CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-7480 – Gentoo Linux Security Advisory 201805-11
https://notcve.org/view.php?id=CVE-2017-7480
21 Jul 2017 — rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution. rkhunter versiones anteriores a 1.4.4, es vulnerable a descargar archivos en canales no seguros cuando se realiza una actualización espejo, resultando en una potencial ejecución de código remota. A vulnerability has been found in Rootkit Hunter that allows a remote attacker to execute arbitrary code. Versions less than 1.4.6 are affected. • http://seclists.org/oss-sec/2017/q2/643 • CWE-300: Channel Accessible by Non-Endpoint CWE-417: Communication Channel Errors •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2005-1270
https://notcve.org/view.php?id=CVE-2005-1270
26 Apr 2005 — The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack. • http://secunia.com/advisories/15127 •