/jabberd2 de Gentoo, hasta la versión 2.6.1, establece la propiedad de /var/run/jabber en la cuenta jabber, lo que podría permitir que usuarios locales finalicen procesos arbi... • https://bugs.gentoo.org/631068 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15945 – Gentoo Linux Security Advisory 201711-04
https://notcve.org/view.php?id=CVE-2017-15945
27 Oct 2017 — The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. Los scripts de instalación en los paquetes dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster y dev-db/mariadb-galera de Gento en versiones anteriores a 2017-09... • https://bugs.gentoo.org/630822 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-14730
https://notcve.org/view.php?id=CVE-2017-14730
25 Sep 2017 — The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. El script init en el paquete app-admin/logstash-bin de Gentoo en versiones anteriores a la 5.5.3 y las versiones 5.6.x anteriores a la 5.6.1 tiene llamadas "chown -R" para árboles de directorio escribibles por los usuarios, lo que permite que ... • https://bugs.gentoo.org/628558 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14483
https://notcve.org/view.php?id=CVE-2017-14483
15 Sep 2017 — flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. flower.initd en el paquete de Gentoo dev-python/flower en versiones anteriores a la 0.9.1-r1 para Celery Flower establece la propiedad de los archivos PID a una cuenta que no es root, ... • https://bugs.gentoo.org/631020 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14484 – Gentoo Linux Security Advisory 201709-11
https://notcve.org/view.php?id=CVE-2017-14484
15 Sep 2017 — The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed. El paquete de Gentoo sci-mathematics/gimps en versiones anteriores a la 28.10-r1 para Great Internet Mersenne Prime Search (GIMPS) permite que usuarios locales obtengan privilegios mediante la creación de un vínculo físico en /var/lib/gimps debido a que se ejecuta un coma... • https://bugs.gentoo.org/show_bug.cgi?id=603408 • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2778
https://notcve.org/view.php?id=CVE-2004-2778
27 Jun 2017 — Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands. Ebuild en Gentoo puede cambiar los permisos de directorios y archivos en función del orden de los paquetes instalados, lo que permite a usuarios locales leer o escribir en directorios restringidos o ejecutar comandos restringido... • http://www.openwall.com/lists/oss-security/2017/01/28/7 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2014-9622 – Debian Security Advisory 3131-1
https://notcve.org/view.php?id=CVE-2014-9622
19 Jan 2015 — Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. Vulnerabilidad de inyección Eval en xdg-utils 1.1.0 RC1, cuando se identifica que el entorno de escritorio no está soportado, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de un argumento URL a xdg-open. John Houwer discovered a way to cause xdg-open, a tool that automaticall... • http://seclists.org/fulldisclosure/2014/Nov/36 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2013-2100 – Gentoo Linux Security Advisory 201507-16
https://notcve.org/view.php?id=CVE-2013-2100
29 Sep 2014 — The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate. La función urlopen en pym/portage/util/_urlopen.py en Gentoo Portage 2.1.12, cuando utiliza HTTPS, no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y modificar listas de... • http://openwall.com/lists/oss-security/2013/05/15/5 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 9%CPEs: 105EXPL: 1CVE-2014-4909 – Ubuntu Security Notice USN-2279-1
https://notcve.org/view.php?id=CVE-2014-4909
16 Jul 2014 — Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write. Desbordamiento de enteros en la función tr_bitfieldEnsureNthBitAlloced en bitfield.c en Transmission anterior a 2.84 permite a atacantes remotos causar una denegación de servicios y posiblemente ejecutar código arbitrario a través de un mensaje de pa... • http://inertiawar.com/submission.go • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4223
https://notcve.org/view.php?id=CVE-2013-4223
23 May 2014 — The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file. El paquete Gentoo Nullmailer anterior a 1.11-r2 utiliza permisos de lectura universal para /etc/nullmailer/remotes, lo que permite a usuarios locales obtener credenciales de autenticación SMTP mediante la lectura del archivo. • http://osvdb.org/96177 • CWE-264: Permissions, Privileges, and Access Controls •