Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
Gentoo Project
Proxy Maintainers
Packages
1376
Stabilization
169
Outdated
248
Pull requests
123
Bugs
1275
Security
107
Changelog
Security Bug Reports
media-gfx/transfig: Multiple vulnerabilities
753962 - Assigned to Gentoo Security
net-p2p/bitcoind: Information leak via RPC calls (CVE-2021-3195)
766983 - Assigned to Gentoo Security
media-gfx/transfig: Out of bounds read (CVE-2021-3561)
792333 - Assigned to Gentoo Security
dev-libs/keystone: multiple vulnerabilities (CVE-2020-{36404,36405})
799785 - Assigned to Gentoo Security
<app-text/mupdf-1.20.0: multiple vulnerabilities
803305 - Assigned to Gentoo Security
<net-irc/weechat-3.3: Websocket vulnerability in relay plugin
811603 - Assigned to Gentoo Security
<net-ftp/atftp-0.7.5: multiple vulnerabilities
813079 - Assigned to Gentoo Security
sys-cluster/teleport: multiple vulnerabilities
813702 - Assigned to Gentoo Security
<dev-libs/stb-20240201: multiple vulnerabilities
818556 - Assigned to Gentoo Security
<net-vpn/strongswan-5.9.4: integer overflow (CVE-2021-41991)
818841 - Assigned to Gentoo Security
<media-libs/gegl-0.4.34: shell expansion via pathname in system()
829880 - Assigned to Gentoo Security
<app-containers/podman-3.4.3: insufficient network isolation
829896 - Assigned to Gentoo Security
media-libs/openjpeg: Heap-buffer-overflow in color.c:379:42 in sycc420_to_rgb
832007 - Assigned to Gentoo Security
<net-irc/atheme-services-7.2.12: authentication bypass with >=net-irc/inspircd-3
832400 - Assigned to Gentoo Security
<net-vpn/strongswan-5.9.5: authentication bypass
832460 - Assigned to Gentoo Security
<dev-lang/mujs-1.2.0: heap buffer overflow
833453 - Assigned to Gentoo Security
net-nds/389-ds-base: double free in persistent searches
833631 - Assigned to Gentoo Security
<net-irc/weechat-3.4.1: SSL verification vulnerability
835133 - Assigned to Gentoo Security
net-nds/389-ds-base: multiple vulnerabilities
835611 - Assigned to Gentoo Security
<app-containers/crun-1.4.4: "exec does not set inheritable capabilities"
835976 - Assigned to Gentoo Security
dev-libs/stb: reachable assertion in stbi__create_png_image_raw
836241 - Assigned to Gentoo Security
dev-php/composer: multiple vulnerabilities
838268 - Assigned to Gentoo Security
<dev-lang/mujs-1.3.0: multiple vulnerabilities
845399 - Assigned to Gentoo Security
<media-gfx/gimp-2.10.32: memory exhaustion via crafted file
845402 - Assigned to Gentoo Security
<net-nds/389-ds-base-2.3.2: access control bypass vulnerability
849401 - Assigned to Gentoo Security
<media-gfx/gimp-2.10.32: DoS via crafted XCF file
856283 - Assigned to Gentoo Security
<www-servers/caddy-2.5.2: oob read allows for DoS
860147 - Assigned to Gentoo Security
app-shells/nushell: 'cargo audit' reports one or more bundled CRATES as vulnerable
864031 - Assigned to Gentoo Security
<www-client/w3m-20230121: oob write
865249 - Assigned to Gentoo Security
media-gfx/blender: multiple vulnerabilities
865525 - Assigned to Gentoo Security
<app-text/hunspell-1.7.1: multiple vulnerabilities
866093 - Assigned to Gentoo Security
sys-cluster/teleport: remote code execution
866356 - Assigned to Gentoo Security
app-backup/amanda: multiple vulnerabilities
870037 - Assigned to Gentoo Security
<app-containers/podman-4.3.0: incorrect handling of supplementary groups
870931 - Assigned to Gentoo Security
<net-vpn/strongswan-5.9.8: DoS via revocation pointing to attacker server
878887 - Assigned to Gentoo Security
<dev-lang/mujs-1.3.2: code execution via UAF via crafted javascript
882775 - Assigned to Gentoo Security
<app-metrics/node_exporter-1.5.0: basic authentication bypass
883653 - Assigned to Gentoo Security
app-containers/buildah: multiple vulnerabilities
884859 - Assigned to Gentoo Security
<net-libs/mbedtls-{2.28.5,3.5.0}: multiple vulnerabilties
886001 - Assigned to Gentoo Security
app-text/mupdf: multiple vulnerabilities
886009 - Assigned to Gentoo Security
<net-libs/libvncserver-0.9.14: multiple vulnerabilities
887067 - Assigned to Gentoo Security
<app-arch/upx-4.0.1-r1 <app-arch/upx-bin-4.0.2: multiple vulnerabilities
890616 - Assigned to Gentoo Security
<app-crypt/tpm2-tss-3.2.2: Buffer Overflow in TSS2_RC_Decode
891519 - Assigned to Gentoo Security
<www-apache/mod_security-2.9.7, <dev-libs/modsecurity-3.0.9: multiple vulnerabilities
891777 - Assigned to Gentoo Security
app-emulation/dynamips: use of uninitialized variable
891779 - Assigned to Gentoo Security
<media-libs/assimp-5.2.5-r1: heap use after free
891787 - Assigned to Gentoo Security
<app-containers/podman-4.5.0: arbitrary host file access
896372 - Assigned to Gentoo Security
sys-cluster/glusterfs: multiple vulnerabilities
897926 - Assigned to Jaco Kroon
<dev-libs/libtpms-0.9.6: Out-of-bounds access
898504 - Assigned to Gentoo Security
<net-p2p/qbittorrent-4.5.2: Possible path traversal vulnerability
898508 - Assigned to Gentoo Security
<net-vpn/strongswan-5.9.10: denial of service but possibly even remote code execution
899964 - Assigned to Gentoo Security
<net-news/liferea-1.12.10: Fix RCE vulnerability on feed enrichment
901085 - Assigned to Gentoo Security
app-admin/doas: vulnerable to privilege escalation via TIOCSTI/TIOCLINUX command injection
901393 - Assigned to Gentoo Security
<app-arch/upx-4.0.2 <app-arch/upx-bin-4.0.2: multiple vulnerabilities
903139 - Assigned to Gentoo Security
<net-misc/frr-8.4.1: DoS vulnerability via reachable assertion
903757 - Assigned to Gentoo Security
media-libs/libjxl: multiple vulnerabilities
905094 - Assigned to Gentoo Security
<net-libs/libsignal-protocol-c-2.3.3-r1: unsigned integer overflow in bundled protobuf-c
905098 - Assigned to Gentoo Security
<sci-astronomy/stellarium-23.1: arbitrary file write vulnerability
905300 - Assigned to Gentoo Security
net-dns/coredns: multiple vulnerabilities
905301 - Assigned to Gentoo Security
media-libs/libjxl: assertion failure
905393 - Assigned to Gentoo Security
<app-admin/filebeat-7.17.16: credential leakage into logs
905879 - Assigned to Gentoo Security
net-misc/frr: multiple vulnerabilities
905882 - Assigned to Gentoo Security
<media-libs/opencv-4.8.0: multiple vulnerabilities
906106 - Assigned to Gentoo Security
<app-editors/vim-9.0.1627: multiple "vulnerabilities"
906109 - Assigned to Gentoo Security
<net-misc/frr-9.0: multiple vulnerabilities
906116 - Assigned to Gentoo Security
<net-p2p/bitcoind-25.0: denial of service
908084 - Assigned to Gentoo Security
<media-libs/openexr-3.1.11: oss-fuzz stack buffer overread
908257 - Assigned to Gentoo Security
<media-libs/libjxl-0.8.2: integer underflow leading to infinite loop
908520 - Assigned to Gentoo Security
<net-libs/rabbitmq-c-0.13.0: credentials passed on command line
908818 - Assigned to Gentoo Security
<net-vpn/i2p-2.3.0: Eepsite deanonymization attack
911550 - Assigned to Gentoo Security
net-misc/frr: multiple vulnerabilities
913242 - Assigned to Gentoo Security
<net-proxy/squid-6.5: multiple vulnerabilities
916334 - Assigned to Gentoo Security
<dev-util/radare2-5.9.0: multiple vulnerabilities
916508 - Assigned to Gentoo Security
<media-libs/openexr-3.1.12: oss fuzz issues
916514 - Assigned to Gentoo Security
<net-misc/frr-9.0.2: multiple vulnerabilities
916902 - Assigned to Gentoo Security
<media-gfx/gimp-2.10.36: multiple vulnerabilities
917406 - Assigned to Gentoo Security
<net-libs/pjproject-2.13.1: heap buffer overflow when parsing DNS packet
917463 - Assigned to Gentoo Security
net-libs/pjproject: UAF in SRTP media transport
917613 - Assigned to Gentoo Security
net-misc/croc: multiple vulnerabilities
918091 - Assigned to Gentoo Security
<www-servers/caddy-2.7.5: http/2 rapid reset vulnerability
918413 - Assigned to Gentoo Security
<net-p2p/qbittorrent-4.6.1: default credentials allowed by default
918533 - Assigned to Gentoo Security
<app-editors/vim-9.0.2167: multiple vulnerabilities
918537 - Assigned to Gentoo Security
<app-editors/vim-9.0.2092: multiple vulnerabilities
918538 - Assigned to Gentoo Security
<dev-libs/json-c-0.16: stack buffer overflow
918555 - Assigned to Gentoo Security
www-client/w3m: multiple vulnerabilities
918564 - Assigned to Gentoo Security
<app-misc/elasticsearch-7.17.12: multiple vulnerabilities
918584 - Assigned to Gentoo Security
<app-emulation/xen-{4.16.6_pre2,4.17.3}: multiple vulnerabilities
918669 - Assigned to Gentoo Security
dev-libs/stb: multiple vulnerabilities
918679 - Assigned to Gentoo Security
<net-misc/asterisk-{18.20.2,20.5.2}: denial of service via dtls hello
920026 - Assigned to Gentoo Security
<net-proxy/squid-6.6: Denial of Service in HTTP Request parsing
920101 - Assigned to Gentoo Security
net-vpn/strongswan: buffer overflow and potential RCE
920105 - Assigned to Gentoo Security
<app-containers/podman-4.8.3: Terrapin vulnerability
921290 - Assigned to Gentoo Security
<app-emulation/xen-{4.16.6_pre2,4.17.3}: arm32: The cache may not be properly cleaned/invalidated
921355 - Assigned to Gentoo Security
<media-libs/jasper-4.1.2: Invalid memory write
922075 - Assigned to Gentoo Security
<app-containers/buildah-1.33.5 multiple vulnerabilities
923650 - Assigned to Gentoo Security
<app-emulation/xen-4..17.4_pre1: multiple vulnerabilities
923741 - Assigned to Gentoo Security
<app-containers/podman-4.9.2 multiple vulnerabilities
923751 - Assigned to Gentoo Security
dev-libs/modsecurity: WAF bypass
923858 - Assigned to Gentoo Security
<www-apps/gitea-1.21.5: allows anonymous container access if RequireSignInView is enabled
925023 - Assigned to Gentoo Security
<sys-apps/eza-0.18.6: local arbitrary code execution via .git/HEAD and .git/objects components
926532 - Assigned to Gentoo Security
app-containers/buildah: Denial of Service with invalid JSON input
927499 - Assigned to Gentoo Security
app-containers/podman: Denial of Service with invalid JSON input
927500 - Assigned to Gentoo Security
app-containers/podman: container escape
927501 - Assigned to Gentoo Security
app-containers/buildah: container escape
927502 - Assigned to Gentoo Security
<app-emulation/xen-4.17.4_pre2: multiple vulnerabilities
928620 - Assigned to Gentoo Security
<app-emulation/xen-4.17.4: multiple vulnerabilities
929038 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.