Search Results (Refine Search)
- CPE Product Version: cpe:/o:gentoo:linux:-
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-23220 |
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo. Published: January 21, 2022; 11:15:08 AM -0500 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-18285 |
The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change. Published: June 04, 2018; 2:29:00 AM -0400 |
V3.0: 7.1 HIGH V2.0: 3.6 LOW |
CVE-2017-18284 |
The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL. Published: June 04, 2018; 2:29:00 AM -0400 |
V3.0: 7.1 HIGH V2.0: 3.6 LOW |
CVE-2017-18226 |
The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command. Published: March 12, 2018; 12:29:00 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-18225 |
The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs. Published: March 12, 2018; 12:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-15945 |
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. Published: October 27, 2017; 5:29:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-14730 |
The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. Published: September 25, 2017; 1:29:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |