Filtered by vendor Gentoo
Subscribe
Total
198 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3531 | 1 Gentoo | 2 Linux, Nvclock | 2017-07-29 | 6.6 MEDIUM | N/A |
| The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file. | |||||
| CVE-2007-2173 | 2 Double Precision Incorporated, Gentoo | 2 Courier-imap, Linux | 2017-07-29 | 10.0 HIGH | N/A |
| Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. | |||||
| CVE-2007-1500 | 1 Gentoo | 1 Linux | 2017-07-29 | 4.3 MEDIUM | N/A |
| The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat. | |||||
| CVE-2003-1422 | 1 Gentoo | 1 Syslinux | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors. | |||||
| CVE-2006-3005 | 1 Gentoo | 2 Linux, Media-libs Jpeg | 2017-07-20 | 5.0 MEDIUM | N/A |
| The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits. | |||||
| CVE-2005-4595 | 1 Gentoo | 2 Nview, Xnview | 2017-07-20 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory. | |||||
| CVE-2004-1175 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-19 | 7.5 HIGH | N/A |
| fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. | |||||
| CVE-2005-1121 | 2 Gentoo, Igor Khasilev | 2 Linux, Oops Proxy Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL. | |||||
| CVE-2005-0470 | 3 Gentoo, Suse, Wpa Supplicant | 3 Linux, Suse Linux, Wpa Supplicant | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data. | |||||
| CVE-2005-2557 | 3 Debian, Gentoo, Mantis | 3 Debian Linux, Linux, Mantis | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090. | |||||
| CVE-2005-1270 | 1 Gentoo | 1 Rootkit Hunter | 2017-07-11 | 2.1 LOW | N/A |
| The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2005-0427 | 1 Gentoo | 1 Webmin | 2017-07-11 | 5.0 MEDIUM | N/A |
| The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password. | |||||
| CVE-2004-1452 | 1 Gentoo | 1 Linux | 2017-07-11 | 7.2 HIGH | N/A |
| Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts. | |||||
| CVE-2004-1737 | 2 Gentoo, The Cacti Group | 2 Linux, Cacti | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters. | |||||
| CVE-2004-1471 | 6 Cvs, Freebsd, Gentoo and 3 more | 6 Cvs, Freebsd, Linux and 3 more | 2017-07-11 | 7.1 HIGH | N/A |
| Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. | |||||
| CVE-2004-1983 | 2 Gentoo, The Pax Team | 2 Linux, Pax Linux | 2017-07-11 | 2.1 LOW | N/A |
| The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors. | |||||
| CVE-2004-1117 | 1 Gentoo | 1 Linux | 2017-07-11 | 7.2 HIGH | N/A |
| The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | |||||
| CVE-2004-1032 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2017-07-11 | 2.1 LOW | N/A |
| fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string. | |||||
| CVE-2004-1108 | 1 Gentoo | 1 Linux | 2017-07-11 | 2.1 LOW | N/A |
| qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory. | |||||
| CVE-2004-1162 | 2 Gentoo, Scponly | 2 Linux, Scponly | 2017-07-11 | 7.5 HIGH | N/A |
| The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags. | |||||