ReportizFlow
Filtered by vendor Gentoo
Subscriptions
Total
194 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3532 | 2 Gentoo, Nvidia | 2 Linux, Video Driver | 2025-04-09 | N/A |
| NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information. | ||||
| CVE-2008-6756 | 2 Gentoo, Zoneminder | 2 Linux, Zoneminder | 2025-04-09 | N/A |
| ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. | ||||
| CVE-2008-4394 | 1 Gentoo | 1 Portage | 2025-04-09 | N/A |
| Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds. | ||||
| CVE-2007-3531 | 1 Gentoo | 2 Linux, Nvclock | 2025-04-09 | N/A |
| The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file. | ||||
| CVE-2008-1291 | 3 Gentoo, Redhat, Viewvc | 3 Linux, Fedora, Viewvc | 2025-04-09 | N/A |
| ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder. | ||||
| CVE-2009-1144 | 3 Foolabs, Gentoo, Glyphandcog | 3 Xpdf, Gentoo Linux, Xpdfreader | 2025-04-09 | N/A |
| Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library. | ||||
| CVE-2007-5714 | 1 Gentoo | 1 Mldonkey Ebuild | 2025-04-09 | N/A |
| The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code. | ||||
| CVE-2008-4579 | 2 Gentoo, Redhat | 4 Cman, Fence, Enterprise Linux and 1 more | 2025-04-09 | N/A |
| The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file. | ||||
| CVE-2007-6337 | 2 Clam Anti-virus, Gentoo | 2 Clamav, Linux | 2025-04-09 | N/A |
| Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors. | ||||
| CVE-2008-1383 | 1 Gentoo | 1 Linux | 2025-04-09 | N/A |
| The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate. | ||||
| CVE-2008-4580 | 1 Gentoo | 2 Cman, Fence | 2025-04-09 | N/A |
| fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file. | ||||
| CVE-2007-0476 | 1 Gentoo | 1 Linux | 2025-04-09 | N/A |
| The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack. | ||||
| CVE-2008-1078 | 2 Gentoo, Rpath | 2 Linux, Rpath Linux | 2025-04-09 | N/A |
| expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1. | ||||
| CVE-2004-1107 | 1 Gentoo | 1 Linux | 2025-04-03 | N/A |
| dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2004-0889 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2025-04-03 | N/A |
| Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. | ||||
| CVE-2004-0947 | 4 Arj Software Inc., Gentoo, Redhat and 1 more | 4 Unarj, Linux, Enterprise Linux and 1 more | 2025-04-03 | N/A |
| Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames. | ||||
| CVE-2004-0888 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2025-04-03 | N/A |
| Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. | ||||
| CVE-2004-0881 | 3 Gentoo, Getmail, Slackware | 3 Linux, Getmail, Slackware Linux | 2025-04-03 | N/A |
| getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir. | ||||
| CVE-2004-0700 | 3 Gentoo, Mod Ssl, Redhat | 5 Linux, Mod Ssl, Enterprise Linux and 2 more | 2025-04-03 | N/A |
| Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function. | ||||
| CVE-2004-1106 | 2 Gallery Project, Gentoo | 2 Gallery, Linux | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php. | ||||