Vulnerabilities > Gentoo > Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-12 CVE-2017-18225 Incorrect Permission Assignment for Critical Resource vulnerability in Jabberd2
The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs.
local
low complexity
jabberd2 gentoo CWE-732
4.6
2014-07-29 CVE-2014-4909 Numeric Errors vulnerability in multiple products
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
6.8
2013-11-18 CVE-2013-2032 Permissions, Privileges, and Access Controls vulnerability in multiple products
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.
network
low complexity
mediawiki fedoraproject gentoo CWE-264
5.0
2013-11-18 CVE-2013-2031 Cross-Site Scripting vulnerability in multiple products
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.
4.3
2013-10-28 CVE-2010-1159 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet.
6.8
2011-03-30 CVE-2011-1549 Permissions, Privileges, and Access Controls vulnerability in Gentoo Logrotate
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.
local
gentoo CWE-264
6.3
2008-05-12 CVE-2008-1880 Credentials Management vulnerability in Firebird 2.0.3.12981.0
The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.
network
low complexity
gentoo firebird CWE-255
5.0
2008-03-24 CVE-2008-1292 Information Exposure vulnerability in Viewvc 1.0.2/1.0.3
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.
4.3
2008-03-24 CVE-2008-1291 Information Exposure vulnerability in Viewvc 1.0.2/1.0.3
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
4.3
2008-03-24 CVE-2008-1290 Information Exposure vulnerability in Viewvc 1.0.2/1.0.3
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
4.3