Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » Gentoo

Gentoo Security Advisories

Here you'll find the latest security advisories from Gentoo. Our database currently contains 907 Gentoo security advisories.
Page: 123456 out of 37

GDM privilege escalation | GLSA 200606-14 | June 12, 2006
An authentication error in GDM could allow users to gain elevated privileges.
» CVE-2006-2452 Low: GNOME GDM 2.8, 2.12, 2.14, and 2.15, w (0.00)

MySQL arbitrary SQL injection | GLSA 200606-13 | June 11, 2006
Due to a flaw in the multi-byte character process an attacker is still able to inject arbitary SQL statements into the MySQL server for execution.
» CVE-2006-2753 Low: SQL injection vulnerability in MySQL 4 (0.00)

Mozilla Firefox multiple vulnerabilities | GLSA 200606-12 | June 11, 2006
Vulnerabilities in Mozilla Firefox allow privilege escalations for JavaScript code, cross site scripting attacks, HTTP response smuggling and possibly the execution of arbitrary code.
» CVE-2006-2775 Low: Mozilla Firefox and Thunderbird before (0.00) » CVE-2006-2776 Low: Certain privileged UI code in Mozilla (0.00) » CVE-2006-2777 Low: Unspecified vulnerability in Mozilla F (0.00) » CVE-2006-2778 Low: The crypto.signText function in Mozill (0.00) » CVE-2006-2779 Low: Mozilla Firefox and Thunderbird before (0.00) » CVE-2006-2780 Low: Integer overflow in Mozilla Firefox an (0.00) » CVE-2006-2782 Low: Firefox 1.5.0.2 does not fix all test (0.00) » CVE-2006-2783 Low: Mozilla Firefox and Thunderbird before (0.00) » CVE-2006-2784 Low: The PLUGINSPAGE functionality in Mozil (0.00) » CVE-2006-2785 Low: Cross-site scripting (XSS) vulnerabili (0.00) » CVE-2006-2786 Low: HTTP response smuggling vulnerability (0.00) » CVE-2006-2787 Low: EvalInSandbox in Mozilla Firefox and T (0.00)

Cscope many buffer overflows | GLSA 200606-10 | June 11, 2006
A user could be enticed to source a carefully crafted file which will allow the attacker to execute arbitrary code with the permissions of the user running Cscope.
» CVE-2004-2541 Low: Buffer overflow in Cscope 15.5, and po (0.00)

Cscope buffer overflows | GLSA 200606-09 | June 11, 2006
With certain configuration options, a local or even remote attacker could execute arbitrary code with the rights of the user running spamd, which is root by default, by sending a crafted message to t
» CVE-2006-2447 Low: SpamAssassin before 3.1.3, when runnin (0.00)

JPEG library denial of service | GLSA 200604-11 | June 10, 2006
Tavis Ormandy of the Gentoo Linux Auditing Team discovered that the vulnerable JPEG library ebuilds compile JPEG without the --maxmem feature which is not recommended.

Zgv heap overflow | GLSA 200604-10:02 | June 10, 2006
The fixed zgv ebuild proposed in the initial version of this Security Advisory did not address all the vulnerabilities of the zgv package.

WordPress arbitrary command execution | GLSA 200606-08 | June 09, 2006
An attacker could exploit this vulnerability to execute arbitrary commands by sending a specially crafted username. As of Wordpress 2.0.2 the user data cache is disabled as the default.
» CVE-2006-2667 Low: Direct static code injection vulnerabi (0.00) » CVE-2006-2702 Low: vars.php in WordPress 2.0.2, possibly (0.00)

Vixie Cron privilege escalation | GLSA 200606-07 | June 09, 2006
Local users can execute code with root privileges by deliberately exceeding their assigned resource limits and then starting a command through Vixie Cron. This requires resource limits to be in place
» CVE-2006-2607 Low: do_command.c in Vixie cron (vixie-cron (0.00)

AWStats remote execution of arbitrary code | GLSA 200606-06 | June 07, 2006
A remote attacker can execute arbitrary code on the server in the context of the application running the AWStats CGI script if updating of the statistics via web frontend is allowed.
» CVE-2006-1945 Low: Cross-site scripting (XSS) vulnerabili (0.00) » CVE-2006-2237 Low: The web interface for AWStats 6.4 and (0.00)

Pound HTTP request smuggling | GLSA 200606-05 | June 07, 2006
An attacker could exploit this vulnerability by sending HTTP requests with specially crafted "Content-Length" and "Transfer-Encoding" headers to bypass certain security restrictions or to poison the w
» CVE-2005-3751 Low: HTTP request smuggling vulnerability i (0.00)

Shadow privilege escalation | GLSA 200606-02 | June 07, 2006
A security issue in shadow allows a local user to perform certain actions with escalated privileges.
» CVE-2006-1174 Low: useradd in shadow-utils before 4.0.3, (0.00)

Dia format string vulnerabilities | GLSA 200606-03 | June 07, 2006
By enticing a user to open a specially crafted file, a remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of the user running the application.
» CVE-2006-2453 Low: Multiple unspecified format string vul (0.00) » CVE-2006-2480 Low: Format string vulnerability in Dia 0.9 (0.00)

Tor several vulnerabilities | GLSA 200606-04 | June 07, 2006
The possible buffer overflow may allow a remote attacker to execute arbitrary code on the server by sending large inputs. The other vulnerabilities can lead to a Denial of Service, a lack of logged in
» CVE-2006-0414 Low: Tor before 0.1.1.20 allows remote atta (0.00)

Opera buffer overflow | GLSA 200606-01 | June 07, 2006
Opera contains an integer signedness error resulting in a buffer overflow which may allow a remote attacker to execute arbitrary code.
» CVE-2006-1834 Low: Integer signedness error in Opera befo (0.00)

libTIFF multiple vulnerabilities | GLSA 200605-17 | May 30, 2006
An attacker could exploit these vulnerabilities by enticing a user to open a specially crafted TIFF image, possibly leading to the execution of arbitrary code or a Denial of Service.
» CVE-2006-0405 Low: The TIFFFetchShortPair function in tif (0.00) » CVE-2006-2024 Low: Multiple vulnerabilities in libtiff be (0.00) » CVE-2006-2025 Low: Integer overflow in the TIFFFetchData (0.00) » CVE-2006-2026 Low: Double-free vulnerability in tif_jpeg. (0.00)

CherryPy reading of arbitrary files | GLSA 200605-16 | May 30, 2006
Ivo van der Wijk discovered that the "staticfilter" component of CherryPy fails to sanitize input correctly.
» CVE-2006-0847 Low: Directory traversal vulnerability in t (0.00)

Quagga multiple vulnerabilities | GLSA 200605-15 | May 21, 2006
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
» CVE-2006-2223 Low: RIPd in Quagga 0.98 and 0.99 before 20 (0.00) » CVE-2006-2224 Low: RIPd in Quagga 0.98 and 0.99 before 20 (0.00) » CVE-2006-2276 Low: bgpd in Quagga 0.98 and 0.99 before 20 (0.00)

UPDATE: Nagios buffer overflow | GLSA 200605-07:02 | May 16, 2006
The previous upstream release failed to take into account an integer overflow condition when performing bounds checking. Users are urged to upgrade to 1.4.1 which resolves the issue.

UPDATE: MySQL information leakage | GLSA 200605-13:04 | May 16, 2006
For a short time version 4.0.27 was incorrectly listed as vulnerable and the resolution incorrectly forced an upgrade to 4.1.x for 4.0.x users.

MySQL information leakage | GLSA 200605-13 | May 11, 2006
By crafting specific malicious packets an attacker could gather confidential information from the memory of a MySQL server process, for example results of queries by other users or applications. By u
» CVE-2006-1516 Low: The check_connection function in sql_p (0.00) » CVE-2006-1517 Low: sql_parse.cc in MySQL 4.0.x up to 4.0. (0.00)

Quake 3 engine buffer overflow | GLSA 200605-12 | May 10, 2006
An attacker could set up a malicious game server and entice users to connect to it, potentially resulting in the execution of arbitrary code with the rights of the game user.
» CVE-2006-2236 Low: Buffer overflow in the Quake 3 Engine, (0.00)

Ruby denial of service | GLSA 200605-11 | May 10, 2006
An attacker could send large amounts of data to an affected server to block the socket and thus deny other connections to the server.
» CVE-2006-1931 Low: The HTTP/XMLRPC server in Ruby before (0.00)

Pdnsd arbitrary code execution | GLSA 200605-10 | May 10, 2006
An attacker can craft malicious DNS queries leading to a Denial of Service, and potentially the execution of arbitrary code.
» CVE-2006-2076 Low: Memory leak in Paul Rombouts pdnsd bef (0.00) » CVE-2006-2077 Low: Buffer overflow in Paul Rombouts pdnsd (0.00)

Mozilla Thunderbird multiple vulnerabilities | GLSA 200605-09 | May 08, 2006
A remote attacker could craft malicious emails that would leverage these issues to inject and execute arbitrary script code with elevated privileges, steal local files or other information from emails
» CVE-2006-0292 Low: The Javascript interpreter (jsinterp.c (0.00) » CVE-2006-0296 Low: The XULDocument.persist function in Mo (0.00) » CVE-2006-0748 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-0749 Low: nsHTMLContentSink.cpp in Mozilla Firef (0.00) » CVE-2006-0884 Low: The WYSIWYG rendering engine ("rich ma (0.00) » CVE-2006-1045 Low: The HTML rendering engine in Mozilla T (0.00) » CVE-2006-1727 Low: Unspecified vulnerability in Mozilla F (0.00) » CVE-2006-1728 Low: Unspecified vulnerability in Mozilla F (0.00) » CVE-2006-1730 Low: Integer overflow in Mozilla Firefox an (0.00) » CVE-2006-1731 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-1732 Low: Unspecified vulnerability in Mozilla F (0.00) » CVE-2006-1733 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-1734 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-1735 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-1737 Low: Integer overflow in Mozilla Firefox an (0.00) » CVE-2006-1738 Low: Unspecified vulnerability in Mozilla F (0.00) » CVE-2006-1739 Low: The CSS border-rendering code in Mozil (0.00) » CVE-2006-1741 Low: Mozilla Firefox 1.x before 1.5 and 1.0 (0.00) » CVE-2006-1742 Low: The JavaScript engine in Mozilla Firef (0.00) » CVE-2006-1790 Low: A regression fix in Mozilla Firefox 1. (0.00)

Page: 123456 out of 37

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »