CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2008-1078
https://notcve.org/view.php?id=CVE-2008-1078
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1. expn en los paquetes am-utils y net-fs para Gentoo, rPath Linux y otras distribuciones, permite a usuarios locales sobrescribir archivos arbitrarios mediante un ataque de tipo symlink en el archivo temporal expn[PID]. NOTA: este es el mismo problema de CVE-2003-0308.1. • http://bugs.gentoo.org/show_bug.cgi?id=210158 http://secunia.com/advisories/29144 http://secunia.com/advisories/29187 http://secunia.com/advisories/29694 http://secunia.com/advisories/33400 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0088 http://www.gentoo.org/security/en/glsa/glsa-200804-09.xml http://www.securityfocus.com/archive/1/488931/100/0/threaded http://www.securityfocus.com/bid/28044 https://issues.rpath.com/browse/RPL-2255 https://www.redhat.com& • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 4%CPEs: 5EXPL: 6CVE-2008-0386
https://notcve.org/view.php?id=CVE-2008-0386
Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email. Xdg-utils 1.0.2 y versiones anteriores permite a atacantes remotos ayudados por un usuario ejecutar comandos de su elección a través de metacaracteres de consola en un argumento URL a (1) xdg-open or (2) xdg-email. • http://bugs.gentoo.org/show_bug.cgi?id=207331 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html http://secunia.com/advisories/28638 http://secunia.com/advisories/28728 http://secunia.com/advisories/29048 http://security.gentoo.org/glsa/glsa-200801-21.xml http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email.in?r1=1.24&r2=1.25 http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email.in?view=log http://webcvs. • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2007-6337
https://notcve.org/view.php?id=CVE-2007-6337
Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors. Vulnerabilidad no especificada en el algoritmo de descompresión bzip2 en nsis/bzlib_private.h de ClamAV anterior a 0.92 tiene impacto y vectores de ataque remotos desconocidos. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://osvdb.org/42293 http://secunia.com/advisories/28153 http://secunia.com/advisories/28278 http://secunia.com/advisories/28412 http://secunia.com/advisories/28421 http://secunia.com/advisories/28587 http://secunia.com/advisories/29420 http://security.gentoo.org/glsa/glsa-2007 •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 2CVE-2007-6249
https://notcve.org/view.php?id=CVE-2007-6249
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file. etc-update en Portage before 2.1.3.11 sobre Gentoo Linux depende de umask para asignar permisos al fichero a unir, normalmente como resultado de permisos débiles que los archivos orignales, lo cual podría permitir a usuarios locales obtener información sensible a través de la lectura del fichero a unir. • http://bugs.gentoo.org/show_bug.cgi?id=193589 http://osvdb.org/42636 http://secunia.com/advisories/28094 http://sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev http://www.gentoo.org/security/en/glsa/glsa-200712-11.xml http://www.securityfocus.com/bid/26864 http://www.securitytracker.com/id?1019097 https://exchange.xforce.ibmcloud.com/vulnerabilities/39035 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-5714
https://notcve.org/view.php?id=CVE-2007-5714
The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code. The Gentoo ebuild de MLDonkey anterior a 2.9.0-r3 tiene una cuenta de usuario p2p con una contraseña por defecto vacia y un interprete de comandos (shell) válido, lo cual podría permite a atacantes remotos obtener acceso de entrada y ejecutar código de su elección. • http://secunia.com/advisories/27366 http://security.gentoo.org/glsa/glsa-200710-25.xml • CWE-287: Improper Authentication •