Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2014/05/22 12:0 a.m.•42 views

elasticsearch and logstash -- remote OS command execution via dynamic scripting

Elastic reports: Vulnerability Summary: In Elasticsearch versions 1.1.x and prior, dynamic scripting is enabled by default. This could allow an attacker to execute OS commands. Remediation Summary: Disable dynamic scripting. Logstash 1.4.2 was bundled with Elasticsearch 1.1.1, which is vulnerable...

8.1CVSS7.4AI score0.88559EPSS
Exploits17References7
FreeBSD
FreeBSD
•added 2014/05/20 12:0 a.m.•42 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 23 security fixes in this release, including: 356653 High CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer. 359454 High CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple. 346192 High CVE-2014-1745: Use-after-free in SVG. Credit to Atte...

7.5CVSS3.2AI score0.01954EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/03/11 12:0 a.m.•42 views

LibYAML input sanitization errors

oCERT reports: The LibYAML project is an open source YAML 1.1 parser and emitter written in C. The library is affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for the string passed to the...

6.8CVSS8AI score0.09264EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2013/06/21 12:0 a.m.•42 views

apache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: The modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a...

7.6AI score
Exploits0
FreeBSD
FreeBSD
•added 2013/06/04 12:0 a.m.•42 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 242322 Medium CVE-2013-2855: Memory corruption in dev tools API. Credit to "daniel.zulla". 242224 High CVE-2013-2856: Use-after-free in input handling. Credit to miaubiz. 240124 High CVE-2013-2857: Use-after-free in image handling. Credit to miaubiz. 239897 High...

10CVSS2.4AI score0.03585EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/06/04 12:0 a.m.•42 views

dns/bind9* -- A recursive resolver can be crashed by a query for a malformed zone

ISC reports: A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal...

7.8CVSS6.8AI score0.0511EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/03/03 12:0 a.m.•42 views

stunnel -- Remote Code Execution

Michal Trojnara reports: 64-bit versions of stunnel with the following conditions: NTLM authentication enabled CONNECT protocol negotiation enabled Configured in SSL client mode An attacker that can either control the proxy server specified in the "connect" option or execute MITM attacks on the T...

6.6CVSS7.5AI score0.02932EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/01/02 12:0 a.m.•42 views

rubygem-rails -- SQL injection vulnerability

Ruby on Rails team reports: There is a SQL injection vulnerability in Active Record in ALL versions. Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject...

3.1AI score
Exploits2References1
FreeBSD
FreeBSD
•added 2012/12/01 12:0 a.m.•42 views

mysql/mariadb/percona server -- multiple vulnerabilities

ORACLE reports: Multiple SQL injection vulnerabilities in the replication code Stack-based buffer overflow Heap-based buffer overflow...

6.5CVSS7.5AI score0.24564EPSS
Exploits7References3
FreeBSD
FreeBSD
•added 2012/09/13 12:0 a.m.•42 views

apache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: low: XSS in modnegotiation when untrusted uploads are supported CVE-2012-2687 Possible XSS for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled. low: insecure LDLIBRARYPATH handling CVE-2012-0883 This issue w...

6.9CVSS6.1AI score0.22515EPSS
Exploits5
FreeBSD
FreeBSD
•added 2012/06/14 12:0 a.m.•42 views

asterisk -- remote crash vulnerability

Asterisk project reports: Skinny Channel Driver Remote Crash Vulnerability...

4CVSS6.6AI score0.01728EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2012/06/12 12:0 a.m.•42 views

samba -- multiple vulnerabilities

The Samba project reports: These are security releases in order to address CVE-2013-4408 DCE-RPC fragment length field is incorrectly checked and CVE-2012-6150 pamwinbind login without requiremembershipof restrictions...

8.3CVSS8.3AI score0.0379EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2012/05/31 12:0 a.m.•42 views

rubygem-activerecord -- multiple vulnerabilities

rubygem-activerecord -- multiple vulernabilities Due to the way Active Record interprets parameters in combination with the way that Rack parses query parameters, it is possible for an attacker to issue unexpected database queries with "IS NULL" where clauses. This issue does not let an attacker...

6.4CVSS7.9AI score0.046EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2012/04/10 12:0 a.m.•42 views

samba -- "root" credential remote code execution

Samba development team reports: Samba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the "root" user from an anonymous connection. As this does not require an authenticated connection it is the most serious vulnerability...

10CVSS9.4AI score0.74034EPSS
Exploits9
FreeBSD
FreeBSD
•added 2012/01/19 12:0 a.m.•42 views

fetchmail -- chosen plaintext attack against SSL CBC initialization vectors

Matthias Andree reports: Fetchmail version 6.3.9 enabled "all SSL workarounds" SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application fetchmail...

4.3CVSS7.3AI score0.73327EPSS
Exploits4
FreeBSD
FreeBSD
•added 2012/01/06 12:0 a.m.•42 views

OpenTTD -- Denial of service (server) via slow read attack

The OpenTTD Team reports: Using a slow read type attack it is possible to prevent anyone from joining a server with virtually no resources. Once downloading the map no other downloads of the map can start, so downloading really slowly will prevent others from joining. This can be further aggravat...

4.3CVSS5.2AI score0.01344EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/12/23 12:0 a.m.•42 views

krb5-appl -- telnetd code execution vulnerability

The MIT Kerberos Team reports: When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. Also see MITKRB5-SA-2011-008...

10CVSS7AI score0.95104EPSS
Exploits19References2
FreeBSD
FreeBSD
•added 2011/11/10 12:0 a.m.•42 views

phpmyadmin -- Local file inclusion

Jan Lieskovsky reports: Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file limited by the privileges of the user running the web server...

6.5CVSS6.6AI score0.1267EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2011/08/16 12:0 a.m.•42 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2011-29 Security issues addressed in Firefox 6 MFSA 2011-28 Security issues addressed in Firefox 3.6.20...

10CVSS9.6AI score0.05556EPSS
Exploits5References2
FreeBSD
FreeBSD
•added 2011/04/27 12:0 a.m.•42 views

ejabberd -- remote denial of service vulnerability

It's reported in CVE advisory that: expaterl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML documen...

9.3CVSS6.8AI score0.02125EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/02/08 12:0 a.m.•42 views

webkit-gtk2 -- Multiple vurnabilities.

Gustavo Noronha Silva reports: This release has essentially security fixes. Refer to the WebKit/gtk/NEWS file inside the tarball for details. We would like to thank the Red Hat security team Huzaifa Sidhpurwala in particular and Michael Gilbert from Debian for their help in checking and pushing!...

10CVSS9AI score0.02397EPSS
Exploits6References8
FreeBSD
FreeBSD
•added 2009/12/16 12:0 a.m.•42 views

mozilla -- multiple vulnerabilities

Mozilla Project reports: MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects MFSA 2009-70 Privilege escalation via chrome window.opener MFSA 2009-69 Location bar spoofing vulnerabilities MFSA 2009-68 NTLM reflection vulnerability MFSA 2009-67 Integer...

9.3CVSS10AI score0.04785EPSS
Exploits8References7
FreeBSD
FreeBSD
•added 2009/11/20 12:0 a.m.•42 views

postgresql -- multiple vulnerabilities

PostgreSQL project reports: PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which 1...

6.5CVSS8.6AI score0.03644EPSS
Exploits5
FreeBSD
FreeBSD
•added 2009/10/15 12:0 a.m.•42 views

gd -- '_gdGetColors' remote buffer overflow vulnerability

CVE reports: The gdGetColors function in gdgd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different...

9.3CVSS7.3AI score0.1021EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2009/05/18 12:0 a.m.•42 views

openssl -- denial of service in DTLS implementation

Secunia reports: Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS. The library does not limit the number of buffered DTLS records with a future epoch. This can be exploited to exhaust all available memory via specially crafted DTLS...

7.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2009/04/21 12:0 a.m.•42 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2009-22: Firefox allows Refresh header to redirect to javascript: URIs MFSA 2009-21: POST data sent to wrong site when saving web page with embedded frame MFSA 2009-20: Malicious search plugins can inject code into arbitrary sites MFSA 2009-19: Same-origin...

6.8CVSS9.2AI score0.05565EPSS
Exploits6References9
FreeBSD
FreeBSD
•added 2008/08/08 12:0 a.m.•42 views

ruby -- DNS spoofing vulnerability

The official ruby site reports: resolv.rb allow remote attackers to spoof DNS answers. This risk can be reduced by randomness of DNS transaction IDs and source ports...

6.8CVSS7AI score0.95182EPSS
Exploits20References1
FreeBSD
FreeBSD
•added 2008/02/13 12:0 a.m.•42 views

openldap -- modrdn Denial of Service vulnerability

Secunia Advisory reports: A vulnerability has been reported in OpenLDAP, which can be exploited by malicious users to cause a DoS Denial of Service...

4CVSS6.3AI score0.03053EPSS
Exploits2
FreeBSD
FreeBSD
•added 2007/10/19 12:0 a.m.•42 views

firefox -- OnUnload Javascript browser entrapment vulnerability

RedHat reports: Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially-crafted content could potentially trick a user into surrendering sensitive information. CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334...

6.8CVSS6.6AI score0.05447EPSS
Exploits4
FreeBSD
FreeBSD
•added 2007/10/17 12:0 a.m.•42 views

drupal --- multiple vulnerabilities

The Drupal Project reports: In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of...

4.3CVSS7.2AI score0.01451EPSS
Exploits0References7
FreeBSD
FreeBSD
•added 2007/09/27 12:0 a.m.•42 views

tcl/tk -- buffer overflow in ReadImage function

A Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl/Tk, allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first...

6.8CVSS7.7AI score0.04855EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2007/02/23 12:0 a.m.•42 views

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2007-08 onUnload + document.write memory corruption MFSA 2007-07 Embedded...

9.3CVSS6.7AI score0.5036EPSS
Exploits10References10
FreeBSD
FreeBSD
•added 2006/09/19 12:0 a.m.•42 views

gzip -- multiple vulnerabilities

Problem Description Multiple programming errors have been found in gzip which can be triggered when gzip is decompressing files. These errors include insufficient bounds checks in buffer use, a NULL pointer dereference, and a potential infinite loop. Impact The insufficient bounds checks in buffe...

7.5CVSS6.9AI score0.05641EPSS
Exploits1
FreeBSD
FreeBSD
•added 2006/09/18 12:0 a.m.•42 views

opera -- RSA Signature Forgery

Opera reports: A specially crafted digital certificate can bypass Opera's certificate signature verification. Forged certificates can contain any false information the forger chooses, and Opera will still present it as valid. Opera will not present any warning dialogs in this case, and the securi...

4.3CVSS7.7AI score0.04894EPSS
Exploits1References5
FreeBSD
FreeBSD
•added 2006/09/08 12:0 a.m.•42 views

win32-codecs -- multiple vulnerabilities

The Apple Security Team reports that there are multiple vulnerabilities within QuickTime one of the plugins for win32-codecs. A remote attacker capable of creating a malicious SGI image, FlashPix, FLC movie, or a QuickTime movie can possibly lead to execution of arbitrary code or cause a Denial o...

5.1CVSS7.7AI score0.15248EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2006/03/29 12:0 a.m.•42 views

mysql -- database suid privilege escalation

Dmitri Lenev reports a privilege escalation in MySQL. MySQL evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote and local authenticated users to gain privileges through a routine that has been made available...

6.5CVSS6.8AI score0.11758EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2006/03/14 12:0 a.m.•42 views

linux-flashplugin -- arbitrary code execution vulnerability

Adobe reports: Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these...

5.1CVSS7.1AI score0.06602EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/07/12 12:0 a.m.•42 views

apache -- Certificate Revocation List (CRL) off-by-one vulnerability

Marc Stern reports an off-by-one vulnerability in within modssl. The vulnerability lies in modssl's Certificate Revocation List CRL. If Apache is configured to use a CRL this could allow an attacker to crash a child process causing a Denial of Service...

5CVSS8.9AI score0.08388EPSS
Exploits0
FreeBSD
FreeBSD
•added 2004/12/02 12:0 a.m.•42 views

samba -- integer overflow vulnerability

Greg MacManus, iDEFENSE Labs reports: Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary...

10CVSS3.7AI score0.13196EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2004/10/13 12:0 a.m.•42 views

tiff -- RLE decoder heap overflows

Chris Evans discovered several heap buffer overflows in libtiff's RLE decoder. These overflows could be triggered by a specially-crafted TIFF image file, resulting in an application crash and possibly arbitrary code execution...

7.5CVSS7.1AI score0.08268EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/08/04 12:0 a.m.•42 views

libpng stack-based buffer overflow and other code concerns

Chris Evans has discovered multiple vulnerabilities in libpng, which can be exploited by malicious people to compromise a vulnerable system or cause a DoS Denial of Service...

6.8AI score
Exploits0References11
FreeBSD
FreeBSD
•added 2004/07/28 12:0 a.m.•42 views

SoX buffer overflows when handling .WAV files

Ulf Härnhammar discovered a pair of buffer overflows in the WAV file handling code of SoX. If an attacker can cause her victim to process a specially-crafted WAV file with SoX e.g. through social engineering or through some other program that relies on SoX, arbitrary code can be executed with the...

10CVSS7AI score0.2508EPSS
Exploits7References3
FreeBSD
FreeBSD
•added 2004/07/07 12:0 a.m.•42 views

php -- strip_tags cross-site scripting vulnerability

Stefan Esser of e-matters discovered that PHP's striptags function would ignore certain characters during parsing of tags, allowing these tags to pass through. Select browsers could then parse these tags, possibly allowing cross-site scripting attacks...

6.8CVSS6AI score0.45159EPSS
Exploits3References2
FreeBSD
FreeBSD
•added 2025/02/11 12:0 a.m.•41 views

vscode -- multiple vulnerabilities

VSCode developers report: The update addresses these issues, including a fix for a security vulnerability. Scope nodemodule binary resolution in js-debug Elevation of Privilege Vulnerability with VS Code server for web UI...

7.3CVSS7.2AI score0.00735EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2024/05/08 12:0 a.m.•41 views

Gitlab -- vulnerabilities

Gitlab reports: ReDoS in branch search when using wildcards ReDoS in markdown render pipeline Redos on Discord integrations Redos on Google Chat Integration Denial of Service Attack via Pin Menu DoS by filtering tags and branches via the API MR approval via CSRF in SAML SSO Banned user from group...

8.8CVSS7.3AI score0.33301EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/01/31 12:0 a.m.•41 views

electron{26,27,28} -- Use after free in Web Audio

Electron developers reports: This update fixes the following vulnerability: Security: backported fix for CVE-2024-0807...

8.8CVSS7.4AI score0.0048EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/12/12 12:0 a.m.•41 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 9 security fixes: 1501326 High CVE-2023-6702: Type Confusion in V8. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2023-11-10 1502102 High CVE-2023-6703: Use after free in Blink. Reported by Cassidy...

8.8CVSS7.7AI score0.4351EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/11/08 12:0 a.m.•41 views

electron{25,26} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-5849. Security: backported fix for CVE-2023-5482...

8.8CVSS7.5AI score0.07094EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2023/09/12 12:0 a.m.•41 views

graphics/webp heap buffer overflow

Google Chrome reports: Heap buffer overflow in WebP ... allowed a remote attacker to perform an out of bounds memory write...

8.8CVSS8.8AI score0.99735EPSS
Exploits9References1
FreeBSD
FreeBSD
•added 2023/07/18 12:0 a.m.•41 views

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 24 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

7.5CVSS7.6AI score0.01594EPSS
Exploits1References1
Total number of security vulnerabilities5000