Vulnerabilities > Gentoo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-05-12 | CVE-2008-1880 | Credentials Management vulnerability in Firebird 2.0.3.12981.0 The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password. | 5.0 |
| 2008-03-24 | CVE-2008-1292 | Information Exposure vulnerability in Viewvc 1.0.2/1.0.3 ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters. | 4.3 |
| 2008-03-24 | CVE-2008-1291 | Information Exposure vulnerability in Viewvc 1.0.2/1.0.3 ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder. | 4.3 |
| 2008-03-24 | CVE-2008-1290 | Information Exposure vulnerability in Viewvc 1.0.2/1.0.3 ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information. | 4.3 |
| 2007-10-30 | CVE-2007-5714 | Improper Authentication vulnerability in Gentoo Mldonkey Ebuild 2.9.0 The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code. | 6.8 |
| 2007-07-25 | CVE-2007-3531 | Local Privilege Escalation vulnerability in Gentoo Nvclock 0.7 The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file. local gentoo | 6.6 |
| 2007-03-19 | CVE-2007-1500 | Unspecified vulnerability in Gentoo Linux The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat. | 4.3 |
| 2007-02-21 | CVE-2007-1049 | Cross-Site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. | 4.3 |
| 2007-01-25 | CVE-2007-0476 | Unspecified vulnerability in Gentoo Linux 2.1.30/2.2.28/2.3.30 The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack. | 4.6 |
| 2006-06-13 | CVE-2006-3005 | Denial-Of-Service vulnerability in Gentoo Linux and Media-Libs Jpeg The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits. | 5.0 |