Vulnerabilities > Gentoo
|2007-10-30||CVE-2007-5714|| Improper Authentication vulnerability in Gentoo Mldonkey Ebuild 2.9.0 |
The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code.
| 6.8 |
|2007-07-27||CVE-2007-3532|| Permissions, Privileges, and Access Controls vulnerability in Nvidia Video Driver |
NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information.
| 7.2 |
|2007-07-25||CVE-2007-3531|| Local Privilege Escalation vulnerability in Gentoo Nvclock 0.7 |
The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.
| 6.6 |
|2007-04-24||CVE-2007-2194|| Buffer Overflow vulnerability in Gentoo Xnview 1.90.3 |
Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string.
| 10.0 |
|2007-04-24||CVE-2007-2173|| Unspecified vulnerability in Double Precision Incorporated Courier-Imap |
Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
| 10.0 |
|2007-04-18||CVE-2007-1856|| Local Denial of Service vulnerability in Vixie Cron ST_Nlink Check |
Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c.
| 2.1 |
|2007-04-13||CVE-2007-2026|| Denial of Service vulnerability in File |
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
| 7.8 |
|2007-03-19||CVE-2007-1500|| Unspecified vulnerability in Gentoo Linux |
The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat.
| 4.3 |
|2007-03-02||CVE-2006-7094|| Remote Security vulnerability in Ftpd |
ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors.
| 8.5 |
|2007-02-21||CVE-2007-1049|| Cross-Site Scripting vulnerability in Wordpress |
Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.
| 4.3 |