CVSS: 7.3EPSS: 0%CPEs: 33EXPL: 0CVE-2009-1144 – Gentoo Linux Security Advisory 200904-7
https://notcve.org/view.php?id=CVE-2009-1144
07 Apr 2009 — Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library. Vulnerabilidad de ruta de búsqueda no confiable en el paquete Gentoo de Xpdf anteriores a v3.02-r2, permite a usuarios locales obtener privilegios a través de un troyano (fichero xpdfrc) en el directorio de trabajo actual, relativo... • http://bugs.gentoo.org/show_bug.cgi?id=200023 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2008-1880 – Gentoo Linux Security Advisory 200805-6
https://notcve.org/view.php?id=CVE-2008-1880
09 May 2008 — The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password. La configuración por defecto de Firebird anterior a 2.0.3.12981.0-r6 en Gentoo Linux establece la variable de entorno ISC_PASSWORD antes de arrancar Firebird, lo que permite a atacantes remotos evitar la autentificación SYSDBA y obtener i... • http://bugs.gentoo.org/show_bug.cgi?id=216158 • CWE-255: Credentials Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2008-1734 – Gentoo Linux Security Advisory 200804-19
https://notcve.org/view.php?id=CVE-2008-1734
18 Apr 2008 — Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server. Conflicto ... • http://bugs.gentoo.org/show_bug.cgi?id=209535 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2008-1290 – Gentoo Linux Security Advisory 200803-29
https://notcve.org/view.php?id=CVE-2008-1290
19 Mar 2008 — ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information. ViewVC antes de 1.0.5 incluye archivos "all-forbidden" (todo prohibido) dentro de resultados de búsqueda que listan asignaciones CVS o Subversion (SVN), lo que permite a atacantes remotos obtener información sensible. Multiple unspecified errors were reportedly fixed by the ViewVC development team. Versions less than 1.05 are affec... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2008-1291 – Gentoo Linux Security Advisory 200803-29
https://notcve.org/view.php?id=CVE-2008-1291
19 Mar 2008 — ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder. ViewVC before 1.0.5 almacena información sensible bajo la raíz web con un control de acceso insuficiente, lo que permite a atacantes remotos leer archivos y listar carpetas bajo la carpeta oculta CVSROOT. Multiple unspecified errors were reportedly fixed by the ViewVC development team. Versions less than 1.05 are a... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2008-1292 – Gentoo Linux Security Advisory 200803-29
https://notcve.org/view.php?id=CVE-2008-1292
19 Mar 2008 — ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters. ViewVC before 1.0.5 proporciona revisión de metadatos sin comprobar correctamente si el acceso fue intencionado, lo que permite a atacantes remotos obtener información sens... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1383 – Gentoo Linux Security Advisory 200803-30
https://notcve.org/view.php?id=CVE-2008-1383
18 Mar 2008 — The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate. La función docert en el archivo ssl-cert.eclass, cuando es usada por src_compile o src_install en Gentoo Linux, almacena la clave SSL en un binpkg, lo que permite a los usuarios locales extraer la clave del binpkg, y causar que múl... • http://osvdb.org/43479 • CWE-310: Cryptographic Issues •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2008-1078 – Gentoo Linux Security Advisory 200804-9
https://notcve.org/view.php?id=CVE-2008-1078
29 Feb 2008 — expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1. expn en los paquetes am-utils y net-fs para Gentoo, rPath Linux y otras distribuciones, permite a usuarios locales sobrescribir archivos arbitrarios mediante un ataque de tipo symlink en el archivo temporal expn[PID]. NOTA: este es el mismo problema de CVE-2003-0308.1. ... • http://bugs.gentoo.org/show_bug.cgi?id=210158 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 6CVE-2008-0386 – Gentoo Linux Security Advisory 200801-21
https://notcve.org/view.php?id=CVE-2008-0386
01 Feb 2008 — Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email. Xdg-utils 1.0.2 y versiones anteriores permite a atacantes remotos ayudados por un usuario ejecutar comandos de su elección a través de metacaracteres de consola en un argumento URL a (1) xdg-open or (2) xdg-email. A vulnerability was found in xdg-open and xdg-email commands, which allows remote attackers to execute arbitrary commands if... • http://bugs.gentoo.org/show_bug.cgi?id=207331 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2007-6337 – Mandriva Linux Security Advisory 2008-003
https://notcve.org/view.php?id=CVE-2007-6337
29 Dec 2007 — Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors. Vulnerabilidad no especificada en el algoritmo de descompresión bzip2 en nsis/bzlib_private.h de ClamAV anterior a 0.92 tiene impacto y vectores de ataque remotos desconocidos. iDefense reported an integer overflow vulnerability in the cli_scanpe() function when parsing Portable Executable (PE) files packed in the MEW format, that could be exploited to ca... • http://docs.info.apple.com/article.html?artnum=307562 •