Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » Gentoo

Gentoo Security Advisories

Here you'll find the latest security advisories from Gentoo. Our database currently contains 907 Gentoo security advisories.
Page: 123456 out of 37

WordPress SQL injection vulnerability | GLSA 200603-01 | March 03, 2006
An attacker could send a comment with a malicious User Agent parameter, resulting in SQL injection and potentially in the subversion of the WordPress database. This vulnerability wouldn't affect WordP

Noweb insecure temp file creation | GLSA 200602-14 | February 26, 2006
Javier Fernandez-Sanguino has discovered that the lib/toascii.nw and shell/roff.mm scripts insecurely create temporary files with predictable filenames.
» CVE-2005-3342 Low: noweb 2.10c and earlier allows local u (0.00)

GraphicsMagick format string vulnerability | GLSA 200602-13 | February 26, 2006
The SetImageInfo function was found vulnerable to a format string mishandling. Daniel Kobras discovered that the handling of "%"-escaped sequences in filenames passed to the function is inadequate in

GPdf heap overflows in Xpdf code | GLSA 200602-12 | February 21, 2006
An attacker could entice a user to open a specially crafted PDF file with GPdf, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application.
» CVE-2006-0301 Low: Heap-based buffer overflow in Splash.c (0.00)

OpenSSH, Dropbear arbitrary command execution | GLSA 200602-11 | February 20, 2006
By tricking other users or applications to use scp on maliciously crafted filenames, a local attacker user can execute arbitrary commands with the rights of the user running scp.
» CVE-2006-0225 Low: scp in OpenSSH 4.2p1 allows attackers (0.00)

GnuPG incorrect signature verification | GLSA 200602-10 | February 18, 2006
An attacker may be able to bypass authentication in automated systems relying on the return code of gpg or gpgv to authenticate digital signatures.
» CVE-2006-0455 Low: gpgv in GnuPG before 1.4.2.1, when usi (0.00)

BomberClone remote execution of arbitrary code | GLSA 200602-09 | February 16, 2006
By sending overly long error messages to the game via network, a remote attacker may exploit buffer overflows to execute arbitrary code with the rights of the user running BomberClone.
» CVE-2006-0460 Low: Multiple buffer overflows in BomberClo (0.00)

Libtasn DER decoding buffer overflow | GLSA 200602-08 | February 16, 2006
A remote attacker could cause an application using libtasn1 to crash and potentially execute arbitrary code by sending specially crafted input.
» CVE-2006-0645 Low: Tiny ASN.1 Library (libtasn1) before 0 (0.00)

Sun JDK/JRE applet privilege escalation | GLSA 200602-07 | February 15, 2006
A malicious Java applet can bypass Java sandbox restrictions and hence access local files, connect to arbitrary network locations and execute arbitrary code on the user's machine. Java Web Start appli
» CVE-2006-0614 Low: Unspecified vulnerability in Sun Java (0.00) » CVE-2006-0615 Low: Multiple unspecified vulnerabilities i (0.00) » CVE-2006-0616 Low: Unspecified vulnerability in Sun Java (0.00) » CVE-2006-0617 Low: Multiple unspecified vulnerabilities i (0.00)

ImageMagick arbitrary code execution | GLSA 200602-06 | February 13, 2006
By feeding specially crafted file names to ImageMagick, an attacker can crash the program and possibly execute arbitrary code with the privileges of the user running ImageMagick.
» CVE-2006-0082 Low: Format string vulnerability in the Set (0.00)

Xpdf, Poppler heap overflow | GLSA 200602-04 | February 12, 2006
By sending a specially crafted PDF file to a victim, an attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the applicati
» CVE-2006-0301 Low: Heap-based buffer overflow in Splash.c (0.00)

KPdf heap overflow code execution | GLSA 200602-05 | February 12, 2006
An attacker could entice a user to open a specially crafted PDF file with Kpdf, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application.
» CVE-2006-0301 Low: Heap-based buffer overflow in Splash.c (0.00)

Apache multiple vulnerabilities | GLSA 200602-03 | February 06, 2006
A remote attacker could exploit mod_imap to inject arbitrary HTML or JavaScript into a user's browser to gather sensitive information. Attackers could also cause a Denial of Service on hosts using th
» CVE-2005-3352 Low: Cross-site scripting (XSS) vulnerabili (0.00) » CVE-2005-3357 Low: mod_ssl in Apache 2.0 up to 2.0.55, wh (0.00)

ADOdb PostgreSQL command injection | GLSA 200602-02 | February 06, 2006
By sending specifically crafted requests to an application that uses ADOdb and a PostgreSQL backend, an attacker might exploit the flaw to execute arbitrary SQL queries on the host.
» CVE-2006-0410 Low: SQL injection vulnerability in ADOdb b (0.00)

GStreamer FFmpeg arbitrary code execution | GLSA 200602-01 | February 05, 2006
A remote attacker could entice a user to run an application using the GStreamer FFmpeg plugin on a maliciously crafted PIX_FMT_PAL8 format image file, possibly leading to the execution of arbitrary co
» CVE-2005-4048 Low: Heap-based buffer overflow in the avco (0.00)

Xpdf, Poppler, GPdf, libextractor, pdftohtml heap overflows | GLSA 200601-17 | January 30, 2006
By sending a specially crafted PDF file to a victim, an attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the applicati
» CVE-2005-3624 Low: The CCITTFaxStream::CCITTFaxStream fun (0.00) » CVE-2005-3625 Low: Xpdf, as used in products such as gpdf (0.00) » CVE-2005-3626 Low: Xpdf, as used in products such as gpdf (0.00) » CVE-2005-3627 Low: Stream.cc in Xpdf, as used in products (0.00)

MyDNS denial of service | GLSA 200601-16 | January 30, 2006
An attacker could cause a Denial of Service by sending malformed DNS queries to the MyDNS server.
» CVE-2006-0351 Low: Unspecified "critical denial-of-servic (0.00)

Paros default admin password | GLSA 200601-15 | January 29, 2006
Andrew Christensen discovered that in older versions of Paros the database component HSQLDB is installed with an empty password for the database administrator "sa".
» CVE-2005-3280 Low: Paros 3.2.5 uses a default password fo (0.00)

LibAST privilege escalation | GLSA 200601-14 | January 29, 2006
The vulnerability can be exploited to gain escalated privileges if the application using LibAST is setuid/setgid and passes a specifically crafted filename to LibAST's configuration engine.
» CVE-2006-0224 Low: Buffer overflow in Library of Assorted (0.00)

Gallery cross-site scripting vulnerability | GLSA 200601-13 | January 26, 2006
Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of image

Trac cross-site scripting | GLSA 200601-12 | January 26, 2006
Christophe Truc discovered that Trac fails to properly sanitize input passed in the URL. A remote attacker could exploit this to inject and execute malicious script code or to steal cookie-based auth
» CVE-2005-4305 Low: Cross-site scripting (XSS) vulnerabili (0.00)

KDE kjs URI heap overflow | GLSA 200601-11 | January 22, 2006
By enticing a user to load a specially crafted webpage containing malicious javascript, an attacker could execute arbitrary code with the rights of the user running kjs.
» CVE-2006-0019 Low: Heap-based buffer overflow in the enco (0.00)

Sun and Blackdown Java applet privilege escalation | GLSA 200601-10 | January 16, 2006
A remote attacker could embed a malicious Java applet in a web page and entice a victim to view it. This applet can then bypass security restrictions and execute any command or access any file with th
» CVE-2005-3905 Low: Unspecified vulnerability in reflectio (0.00) » CVE-2005-3906 Low: Multiple unspecified vulnerabilities i (0.00)

Wine WMF vulerability | GLSA 200601-09:02 | January 15, 2006
Fixed packages were issued to fix this vulnerability in Wine, but some of the fixed packages were missing the correct patch. All Wine users should re-emerge Wine to make sure they are safe. The correc

Wine Windows Metafile vulnerability | GLSA 200601-09 | January 13, 2006
An attacker could entice a user to open a specially crafted Windows Metafile (WMF) file from within a Wine executed Windows application, possibly resulting in the execution of arbitrary code with the
» CVE-2006-0106 Low: gdi/driver.c and gdi/printdrv.c in Win (0.00)

Page: 123456 out of 37

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »