Total
159 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6249 | 1 Gentoo | 2 Linux, Portage | 2017-08-08 | 2.1 LOW | N/A |
| etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file. | |||||
| CVE-2007-3531 | 1 Gentoo | 2 Linux, Nvclock | 2017-07-29 | 6.6 MEDIUM | N/A |
| The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file. | |||||
| CVE-2007-2173 | 2 Double Precision Incorporated, Gentoo | 2 Courier-imap, Linux | 2017-07-29 | 10.0 HIGH | N/A |
| Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. | |||||
| CVE-2007-1500 | 1 Gentoo | 1 Linux | 2017-07-29 | 4.3 MEDIUM | N/A |
| The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat. | |||||
| CVE-2006-3005 | 1 Gentoo | 2 Linux, Media-libs Jpeg | 2017-07-20 | 5.0 MEDIUM | N/A |
| The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits. | |||||
| CVE-2004-1175 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-19 | 7.5 HIGH | N/A |
| fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. | |||||
| CVE-2005-1121 | 2 Gentoo, Igor Khasilev | 2 Linux, Oops Proxy Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL. | |||||
| CVE-2005-0470 | 3 Gentoo, Suse, Wpa Supplicant | 3 Linux, Suse Linux, Wpa Supplicant | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data. | |||||
| CVE-2005-2557 | 3 Debian, Gentoo, Mantis | 3 Debian Linux, Linux, Mantis | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090. | |||||
| CVE-2004-1452 | 1 Gentoo | 1 Linux | 2017-07-11 | 7.2 HIGH | N/A |
| Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts. | |||||
| CVE-2004-1737 | 2 Gentoo, The Cacti Group | 2 Linux, Cacti | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters. | |||||
| CVE-2004-1471 | 6 Cvs, Freebsd, Gentoo and 3 more | 6 Cvs, Freebsd, Linux and 3 more | 2017-07-11 | 7.1 HIGH | N/A |
| Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. | |||||
| CVE-2004-1983 | 2 Gentoo, The Pax Team | 2 Linux, Pax Linux | 2017-07-11 | 2.1 LOW | N/A |
| The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors. | |||||
| CVE-2004-1117 | 1 Gentoo | 1 Linux | 2017-07-11 | 7.2 HIGH | N/A |
| The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | |||||
| CVE-2004-1032 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2017-07-11 | 2.1 LOW | N/A |
| fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string. | |||||
| CVE-2004-1108 | 1 Gentoo | 1 Linux | 2017-07-11 | 2.1 LOW | N/A |
| qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory. | |||||
| CVE-2004-1162 | 2 Gentoo, Scponly | 2 Linux, Scponly | 2017-07-11 | 7.5 HIGH | N/A |
| The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags. | |||||
| CVE-2004-1092 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. | |||||
| CVE-2004-0969 | 3 Gentoo, Gnu, Ubuntu | 3 Linux, Groff, Ubuntu Linux | 2017-07-11 | 2.1 LOW | N/A |
| The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | |||||
| CVE-2004-0604 | 2 Gentoo, Gift-fasttrack | 2 Linux, Gift-fasttrack | 2017-07-11 | 5.0 MEDIUM | N/A |
| The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference. | |||||