Every CVE whose affected-product data names Gentoo Linux, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (136)
CVE-2004-0608 — CVSS 10.0 (critical): The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast…
CVE-2004-1025 — CVSS 10.0 (critical): Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote…
CVE-2005-3625 — CVSS 10.0 (critical): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-2004-0226 — CVSS 10.0 (critical): Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary…
CVE-2004-0980 — CVSS 10.0 (critical): Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service…
CVE-2004-1304 — CVSS 10.0 (critical): Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF…
CVE-2004-0649 — CVSS 10.0 (critical): Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitrary code.
CVE-2004-0981 — CVSS 10.0 (critical): Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain…
CVE-2004-1034 — CVSS 10.0 (critical): Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to…
CVE-2004-0418 — CVSS 10.0 (critical): serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote…
CVE-2004-0333 — CVSS 10.0 (critical): Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote…
CVE-2004-0386 — CVSS 10.0 (critical): Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a…
CVE-2004-1026 — CVSS 10.0 (critical): Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow…
CVE-2003-0694 — CVSS 10.0 (critical): The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated…
CVE-2004-0888 — CVSS 10.0 (critical): Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote…
CVE-2004-0889 — CVSS 10.0 (critical): Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of…
CVE-2004-0891 — CVSS 10.0 (critical): Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash)…
CVE-2004-0914 — CVSS 10.0 (critical): Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows…
CVE-2004-0414 — CVSS 10.0 (critical): CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator…
CVE-2004-0416 — CVSS 10.0 (critical): Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote…
CVE-2002-1337 — CVSS 10.0 (critical): Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related…
CVE-2004-0990 — CVSS 10.0 (critical): Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of…
CVE-2004-1037 — CVSS 10.0 (critical): The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.
CVE-2004-0557 — CVSS 10.0 (critical): Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers…
CVE-2004-1052 — CVSS 10.0 (critical): Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary…
CVE-2004-0947 — CVSS 10.0 (critical): Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.
CVE-2024-12084 — CVSS 9.8 (critical): A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum…
CVE-2004-1029 — CVSS 9.3 (critical): The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly…
CVE-2004-0456 — CVSS 7.6 (high): Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a…
CVE-2004-0932 — CVSS 7.5 (high): McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote…
CVE-2005-0754 — CVSS 7.5 (high): Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute…
CVE-2004-1004 — CVSS 7.5 (high): Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
CVE-2004-1005 — CVSS 7.5 (high): Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
CVE-2004-1161 — CVSS 7.5 (high): rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended…
CVE-2004-1162 — CVSS 7.5 (high): The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users…
CVE-2004-1175 — CVSS 7.5 (high): fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell…
CVE-2004-1176 — CVSS 7.5 (high): Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly…
CVE-2004-1307 — CVSS 7.5 (high): Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code…
CVE-2005-0005 — CVSS 7.5 (high): Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute…
CVE-2005-0206 — CVSS 7.5 (high): The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux…
CVE-2004-0500 — CVSS 7.5 (high): Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of…
CVE-2024-12085 — CVSS 7.5 (high): A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the…
CVE-2005-0535 — CVSS 7.5 (high): Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to…
CVE-2004-0224 — CVSS 7.5 (high): Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before…
CVE-2004-0419 — CVSS 7.5 (high): XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the…
CVE-2003-0681 — CVSS 7.5 (high): A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3)…
CVE-2004-1737 — CVSS 7.5 (high): SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass…
CVE-2004-0700 — CVSS 7.5 (high): Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31…
CVE-2004-0746 — CVSS 7.5 (high): Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and…
CVE-2004-0432 — CVSS 7.5 (high): ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to…
CVE-2004-1096 — CVSS 7.5 (high): Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus…
CVE-2004-0933 — CVSS 7.5 (high): Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure…
CVE-2004-0934 — CVSS 7.5 (high): Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to…
CVE-2004-0935 — CVSS 7.5 (high): Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both…
CVE-2004-0936 — CVSS 7.5 (high): RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero…
CVE-2004-0937 — CVSS 7.5 (high): Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass…
CVE-2004-1117 — CVSS 7.2 (high): The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain…
CVE-2004-0495 — CVSS 7.2 (high): Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the…
CVE-2004-1115 — CVSS 7.2 (high): The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root…
CVE-2004-1116 — CVSS 7.2 (high): The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which…
CVE-2004-0496 — CVSS 7.2 (high): Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of…
CVE-2004-1452 — CVSS 7.2 (high): Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with…
CVE-2004-0548 — CVSS 7.2 (high): Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute…
CVE-2004-0667 — CVSS 7.2 (high): Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could…
CVE-2004-0834 — CVSS 7.2 (high): Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2)…
CVE-2008-1078 — CVSS 7.2 (high): expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files…
CVE-2004-1031 — CVSS 7.2 (high): fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary…
CVE-2004-1471 — CVSS 7.1 (high): Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT…
CVE-2010-1159 — CVSS 6.8 (medium): Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute…
CVE-2004-1055 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web…
CVE-2004-1106 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML…
CVE-2004-1036 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and…
CVE-2014-4909 — CVSS 6.8 (medium): Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause…
CVE-2006-0071 — CVSS 6.6 (medium): The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or…
CVE-2024-12088 — CVSS 6.5 (medium): A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination…
CVE-2024-12087 — CVSS 6.5 (medium): A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option…
CVE-2004-0493 — CVSS 6.4 (medium): The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and…
CVE-2024-12086 — CVSS 6.1 (medium): A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue…
CVE-2004-1901 — CVSS 5.5 (medium): Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
CVE-2005-0667 — CVSS 5.1 (medium): Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail…
CVE-2005-3626 — CVSS 5.0 (medium): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-2004-0232 — CVSS 5.0 (medium): Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute…
CVE-2004-0417 — CVSS 5.0 (medium): Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may…
CVE-2004-0604 — CVSS 5.0 (medium): The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via…
CVE-2004-0626 — CVSS 5.0 (medium): The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote…
CVE-2004-0633 — CVSS 5.0 (medium): The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer…
CVE-2004-0634 — CVSS 5.0 (medium): The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a…
CVE-2004-0635 — CVSS 5.0 (medium): The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1)…
CVE-2004-0749 — CVSS 5.0 (medium): The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could…
CVE-2004-0809 — CVSS 5.0 (medium): The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain…
CVE-2004-0918 — CVSS 5.0 (medium): The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a…
CVE-2004-0930 — CVSS 5.0 (medium): The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service…
CVE-2004-0983 — CVSS 5.0 (medium): The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU…
CVE-2004-1009 — CVSS 5.0 (medium): Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
CVE-2004-1027 — CVSS 5.0 (medium): Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via…
CVE-2004-1090 — CVSS 5.0 (medium): Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."
CVE-2004-1091 — CVSS 5.0 (medium): Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.
CVE-2004-1092 — CVSS 5.0 (medium): Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.
CVE-2004-1093 — CVSS 5.0 (medium): Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."
CVE-2004-1174 — CVSS 5.0 (medium): direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file…
CVE-2004-1491 — CVSS 5.0 (medium): Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a…
CVE-2005-0470 — CVSS 5.0 (medium): Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid…
CVE-2005-1121 — CVSS 5.0 (medium): Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in…
CVE-2005-1267 — CVSS 5.0 (medium): The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows…
CVE-2005-3624 — CVSS 5.0 (medium): The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others…
CVE-2006-3005 — CVSS 5.0 (medium): The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent…
CVE-2013-2032 — CVSS 5.0 (medium): MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both…
CVE-2006-1390 — CVSS 4.6 (medium): The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows…
CVE-2004-0229 — CVSS 4.6 (medium): The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact.
CVE-2007-0476 — CVSS 4.6 (medium): The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in…
CVE-2005-2557 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary…
CVE-2007-1500 — CVSS 4.3 (medium): The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as…
CVE-2013-2031 — CVSS 4.3 (medium): MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by…
CVE-2005-0988 — CVSS 3.7 (low): Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary…
CVE-2004-0497 — CVSS 2.1 (low): Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
CVE-2004-0975 — CVSS 2.1 (low): The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to…
CVE-2004-0972 — CVSS 2.1 (low): The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local…
CVE-2004-0969 — CVSS 2.1 (low): The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other…
CVE-2004-0231 — CVSS 2.1 (low): Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory…
CVE-2004-0881 — CVSS 2.1 (low): getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via…
CVE-2013-0348 — CVSS 2.1 (low): thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to…
CVE-2005-0077 — CVSS 2.1 (low): The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
CVE-2004-0565 — CVSS 2.1 (low): Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which…
CVE-2004-1032 — CVSS 2.1 (low): fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty…
CVE-2004-1030 — CVSS 2.1 (low): fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup…
CVE-2004-0996 — CVSS 2.1 (low): main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files…
CVE-2004-0554 — CVSS 2.1 (low): Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that…
CVE-2004-0535 — CVSS 2.1 (low): The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read…
CVE-2004-1107 — CVSS 2.1 (low): dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2004-1033 — CVSS 2.1 (low): Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access…
CVE-2004-1336 — CVSS 2.1 (low): The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite…
CVE-2004-1110 — CVSS 2.1 (low): The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson…
CVE-2004-1108 — CVSS 2.1 (low): qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory.
CVE-2004-1983 — CVSS 2.1 (low): The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is…
CVE-2008-1383 — CVSS 1.9 (low): The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which…
CVE-2004-0880 — CVSS 1.2 (low): getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.