CVSS: 10.0EPSS: 3%CPEs: 9EXPL: 0CVE-2007-2173
https://notcve.org/view.php?id=CVE-2007-2173
24 Apr 2007 — Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. Vulnerabilidad de evaluación directa de código dinámico (eval injection) en (1) courier-imapd.indirect y (2) courier-pop3d.indirect en Courier-IMAP anterior a 4.0.6-r2, y 4.1.x anterior a 4.1.2-r1, en Gentoo Linux permite a atacant... • http://bugs.gentoo.org/show_bug.cgi?id=168196 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-1856 – crontab denial of service
https://notcve.org/view.php?id=CVE-2007-1856
18 Apr 2007 — Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c. Vixie Cron anterior a 4.1-r10 en Gentoo Linux es instalado con permisos inseguros, lo cual permite a usuarios locales provocar una denegación de servicio (fallo de cron) creando enlaces duros (hard links), lo cual resulta en el fallo de la comprobación st_nlink en database.c. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1500
https://notcve.org/view.php?id=CVE-2007-1500
19 Mar 2007 — The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat. La herramienta Linux Security Auditing Tool (LSAT) permite a usuarios locales sobrescribir archivos de su elección mediante un ataque de enlace simbólico en archivos temporales, como se ha demostrado utilizando /tmp/lsat1.lsat. • http://bugs.gentoo.org/show_bug.cgi?id=159542 •
CVSS: 8.5EPSS: 1%CPEs: 4EXPL: 0CVE-2006-7094
https://notcve.org/view.php?id=CVE-2006-7094
28 Feb 2007 — ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors. ftpd, como se usa en Gentoo y Debian Linux, establece el valor gid como el uid efectivo en lugar del identificador de grupo efectivo antes de ejecutar /bin/ls, lo cual permite a usuarios remotos autenticados listar directorios de ... • http://bugs.debian.org/384454 •
CVSS: 7.2EPSS: 5%CPEs: 23EXPL: 2CVE-2007-1049 – WordPress Core < 2.09 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1049
21 Feb 2007 — Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función wp_explain_nonce de la funcionalidad nonce AYS (wp-includes/functions.php) p... • https://www.exploit-db.com/exploits/29598 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2007-0476
https://notcve.org/view.php?id=CVE-2007-0476
25 Jan 2007 — The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack. La secuencia de comandos gencert.sh, cuando se instala OpenLDAP anterior a la 2.1.30-r10, la 2.2.x anterior a la 2.2.28-r7 y la 2.3.x anterior a la 2.3.30-r2 como en el ebuild del Gentoo Linux, no crea directorios temp... • http://osvdb.org/31617 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2006-3005 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2006-3005
13 Jun 2006 — The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits. This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. • http://bugs.gentoo.org/show_bug.cgi?id=130889 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 2CVE-2006-1390
https://notcve.org/view.php?id=CVE-2006-1390
25 Mar 2006 — The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks. • http://bugs.gentoo.org/show_bug.cgi?id=122376 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2006-0071
https://notcve.org/view.php?id=CVE-2006-0071
04 Jan 2006 — The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0. • http://secunia.com/advisories/18284 •
CVSS: 9.1EPSS: 7%CPEs: 127EXPL: 1CVE-2005-3624
https://notcve.org/view.php?id=CVE-2005-3624
31 Dec 2005 — The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-189: Numeric Errors •