Vulnerabilities (CVE)

Vendor filter

Gentoo Subscribe

Product filter

Linux Subscribe

Filter

170 total CVE
CVE Vendors Products Updated CVSS
CVE-2005-0004 5 Gentoo, Mysql, Debian and 2 more 6 Mysql, Debian Linux, Linux and 3 more 2019-10-07 4.6
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
CVE-2017-14483 1 Gentoo 1 Dev-python-flower 2019-10-03 4.9
flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID...
CVE-2017-14484 1 Gentoo 1 Sci-mathematics-gimps 2019-10-03 6.9
The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed.
CVE-2014-9496 3 Gentoo, Novell, Opensuse 3 Libsndfile, Opensuse, Opensuse 2019-04-11 10.0
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
CVE-2013-0348 6 Gentoo, Open Source Development Team, Acme and 3 more 6 Sthttpd, Thttpd, Fedora and 3 more 2018-10-30 2.1
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
CVE-2004-0496 5 Gentoo, Suse, Mandrakesoft and 2 more 13 Mandrake Multi Network Firewall, Linux Kernel, Suse Email Server and 10 more 2018-10-30 7.2
Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.
CVE-2002-1337 7 Windriver, Sgi, Sendmail and 4 more 12 Hp-ux, Freeware, Solaris and 9 more 2018-10-30 10.0
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
CVE-2003-0694 11 Turbolinux, Apple, Freebsd and 8 more 18 Hp-ux, Aix, Solaris and 15 more 2018-10-30 10.0
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
CVE-2004-1307 10 Apple, Conectiva, Libtiff and 7 more 19 Propack, Unixware, Linux and 16 more 2018-10-30 7.5
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to...
CVE-2005-3626 18 Turbolinux, Xpdf, Easy Software Products and 15 more 33 Linux, Fedora Core, Mandrake Linux Corporate Server and 30 more 2018-10-19 5.0
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVE-2005-3625 18 Turbolinux, Xpdf, Easy Software Products and 15 more 33 Linux, Fedora Core, Mandrake Linux Corporate Server and 30 more 2018-10-19 10.0
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode...
CVE-2005-3624 18 Turbolinux, Xpdf, Easy Software Products and 15 more 33 Linux, Fedora Core, Mandrake Linux Corporate Server and 30 more 2018-10-19 5.0
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to...
CVE-2005-1267 5 Gentoo, Mandrakesoft, Trustix and 2 more 5 Mandrake Linux, Tcpdump, Fedora Core and 2 more 2018-10-19 5.0
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
CVE-2005-0077 4 Redhat, Gentoo, Debian and 1 more 5 Debian Linux, Enterprise Linux Desktop, Enterprise Linux and 2 more 2018-10-19 2.1
The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
CVE-2006-1390 1 Gentoo 1 Linux 2018-10-18 4.6
The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows...
CVE-2007-2026 2 Gentoo, Amavis 2 File, Virus Scanner 2018-10-16 7.8
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular...
CVE-2008-1078 2 Gentoo, Rpath 2 Linux, Rpath Linux 2018-10-11 7.2
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.
CVE-2004-0983 4 Gentoo, Yukihiro Matsumoto, Mandrakesoft and 1 more 5 Ruby, Mandrake Linux, Ubuntu Linux and 2 more 2018-10-03 5.0
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
CVE-2004-0418 5 Gentoo, Openpkg, Cvs and 2 more 5 Openpkg, Propack, Cvs and 2 more 2018-05-03 10.0
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical...
CVE-2004-0417 5 Gentoo, Openpkg, Cvs and 2 more 5 Openpkg, Propack, Cvs and 2 more 2018-05-03 5.0
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and...