Vulnerabilities > Gentoo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2017-15945 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. | 7.2 |
| 2017-09-25 | CVE-2017-14730 | Incorrect Permission Assignment for Critical Resource vulnerability in Elasticsearch Logstash The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. | 7.2 |
| 2007-07-27 | CVE-2007-3532 | Permissions, Privileges, and Access Controls vulnerability in Nvidia Video Driver NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information. | 7.2 |
| 2007-04-13 | CVE-2007-2026 | Denial of Service vulnerability in File The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS. | 7.8 |
| 2007-03-02 | CVE-2006-7094 | Remote Security vulnerability in Ftpd ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors. | 8.5 |
| 2005-12-31 | CVE-2005-4595 | Unspecified vulnerability in Gentoo Nview and Xnview Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory. | 7.2 |
| 2005-12-16 | CVE-2005-4279 | Packages Insecure RUNPATH vulnerability in Gentoo Qt-Unixodbc 3.3.3 Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | 7.2 |
| 2005-05-02 | CVE-2005-0005 | Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers. | 7.5 |
| 2005-04-27 | CVE-2005-0206 | Integer Overflow vulnerability in Xpdf PDFTOPS The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | 7.5 |
| 2005-04-22 | CVE-2005-0754 | Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. | 7.5 |