Filtered by vendor Gentoo
Subscribe
Total
198 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1549 | 1 Gentoo | 2 Linux, Logrotate | 2011-04-21 | 6.3 MEDIUM | N/A |
| The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages. | |||||
| CVE-2011-1155 | 1 Gentoo | 1 Logrotate | 2011-04-21 | 1.9 LOW | N/A |
| The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. | |||||
| CVE-2011-1550 | 2 Gentoo, Novell | 2 Logrotate, Opensuse Factory | 2011-04-07 | 6.3 MEDIUM | N/A |
| The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages. | |||||
| CVE-2007-6337 | 2 Clam Anti-virus, Gentoo | 2 Clamav, Linux | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors. | |||||
| CVE-2007-1049 | 2 Gentoo, Wordpress | 2 Linux, Wordpress | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. | |||||
| CVE-2007-0476 | 1 Gentoo | 1 Linux | 2011-03-08 | 4.6 MEDIUM | N/A |
| The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2005-3785 | 1 Gentoo | 1 Linux Eix | 2011-03-08 | 5.0 MEDIUM | N/A |
| Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program. | |||||
| CVE-2005-4279 | 1 Gentoo | 1 Qt-unixodbc | 2011-03-08 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | |||||
| CVE-2005-1707 | 1 Gentoo | 1 Linux Webapp-config | 2011-03-08 | 4.6 MEDIUM | N/A |
| The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file. | |||||
| CVE-2005-0535 | 2 Gentoo, Mediawiki | 2 Linux, Mediawiki | 2011-03-08 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users. | |||||
| CVE-2007-3532 | 2 Gentoo, Nvidia | 2 Linux, Video Driver | 2009-12-28 | 7.2 HIGH | N/A |
| NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information. | |||||
| CVE-2008-1290 | 3 Gentoo, Redhat, Viewvc | 3 Linux, Fedora, Viewvc | 2009-08-20 | 4.3 MEDIUM | N/A |
| ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2008-1291 | 3 Gentoo, Redhat, Viewvc | 3 Linux, Fedora, Viewvc | 2009-08-20 | 4.3 MEDIUM | N/A |
| ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder. | |||||
| CVE-2008-1292 | 3 Gentoo, Redhat, Viewvc | 3 Linux, Fedora, Viewvc | 2009-08-20 | 4.3 MEDIUM | N/A |
| ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters. | |||||
| CVE-2005-0002 | 1 Gentoo | 1 Poppassd Pam | 2008-09-10 | 10.0 HIGH | N/A |
| poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users. | |||||
| CVE-2007-5714 | 1 Gentoo | 1 Mldonkey Ebuild | 2008-09-05 | 6.8 MEDIUM | N/A |
| The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code. | |||||
| CVE-2006-0071 | 1 Gentoo | 2 App-crypt Pinentry, Linux | 2008-09-05 | 6.6 MEDIUM | N/A |
| The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0. | |||||
| CVE-2005-0667 | 5 Altlinux, Gentoo, Redhat and 2 more | 7 Alt Linux, Linux, Enterprise Linux and 4 more | 2008-09-05 | 5.1 MEDIUM | N/A |
| Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message. | |||||