Vulnerabilities > Gentoo > Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-27 | CVE-2007-3532 | Permissions, Privileges, and Access Controls vulnerability in Nvidia Video Driver NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information. | 7.2 |
| 2007-07-25 | CVE-2007-3531 | Local Privilege Escalation vulnerability in Gentoo Nvclock 0.7 The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file. local gentoo | 6.6 |
| 2007-04-24 | CVE-2007-2173 | Unspecified vulnerability in Double Precision Incorporated Courier-Imap Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. | 10.0 |
| 2007-04-18 | CVE-2007-1856 | Local Denial of Service vulnerability in Vixie Cron ST_Nlink Check Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c. | 2.1 |
| 2007-03-19 | CVE-2007-1500 | Unspecified vulnerability in Gentoo Linux The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat. | 4.3 |
| 2007-03-02 | CVE-2006-7094 | Remote Security vulnerability in Ftpd ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors. | 8.5 |
| 2007-02-21 | CVE-2007-1049 | Cross-Site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. | 4.3 |
| 2007-01-25 | CVE-2007-0476 | Unspecified vulnerability in Gentoo Linux 2.1.30/2.2.28/2.3.30 The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack. | 4.6 |
| 2006-06-13 | CVE-2006-3005 | Denial-Of-Service vulnerability in Gentoo Linux and Media-Libs Jpeg The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits. | 5.0 |
| 2006-03-25 | CVE-2006-1390 | Local Privilege Escalation vulnerability in Gentoo Nethack And Variants The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks. | 4.6 |