CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 6CVE-2008-0386 – Gentoo Linux Security Advisory 200801-21
https://notcve.org/view.php?id=CVE-2008-0386
01 Feb 2008 — Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email. Xdg-utils 1.0.2 y versiones anteriores permite a atacantes remotos ayudados por un usuario ejecutar comandos de su elección a través de metacaracteres de consola en un argumento URL a (1) xdg-open or (2) xdg-email. A vulnerability was found in xdg-open and xdg-email commands, which allows remote attackers to execute arbitrary commands if... • http://bugs.gentoo.org/show_bug.cgi?id=207331 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2007-6337 – Mandriva Linux Security Advisory 2008-003
https://notcve.org/view.php?id=CVE-2007-6337
29 Dec 2007 — Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors. Vulnerabilidad no especificada en el algoritmo de descompresión bzip2 en nsis/bzlib_private.h de ClamAV anterior a 0.92 tiene impacto y vectores de ataque remotos desconocidos. iDefense reported an integer overflow vulnerability in the cli_scanpe() function when parsing Portable Executable (PE) files packed in the MEW format, that could be exploited to ca... • http://docs.info.apple.com/article.html?artnum=307562 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2007-6249 – Gentoo Linux Security Advisory 200712-11
https://notcve.org/view.php?id=CVE-2007-6249
13 Dec 2007 — etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file. etc-update en Portage before 2.1.3.11 sobre Gentoo Linux depende de umask para asignar permisos al fichero a unir, normalmente como resultado de permisos débiles que los archivos orignales, lo cual podría permitir a usuarios locales obten... • http://bugs.gentoo.org/show_bug.cgi?id=193589 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-5714
https://notcve.org/view.php?id=CVE-2007-5714
30 Oct 2007 — The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code. The Gentoo ebuild de MLDonkey anterior a 2.9.0-r3 tiene una cuenta de usuario p2p con una contraseña por defecto vacia y un interprete de comandos (shell) válido, lo cual podría permite a atacantes remotos obtener acceso de entrada y ejecutar código de su elección. • http://secunia.com/advisories/27366 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 3%CPEs: 65EXPL: 0CVE-2007-4137 – QT off by one buffer overflow
https://notcve.org/view.php?id=CVE-2007-4137
18 Sep 2007 — Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. Error de superación de límite (off-by-one) en la función QUtf8Decoder::toUnicode de Trolltech Qt3 permite a usuarios locales o remotos (dependiendo del contexto) provocar una denegación de ... • ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193: Off-by-one Error •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3532 – Gentoo Linux Security Advisory 200708-14
https://notcve.org/view.php?id=CVE-2007-3532
27 Jul 2007 — NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information. Controladores NVIDIA (nvidia-drivers) versiones anteriores a 1.0.7185, 1.0.9639 y 100.14.11, tal y como son usados en Gentoo Linux y posiblemente otras distribucion... • http://osvdb.org/40177 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2007-3531 – Gentoo Linux Security Advisory 200707-8
https://notcve.org/view.php?id=CVE-2007-3531
25 Jul 2007 — The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file. La función set_default_speeds en backend/backend.c en NVidia NVClock before 0.8b2 permite a usuarios locales sobrescribir archivos de su elección a través de un ataque de enlace simbólico sobre el archivo temporal /tmp/nvclock. Tavis Ormandy of the Gentoo Linux Security Team discovered that NVClock makes usage of an insec... • http://bugs.gentoo.org/show_bug.cgi?id=184071 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3508 – Gentoo Linux Security Advisory 200707-4
https://notcve.org/view.php?id=CVE-2007-3508
03 Jul 2007 — Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution ** EN DISPUTA ** Desbordamiento de enteros en la función process_envvars en elf/rtld.c de glibc en versiones anteriores a la 2.5-rc4 permite a usuarios locales ejecutar código arbitrario mediante un valor grande ... • http://bugs.gentoo.org/show_bug.cgi?id=183844 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 27%CPEs: 1EXPL: 1CVE-2007-2194 – XnView 1.90.3 - '.xpm' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-2194
24 Apr 2007 — Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en pila en XnView 1.90.3 permite a atacantes con la intervención del usuario ejecutar código de su elección a través de ficheros XPM manipulados con una sección de cadena larga. NOTA: algunos de los detalles fueron obtenidos de terceras fuentes de in... • https://www.exploit-db.com/exploits/3777 •
CVSS: 10.0EPSS: 3%CPEs: 9EXPL: 0CVE-2007-2173
https://notcve.org/view.php?id=CVE-2007-2173
24 Apr 2007 — Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. Vulnerabilidad de evaluación directa de código dinámico (eval injection) en (1) courier-imapd.indirect y (2) courier-pop3d.indirect en Courier-IMAP anterior a 4.0.6-r2, y 4.1.x anterior a 4.1.2-r1, en Gentoo Linux permite a atacant... • http://bugs.gentoo.org/show_bug.cgi?id=168196 •