Vulnerabilities > Gentoo > Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-03-30 | CVE-2011-1549 | Permissions, Privileges, and Access Controls vulnerability in Gentoo Logrotate The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages. | 6.3 |
| 2009-04-27 | CVE-2008-6756 | Permissions, Privileges, and Access Controls vulnerability in Zoneminder 1.23.3 ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. | 2.1 |
| 2008-05-12 | CVE-2008-1880 | Credentials Management vulnerability in Firebird 2.0.3.12981.0 The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password. | 5.0 |
| 2008-04-18 | CVE-2008-1734 | Improper Input Validation vulnerability in Gentoo PHP Toolkit 1.0 Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server. | 3.6 |
| 2008-03-24 | CVE-2008-1292 | Information Exposure vulnerability in Viewvc 1.0.2/1.0.3 ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters. | 4.3 |
| 2008-03-24 | CVE-2008-1291 | Information Exposure vulnerability in Viewvc 1.0.2/1.0.3 ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder. | 4.3 |
| 2008-03-24 | CVE-2008-1290 | Information Exposure vulnerability in Viewvc 1.0.2/1.0.3 ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information. | 4.3 |
| 2008-03-18 | CVE-2008-1383 | Cryptographic Issues vulnerability in Gentoo Linux The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate. | 1.9 |
| 2007-12-31 | CVE-2007-6337 | Unspecified vulnerability in Clam Anti-Virus Clamav 0.91.2 Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors. | 10.0 |
| 2007-12-15 | CVE-2007-6249 | Information Exposure vulnerability in Gentoo Portage 2.0.51.22/2.1.1/2.1.3.10 etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file. | 2.1 |