cbcvebase.

Gentoo Linux vulnerabilities

52 known vulnerabilities affecting gentoo/linux.

Total CVEs
52
CISA KEV
0
Public exploits
21
Exploited in wild
2
Severity breakdown
CRITICAL12HIGH23MEDIUM11LOW6

Vulnerabilities

Page 2 of 3
CVE-2004-0649P3CRITICALCVSS 10.0v1.42004-08-06
CVE-2004-0649 [CRITICAL] CVE-2004-0649: Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitra Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitrary code.
nvd
CVE-2004-0414P3CRITICALCVSS 10.0v1.42004-08-06
CVE-2004-0414 [CRITICAL] CVE-2004-0414: CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" li CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
nvd
CVE-2004-0891P3CRITICALCVSS 10.0v1.42005-01-27
CVE-2004-0891 [CRITICAL] CVE-2004-0891: Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
nvd
CVE-2004-0700P3HIGHCVSS 7.5v1.42004-07-27
CVE-2004-0700 [HIGH] CVE-2004-0700: Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
nvd
CVE-2005-0005P4HIGHCVSS 7.5v0.5v0.7+3 more2005-05-02
CVE-2005-0005 [HIGH] CVE-2005-0005: Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allo Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
nvd
CVE-2004-0432P4HIGHCVSS 7.5v0.5v0.7+3 more2004-08-18
CVE-2004-0432 [HIGH] CVE-2004-0432: ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowA ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
nvd
CVE-2004-0226P4CRITICALCVSS 10.0v0.5v0.7+3 more2004-08-18
CVE-2004-0226 [CRITICAL] CVE-2004-0226: Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a den Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
nvd
CVE-2004-0224P4HIGHCVSS 7.5v1.42004-04-15
CVE-2004-0224 [HIGH] CVE-2004-0224: Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courie Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
nvd
CVE-2004-0500P4HIGHCVSS 7.5v1.42004-09-28
CVE-2004-0500 [HIGH] CVE-2004-0500: Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows r Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.
nvd
CVE-2004-0554P4LOWCVSS 2.1PoCv1.42004-08-06
CVE-2004-0554 [LOW] CVE-2004-0554: Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
nvd
CVE-2004-0456P4HIGHCVSS 7.6v1.1av1.2+1 more2004-12-06
CVE-2004-0456 [HIGH] CVE-2004-0456: Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.
nvd
CVE-2004-1983P4LOWCVSS 2.1PoCv1.42004-05-02
CVE-2004-1983 [LOW] CVE-2004-1983: The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors.
nvd
CVE-2004-0419P4HIGHCVSS 7.5v1.42004-08-18
CVE-2004-0419 [HIGH] CVE-2004-0419: XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could a XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.
nvd
CVE-2004-1452P4HIGHCVSS 7.2v0.5v0.7+3 more2004-12-31
CVE-2004-1452 [HIGH] CVE-2004-1452: Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:t Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.
nvd
CVE-2004-0809P4MEDIUMCVSS 5.0v1.42004-09-16
CVE-2004-0809 [MEDIUM] CVE-2004-0809: The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
nvd
CVE-2004-0746P4HIGHCVSS 7.5v1.42004-10-20
CVE-2004-0746 [HIGH] CVE-2004-0746: Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level do Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
nvd
CVE-2004-0495P4HIGHCVSS 7.2v1.42004-08-06
CVE-2004-0495 [HIGH] CVE-2004-0495: Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
nvd
CVE-2004-0232P4MEDIUMCVSS 5.0v0.5v0.7+3 more2004-08-18
CVE-2004-0232 [MEDIUM] CVE-2004-0232: Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers t Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
nvd
CVE-2004-0834P4HIGHCVSS 7.2v1.42004-12-23
CVE-2004-0834 [HIGH] CVE-2004-0834: Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbi Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.
nvd
CVE-2004-0667P4HIGHCVSS 7.2v1.42004-08-06
CVE-2004-0667 [HIGH] CVE-2004-0667: Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated privileges.
nvd
Gentoo Linux vulnerabilities | cvebase