CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Gentoo : Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-0348 264 +Info 2013-12-13 2014-01-13
2.1
None Local Low Not required Partial None None
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
2 CVE-2007-6249 200 +Info 2007-12-14 2008-11-15
2.1
None Local Low Not required None Partial None
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.
3 CVE-2005-1270 2005-04-26 2008-09-05
2.1
None Local Low Not required None Partial None
The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
4 CVE-2005-0077 2005-05-02 2010-08-21
2.1
None Local Low Not required None Partial None
The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
5 CVE-2004-1983 DoS 2004-05-02 2008-09-05
2.1
None Local Low Not required None None Partial
The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors.
6 CVE-2004-1336 2004-12-23 2008-09-05
2.1
None Local Low Not required None Partial None
The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
7 CVE-2004-1110 2005-01-10 2008-09-05
2.1
None Local Low Not required None Partial None
The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file.
8 CVE-2004-1108 2005-01-10 2008-09-05
2.1
None Local Low Not required None Partial None
qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory.
9 CVE-2004-1107 2005-01-10 2008-09-05
2.1
None Local Low Not required None Partial None
dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
10 CVE-2004-1033 Bypass 2005-03-01 2008-09-05
2.1
None Local Low Not required Partial None None
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.
11 CVE-2004-1032 2005-03-01 2008-09-05
2.1
None Local Low Not required None Partial None
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string.
12 CVE-2004-1030 2005-03-01 2008-09-05
2.1
None Local Low Not required Partial None None
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message.
13 CVE-2004-0996 2005-01-10 2008-09-05
2.1
None Local Low Not required None Partial None
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
14 CVE-2004-0975 2005-02-09 2010-08-21
2.1
None Local Low Not required None Partial None
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
15 CVE-2004-0972 2005-02-09 2010-08-21
2.1
None Local Low Not required None Partial None
The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
16 CVE-2004-0969 2005-02-09 2008-09-05
2.1
None Local Low Not required None Partial None
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
17 CVE-2004-0881 2005-01-27 2008-09-10
2.1
None Local Low Not required None Partial None
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.
18 CVE-2004-0565 +Info 2004-12-06 2010-08-21
2.1
None Local Low Not required Partial None None
Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
19 CVE-2004-0554 DoS 2004-08-06 2010-08-21
2.1
None Local Low Not required None None Partial
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
20 CVE-2004-0535 Overflow 2004-08-06 2010-08-21
2.1
None Local Low Not required Partial None None
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
21 CVE-2004-0497 2004-12-06 2010-08-21
2.1
None Local Low Not required None Partial None
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
22 CVE-2004-0231 2004-08-18 2008-09-10
2.1
None Local Low Not required None Partial None
Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."
Total number of vulnerabilities : 22   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.