CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2778
https://notcve.org/view.php?id=CVE-2004-2778
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands. Ebuild en Gentoo puede cambiar los permisos de directorios y archivos en función del orden de los paquetes instalados, lo que permite a usuarios locales leer o escribir en directorios restringidos o ejecutar comandos restringidos mediante la navegación a directorios afectados o la ejecución de comandos afectados. • http://www.openwall.com/lists/oss-security/2017/01/28/7 https://bugs.gentoo.org/show_bug.cgi?id=141619 https://bugs.gentoo.org/show_bug.cgi?id=396153 https://bugs.gentoo.org/show_bug.cgi?id=58611 https://bugs.gentoo.org/show_bug.cgi?id=607426 https://bugs.gentoo.org/show_bug.cgi? • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 3CVE-2014-9622
https://notcve.org/view.php?id=CVE-2014-9622
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. Vulnerabilidad de inyección Eval en xdg-utils 1.1.0 RC1, cuando se identifica que el entorno de escritorio no está soportado, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de un argumento URL a xdg-open. • http://seclists.org/fulldisclosure/2014/Nov/36 http://secunia.com/advisories/62155 http://www.debian.org/security/2015/dsa-3131 http://www.openwall.com/lists/oss-security/2015/01/17/10 http://www.securityfocus.com/bid/71284 https://bugs.freedesktop.org/show_bug.cgi?id=66670 https://bugs.gentoo.org/show_bug.cgi?id=472888 https://security.gentoo.org/glsa/201701-09 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2013-2100
https://notcve.org/view.php?id=CVE-2013-2100
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate. La función urlopen en pym/portage/util/_urlopen.py en Gentoo Portage 2.1.12, cuando utiliza HTTPS, no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y modificar listas de paquetes binarios a través de un certificado manipulado. • http://openwall.com/lists/oss-security/2013/05/15/5 http://openwall.com/lists/oss-security/2013/05/16/3 http://www.securityfocus.com/bid/59878 https://bugs.gentoo.org/show_bug.cgi?id=469888 https://exchange.xforce.ibmcloud.com/vulnerabilities/84315 https://security.gentoo.org/glsa/201507-16 • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 3%CPEs: 105EXPL: 1CVE-2014-4909
https://notcve.org/view.php?id=CVE-2014-4909
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write. Desbordamiento de enteros en la función tr_bitfieldEnsureNthBitAlloced en bitfield.c en Transmission anterior a 2.84 permite a atacantes remotos causar una denegación de servicios y posiblemente ejecutar código arbitrario a través de un mensaje de par manipulado, lo que provoca una escritura fuera de rango. • http://inertiawar.com/submission.go http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html http://secunia.com/advisories/59897 http://secunia.com/advisories/60108 http://secunia.com/advisories/60527 http://www.debian.org/security/2014/dsa-2988 http://www.openwall.com/lists/oss-security/2014/07/10/4 http://www.openwall.com/lists/oss-security/2014/07/11/5 http://www.osvdb.org/108 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4223
https://notcve.org/view.php?id=CVE-2013-4223
The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file. El paquete Gentoo Nullmailer anterior a 1.11-r2 utiliza permisos de lectura universal para /etc/nullmailer/remotes, lo que permite a usuarios locales obtener credenciales de autenticación SMTP mediante la lectura del archivo. • http://osvdb.org/96177 http://seclists.org/oss-sec/2013/q3/337 http://seclists.org/oss-sec/2013/q3/339 http://www.securityfocus.com/bid/61743 https://bugs.gentoo.org/show_bug.cgi?id=480376 https://exchange.xforce.ibmcloud.com/vulnerabilities/86384 • CWE-264: Permissions, Privileges, and Access Controls •