Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » Gentoo

Gentoo Security Advisories

Here you'll find the latest security advisories from Gentoo. Our database currently contains 907 Gentoo security advisories.
Page: 123456 out of 37

PHP multiple vulnerabilities | GLSA 200605-08 | May 08, 2006
Remote attackers might be able to exploit these issues in PHP applications making use of the affected functions, potentially resulting in the execution of arbitrary code, Denial of Service, execution
» CVE-2006-0996 Low: Cross-site scripting (XSS) vulnerabili (0.00) » CVE-2006-1490 Low: PHP before 5.1.3-RC1 might allow remot (0.00) » CVE-2006-1990 Low: Integer overflow in the wordwrap funct (0.00) » CVE-2006-1991 Low: The substr_compare function in string. (0.00)

Nagios arbitrary code execution | GLSA 200605-07 | May 07, 2006
A buffer overflow in Nagios CGI scripts under certain web servers allows remote attackers to execute arbitrary code via a negative content length HTTP header.
» CVE-2006-2162 Low: Buffer overflow in CGI scripts in Nagi (0.00)

Mozilla Firefox remote code execution | GLSA 200605-06 | May 06, 2006
If JavaScript is enabled, by tricking a user into visiting a malicious web page which would send a specially crafted HTML script that contains references to deleted objects with the "designMode" prop
» CVE-2006-1993 Low: Mozilla Firefox 1.5.0.2, when designMo (0.00)

Rsync potential integer overflow | GLSA 200605-05 | May 05, 2006
A remote attacker with write access to an rsync module could craft malicious extended attributes which would trigger the integer overflow, potentially resulting in the execution of arbitrary code wit
» CVE-2006-2083 Low: Integer overflow in the receive_xattr (0.00)

phpWebSite local file inclusion | GLSA 200605-04 | May 02, 2006
If "magic_quotes_gpc" is disabled a remote attacker could exploit this issue to include and execute PHP scripts from local ressources with the rights of the user running the web server, or to disclose
» CVE-2006-1819 Low: Directory traversal vulnerability in t (0.00)

ClamAV arbitrary code execution | GLSA 200605-03 | May 02, 2006
By enticing a user to connect to a malicious webserver an attacker could cause the execution of arbitrary code.
» CVE-2006-1989 Low: Buffer overflow in the get_database fu (0.00)

X.Org buffer overflow | GLSA 200605-02 | May 02, 2006
An X.Org user could exploit this issue to make the X server execute arbitrary code with elevated privileges.
» CVE-2006-1526 Low: Buffer overflow in the X render (Xrend (0.00)

Mozilla Suite multiple vulnerabilits | GLSA 200604-18 | April 28, 2006
A remote attacker could craft malicious web pages or emails that would leverage these issues to inject and execute arbitrary script code with elevated privileges, steal local files, cookies or other i
» CVE-2005-4134 Low: Mozilla Firefox 1.5, Netscape 8.0.4 an (0.00) » CVE-2006-0292 Low: The Javascript interpreter (jsinterp.c (0.00) » CVE-2006-0293 Low: The function allocation code (js_NewFu (0.00) » CVE-2006-0296 Low: The XULDocument.persist function in Mo (0.00) » CVE-2006-0748 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-0749 Low: nsHTMLContentSink.cpp in Mozilla Firef (0.00) » CVE-2006-0884 Low: The WYSIWYG rendering engine ("rich ma (0.00) » CVE-2006-1045 Low: The HTML rendering engine in Mozilla T (0.00) » CVE-2006-1727 Low: Unspecified vulnerability in Mozilla F (0.00) » CVE-2006-1728 Low: Unspecified vulnerability in Mozilla F (0.00) » CVE-2006-1729 Low: Mozilla Firefox 1.x before 1.5.0.2 and (0.00) » CVE-2006-1730 Low: Integer overflow in Mozilla Firefox an (0.00) » CVE-2006-1731 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-1732 Low: Unspecified vulnerability in Mozilla F (0.00) » CVE-2006-1733 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-1734 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-1735 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-1736 Low: Mozilla Firefox 1.x before 1.5 and 1.0 (0.00) » CVE-2006-1737 Low: Integer overflow in Mozilla Firefox an (0.00) » CVE-2006-1738 Low: Unspecified vulnerability in Mozilla F (0.00) » CVE-2006-1739 Low: The CSS border-rendering code in Mozil (0.00) » CVE-2006-1740 Low: Mozilla Firefox 1.x before 1.5 and 1.0 (0.00) » CVE-2006-1741 Low: Mozilla Firefox 1.x before 1.5 and 1.0 (0.00) » CVE-2006-1742 Low: The JavaScript engine in Mozilla Firef (0.00) » CVE-2006-1790 Low: A regression fix in Mozilla Firefox 1. (0.00)

Ethereal multiple vulnerabilities | GLSA 200604-17 | April 27, 2006
An attacker might be able to exploit these vulnerabilities to crash Ethereal or execute arbitrary code with the permissions of the user running Ethereal, which could be the root user.
» CVE-2006-1932 Low: Off-by-one error in the OID printing r (0.00) » CVE-2006-1933 Low: Multiple unspecified vulnerabilities i (0.00) » CVE-2006-1934 Low: Multiple buffer overflows in Ethereal (0.00) » CVE-2006-1935 Low: Buffer overflow in Ethereal 0.9.15 up (0.00) » CVE-2006-1936 Low: Buffer overflow in Ethereal 0.8.5 up t (0.00) » CVE-2006-1937 Low: Multiple unspecified vulnerabilities i (0.00) » CVE-2006-1938 Low: Multiple unspecified vulnerabilities i (0.00) » CVE-2006-1939 Low: Multiple unspecified vulnerabilities i (0.00) » CVE-2006-1940 Low: Unspecified vulnerability in Ethereal (0.00)

Xine-lib buffer overflow | GLSA 200604-16 | April 26, 2006
Federico L. Bossi Bonin discovered that when handling MPEG streams xine-lib fails to make a proper boundary check of the input data supplied by the user before copying it to an insufficiently sized me
» CVE-2006-1664 Low: Buffer overflow in xine_list_delete_cu (0.00)

Xine-ui format string vulnerabilities | GLSA 200604-15 | April 26, 2006
By constructing a malicious playlist file, a remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of the user running the application.
» CVE-2006-1905 Low: Multiple format string vulnerabilities (0.00)

Dia arbitrary code execution | GLSA 200604-14 | April 23, 2006
By enticing a user to import a specially crafted XFig file into Dia, an attacker could exploit this issue to execute arbitrary code with the rights of the user running Dia.
» CVE-2006-1550 Low: Multiple buffer overflows in the xfig (0.00)

Fbida insecure temp file | GLSA 200604-13 | April 23, 2006
A local attacker could create links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When an affected script is called, this could result in the file being overw
» CVE-2006-1695 Low: The fbgs script in the fbi package 2.0 (0.00)

Mozilla Firefox multiple vulnerabilities | GLSA 200604-12 | April 23, 2006
A remote attacker could craft malicious web pages that would leverage these issues to inject and execute arbitrary script code with elevated privileges, steal local files, cookies or other information
» CVE-2005-4134 Low: Mozilla Firefox 1.5, Netscape 8.0.4 an (0.00) » CVE-2006-0292 Low: The Javascript interpreter (jsinterp.c (0.00) » CVE-2006-0296 Low: The XULDocument.persist function in Mo (0.00) » CVE-2006-0748 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-0749 Low: nsHTMLContentSink.cpp in Mozilla Firef (0.00) » CVE-2006-1727 Low: Unspecified vulnerability in Mozilla F (0.00) » CVE-2006-1728 Low: Unspecified vulnerability in Mozilla F (0.00) » CVE-2006-1729 Low: Mozilla Firefox 1.x before 1.5.0.2 and (0.00) » CVE-2006-1730 Low: Integer overflow in Mozilla Firefox an (0.00) » CVE-2006-1731 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-1732 Low: Unspecified vulnerability in Mozilla F (0.00) » CVE-2006-1733 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-1734 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-1735 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-1736 Low: Mozilla Firefox 1.x before 1.5 and 1.0 (0.00) » CVE-2006-1737 Low: Integer overflow in Mozilla Firefox an (0.00) » CVE-2006-1738 Low: Unspecified vulnerability in Mozilla F (0.00) » CVE-2006-1739 Low: The CSS border-rendering code in Mozil (0.00) » CVE-2006-1740 Low: Mozilla Firefox 1.x before 1.5 and 1.0 (0.00) » CVE-2006-1741 Low: Mozilla Firefox 1.x before 1.5 and 1.0 (0.00) » CVE-2006-1742 Low: The JavaScript engine in Mozilla Firef (0.00) » CVE-2006-1790 Low: A regression fix in Mozilla Firefox 1. (0.00)

Crossfire server denial of service | GLSA 200604-11 | April 22, 2006
An attacker can set up a malicious Crossfire client that would send a large request in "oldsocketmode", resulting in a Denial of Service on the Crossfire server and potentially in the execution of arb
» CVE-2006-1010 Low: Buffer overflow in socket/request.c in (0.00)

Zgv, XZgv arbitrary code execution | GLSA 200604-10 | April 20, 2006
Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space. When
» CVE-2006-1060 Low: Heap-based buffer overflow in zgv befo (0.00)

Cyrus-SASL denial of service | GLSA 200604-09 | April 20, 2006
An attacker could possibly exploit this vulnerability by sending specially crafted data stream to the Cyrus-SASL server, resulting in a Denial of Service even if the attacker is not able to authentica
» CVE-2006-1721 Low: digestmd5.c in the CMU Cyrus Simple Au (0.00)

Libapreq2 denial of service | GLSA 200604-08 | April 15, 2006
A remote attacker could possibly exploit the vulnerability to cause a Denial of Service by CPU consumption.
» CVE-2006-0042 Low: Unspecified vulnerability in (1) apreq (0.00)

Cacti multiple vulnerabilities in ADOdb | GLSA 200604-07 | April 14, 2006
Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation vulnerability and a potential SQL injection vulnerability.
» CVE-2006-0146 Low: The server.php test script in ADOdb fo (0.00) » CVE-2006-0147 Low: Dynamic code evaluation vulnerability (0.00) » CVE-2006-0410 Low: SQL injection vulnerability in ADOdb b (0.00) » CVE-2006-0806 Low: Multiple cross-site scripting (XSS) vu (0.00)

ClamAV multiple vulnerabilities | GLSA 200604-06 | April 07, 2006
ClamAV contains format string vulnerabilities in the logging code. Furthermore Damian Put discovered an integer overflow in ClamAV's PE header parser and David Luyer discovered that ClamAV can be tri
» CVE-2006-1614 Low: Integer overflow in the cli_scanpe fun (0.00) » CVE-2006-1615 Low: Multiple format string vulnerabilities (0.00) » CVE-2006-1630 Low: The cli_bitset_set function in libclam (0.00)

Doomsday format string vulnerability | GLSA 200604-05 | April 06, 2006
A remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of the user running the Doomsday server or client by sending specially crafted strings.
» CVE-2006-1618 Low: Format string vulnerability in the (1) (0.00)

Kaffeine remote buffer overflow | GLSA 200604-04 | April 05, 2006
A remote attacker could entice a user to play a specially-crafted RAM playlist resulting in the execution of arbitrary code with the permissions of the user running the application.
» CVE-2006-0051 Low: Buffer overflow in playlistimport.cpp (0.00)

Horde Framework remote code execution | GLSA 200604-02 | April 04, 2006
An attacker could exploit the vulnerability in the help viewer to execute arbitrary code with the privileges of the web server user. By embedding a NULL character in the URL parameter, an attacker co
» CVE-2006-1260 Low: Horde Application Framework 3.0.9 allo (0.00) » CVE-2006-1491 Low: Eval injection vulnerability in Horde (0.00)

FreeRADIUS auth bypass | GLSA 200604-03 | April 04, 2006
An attacker could cause the server to bypass authentication checks by manipulating the EAP-MSCHAPv2 client state machine.
» CVE-2006-1354 Low: Unspecified vulnerability in FreeRADIU (0.00)

MediaWiki cross-site scripting | GLSA 200604-01 | April 04, 2006
By supplying specially crafted links, a remote attacker could exploit this vulnerability to inject malicious HTML or JavaScript code that will be executed in a user's browser session in the context of
» CVE-2006-1498 Low: Cross-site scripting (XSS) vulnerabili (0.00)

Page: 123456 out of 37

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »