ClamAV is a GPL virus scanner.
+Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All ClamAV users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.7"
+
+ NVIDIA Drivers are NVIDIA's accelerated graphics driver.
+Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All NVIDIA Drivers 470 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-470.182.03:0/470"
+
+
+ All NVIDIA Drivers 515 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-515.105.01:0/515"
+
+
+ All NVIDIA Drivers 525 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-525.105.17:0/525"
+
+
+ All NVIDIA Drivers 530 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-530.41.03:0/530"
+
+ glibc is a package that contains the GNU C library.
+Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details.
+An attacker could elevate privileges from a local user to root.
+There is no known workaround at this time.
+All glibc users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.37-r7"
+
+ libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file.
+Multiple vulnerabilities have been discovered in libvpx. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All libvpx users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libvpx-1.13.1"
+
+ dav1d is an AV1 decoder.
+In some circumstances, dav1d might treat an invalid frame as valid, resulting in a crash.
+Malformed frame data can result in a denial of service.
+Users should avoid parsing untrusted video with dav1d.
+All dav1d users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/dav1d-1.2.0"
+
+ Heimdal is a free implementation of Kerberos 5.
+Multiple vulnerabilities have been discovered in Heimdal, the worst of which could lead to remote code execution on a Kerberos Domain Controller. + +Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Cross-realm trust vulnerability in Heimdal users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-7.8.0-r1"
+
+ VirtualBox is a powerful virtualization product from Oracle.
+Multiple vulnerabilities have been discovered in Oracle VirtualBox, the worst of which may lead to VirtualBox compromise by an attacker with network access. + +Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Oracle VirtualBox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-7.0.6"
+
+
+ If you still need to use VirtualBox 6:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-6.1.46" "=app-emulation/virtualbox-6*"
+
+ man-db is a man replacement that utilizes BerkeleyDB instead of flat files.
+A root privilege escalation through setuid executable and cron job has been discovered in man-db. Please review the CVE identifier referenced below for details.
+A local user with access to the man user or group can elevate privileges to root.
+There is no known workaround at this time.
+All man-db users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/man-db-2.8.5"
+
+ c-ares is a C library for asynchronous DNS requests (including name resolves).
+Multiple vulnerabilities have been discovered in c-ares. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All c-ares users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/c-ares-1.19.1"
+
+ libcue is a CUE Sheet Parser Library.
+libcue does not check bounds in a loop and suffers from an integer overflow flaw which can be exploited to take over the program.
+Untrusted CUE sheet files can lead to arbitrary code execution. + +app-misc/tracker-miners[cue] uses libcue to index CUE Sheet files in directories. It is possible that downloading a malicious CUE Sheet file into a directory indexed by tracker-miners could lead to remote code execution.
+There is no known workaround at this time.
+All libcue users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libcue-2.2.1-r1"
+
+ less is a pager and text file viewer.
+less suffered from a flaw in its terminal escape sequence handling which made its filtering incomplete.
+Malicious input could clear the terminal output or otherwise manipulate it with faked interactions.
+There is no known workaround at this time.
+All less users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/less-608-r2"
+
+ A command line tool and library for transferring data with URLs.
+Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details. + +Note that the risk of remote code execution is limited to SOCKS usage.
+There is no known workaround at this time.
+All curl users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/curl-8.3.0-r2"
+
+ GNU Mailutils is a collection of mail-related utilities, including an IMAP4 server (imap4d) and a Mail User Agent (mail).
+A vulnerability has been discovered in GNU Mailutils. Please review the CVE identifier referenced below for details.
+mail(1) from mailutils would process escape sequences (like ~! shellcommand) in message bodies piped/redirected in. This creates an RCE if some part of the message body is under an attacker's control.
+There is no known workaround at this time.
+All Mailutils users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/mailutils-3.12-r3"
+
+ A library to handle input devices in Wayland and, via xf86-input-libinput, in X.org.
+An attacker may be able to run malicious code by exploiting a format string vulnerability. Please review the CVE identifier referenced below for details.
+When a device is detected by libinput, libinput logs several messages through log handlers set up by the callers. These log handlers usually eventually result in a printf call. Logging happens with the privileges of the caller, in the case of Xorg this may be root. + +The device name ends up as part of the format string and a kernel device with printf-style format string placeholders in the device name can enable an attacker to run malicious code. An exploit is possible through any device where the attacker controls the device name, e.g. /dev/uinput or Bluetooth devices.
+There is no known workaround at this time.
+All libinput users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libinput-1.20.1"
+
+ USBView is a tool to display the topology of devices on the USB bus.
+A vulnerability has been discovered in usbview. Please review the CVE identifier referenced below for details.
+USBView allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option.
+There is no known workaround at this time.
+All USBView users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/usbview-2.2"
+
+ Ubiquiti UniFi is a Management Controller for Ubiquiti Networks UniFi APs.
+A bundled version of log4j could facilitate remote code execution. Please review the CVE identifier referenced below for details.
+An attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code.
+There is no known workaround at this time.
+All Ubiquity UniFi users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/unifi-6.5.55"
+
+ Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP compressed files.
+Multiple vulnerabilities have been discovered in UnZip. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All UnZip users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/unzip-6.0_p27"
+
+ Rack is a modular Ruby web server interface.
+Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details.
+A possible denial of service vulnerability was found in the multipart parsing component of Rack. + +A sequence injection vulnerability was found which could allow a possible shell escape in the Lint and CommonLogger components of Rack.
+There is no known workaround at this time.
+All Rack users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/rack-2.2.3.1"
+
+ Dovecot is an open source IMAP and POP3 email server.
+A vulnerability has been discovered in Dovecot. Please review the CVE identifier referenced below for details.
+When two passdb configuration entries exist in Dovecot configuration, which have the same driver and args settings, the incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation with certain configurations involving master user authentication. + +Dovecot documentation does not advise against the use of passdb definitions which have the same driver and args settings. One such configuration would be where an administrator wishes to use the same pam configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user.
+There is no known workaround at this time.
+All Dovecot users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/dovecot-2.3.19.1-r1"
+
+ rxvt-unicode is a clone of the well known terminal emulator rxvt.
+A vulnerability has been discovered in rxvt-unicode. Please review the CVE identifiers referenced below for details.
+in the Perl background extension, when an attacker can +control the data written to the user's terminal and certain options are set. + +The "background" extension is automatically loaded if certain X resources are set such as 'transparent' (see the full list at the top of src/perl/background[1]). So it is possible to be using this extension without realising it.
+There is no known workaround at this time.
+All rxvt-unicode users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-9.30"
+
+ ConnMan provides a daemon for managing Internet connections.
+Multiple vulnerabilities have been discovered in ConnMan. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All ConnMan users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/connman-1.42_pre20220801"
+
+ Salt is a fast, intelligent and scalable automation engine.
+Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Salt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/salt-3004.2"
+
+ libxslt is the XSLT C library developed for the GNOME project. XSLT itself is an XML language to define transformations for XML.
+Multiple vulnerabilities have been discovered in libxslt. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All libxslt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxslt-1.1.35"
+
+