Gentoo Linux vulnerabilities
52 known vulnerabilities affecting gentoo/linux.
Total CVEs
52
CISA KEV
0
Public exploits
20
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH23MEDIUM11LOW6
Vulnerabilities
Page 2 of 3
CVE-2004-0456HIGHCVSS 7.6v1.1av1.2+1 more2004-12-06
CVE-2004-0456 [HIGH] CVE-2004-0456: Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web
Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.
nvd
CVE-2004-0604MEDIUMCVSS 5.0v1.42004-12-06
CVE-2004-0604 [MEDIUM] CVE-2004-0604: The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a de
The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference.
nvd
CVE-2004-0333CRITICALCVSS 10.0PoCv1.42004-11-23
CVE-2004-0333 [CRITICAL] CVE-2004-0333: Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly
Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.
nvd
CVE-2004-0746HIGHCVSS 7.5v1.42004-10-20
CVE-2004-0746 [HIGH] CVE-2004-0746: Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level do
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
nvd
CVE-2004-0500HIGHCVSS 7.5v1.42004-09-28
CVE-2004-0500 [HIGH] CVE-2004-0500: Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows r
Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.
nvd
CVE-2004-0809MEDIUMCVSS 5.0v1.42004-09-16
CVE-2004-0809 [MEDIUM] CVE-2004-0809: The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
nvd
CVE-2004-0226CRITICALCVSS 10.0v0.5v0.7+3 more2004-08-18
CVE-2004-0226 [CRITICAL] CVE-2004-0226: Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a den
Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
nvd
CVE-2004-0419HIGHCVSS 7.5v1.42004-08-18
CVE-2004-0419 [HIGH] CVE-2004-0419: XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could a
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.
nvd
CVE-2004-0432HIGHCVSS 7.5v0.5v0.7+3 more2004-08-18
CVE-2004-0432 [HIGH] CVE-2004-0432: ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowA
ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
nvd
CVE-2004-0229MEDIUMCVSS 4.6v1.42004-08-18
CVE-2004-0229 [MEDIUM] CVE-2004-0229: The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with u
The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact.
nvd
CVE-2004-0232MEDIUMCVSS 5.0v0.5v0.7+3 more2004-08-18
CVE-2004-0232 [MEDIUM] CVE-2004-0232: Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers t
Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
nvd
CVE-2004-0231LOWCVSS 2.1v0.5v0.7+3 more2004-08-18
CVE-2004-0231 [LOW] CVE-2004-0231: Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "I
Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."
nvd
CVE-2004-1737HIGHCVSS 7.5PoCv1.42004-08-16
CVE-2004-1737 [HIGH] CVE-2004-1737: SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arb
SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.
nvd
CVE-2004-0414CRITICALCVSS 10.0v1.42004-08-06
CVE-2004-0414 [CRITICAL] CVE-2004-0414: CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" li
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
nvd
CVE-2004-0416CRITICALCVSS 10.0PoCv1.42004-08-06
CVE-2004-0416 [CRITICAL] CWE-119 CVE-2004-0416: Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x th
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
nvd
CVE-2004-0418CRITICALCVSS 10.0v1.42004-08-06
CVE-2004-0418 [CRITICAL] CVE-2004-0418: serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empt
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
nvd
CVE-2004-0649CRITICALCVSS 10.0v1.42004-08-06
CVE-2004-0649 [CRITICAL] CVE-2004-0649: Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitra
Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitrary code.
nvd
CVE-2004-0557CRITICALCVSS 10.0PoCv1.42004-08-06
CVE-2004-0557 [CRITICAL] CVE-2004-0557: Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
nvd
CVE-2004-0548HIGHCVSS 7.2PoCv1.42004-08-06
CVE-2004-0548 [HIGH] CVE-2004-0548: Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspe
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.
nvd
CVE-2004-0667HIGHCVSS 7.2v1.42004-08-06
CVE-2004-0667 [HIGH] CVE-2004-0667: Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and
Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated privileges.
nvd