Vulnerabilities > Gentoo > Medium

DATE CVE VULNERABILITY TITLE RISK
2008-05-12 CVE-2008-1880 Credentials Management vulnerability in Firebird 2.0.3.12981.0
The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.
network
low complexity
gentoo firebird CWE-255
5.0
2008-03-24 CVE-2008-1292 Information Exposure vulnerability in Viewvc 1.0.2/1.0.3
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.
4.3
2008-03-24 CVE-2008-1291 Information Exposure vulnerability in Viewvc 1.0.2/1.0.3
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
4.3
2008-03-24 CVE-2008-1290 Information Exposure vulnerability in Viewvc 1.0.2/1.0.3
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
4.3
2007-10-30 CVE-2007-5714 Improper Authentication vulnerability in Gentoo Mldonkey Ebuild 2.9.0
The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code.
network
gentoo CWE-287
6.8
2007-07-25 CVE-2007-3531 Local Privilege Escalation vulnerability in Gentoo Nvclock 0.7
The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.
local
gentoo
6.6
2007-03-19 CVE-2007-1500 Unspecified vulnerability in Gentoo Linux
The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat.
local
low complexity
gentoo
4.3
2007-02-21 CVE-2007-1049 Cross-Site Scripting vulnerability in Wordpress
Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.
network
wordpress gentoo
4.3
2007-01-25 CVE-2007-0476 Unspecified vulnerability in Gentoo Linux 2.1.30/2.2.28/2.3.30
The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.
local
low complexity
gentoo
4.6
2006-06-13 CVE-2006-3005 Denial-Of-Service vulnerability in Gentoo Linux and Media-Libs Jpeg
The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits.
network
low complexity
gentoo
5.0