fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-10-15
Updated
2023-02-13
The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file.
Max CVSS
1.9
EPSS Score
0.04%
Published
2008-10-15
Updated
2023-02-13
Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.
Max CVSS
6.9
EPSS Score
0.07%
Published
2008-10-10
Updated
2017-08-08
Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
Max CVSS
3.6
EPSS Score
0.04%
Published
2008-04-18
Updated
2017-08-08
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.
Max CVSS
1.9
EPSS Score
0.04%
Published
2008-03-18
Updated
2017-08-08
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-02-29
Updated
2023-02-13
Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.
Max CVSS
6.8
EPSS Score
3.67%
Published
2008-02-04
Updated
2024-01-09
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!