Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:gentoo:linux:2.1.30:r9:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-4909 |
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write. Published: July 29, 2014; 10:55:07 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-0348 |
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file. Published: December 13, 2013; 1:07:54 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-2032 |
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks. Published: November 17, 2013; 9:55:07 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-2031 |
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox. Published: November 17, 2013; 9:55:07 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-1159 |
Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet. Published: October 28, 2013; 6:55:03 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-1549 |
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages. Published: March 30, 2011; 6:55:02 PM -0400 |
V3.x:(not available) V2.0: 6.3 MEDIUM |
CVE-2008-6756 |
ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. Published: April 27, 2009; 6:30:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2008-1880 |
The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password. Published: May 12, 2008; 12:20:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-1734 |
Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server. Published: April 18, 2008; 11:05:00 AM -0400 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2008-1290 |
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information. Published: March 24, 2008; 1:44:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-1291 |
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder. Published: March 24, 2008; 1:44:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-1292 |
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters. Published: March 24, 2008; 1:44:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-1383 |
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate. Published: March 18, 2008; 6:44:00 PM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2008-1078 |
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1. Published: February 28, 2008; 9:44:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2007-6337 |
Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors. Published: December 31, 2007; 2:46:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-6249 |
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file. Published: December 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2007-4137 |
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. Published: September 18, 2007; 3:17:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-3532 |
NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information. Published: July 27, 2007; 6:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2007-2173 |
Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. Published: April 24, 2007; 12:19:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-1856 |
Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c. Published: April 17, 2007; 11:19:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |