Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » Gentoo

Gentoo Security Advisories

Here you'll find the latest security advisories from Gentoo. Our database currently contains 907 Gentoo security advisories.
Page: 12...4 5 6 7 8 out of 37

Blender arbitrary code execution | GLSA 200601-08 | January 13, 2006
A remote attacker could entice a user into opening a specially crafted ".blend" file, resulting in the execution of arbitrary code with the permissions of the user running Blender.
» CVE-2005-4470 Low: Heap-based buffer overflow in the get_ (0.00)

ClamAV remote execution of arbitrary code | GLSA 200601-07 | January 13, 2006
Zero Day Initiative (ZDI) reported a heap buffer overflow vulnerability. The vulnerability is due to an incorrect boundary check of the user-supplied data prior to copying it to an insufficiently siz
» CVE-2006-0162 Low: Heap-based buffer overflow in libclama (0.00)

xine-lib, FFmpeg heap based buffer overflow | GLSA 200601-06 | January 10, 2006
A remote attacker could entice a user to run an FFmpeg based application on a maliciously crafted PNG file, resulting in the execution of arbitrary code with the permissions of the user running the a
» CVE-2005-4048 Low: Heap-based buffer overflow in the avco (0.00)

mod_auth_pgsql multiple format string issues | GLSA 200601-05 | January 10, 2006
An unauthenticated remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of the user running the Apache2 server by sending specially crafted login names.
» CVE-2005-3656 Low: Multiple format string vulnerabilities (0.00)

VMware Workstation arbitrary code execution | GLSA 200601-04 | January 07, 2006
VMware guest operating systems can execute arbitrary code with elevated privileges on the host operating system through a flaw in NAT networking.
» CVE-2005-4459 Low: Heap-based buffer overflow in the NAT (0.00)

KPdf,KWord mutliple overflows | GLSA 200601-02 | January 04, 2006
KPdf is a KDE-based PDF viewer included in the kdegraphics package. KWord is a KDE-based word processor also included in the koffice package.
» CVE-2005-3624 Low: The CCITTFaxStream::CCITTFaxStream fun (0.00) » CVE-2005-3625 Low: Xpdf, as used in products such as gpdf (0.00) » CVE-2005-3626 Low: Xpdf, as used in products such as gpdf (0.00) » CVE-2005-3627 Low: Stream.cc in Xpdf, as used in products (0.00)

Pinentry: local privilege escalation | GLSA 200601-01 | January 03, 2006
Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that the pinentry ebuild incorrectly sets the permissions of the pinentry binaries upon installation, so that the sgid bit is set m

Xnview privilege escalation | GLSA 200512-18 | December 30, 2005
XnView may search for shared libraries in an untrusted location, potentially allowing local users to execute arbitrary code with the privileges of another user.

Scponly multiple privilege escalation issues | GLSA 200512-17 | December 29, 2005
Local users can exploit an scponly flaw to gain root privileges, and scponly restricted users can use another vulnerability to evade shell restrictions.

OpenMotif, AMD64 buffer overflows | GLSA 200512-16 | December 28, 2005
Two buffer overflows have been discovered in libUil, part of the OpenMotif toolkit, that can potentially lead to the execution of arbitrary code.
» CVE-2005-3964 Low: Multiple buffer overflows in libUil (l (0.00)

Rssh privilege escalation | GLSA 200512-15 | December 27, 2005
Max Vozeler discovered that the rssh_chroot_helper command allows local users to chroot into arbitrary directories. A local attacker could exploit this vulnerability to gain root privileges by chrooti
» CVE-2005-3345 Low: rssh 2.0.0 through 2.2.3 allows local (0.00)

NBD server arbitrary code execution | GLSA 200512-14 | December 23, 2005
A remote attacker could send a malicious request that can result in the execution of arbitrary code with the rights of the NBD server.
» CVE-2005-3534 Low: Buffer overflow in the Network Block D (0.00)

Dropbear privilege escalation | GLSA 200512-13 | December 23, 2005
A buffer overflow in Dropbear could allow authenticated users to execute arbitrary code as the root user. By sending specially crafted data to the server, authenticated users could exploit this vulne
» CVE-2005-4178 Low: Buffer overflow in Dropbear server bef (0.00)

Mantis multiple vulnerabilities | GLSA 200512-12 | December 22, 2005
Mantis is affected by multiple vulnerabilities ranging from file upload and SQL injection to cross-site scripting and HTTP response splitting.

CenterICQ multiple vulnerabilities | GLSA 200512-11 | December 20, 2005
CenterICQ is vulnerable to a Denial of Service issue, and also potentially to the execution of arbitrary code through an included vulnerable ktools library.
» CVE-2005-3694 Low: centericq 4.20.0-r3 with "Enable peer- (0.00) » CVE-2005-3863 Low: Stack-based buffer overflow in kkstrte (0.00)

Opera shell command injection | GLSA 200512-10 | December 18, 2005
Peter Zelezny discovered that the shell script used to launch Opera parses shell commands that are enclosed within backticks in the URL provided via the command line. A remote attacker could exploit
» CVE-2005-3750 Low: Opera before 8.51 on Linux and Unix sy (0.00)

cURL: off-by-one errors in URL handling | GLSA 200512-09 | December 16, 2005
Stefan Esser from the Hardened-PHP Project has reported a vulnerability in cURL that allows for a local buffer overflow when cURL attempts to parse specially crafted URLs. The URL can be specially cra
» CVE-2005-4077 Low: Multiple off-by-one errors in the cURL (0.00)

Xpdf, GPdf, CUPS, Poppler multiple vulnerabilities | GLSA 200512-08 | December 16, 2005
infamous41md discovered that several Xpdf functions lack sufficient boundary checking, resulting in multiple exploitable buffer overflows. An attacker could entice a user to open a specially-crafted P
» CVE-2005-3191 Low: Multiple heap-based buffer overflows i (0.00) » CVE-2005-3192 Low: Heap-based buffer overflow in the Stre (0.00) » CVE-2005-3193 Low: Heap-based buffer overflow in the JPXS (0.00)

OpenLDAP, Gauche privilege escalation | GLSA 200512-07 | December 15, 2005
A local attacker, who is a member of the "portage" group, could create a malicious shared object in the Portage temporary build directory that would be loaded at runtime by a dependent binary, potenti

Ethereal buffer overflow in OSPF dissector | GLSA 200512-06 | December 14, 2005
An attacker might be able to craft a malicious network flow that would crash Ethereal. It may be possible, though unlikely, to exploit this flaw to execute arbitrary code with the permissions of the u
» CVE-2005-3651 Low: Stack-based buffer overflow in the dis (0.00)

Xmail privilege escalation through sendmail | GLSA 200512-05 | December 14, 2005
iDEFENSE reported that the AddressFromAtPtr function in the sendmail program fails to check bounds on arguments passed from other functions, and as a result an exploitable stack overflow condition occ
» CVE-2005-2943 Low: Stack-based buffer overflow in sendmai (0.00)

Opwnswan,IPsec-Tools ISAKMP protocol vulnerabilities | GLSA 200512-04 | December 12, 2005
The Oulu University Secure Programming Group (OUSPG) discovered that various ISAKMP implementations, including Openswan and racoon (included in the IPsec-Tools package), behave in an anomalous way whe
» CVE-2005-3671 Low: The Internet Key Exchange version 1 (I (0.00) » CVE-2005-3732 Low: The Internet Key Exchange version 1 (I (0.00)

phpMyAdmin multiple vulnerabilities | GLSA 200512-03 | December 11, 2005
Stefan Esser from Hardened-PHP reported about multiple vulnerabilties found in phpMyAdmin. The $GLOBALS variable allows modifying the global variable import_blacklist to open phpMyAdmin to local and r
» CVE-2005-3665 Low: Multiple cross-site scripting (XSS) vu (0.00) » CVE-2005-4079 Low: The register_globals emulation in phpM (0.00)

Webmin, Usermin arbitrary code execution | GLSA 200512-02 | December 07, 2005
Jack Louis discovered that the Webmin and Usermin "miniserv.pl" web server component is vulnerable to a Perl format string vulnerability. Login with the supplied username is logged via the Perl "syslo
» CVE-2005-3912 Low: Format string vulnerability in miniser (0.00)

Perl arbitrary code execution | GLSA 200512-01 | December 07, 2005
Jack Louis discovered a new way to exploit format string errors in Perl that could lead to the execution of arbitrary code. This is perfomed by causing an integer wrap overflow in the efix variable in
» CVE-2005-3962 Low: Integer overflow in the format string (0.00)

Page: 12...4 5 6 7 8 out of 37

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »