Gentoo: Security Vulnerabilities
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
CVSS Score
7.1
EPSS Score
0.059
Published
2004-12-31
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
CVSS Score
5.0
EPSS Score
0.259
Published
2004-12-31
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
CVSS Score
5.5
EPSS Score
0.001
Published
2004-12-31
The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
CVSS Score
5.0
EPSS Score
0.006
Published
2004-12-23
Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.
CVSS Score
7.2
EPSS Score
0.001
Published
2004-12-23
The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
CVSS Score
2.1
EPSS Score
0.001
Published
2004-12-23
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
CVSS Score
7.5
EPSS Score
0.051
Published
2004-12-21
Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.
CVSS Score
7.6
EPSS Score
0.013
Published
2004-12-06
Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.
CVSS Score
7.2
EPSS Score
0.001
Published
2004-12-06
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
CVSS Score
2.1
EPSS Score
0.003
Published
2004-12-06