This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gentoo First view 2004-12-06
Product Linux Last view 2014-07-29
Version * Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:gentoo:linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.8 2014-07-29 CVE-2014-4909

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.

2.1 2013-12-13 CVE-2013-0348

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.

5 2013-11-17 CVE-2013-2032

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.

4.3 2013-11-17 CVE-2013-2031

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.

6.8 2013-10-28 CVE-2010-1159

Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet.

1.9 2008-03-18 CVE-2008-1383

The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.

7.2 2008-02-28 CVE-2008-1078

expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.

4.3 2007-03-19 CVE-2007-1500

The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat.

5 2006-06-13 CVE-2006-3005

The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits.

6.6 2006-01-03 CVE-2006-0071

The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.

5 2005-12-31 CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

10 2005-12-31 CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

5 2005-12-31 CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

4.3 2005-09-28 CVE-2005-2557

Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.

5 2005-06-10 CVE-2005-1267

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

5 2005-05-02 CVE-2005-1121

Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL.

3.7 2005-05-02 CVE-2005-0988

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

2.1 2005-05-02 CVE-2005-0077

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

7.5 2005-04-27 CVE-2005-0206

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

7.5 2005-04-22 CVE-2005-0754

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

4.6 2005-04-14 CVE-2005-0004

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

7.5 2005-04-14 CVE-2004-1176

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

7.5 2005-04-14 CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

5 2005-04-14 CVE-2004-1174

direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

5 2005-04-14 CVE-2004-1093

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

CWE : Common Weakness Enumeration

%idName
25% (3) CWE-399 Resource Management Errors
25% (3) CWE-264 Permissions, Privileges, and Access Controls
16% (2) CWE-189 Numeric Errors
8% (1) CWE-310 Cryptographic Issues
8% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
8% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

SAINT Exploits

Description Link
TWiki Search.pm shell command injection More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
44330 CUPS on Red Hat 64-bit pdftops Crafted PDF File Handling Overflow
43479 Gentoo Linuxssl-cert.eclass docert Function binpkg Local SSL Key Disclosure
43039 Multiple Linux am-utils / net-fs expn expn[PID] Symlink Arbitrary File Overwrite
34267 Linux Security Auditing Tool (LSAT) /tmp/lsat1.lsat Symlink Arbitrary File Ov...
26317 Gentoo Linux jpeg Library -maxmem DoS
22235 Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS
22234 Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS
22233 Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function...
22211 pinentry on Gentoo Linux Installation Permission Weakness
18901 Mantis view_all_set.php dir Parameter XSS
17227 tcpdump bgp_update_print() Function Malformed BGP Protocol Data DoS
16894 Xpdf Integer Overflow Patch 64 Bit Architecture Failure
16087 Oops! Proxy Server my_xlog auth() Format String
15761 KDE Kommander Dialog Action Arbitrary Script Execution
15487 gzip Race Condition Arbitrary File Permission Modification
14570 Sylpheed Message Header Processing Overflow
14049 MediaWiki JavaScript-submitted Form CSRF
13901 wpa_supplicant EAPOL-Key Frames Overflow
13536 tetex-bin xdvizilla Symlink File Overwrite
13186 Perl DBI Library (libdbi-perl) DBI::ProxyServer Module Insecure Temporary Fil...
13149 Xpdf Multiple Unspecified Remote Overflows
13013 MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation
12911 Midnight Commander Unspecified Underflow DoS
12910 Midnight Commander Insecure Filename Quoting Arbitrary Command Execution
12909 Midnight Commander Nonexistent File Descriptor Handling DoS

ExploitDB Exploits

id Description
24259 Ethereal 0.x Multiple Unspecified iSNS, SMB and SNMP Protocol Dissector Vulne...
718 Linux Kernel 2.6.x chown() Group Ownership Alteration Exploit
629 Multiple AntiVirus (zip file) Detection Bypass Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for perl-DBI
File : nvt/sles9p5010763.nasl
2009-10-10 Name : SLES9: Security update for Midnight Commander
File : nvt/sles9p5011441.nasl
2009-10-10 Name : SLES9: Security update for Java2
File : nvt/sles9p5013049.nasl
2009-10-10 Name : SLES9: Security update for ruby
File : nvt/sles9p5013198.nasl
2009-10-10 Name : SLES9: Security update for CUPS
File : nvt/sles9p5014529.nasl
2009-10-10 Name : SLES9: Security update for samba
File : nvt/sles9p5015059.nasl
2009-10-10 Name : SLES9: Security update for unarj
File : nvt/sles9p5015411.nasl
2009-10-10 Name : SLES9: Security update for ethereal
File : nvt/sles9p5020030.nasl
2009-10-10 Name : SLES9: Security update for squid
File : nvt/sles9p5020697.nasl
2009-10-10 Name : SLES9: Security update for gd
File : nvt/sles9p5021249.nasl
2009-06-03 Name : Solaris Update for CDE 1.4 109931-10
File : nvt/gb_solaris_109931_10.nasl
2009-06-03 Name : Solaris Update for sdtimage 109932-10
File : nvt/gb_solaris_109932_10.nasl
2009-06-03 Name : Solaris Update for CDE 1.5 114219-11
File : nvt/gb_solaris_114219_11.nasl
2009-06-03 Name : Solaris Update for sdtimage 114220-11
File : nvt/gb_solaris_114220_11.nasl
2009-06-03 Name : Solaris Update for SunFreeware gzip 120719-02
File : nvt/gb_solaris_120719_02.nasl
2009-05-05 Name : HP-UX Update for Java Plug-In (JPI) HPSBUX01100
File : nvt/gb_hp_ux_HPSBUX01100.nasl
2009-05-05 Name : HP-UX Update for Java Web Start HPSBUX01214
File : nvt/gb_hp_ux_HPSBUX01214.nasl
2009-03-06 Name : RedHat Update for cups RHSA-2008:0206-01
File : nvt/gb_RHSA-2008_0206-01_cups.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0206 centos3 i386
File : nvt/gb_CESA-2008_0206_cups_centos3_i386.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0206 centos3 x86_64
File : nvt/gb_CESA-2008_0206_cups_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0206 centos4 i386
File : nvt/gb_CESA-2008_0206_cups_centos4_i386.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0206 centos4 x86_64
File : nvt/gb_CESA-2008_0206_cups_centos4_x86_64.nasl
2009-02-17 Name : Fedora Update for squid FEDORA-2008-6045
File : nvt/gb_fedora_2008_6045_squid_fc9.nasl
2009-02-13 Name : Fedora Core 9 FEDORA-2009-1517 (squid)
File : nvt/fcore_2009_1517.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Internet Explorer RAV Online Scanner ActiveX object access
RuleID : 4188 - Type : BROWSER-PLUGINS - Revision : 12
2014-12-23 Microsoft and libpng multiple products PNG large image width overflow attempt
RuleID : 32889-community - Type : FILE-IMAGE - Revision : 2
2015-01-23 Microsoft and libpng multiple products PNG large image width overflow attempt
RuleID : 32889 - Type : FILE-IMAGE - Revision : 2
2014-01-10 Microsoft PNG large colour depth download attempt
RuleID : 3134-community - Type : FILE-IMAGE - Revision : 14
2014-01-10 Microsoft PNG large colour depth download attempt
RuleID : 3134 - Type : FILE-IMAGE - Revision : 14
2014-01-10 Microsoft Multiple Products PNG large image height download attempt
RuleID : 3133-community - Type : FILE-IMAGE - Revision : 15
2014-01-10 Microsoft Multiple Products PNG large image height download attempt
RuleID : 3133 - Type : FILE-IMAGE - Revision : 15
2014-01-10 Microsoft and libpng multiple products PNG large image width overflow attempt
RuleID : 3132-community - Type : FILE-IMAGE - Revision : 15
2014-01-10 Microsoft and libpng multiple products PNG large image width overflow attempt
RuleID : 3132 - Type : FILE-IMAGE - Revision : 15
2014-01-10 Multiple products ZIP archive virus detection bypass attempt
RuleID : 27048 - Type : FILE-OTHER - Revision : 2
2014-01-10 Multiple products ZIP archive virus detection bypass attempt
RuleID : 26989 - Type : FILE-OTHER - Revision : 7
2014-01-10 Multiple products ZIP archive virus detection bypass attempt
RuleID : 26926 - Type : FILE-OTHER - Revision : 8
2014-01-10 TWiki search function remote code execution attempt
RuleID : 26908 - Type : SERVER-WEBAPP - Revision : 3
2014-01-10 TWiki search function remote code execution attempt
RuleID : 26907 - Type : SERVER-WEBAPP - Revision : 3
2014-01-10 Oracle Java Plugin security bypass
RuleID : 21462 - Type : FILE-JAVA - Revision : 6
2014-01-10 Oracle Java Web Start malicious parameter value
RuleID : 17586 - Type : FILE-JAVA - Revision : 14
2014-01-10 Squid ASN.1 header parsing denial of service attempt
RuleID : 15989 - Type : SERVER-OTHER - Revision : 5
2014-01-10 Samba wildcard filename matching denial of service attempt
RuleID : 15581 - Type : SERVER-SAMBA - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-07-16 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_ca139c7f2a8c11e5a4a5002590263bf5.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2014-10-12 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2014-390.nasl - Type: ACT_GATHER_INFO
2014-08-15 Name: The remote Fedora host is missing a security update.
File: fedora_2014-8332.nasl - Type: ACT_GATHER_INFO
2014-08-12 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-484.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2988.nasl - Type: ACT_GATHER_INFO
2014-07-21 Name: The remote Fedora host is missing a security update.
File: fedora_2014-8331.nasl - Type: ACT_GATHER_INFO
2014-07-17 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2279-1.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-966.nasl - Type: ACT_GATHER_INFO
2014-03-31 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2891.nasl - Type: ACT_GATHER_INFO
2013-10-29 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201310-21.nasl - Type: ACT_GATHER_INFO
2013-10-20 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2013-251.nasl - Type: ACT_GATHER_INFO
2013-10-08 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201310-06.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0206.nasl - Type: ACT_GATHER_INFO
2013-05-26 Name: The remote Fedora host is missing a security update.
File: fedora_2013-7654.nasl - Type: ACT_GATHER_INFO
2013-05-13 Name: The remote web server contains a PHP application that is affected by multiple...
File: mediawiki_1_19_6.nasl - Type: ACT_GATHER_INFO
2013-04-20 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2013-086.nasl - Type: ACT_GATHER_INFO
2013-02-22 Name: The remote Unix host has an application that is affected by a security bypass...
File: java_jre_multiple_applet_vulnerability_unix.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2004-414.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2005-345.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-041.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2005-042.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2005-043.nasl - Type: ACT_GATHER_INFO