Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
Gentoo Project
Proxy Maintainers
Packages
1503
Stabilization
129
Outdated
293
Pull requests
103
Bugs
1340
Security
90
Changelog
Security Bug Reports
media-gfx/transfig: Multiple vulnerabilities
753962 - Assigned to Gentoo Security
net-p2p/bitcoind: Information leak via RPC calls (CVE-2021-3195)
766983 - Assigned to Gentoo Security
media-gfx/transfig: Out of bounds read (CVE-2021-3561)
792333 - Assigned to Gentoo Security
dev-libs/keystone: multiple vulnerabilities (CVE-2020-{36404,36405})
799785 - Assigned to Gentoo Security
<net-irc/weechat-3.3: Websocket vulnerability in relay plugin
811603 - Assigned to Gentoo Security
<net-ftp/atftp-0.7.5: multiple vulnerabilities
813079 - Assigned to Gentoo Security
sys-cluster/teleport: multiple vulnerabilities
813702 - Assigned to Gentoo Security
<media-libs/gegl-0.4.34: shell expansion via pathname in system()
829880 - Assigned to Gentoo Security
<media-libs/openjpeg-2.5.2: Heap-buffer-overflow in color.c:379:42 in sycc420_to_rgb
832007 - Assigned to Gentoo Security
<net-irc/atheme-services-7.2.12: authentication bypass with >=net-irc/inspircd-3
832400 - Assigned to Gentoo Security
<net-irc/weechat-3.4.1: SSL verification vulnerability
835133 - Assigned to Gentoo Security
net-p2p/go-ethereum: multiple vulnerabilities
835610 - Assigned to Gentoo Security
<app-containers/crun-1.4.4: "exec does not set inheritable capabilities"
835976 - Assigned to Gentoo Security
dev-libs/stb: reachable assertion in stbi__create_png_image_raw
836241 - Assigned to Gentoo Security
<media-gfx/gimp-2.10.32: memory exhaustion via crafted file
845402 - Assigned to Gentoo Security
<media-gfx/gimp-2.10.32: DoS via crafted XCF file
856283 - Assigned to Gentoo Security
<www-servers/caddy-2.5.2: oob read allows for DoS
860147 - Assigned to Gentoo Security
app-shells/nushell: 'cargo audit' reports one or more bundled CRATES as vulnerable
864031 - Assigned to Gentoo Security
<www-client/w3m-20230121: oob write
865249 - Assigned to Gentoo Security
media-gfx/blender: multiple vulnerabilities
865525 - Assigned to Gentoo Security
sys-cluster/teleport: remote code execution
866356 - Assigned to Gentoo Security
<app-backup/amanda-3.5.4: multiple vulnerabilities
870037 - Assigned to Gentoo Security
<app-metrics/node_exporter-1.5.0: basic authentication bypass
883653 - Assigned to Gentoo Security
app-containers/buildah: multiple vulnerabilities
884859 - Assigned to Gentoo Security
app-text/mupdf: multiple vulnerabilities
886009 - Assigned to Gentoo Security
<net-libs/libvncserver-0.9.14: multiple vulnerabilities
887067 - Assigned to Gentoo Security
<app-arch/upx-4.0.1-r1 <app-arch/upx-bin-4.0.2: multiple vulnerabilities
890616 - Assigned to Gentoo Security
<net-dialup/freeradius-3.2.2: multiple vulnerabilities
891265 - Assigned to Gentoo Security
<app-crypt/tpm2-tss-3.2.2: Buffer Overflow in TSS2_RC_Decode
891519 - Assigned to Gentoo Security
<www-apache/mod_security-2.9.7, <dev-libs/modsecurity-3.0.9: multiple vulnerabilities
891777 - Assigned to Gentoo Security
app-emulation/dynamips: use of uninitialized variable
891779 - Assigned to Gentoo Security
<media-libs/assimp-5.2.5-r1: heap use after free
891787 - Assigned to Gentoo Security
sys-cluster/glusterfs: multiple vulnerabilities
897926 - Assigned to Jaco Kroon
<dev-libs/libtpms-0.9.6: Out-of-bounds access
898504 - Assigned to Gentoo Security
app-admin/doas: vulnerable to privilege escalation via TIOCSTI/TIOCLINUX command injection
901393 - Assigned to Gentoo Security
<app-arch/upx-4.0.2 <app-arch/upx-bin-4.0.2: multiple vulnerabilities
903139 - Assigned to Gentoo Security
<net-misc/frr-8.4.1: DoS vulnerability via reachable assertion
903757 - Assigned to Gentoo Security
media-libs/libjxl: multiple vulnerabilities
905094 - Assigned to Gentoo Security
<net-libs/libsignal-protocol-c-2.3.3-r1: unsigned integer overflow in bundled protobuf-c
905098 - Assigned to Gentoo Security
net-dns/coredns: multiple vulnerabilities
905301 - Assigned to Gentoo Security
media-libs/libjxl: assertion failure
905393 - Assigned to Gentoo Security
<app-admin/filebeat-7.17.16: credential leakage into logs
905879 - Assigned to Gentoo Security
<net-misc/frr-8.4.1: multiple vulnerabilities
905882 - Assigned to Gentoo Security
<media-libs/opencv-4.8.0: multiple vulnerabilities
906106 - Assigned to Gentoo Security
<app-editors/vim-9.0.1627: multiple "vulnerabilities"
906109 - Assigned to Gentoo Security
<net-misc/frr-9.0: multiple vulnerabilities
906116 - Assigned to Gentoo Security
<media-libs/openexr-3.1.11: oss-fuzz stack buffer overread
908257 - Assigned to Gentoo Security
<media-libs/libjxl-0.8.2: integer underflow leading to infinite loop
908520 - Assigned to Gentoo Security
<net-libs/rabbitmq-c-0.13.0: credentials passed on command line
908818 - Assigned to Gentoo Security
<net-vpn/i2p-2.3.0: Eepsite deanonymization attack
911550 - Assigned to Gentoo Security
net-misc/frr: multiple vulnerabilities
913242 - Assigned to Gentoo Security
<net-proxy/squid-6.5: multiple vulnerabilities
916334 - Assigned to Gentoo Security
<media-libs/openexr-3.1.12: oss fuzz issues
916514 - Assigned to Gentoo Security
<net-misc/frr-9.0.2: multiple vulnerabilities
916902 - Assigned to Gentoo Security
<media-gfx/gimp-2.10.36: multiple vulnerabilities
917406 - Assigned to Gentoo Security
<net-libs/pjproject-2.13.1: heap buffer overflow when parsing DNS packet
917463 - Assigned to Gentoo Security
net-libs/pjproject: UAF in SRTP media transport
917613 - Assigned to Gentoo Security
<net-misc/croc-10.0.12: multiple vulnerabilities
918091 - Assigned to Gentoo Security
<www-servers/caddy-2.7.5: http/2 rapid reset vulnerability
918413 - Assigned to Gentoo Security
<app-editors/vim-9.0.2167: multiple vulnerabilities
918537 - Assigned to Gentoo Security
<app-editors/vim-9.0.2092: multiple vulnerabilities
918538 - Assigned to Gentoo Security
www-client/w3m: multiple vulnerabilities
918564 - Assigned to Gentoo Security
dev-libs/stb: multiple vulnerabilities
918679 - Assigned to Gentoo Security
<net-misc/asterisk-{18.20.2,20.5.2}: denial of service via dtls hello
920026 - Assigned to Gentoo Security
<net-proxy/squid-6.6: Denial of Service in HTTP Request parsing
920101 - Assigned to Gentoo Security
<net-vpn/strongswan-5.9.13: buffer overflow and potential RCE
920105 - Assigned to Gentoo Security
<media-libs/jasper-4.1.2: Invalid memory write
922075 - Assigned to Gentoo Security
dev-libs/modsecurity: WAF bypass
923858 - Assigned to Gentoo Security
<www-apps/gitea-1.21.5: allows anonymous container access if RequireSignInView is enabled
925023 - Assigned to Gentoo Security
<sys-apps/eza-0.18.6: local arbitrary code execution via .git/HEAD and .git/objects components
926532 - Assigned to Gentoo Security
<net-p2p/kubo-0.29.0-r1: executes downloaded binaries without verification
930853 - Assigned to Gentoo Security
<gui-wm/hyprland-0.40.0: privilege escalation via unsafe permissions & handling of temporary files
930945 - Assigned to Gentoo Security
<app-crypt/tpm2-tss-4.0.2: Unchecked magic number in verify quote
931055 - Assigned to Gentoo Security
<app-crypt/tpm2-tools-5.6.1: Missing comparison of PCR selection and uncheck magic number in verify quote
931056 - Assigned to Gentoo Security
<dev-python/flask-cors-4.0.1: log injection when the log level is set to debug
931228 - Assigned to Gentoo Security
<app-containers/skopeo-1.15.1: unexpected authenticated registry accesses
932453 - Assigned to Gentoo Security
<app-containers/podman-5.0.3: unexpected authenticated registry access
936573 - Assigned to Gentoo Security
<media-libs/assimp-5.4.2: heap-based buffer overflow
936586 - Assigned to Gentoo Security
app-editors/vim: multiple vulnerabilities
937126 - Assigned to Gentoo Security
<net-proxy/squid-6.10: buffer underflow in ESI
938814 - Assigned to Gentoo Security
<net-misc/asterisk-{18.24.3,20.9.3,21.4.3}: denial of service (crash) bug
939159 - Assigned to Gentoo Security
<dev-db/redict-7.3.1 <dev-db/redis-{6.2.16,7.2.6,7.4.1}: multiple vulnerabilities
940609 - Assigned to Gentoo Security
<app-emulation/xen-4.18.4_pre0: Deadlock in vlapic_error()
940632 - Assigned to Gentoo Security
<app-containers/podman-5.2.4: improper input validation
941217 - Assigned to Gentoo Security
app-containers/containers-common: improper file path handling when FIPS mode is enabled
941218 - Assigned to Gentoo Security
<app-containers/podman-5.2.5: symlink traversal can result in denial of service via OOM
942556 - Assigned to Gentoo Security
<app-containers/buildah-1.37.5; symlink traversal can result in denial of service via OOM
942557 - Assigned to Gentoo Security
<app-containers/containers-storage-1.55.1: symlink traversal can result in denial of service via OOM
942559 - Assigned to Gentoo Security
<net-libs/mbedtls-{2.28.9,3.6.2}: multiple vulnerabilities
943337 - Assigned to Gentoo Security
<app-emulation/xen-4.18.4_pre1: multiple vulnerabilities
944489 - Assigned to Tomáš Mózes
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.