Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2015/10/30 12:0 a.m.•43 views

libvirt -- ACL bypass using ../ to access beyond storage pool

Libvit development team reports: Various virStorageVol API operate on user-supplied volume names by concatenating the volume name to the pool location. Note that the virStoragePoolListVolumes API, when used on a storage pool backed by a directory in a file system, will only list volumes immediate...

2.5CVSS5.4AI score0.00451EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/16 12:0 a.m.•43 views

mediawiki -- multiple vulnerabilities

MediaWiki reports: Wikipedia user RobinHood70 reported two issues in the chunked upload API. The API failed to correctly stop adding new chunks to the upload when the reported size was exceeded T91203, allowing a malicious users to upload add an infinite number of chunks for a single file upload...

9.8CVSS8.4AI score0.02871EPSS
Exploits1References7
FreeBSD
FreeBSD
•added 2015/10/16 12:0 a.m.•43 views

qemu -- denial of service vulnerabilities in eepro100 NIC support

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the i8255x PRO100 emulation support is vulnerable to an infinite loop issue. It could occur while processing a chain of commands located in the Command Block List CBL. Each Command BlockCB points to the next command...

6.5CVSS8AI score0.00393EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2015/09/23 12:0 a.m.•43 views

Git -- Execute arbitrary code

Git release notes: Some protocols like git-remote-ext can execute arbitrary code found in the URL. The URLs that submodules use may come from arbitrary sources e.g., .gitmodules files in a remote repository, and can hurt those who blindly enable recursive fetch. Restrict the allowed protocols to...

9.8CVSS9.3AI score0.20144EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/09/08 12:0 a.m.•43 views

Joomla! -- Core - XSS Vulnerability

The JSST and the Joomla! Security Center report: 20150908 - Core - XSS Vulnerability Inadequate escaping leads to XSS vulnerability in login module...

4.3CVSS5.9AI score0.02948EPSS
Exploits3References2
FreeBSD
FreeBSD
•added 2015/09/05 12:0 a.m.•43 views

ffmpeg -- multiple vulnerabilities

NVD reports: The decodeihdrchunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR aka image header chunk in a PNG image, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact vi...

7.5CVSS9.3AI score0.02412EPSS
Exploits0References10
FreeBSD
FreeBSD
•added 2015/08/05 12:0 a.m.•43 views

adminer -- XSS vulnerability

Jakub Vrana reports: Fix XSS in alter table...

1.3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/04/29 12:0 a.m.•43 views

clamav -- multiple vulnerabilities

ClamAV project reports: ClamAV 0.98.7 is here! This release contains new scanning features and bug fixes. Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221. Fix crash on crafted petite packed file. Reported and pat...

6.8CVSS8AI score0.0837EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2015/02/05 12:0 a.m.•43 views

chromium -- multiple vulnerabilities

Chrome Releases reports: 11 security fixes in this release, including: 447906 High CVE-2015-1209: Use-after-free in DOM. Credit to Maksymillian. 453979 High CVE-2015-1210: Cross-origin-bypass in V8 bindings. Credit to anonymous. 453982 High CVE-2015-1211: Privilege escalation using service worker...

7.5CVSS6.8AI score0.02854EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/08 12:0 a.m.•43 views

rabbitmq -- Security issues in management plugin

The RabbitMQ project reports: Some user-controllable content was not properly HTML-escaped before being presented to a user in the management web UI: When a user unqueued a message from the management UI, message details header names, arguments, etc. were displayed unescaped. An attacker could...

3.5CVSS7AI score0.01152EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2014/12/16 12:0 a.m.•43 views

file -- multiple vulnerabilities

RedHat reports: Thomas Jarosch of Intra2net AG reported a number of denial of service issues resource consumption in the ELF parser used by file1. These issues were fixed in the 5.21 release of file1, but by mistake are missing from the changelog...

5CVSS7.5AI score0.14013EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/11/10 12:0 a.m.•43 views

dbus -- incomplete fix for CVE-2014-3636 part A

Simon McVittie reports: The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as "CVE-2014-3636 part A", which is repeated below. Preventing that attack requires raising the system dbus-daemon's RLIMITNOFILE...

1.9CVSS6.5AI score0.00528EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/10/01 12:0 a.m.•43 views

jenkins -- remote execution, privilege escalation, XSS, password exposure, ACL hole, DoS

Jenkins Security Advisory: Please reference CVE/URL list for details...

7.5CVSS8.4AI score0.12768EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/06/23 12:0 a.m.•43 views

samba -- multiple vulnerabilities

The samba project reports: A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service. Valid unicode path names stored on disk can cause smbd to crash if an authenticated client attempts to read them using a non-unicode request...

3.3CVSS8.9AI score0.20481EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2014/05/14 12:0 a.m.•43 views

gnutls -- client-side memory corruption

GnuTLS project reports: This vulnerability affects the client side of the gnutls library. A server that sends a specially crafted ServerHello could corrupt the memory of a requesting client...

6.8CVSS7.7AI score0.11221EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2014/04/24 12:0 a.m.•43 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports belatedly: 9 security fixes in this release, including: 354967 High CVE-2014-1730: Type confusion in V8. Credit to Anonymous. 349903 High CVE-2014-1731: Type confusion in DOM. Credit to John Butler. 359802 High CVE-2014-1736: Integer overflow in V8. Credit to SkyLin...

7.8CVSS1.3AI score0.03252EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/11/22 12:0 a.m.•43 views

ruby -- Heap Overflow in Floating Point Parsing

Ruby developers report: Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to...

6.8CVSS7.4AI score0.34968EPSS
Exploits3References2
FreeBSD
FreeBSD
•added 2013/07/10 12:0 a.m.•43 views

PHP5 -- Heap corruption in XML parser

The PHP development team reports: ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the...

6.8CVSS7AI score0.05186EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/04/24 12:0 a.m.•43 views

phpMyAdmin -- Multiple security vulnerabilities

The phpMyAdmin development team reports: In some PHP versions, the pregreplace function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a null byte. phpMyAdmin does not correctly sanitize an argument...

6.7AI score
Exploits0
FreeBSD
FreeBSD
•added 2012/12/06 12:0 a.m.•43 views

libarchive -- multiple vulnerabilities

MITRE reports: Integer signedness error in the archivewritezipdata function in archivewritesetformatzip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service crash via unspecified vectors, which triggers an improper...

6.4CVSS7.5AI score0.0489EPSS
Exploits1References7
FreeBSD
FreeBSD
•added 2012/10/07 12:0 a.m.•43 views

apache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: low: XSS due to unescaped hostnames CVE-2012-3499 Various XSS flaws due to unescaped hostnames and URIs HTML output in modinfo, modstatus, modimagemap, modldap, and modproxyftp. moderate: XSS in modproxybalancer CVE-2012-4558 A XSS flaw affected the...

4.3CVSS6.1AI score0.22913EPSS
Exploits3
FreeBSD
FreeBSD
•added 2012/07/31 12:0 a.m.•43 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Linux only 125225 Medium CVE-2012-2846: Cross-process interference in renderers. Credit to Google Chrome Security Team Julien Tinnes. 127522 Low CVE-2012-2847: Missing re-prompt to user upon excessive downloads. Credit to Matt Austin of Aspect Security. 127525 Medi...

7.5CVSS0.7AI score0.01444EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/02/15 12:0 a.m.•43 views

linux-flashplugin -- multiple vulnerabilities

These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.9203EPSS
Exploits13References1
FreeBSD
FreeBSD
•added 2011/05/26 12:0 a.m.•43 views

BIND -- Large RRSIG RRsets and Negative Caching DoS

ISC reports: A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets RRSets when trying to negatively cache a response. This can cause the BIND 9 DNS server named process to crash...

5CVSS8.6AI score0.24638EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2010/07/20 12:0 a.m.•43 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2010-34 Miscellaneous memory safety hazards rv:1.9.2.7/ 1.9.1.11 MFSA 2010-35 DOM attribute cloning remote code execution vulnerability MFSA 2010-36 Use-after-free error in NodeIterator MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code executi...

9.8CVSS10.4AI score0.43382EPSS
Exploits27References14
FreeBSD
FreeBSD
•added 2010/04/13 12:0 a.m.•43 views

KDM -- local privilege escalation vulnerability

KDE Security Advisory reports: KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. A local attacker with a valid local account can under certain circumstanc...

6.9CVSS9.6AI score0.00279EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2010/03/11 12:0 a.m.•43 views

dojo -- cross-site scripting and other vulnerabilities

The Dojo Toolkit team reports: Some PHP files did not properly escape input. Some files could operate like "open redirects". A bad actor could form an URL that looks like it came from a trusted site, but the user would be redirected or load content from the bad actor's site. A file exposed a more...

7.3AI score
Exploits0References5
FreeBSD
FreeBSD
•added 2009/08/11 12:0 a.m.•43 views

GnuTLS -- improper SSL certificate verification

GnuTLS reports: By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1 not printing the entire CN/SAN field value when printing a certificate and 2 cause incorrect positive matches when matching a hostname against a certificate...

7.5CVSS5AI score0.02151EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2009/08/03 12:0 a.m.•43 views

libxml -- Multiple use-after-free vulnerabilities

Multiple use-after-free vulnerabilities in libxml 1.8.17 that allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file...

6.5CVSS5.4AI score0.01793EPSS
Exploits2
FreeBSD
FreeBSD
•added 2009/05/26 12:0 a.m.•43 views

dokuwiki -- Local File Inclusion with register_globals on

DokuWiki reports: A security hole was discovered which allows an attacker to include arbitrary files located on the attacked DokuWiki installation. The included file is executed in the PHP context. This can be escalated by introducing malicious code through uploading file via the media manager or...

9.3CVSS6.8AI score0.23157EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/08/14 12:0 a.m.•43 views

joomla -- flaw in the reset token validation

Joomla project reports: A flaw in the reset token validation mechanism allows for non-validating tokens to be forged. This will allow an unauthenticated, unauthorized user to reset the password of the first enabled user lowest id. Typically, this is an administrator user. Note, that changing the...

7.5CVSS6.4AI score0.09399EPSS
Exploits0
FreeBSD
FreeBSD
•added 2008/02/20 12:0 a.m.•43 views

opera -- multiple vulnerabilities

Opera Software ASA reports about multiple security fixes: Fixed an issue where simulated text inputs could trick users into uploading arbitrary files, as reported by Mozilla. Image properties can no longer be used to execute scripts, as reported by Max Leonov. Fixed an issue where the...

6.5AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2007/11/14 12:0 a.m.•43 views

mysql -- privilege escalation and overwrite of the system table information

MySQL reports: Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points...

7.1CVSS6.3AI score0.1426EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2007/11/11 12:0 a.m.•43 views

phpmyadmin -- cross-site scripting vulnerability

The DigiTrust Group reports: When creating a new database, a malicious user can use a client-side Web proxy to place malicious code in the db parameter of the POST request. Since dbcreate.php does not properly sanitize user-supplied input, an administrator could face a persistent XSS attack when...

6.4AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2007/10/17 12:0 a.m.•43 views

phpmyadmin -- cross-site scripting vulnerability

The DigiTrust Group discovered serious XSS vulnerability in the phpMyAdmin serverstatus.php script. According to their report vulnerability can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...

4.3CVSS6.4AI score0.03326EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2007/07/30 12:0 a.m.•43 views

xpdf -- stack based buffer overflow

The KDE Team reports: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor. Remotely supplied pdf files can be used to disrupt the kpdf viewe...

6.8CVSS7.6AI score0.08565EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/05/15 12:0 a.m.•43 views

png -- DoS crash vulnerability

A Libpng Security Advisory reports: A grayscale PNG image with a malformed bad CRC tRNS chunk will crash some libpng applications. This vulnerability could be used to crash a browser when a user tries to view such a malformed PNG file. It is not known whether the vulnerability could be exploited...

5CVSS9AI score0.05115EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2006/12/06 12:0 a.m.•43 views

FreeBSD -- Kernel memory disclosure in firewire(4)

Problem Description: In the FWGCROM ioctl, a signed integer comparison is used instead of an unsigned integer comparison when computing the length of a buffer to be copied from the kernel into the calling application. Impact: A user in the "operator" group can read the contents of kernel memory...

2.1CVSS6.3AI score0.00398EPSS
Exploits0
FreeBSD
FreeBSD
•added 2005/07/20 12:0 a.m.•43 views

fetchmail -- remote root/code injection from malicious POP3 server

fetchmail's POP3/UIDL code does not truncate received UIDs properly. A malicious or compromised POP3 server can thus corrupt fetchmail's stack and inject code when fetchmail is using UIDL, either through configuration, or as a result of certain server capabilities. Note that fetchmail is run as...

5CVSS6.6AI score0.05882EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2004/07/22 12:0 a.m.•43 views

mozilla -- POP client heap overflow

zen-parse discovered a heap buffer overflow in Mozilla's POP client implementation. A malicious POP server could exploit this vulnerability to cause Mozilla to execute arbitrary code...

10CVSS7AI score0.05346EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2003/11/18 12:0 a.m.•43 views

mailman denial-of-service vulnerability in MailCommandHandler

A malformed message could cause mailman to crash...

5CVSS6.4AI score0.01943EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/05/04 12:0 a.m.•42 views

www/apache24 -- Multiple vulnerabilities

The Apache httpd project reports: modproxyajp: CVE-2026-34059, CVE-2026-34032, CVE-2026-33857, CVE-2026-28780 multiple modules: CVE-2026-33523 modauthnsocache: CVE-2026-33007 modauthdigest: CVE-2026-33006 moddavlock: moddavlock modmd: CVE-2026-29168 modrewrite: CVE-2026-24072 modhttp2:...

9.8CVSS5.8AI score0.4581EPSS
Exploits18References1
FreeBSD
FreeBSD
•added 2024/04/24 12:0 a.m.•42 views

py-social-auth-app-django -- Improper Handling of Case Sensitivity

GitHub Advisory Database: Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This...

4.9CVSS7.3AI score0.00581EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/03/05 12:0 a.m.•42 views

go -- multiple vulnerabilities

The Go project reports reports: crypto/x509: Verify panics on certificates with an unknown public key algorithm Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. net/http: memory exhaustion in...

7.5CVSS6.7AI score0.01165EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/08/29 12:0 a.m.•42 views

chromium -- use after free in MediaStream

Chrome Releases reports: This update includes 1 security fix: 1472492 High CVE-2023-4572: Use after free in MediaStream. Reported by fwnfwn@fwnfwn on 2023-08-12...

9.8CVSS7.4AI score0.0088EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/06/29 12:0 a.m.•42 views

Gitlab -- Vulnerabilities

Gitlab reports: ReDoS via EpicReferenceFilter in any Markdown fields New commits to private projects visible in forks created while project was public New commits to private projects visible in forks created while project was public Maintainer can leak masked webhook secrets by manipulating URL...

7.5CVSS7.1AI score0.00905EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/03/30 12:0 a.m.•42 views

rubygem-time -- ReDoS vulnerability

oooooooq reports: The Time parser mishandles invalid strings that have specific characters. It causes an increase in execution time for parsing strings to Time objects...

5.3CVSS7.6AI score0.02452EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/03/10 12:0 a.m.•42 views

traefik -- Use of vulnerable Go modules net/http, net/textproto

The Go project reports: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially...

7.5CVSS8.4AI score0.01888EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2023/03/02 12:0 a.m.•42 views

strongSwan -- certificate verification vulnerability

strongSwan reports: A vulnerability related to certificate verification in TLS-based EAP methods was discovered in strongSwan that results in a denial of service but possibly even remote code execution. Versions 5.9.8 and 5.9.9 may be affected...

9.8CVSS9.4AI score0.02264EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/02/15 12:0 a.m.•42 views

curl -- multiple vulnerabilities

Harry Sintonen and Patrick Monnerat report: CVE-2023-23914 A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead...

9.1CVSS6.8AI score0.01703EPSS
Exploits2References1
Total number of security vulnerabilities5000