Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » Gentoo

Gentoo Security Advisories

Here you'll find the latest security advisories from Gentoo. Our database currently contains 907 Gentoo security advisories.
Page: 123456 out of 37

Wireshark dissectors vulnerabilities | GLSA 200607-09 | July 25, 2006
Wireshark dissectors have been found vulnerable to a large number of exploits, including off-by-one errors, buffer overflows, format string overflows and an infinite loop.
» CVE-2006-3627 Low: Unspecified vulnerability in the GSM B (0.00) » CVE-2006-3628 Low: Multiple format string vulnerabilities (0.00) » CVE-2006-3629 Low: Unspecified vulnerability in the MOUNT (0.00) » CVE-2006-3630 Low: Multiple off-by-one errors in Wireshar (0.00) » CVE-2006-3631 Low: Unspecified vulnerability in the SSH d (0.00) » CVE-2006-3632 Low: Buffer overflow in Wireshark (aka Ethe (0.00)

GIMP buffer overflow bug | GLSA 200607-08:02 | July 24, 2006
GIMP is prone to a buffer overflow which may lead to the execution of arbitrary code when loading specially crafted XCF files.
» CVE-2006-3404 Low: Buffer overflow in the xcf_load_vector (0.00)

Xine-lib buffer overflow | GLSA 200607-07 | July 20, 2006
A buffer overflow has been found in the libmms library shipped with xine-lib, potentially resulting in the execution of arbitrary code.
» CVE-2006-2200 Low: Stack-based buffer overflow in libmms, (0.00)

Libpng buffer overflow bug | GLSA 200607-06 | July 19, 2006
A buffer overflow has been found in the libpng library that could lead to the execution of arbitrary code.
» CVE-2006-3334 Low: Buffer overflow in the png_decompress_ (0.00)

SHOUTcast server multiple vulnerabilities | GLSA 200607-05 | July 09, 2006
The SHOUTcast server is vulnerable to a file disclosure vulnerability and multiple XSS vulnerabilities.

PostgreSQL SQL injection vulnerability | GLSA 200607-04 | July 09, 2006
A flaw in the multibyte character handling allows execution of arbitrary SQL statements.
» CVE-2006-2313 Low: PostgreSQL 8.1.x before 8.1.4, 8.0.x b (0.00) » CVE-2006-2314 Low: PostgreSQL 8.1.x before 8.1.4, 8.0.x b (0.00)

libTIFF multiple buffer overflows | GLSA 200607-03 | July 09, 2006
libTIFF contains buffer overflows that could result in arbitrary code execution.
» CVE-2006-2193 Low: Buffer overflow in the t2p_write_pdf_s (0.00) » CVE-2006-2656 Low: Stack-based buffer overflow in the tif (0.00)

FreeType multiple integer overflows | GLSA 200607-02 | July 09, 2006
Multiple remotely exploitable buffer overflows have been discovered in FreeType, resulting in the execution of arbitrary code.
» CVE-2006-1861 Low: Multiple integer overflows in FreeType (0.00)

Mpg123 heap overflow vulnerability | GLSA 200607-01 | July 03, 2006
A heap overflow in mpg123 was discovered, which could result in the execution of arbitrary code.

Kiax arbitrary code execution | GLSA 200606-30 | June 30, 2006
A security vulnerability in the iaxclient library could lead to the execution of arbitrary code by a remote attacker.
» CVE-2006-2923 Low: The iax_net_read function in the iaxcl (0.00)

SQL injection and multiple XSS vulnerabilities | GLSA 200606-29 | June 29, 2006
Tikiwiki fails to properly sanitize user input before processing it, including in SQL statements. An attacker could execute arbitrary SQL statements on the underlying database, or inject arbitrary sc
» CVE-2006-3047 Low: Cross-site scripting (XSS) vulnerabili (0.00) » CVE-2006-3048 Low: SQL injection vulnerability in TikiWik (0.00)

Horde cross-site scripting vulnerability | GLSA 200606-28 | June 29, 2006
Michael Marek discovered that the Horde Web Application Framework performs insufficient input sanitizing. An attacker could exploit these vulnerabilities to execute arbitrary scripts running in the co
» CVE-2006-2195 Low: Cross-site scripting (XSS) vulnerabili (0.00)

Mutt buffer overflow bug | GLSA 200606-27 | June 28, 2006
Mutt contains a buffer overflow that could result in arbitrary code execution.
» CVE-2006-3242 Low: Stack-based buffer overflow in the bro (0.00)

EnergyMech denial of service | GLSA 200606-26 | June 26, 2006
By sending an empty CTCP NOTICE, a remote attacker could exploit this vulnerability to cause a Denial of Service.

Hashcash possible heap overflow | GLSA 200606-25 | June 26, 2006
By sending malicious entries to the Hashcash utility, an attacker may be able to cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the

Wv2 arbitrary code execution | GLSA 200606-24 | June 23, 2006
An attacker could execute arbitrary code with the rights of the user running the program that uses the library via a maliciously crafted Microsoft Word document.
» CVE-2006-2197 Low: Integer overflow in wv2 before 0.2.3 m (0.00)

KDM symlink vulnerability | GLSA 200606-23 | June 22, 2006
A local attacker could exploit this issue to obtain potentially sensitive information that is usually not accessable to the local user such as shadow files or other user's files.
» CVE-2006-2449 Low: KDE Display Manager (KDM) in KDE 3.2.0 (0.00)

aRts privilege escalation | GLSA 200606-22 | June 22, 2006
Local attackers could exploit this vulnerability to execute arbitrary code with elevated privileges. Note that the aRts package provided by Gentoo is only vulnerable if the artswrappersuid USE-flag is
» CVE-2006-2916 Low: artswrapper in aRts, when running setu (0.00)

Mozilla Thunderbird multiple vulnerabilities | GLSA 200606-21 | June 19, 2006
A remote attacker could craft malicious emails that would leverage these issues to inject and execute arbitrary script code with elevated privileges, spoof content, and possibly execute arbitrary cod
» CVE-2006-2775 Low: Mozilla Firefox and Thunderbird before (0.00) » CVE-2006-2776 Low: Certain privileged UI code in Mozilla (0.00) » CVE-2006-2778 Low: The crypto.signText function in Mozill (0.00) » CVE-2006-2779 Low: Mozilla Firefox and Thunderbird before (0.00) » CVE-2006-2780 Low: Integer overflow in Mozilla Firefox an (0.00) » CVE-2006-2781 Low: Double-free vulnerability in nsVCard.c (0.00) » CVE-2006-2783 Low: Mozilla Firefox and Thunderbird before (0.00) » CVE-2006-2786 Low: HTTP response smuggling vulnerability (0.00) » CVE-2006-2787 Low: EvalInSandbox in Mozilla Firefox and T (0.00)

Typespeed remote execution of arbitrary code | GLSA 200606-20 | June 19, 2006
By sending specially crafted network packets to a machine running Typespeed in multiplayer mode, a remote attacker can execute arbitrary code with the permissions of the user running the game.
» CVE-2006-1515 Low: Buffer overflow in the addnewword func (0.00)

Sendmail denial of service | GLSA 200606-19 | June 15, 2006
By sending specially crafted multipart MIME messages, a remote attacker can cause a subprocess forked by Sendmail to crash.
» CVE-2006-1173 Low: Sendmail before 8.13.7 allows remote a (0.00)

PAM-MySQL multiple vulnerabilities | GLSA 200606-18 | June 15, 2006
By exploiting the mentioned flaws an attacker can cause a Denial of Service and thus prevent users that authenticate against PAM-MySQL from logging into a machine. There is also a possible additional

Slurpd buffer overflow | GLSA 200606-17 | June 15, 2006
By injecting an overly long hostname in the status file, an attacker could possibly cause the execution of arbitrary code with the permissions of the user running slurpd.
» CVE-2006-2754 Low: Stack-based buffer overflow in st.c in (0.00)

DokuWiki PHP code injection | GLSA 200606-16 | June 14, 2006
A unauthenticated remote attacker may execute arbitrary PHP commands - and thus possibly arbitrary system commands - with the permissions of the user running the webserver that serves DokuWiki pages.
» CVE-2006-2878 Low: The spellchecker (spellcheck.php) in D (0.00)

Asterisk IAX2 video frame buffer overflow | GLSA 200606-15 | June 14, 2006
An attacker could exploit this vulnerability by sending a specially crafted IAX2 video stream resulting in the execution of arbitrary code with the permissions of the user running Asterisk.
» CVE-2006-2898 Low: The IAX2 channel driver (chan_iax2) fo (0.00)

Page: 123456 out of 37

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »