Gentoo : Security Vulnerabilities, CVEs, Published In 2014
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
Max CVSS
6.8
EPSS Score
4.00%
Published
2014-07-29
Updated
2014-11-14
The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file.
Max CVSS
5.0
EPSS Score
0.04%
Published
2014-05-23
Updated
2017-08-29
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate.
Max CVSS
9.3
EPSS Score
0.14%
Published
2014-09-29
Updated
2017-08-29
3 vulnerabilities found