Neat VNC is a liberally licensed VNC server library that's intended to be fast and neat.
+Neat VNC allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
+A remote attacker can opt not to use any authentication method and access the VNC server.
+There is no known workaround at this time.
+All Neat VNC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=gui-libs/neatvnc-0.8.1"
+
+ Flatpak is a Linux application sandboxing and distribution framework.
+A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details.
+A malicious or compromised Flatpak app using persistent directories could +read and write files in locations it would not normally have access to.
+There is no known workaround at this time.
+All Flatpak users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/flatpak-1.4.10"
+
+ Ubiquiti UniFi is a Management Controller for Ubiquiti Networks UniFi APs.
+A vulnerability has been discovered in Ubiquiti UniFi. Please review the CVE identifier referenced below for details.
+The vulnerability allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.
+There is no known workaround at this time.
+All Ubiquiti UniFi users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/unifi-8.5.6"
+
+ EditorConfig core library written in C (for use by plugins supporting EditorConfig parsing)
+A vulnerability has been discovered in EditorConfig Core C library. Please review the CVE identifier referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All EditorConfig core C library users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/editorconfig-core-c-0.12.6"
+
+ libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language that supports C bindings.
+Multiple vulnerabilities have been discovered in libgit2. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All libgit2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libgit2-1.7.2"
+
+ The friendly PIL fork.
+A vulnerability has been discovered in Pillow. Please review the CVE identifier referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All Pillow users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/pillow-10.3.0"
+
+ The X Window System is a graphical windowing system based on a client/server model.
+Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All X.Org X server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.14"
+
+
+ All XWayland users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xwayland-24.1.4"
+
+ Perl is Larry Wall’s Practical Extraction and Report Language.
+Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Perl users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.38.2"
+
+