Vulnerabilities > Gentoo > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-27 CVE-2017-15945 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
local
low complexity
mariadb mysql gentoo CWE-732
7.2
2017-09-25 CVE-2017-14730 Incorrect Permission Assignment for Critical Resource vulnerability in Elasticsearch Logstash
The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.
local
low complexity
elasticsearch gentoo CWE-732
7.2
2007-07-27 CVE-2007-3532 Permissions, Privileges, and Access Controls vulnerability in Nvidia Video Driver
NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information.
local
low complexity
gentoo nvidia CWE-264
7.2
2007-04-13 CVE-2007-2026 Denial of Service vulnerability in File
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
network
low complexity
amavis gentoo
7.8
2007-03-02 CVE-2006-7094 Remote Security vulnerability in Ftpd
ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors.
network
gentoo ftpd debian
8.5
2005-12-31 CVE-2005-4595 Unspecified vulnerability in Gentoo Nview and Xnview
Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory.
local
low complexity
gentoo
7.2
2005-12-16 CVE-2005-4279 Packages Insecure RUNPATH vulnerability in Gentoo Qt-Unixodbc 3.3.3
Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
local
low complexity
gentoo
7.2
2005-05-02 CVE-2005-0005 Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
network
low complexity
graphicsmagick imagemagick sgi debian gentoo suse
7.5
2005-04-27 CVE-2005-0206 Integer Overflow vulnerability in Xpdf PDFTOPS
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
7.5
2005-04-22 CVE-2005-0754 Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
network
low complexity
kde conectiva gentoo redhat ubuntu
7.5