Vulnerabilities > Gentoo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-30 | CVE-2007-5714 | Improper Authentication vulnerability in Gentoo Mldonkey Ebuild 2.9.0 The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code. | 6.8 |
| 2007-07-27 | CVE-2007-3532 | Permissions, Privileges, and Access Controls vulnerability in Nvidia Video Driver NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information. | 7.2 |
| 2007-07-25 | CVE-2007-3531 | Local Privilege Escalation vulnerability in Gentoo Nvclock 0.7 The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file. local gentoo | 6.6 |
| 2007-04-24 | CVE-2007-2194 | Buffer Overflow vulnerability in Gentoo Xnview 1.90.3 Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. | 10.0 |
| 2007-04-24 | CVE-2007-2173 | Unspecified vulnerability in Double Precision Incorporated Courier-Imap Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. | 10.0 |
| 2007-04-18 | CVE-2007-1856 | Local Denial of Service vulnerability in Vixie Cron ST_Nlink Check Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c. | 2.1 |
| 2007-04-13 | CVE-2007-2026 | Denial of Service vulnerability in File The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS. | 7.8 |
| 2007-03-19 | CVE-2007-1500 | Unspecified vulnerability in Gentoo Linux The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat. | 4.3 |
| 2007-03-02 | CVE-2006-7094 | Remote Security vulnerability in Ftpd ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors. | 8.5 |
| 2007-02-21 | CVE-2007-1049 | Cross-Site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. | 4.3 |