Filtered by vendor Gentoo
Subscriptions
Filtered by product Linux
Subscriptions
Total
159 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1383 | 1 Gentoo | 1 Linux | 2025-04-09 | N/A |
| The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate. | ||||
| CVE-2007-3532 | 2 Gentoo, Nvidia | 2 Linux, Video Driver | 2025-04-09 | N/A |
| NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information. | ||||
| CVE-2008-1291 | 3 Gentoo, Redhat, Viewvc | 3 Linux, Fedora, Viewvc | 2025-04-09 | N/A |
| ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder. | ||||
| CVE-2008-1880 | 2 Firebird, Gentoo | 2 Firebird, Linux | 2025-04-09 | N/A |
| The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password. | ||||
| CVE-2008-6756 | 2 Gentoo, Zoneminder | 2 Linux, Zoneminder | 2025-04-09 | N/A |
| ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. | ||||
| CVE-2008-1078 | 2 Gentoo, Rpath | 2 Linux, Rpath Linux | 2025-04-09 | N/A |
| expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1. | ||||
| CVE-2007-0476 | 1 Gentoo | 1 Linux | 2025-04-09 | N/A |
| The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack. | ||||
| CVE-2008-1290 | 3 Gentoo, Redhat, Viewvc | 3 Linux, Fedora, Viewvc | 2025-04-09 | N/A |
| ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2007-6249 | 1 Gentoo | 2 Linux, Portage | 2025-04-09 | N/A |
| etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file. | ||||
| CVE-2007-2173 | 2 Double Precision Incorporated, Gentoo | 2 Courier-imap, Linux | 2025-04-09 | N/A |
| Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. | ||||
| CVE-2007-1500 | 1 Gentoo | 1 Linux | 2025-04-09 | N/A |
| The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat. | ||||
| CVE-2008-1292 | 3 Gentoo, Redhat, Viewvc | 3 Linux, Fedora, Viewvc | 2025-04-09 | N/A |
| ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters. | ||||
| CVE-2006-1390 | 1 Gentoo | 1 Linux | 2025-04-03 | N/A |
| The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks. | ||||
| CVE-2004-1052 | 3 Bnc, Debian, Gentoo | 3 Bnc, Debian Linux, Linux | 2025-04-03 | N/A |
| Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters. | ||||
| CVE-2006-0071 | 1 Gentoo | 2 App-crypt Pinentry, Linux | 2025-04-03 | N/A |
| The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0. | ||||
| CVE-2004-0229 | 2 Gentoo, Linux | 2 Linux, Linux Kernel | 2025-04-03 | N/A |
| The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact. | ||||
| CVE-2004-1983 | 2 Gentoo, The Pax Team | 2 Linux, Pax Linux | 2025-04-03 | N/A |
| The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors. | ||||
| CVE-2004-1032 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2025-04-03 | N/A |
| fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string. | ||||
| CVE-2002-1337 | 8 Gentoo, Hp, Netbsd and 5 more | 11 Linux, Alphaserver Sc, Hp-ux and 8 more | 2025-04-03 | N/A |
| Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. | ||||
| CVE-2004-1471 | 6 Cvs, Freebsd, Gentoo and 3 more | 6 Cvs, Freebsd, Linux and 3 more | 2025-04-03 | N/A |
| Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. | ||||