Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » Gentoo

Gentoo Security Advisories

Here you'll find the latest security advisories from Gentoo. Our database currently contains 907 Gentoo security advisories.
Page: 123456 out of 37

Tetris-bsd local privilege escalation | GLSA 200603-26 | March 28, 2006
A local user who is a member of group "games" may be able to modify the tetris-bsd.scores file to trigger the execution of arbitrary code with the privileges of other players.

OpenOffice.org heap overflow | GLSA 200603-25 | March 27, 2006
An attacker could entice a user to call a specially crafted URL with OpenOffice.org, potentially resulting in the execution of arbitrary code with the rights of the user running the application.
» CVE-2005-4077 Low: Multiple off-by-one errors in the cURL (0.00)

RealPlayer remote execution of arbitrary code | GLSA 200603-24 | March 26, 2006
By enticing a user to open a specially crafted SWF file an attacker could execute arbitrary code with the permissions of the user running the application.
» CVE-2006-0323 Low: Buffer overflow in swfformat.dll in mu (0.00)

NetHack, Slash'EM, Falcon's Eye privilege escalation | GLSA 200603-23 | March 23, 2006
A local user who is a member of group "games" may be able to modify the state data used by NetHack, Slash'EM or Falcon's Eye to trigger the execution of arbitrary code with the privileges of other pla

PHP 4,5 format string and XSS vulnerabilities | GLSA 200603-22 | March 22, 2006
Multiple vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers, perform cross site scripting or in some cases execute arbitrary code.
» CVE-2006-0207 Low: Multiple HTTP response splitting vulne (0.00) » CVE-2006-0208 Low: Multiple cross-site scripting (XSS) vu (0.00)

Sendmail race condition | GLSA 200603-21 | March 22, 2006
Sendmail is vulnerable to a race condition which could lead to the execution of arbitrary code with sendmail privileges.
» CVE-2006-0058 Low: Signal handler race condition in Sendm (0.00)

Flash player arbitrary code execution | GLSA 200603-20 | March 21, 2006
An attacker serving a maliciously crafted SWF file could entice a user to view the SWF file and execute arbitrary code on the user's machine.
» CVE-2006-0024 Low: Multiple unspecified vulnerabilities i (0.00)

cURL/libcurl buffer overflow | GLSA 200603-19 | March 21, 2006
An attacker could exploit this vulnerability to compromise a user's system by enticing the user to request a malicious URL with cURL/libcurl or to use a HTTP server redirecting to a malicious TFTP U
» CVE-2006-1061 Low: Heap-based buffer overflow in cURL and (0.00)

Pngcrush buffer overflow | GLSA 200603-18 | March 21, 2006
By creating a specially crafted data stream, attackers can overwrite data structures for applications that use Pngcrush, resulting in a Denial of Service and potentially arbitrary code execution.
» CVE-2005-1849 Low: inftrees.h in zlib 1.2.2 allows remote (0.00)

PeerCast buffer overflow | GLSA 200603-17 | March 21, 2006
By sending a specially crafted request to the HTTP server, a remote attacker can cause a stack overflow, resulting in the execution of arbitrary code.
» CVE-2006-1148 Low: Multiple stack-based buffer overflows (0.00)

Zoo buffer overflow | GLSA 200603-12 | March 18, 2006
Zoo is vulnerable to a new buffer overflow due to insecure use of the strcpy() function when trying to create an archive from certain directories or filenames.

Freeciv denial of service | GLSA 200603-11 | March 18, 2006
Luigi Auriemma discovered that Freeciv could be tricked into the allocation of enormous chunks of memory when trying to uncompress malformed data packages, possibly leading to an out of memory condit
» CVE-2006-0047 Low: packets.c in Freeciv 2.0 before 2.0.8 (0.00)

Metamail buffer overflow | GLSA 200603-16 | March 17, 2006
A buffer overflow in Metamail could possibly be exploited to execute arbitrary code.
» CVE-2006-0709 Low: Buffer overflow in Metamail 2.7-50 all (0.00)

Crypt::CBC: insecure initialization vector | GLSA 200603-15 | March 17, 2006
An attacker could exploit weak ciphertext produced by Crypt::CBC to bypass certain security restrictions or to gain access to sensitive data.
» CVE-2006-0898 Low: Crypt::CBC Perl module 2.16 and earlie (0.00)

Heimdal rshd privilege escalation | GLSA 200603-14 | March 17, 2006
An error in the rshd daemon of Heimdal could allow authenticated users to elevate privileges.

PEAR-Auth potential authentication bypass | GLSA 200603-13 | March 17, 2006
PEAR-Auth did not correctly verify data passed to the DB and LDAP containers, thus allowing to inject false credentials to bypass the authentication.
» CVE-2006-0868 Low: Multiple unspecified injection vulnera (0.00)

Cube multiple vulnerabilities | GLSA 200603-10 | March 13, 2006
Cube is vulnerable to a buffer overflow, invalid memory access and remote client crashes, possibly leading to a Denial of Service or remote code execution.
» CVE-2006-1100 Low: Buffer overflow in the sgetstr functio (0.00) » CVE-2006-1101 Low: The (1) sgetstr and (2) getint functio (0.00) » CVE-2006-1102 Low: Sauerbraten 2006_02_28, as derived fro (0.00)

SquirrelMail cross-site scripting | GLSA 200603-09 | March 12, 2006
By exploiting the cross-site scripting vulnerabilities, an attacker can execute arbitrary scripts running in the context of the victim's browser. This could lead to a compromise of the user's webmail
» CVE-2006-0188 Low: webmail.php in SquirrelMail 1.4.0 to 1 (0.00) » CVE-2006-0195 Low: Interpretation conflict in the MagicHT (0.00) » CVE-2006-0377 Low: CRLF injection vulnerability in Squirr (0.00)

GnuPG incorrect signature verification | GLSA 200603-08 | March 10, 2006
A remote attacker may be able to construct or modify a digitally-signed message, potentially allowing them to bypass authentication systems, or impersonate another user.
» CVE-2006-0049 Low: gpg in GnuPG before 1.4.2.2 does not p (0.00)

Flex potential arbitrary code execution | GLSA 200603-07 | March 10, 2006
An attacker could feed malicious input to an application making use of an affected scanner and trigger the buffer overflow, potentially resulting in the execution of arbitrary code.
» CVE-2006-0459 Low: flex.skl in Will Estes and John Millaw (0.00)

Tar arbitrary code execution | GLSA 200603-06 | March 10, 2006
A remote attacker could construct a malicious tar archive that could potentially execute arbitrary code with the privileges of the user running GNU tar.
» CVE-2006-0300 Low: Buffer overflow in tar 1.14 through 1. (0.00)

Zoo stack-based buffer overflow | GLSA 200603-05 | March 06, 2006
An attacker could craft a malicious ZOO archive and entice someone to open it using zoo. This would trigger a stack-based buffer overflow and potentially allow execution of arbitrary code with the rig
» CVE-2006-0855 Low: Stack-based buffer overflow in the ful (0.00)

IMAP proxy format string vulnerabilities | GLSA 200603-04 | March 06, 2006
A remote attacker could design a malicious IMAP server and entice someone to connect to it using IMAP Proxy, resulting in the execution of arbitrary code with the rights of the victim user.
» CVE-2005-2661 Low: Format string vulnerability in the Par (0.00)

MPlayer multiple integer overflows | GLSA 200603-03 | March 03, 2006
An attacker could craft a malicious media file which, when opened using MPlayer, would lead to a heap-based buffer overflow. This could result in the execution of arbitrary code with the permissions o
» CVE-2005-4048 Low: Heap-based buffer overflow in the avco (0.00) » CVE-2006-0579 Low: Multiple integer overflows in (1) the (0.00)

teTex, pTex, CSTex multiple overflows | GLSA 200603-02 | March 03, 2006
An attacker could entice a user to open a specially crafted PDF file with teTeX, pTeX or CSTeX, potentially resulting in the execution of arbitrary code with the rights of the user running the affecte
» CVE-2005-3193 Low: Heap-based buffer overflow in the JPXS (0.00)

Page: 123456 out of 37

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »