Lucene search
K
FreebsdMost viewed

6583 matches found

FreeBSD
FreeBSD
•added 2013/05/07 12:0 a.m.•41 views

nginx -- multiple vulnerabilities

The nginx project reports: A stack-based buffer overflow might occur in a worker process process while handling a specially crafted request, potentially resulting in arbitrary code execution. CVE-2013-2028 A security problem related to CVE-2013-2028 was identified, affecting some previous nginx...

7.5CVSS7.4AI score0.87475EPSS
Exploits18References2
FreeBSD
FreeBSD
•added 2013/01/10 12:0 a.m.•41 views

java 7.x -- security manager bypass

US CERT reports: Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The Java JRE plug-in provides its own Security Manager. Typically, a web applet runs with a security manager...

10CVSS9.2AI score0.97612EPSS
Exploits38References2
FreeBSD
FreeBSD
•added 2012/07/26 12:0 a.m.•41 views

rubygem-actionpack -- Denial of Service

There is a DoS vulnerability in Action Pack digest authentication handling in authenticateorrequestwithhttpdigest...

5CVSS6.4AI score0.01905EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/06/12 12:0 a.m.•41 views

samba -- multiple vulnerabilities

The Samba project reports: These are security releases in order to address CVE-2013-4408 DCE-RPC fragment length field is incorrectly checked and CVE-2012-6150 pamwinbind login without requiremembershipof restrictions...

8.3CVSS8.3AI score0.0379EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2012/04/20 12:0 a.m.•41 views

wordpress -- multiple vulnerabilities

Wordpress reports: External code has been updated to non-vulnerable versions. In addition the following bugs have been fixed: Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances. Cross-site...

10CVSS6.8AI score0.0868EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2012/01/19 12:0 a.m.•41 views

fetchmail -- chosen plaintext attack against SSL CBC initialization vectors

Matthias Andree reports: Fetchmail version 6.3.9 enabled "all SSL workarounds" SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application fetchmail...

4.3CVSS7.3AI score0.73327EPSS
Exploits4
FreeBSD
FreeBSD
•added 2011/08/10 12:0 a.m.•41 views

isc-dhcp-server -- server halt upon processing certain packets

ISC reports: A pair of defects cause the server to halt upon processing certain packets. The patch is to properly discard or process those packets...

7.8CVSS6.4AI score0.38775EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/08/09 12:0 a.m.•41 views

roundcube -- XSS vulnerability

RoundCube development Team reports: We just published a new release which fixes a recently reported XSS vulnerability as an update to the stable 0.5 branch. Please update your installations with this new version or patch them with the fix which is also published in the downloads section or our...

4.3CVSS5.9AI score0.02453EPSS
Exploits1
FreeBSD
FreeBSD
•added 2011/07/25 12:0 a.m.•41 views

opensaml2 -- unauthenticated login

OpenSAML developer reports: The Shibboleth software relies on the OpenSAML libraries to perform verification of signed XML messages such as attribute queries or SAML assertions. Both the Java and C++ versions are vulnerable to a so-called "wrapping attack" that allows a remote, unauthenticated...

5.8CVSS4.7AI score0.02291EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2010/02/17 12:0 a.m.•41 views

mozilla -- multiple vulnerabilities

Mozilla Project reports: MFSA 2010-05 XSS hazard using SVG document and binary Content-Type MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain MFSA 2010-03 Use-after-free crash in HTML parser MFSA 2010-02 Web Worker Array Handling Heap Corruption Vulnerability MFSA 2010-01...

10CVSS9.3AI score0.06006EPSS
Exploits1References5
FreeBSD
FreeBSD
•added 2009/10/07 12:0 a.m.•41 views

virtualbox -- privilege escalation

Sun reports: A security vulnerability in the VBoxNetAdpCtl configuration tool for certain Sun VirtualBox 3.0 packages may allow local unprivileged users who are authorized to run VirtualBox to execute arbitrary commands with root privileges...

7.2CVSS6.6AI score0.00729EPSS
Exploits6References2
FreeBSD
FreeBSD
•added 2009/09/14 12:0 a.m.•41 views

nginx -- remote denial of service vulnerability

nginx development team reports: A segmentation fault might occur in worker process while specially crafted request handling...

7.5CVSS6.5AI score0.75079EPSS
Exploits3References2
FreeBSD
FreeBSD
•added 2009/08/07 12:0 a.m.•41 views

OpenLDAP -- incorrect handling of NULL in certificate Common Name

Jan Lieskovsky reports: OpenLDAP does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authori...

4.3CVSS6.2AI score0.03094EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/08/03 12:0 a.m.•41 views

libxml -- Stack consumption vulnerability

Stack consumption vulnerability allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD...

4.3CVSS5AI score0.03121EPSS
Exploits2
FreeBSD
FreeBSD
•added 2009/07/28 12:0 a.m.•41 views

apache22 -- several vulnerabilities

Apache ChangeLog reports: CVE-2009-1891: Fix a potential Denial-of-Service attack against moddeflate or other modules. CVE-2009-1195: Prevent the "Includes" Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it. CVE-2009-1890: Fix a potential...

7.5CVSS6.9AI score0.52988EPSS
Exploits13
FreeBSD
FreeBSD
•added 2009/07/14 12:0 a.m.•42 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.32.18 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system...

9.3CVSS6.7AI score0.11556EPSS
Exploits3References3
FreeBSD
FreeBSD
•added 2009/02/19 12:0 a.m.•41 views

pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability

Secunia reports: A vulnerability has been reported in Pngcrush, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to the use of vulnerable libpng code...

6.8CVSS2.7AI score0.04825EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2009/01/21 12:0 a.m.•41 views

moinmoin -- multiple cross site scripting vulnerabilities

Secunia reports: Some vulnerabilities have been reported in MoinMoin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to multiple parameters in action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited ...

4.3CVSS0.3AI score0.05435EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2008/04/01 12:0 a.m.•41 views

extman -- password bypass vulnerability

Extmail team reports: Emergency update 4 fixes a serious security vulnerability. Successful exploit of this vulnerability would allow attacker to change user's password without knowing it by using specifically crafted HTTP request...

0.1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2008/03/12 12:0 a.m.•42 views

awstats -- multiple XSS vulnerabilities

Secunia reports: Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary...

6.3AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2007/10/17 12:0 a.m.•41 views

drupal --- multiple vulnerabilities

The Drupal Project reports: In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of...

4.3CVSS7.2AI score0.01451EPSS
Exploits0References7
FreeBSD
FreeBSD
•added 2007/09/28 12:0 a.m.•41 views

nagios-plugins -- Long Location Header Buffer Overflow Vulnerability

A Secunia Advisory reports: The vulnerability is caused due to a boundary error within the redir function in checkhttp.c when processing HTTP Location: header information. This can be exploited to cause a buffer overflow by returning an overly long string in the "Location:" header to a vulnerable...

6.8CVSS6.4AI score0.08017EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2007/02/09 12:0 a.m.•41 views

php -- multiple vulnerabilities

Multiple vulnerabilities have been found in PHP, including: buffer overflows, stack overflows, format string, and information disclosure vulnerabilities. The session extension contained safemode and openbasedir bypasses, but the FreeBSD Security Officer does not consider these real security...

10CVSS6.7AI score0.11752EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2006/12/15 12:0 a.m.•41 views

lighttpd -- Remote DOS in CRLF parsing

Lighttpd SA: If the connection aborts during parsing "\r\n\r\n" the server might get into a infinite loop and use 100% of the CPU time. lighttpd still responses to other requests. This can be repeated until either the server limit for concurrent connections or file descriptors is reached. The bug...

5CVSS6.4AI score0.03377EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2006/12/06 12:0 a.m.•41 views

gtar -- name mangling symlink vulnerability

Problem Description: Symlinks created using the "GNUTYPENAMES" tar extension can be absolute due to lack of proper sanity checks. Impact: If an attacker can get a user to extract a specially crafted tar archive the attacker can overwrite arbitrary files with the permissions of the user running...

4CVSS7.4AI score0.11084EPSS
Exploits1
FreeBSD
FreeBSD
•added 2006/05/31 12:0 a.m.•41 views

ypserv -- Inoperative access controls in ypserv

Problem Description There are two documented methods of restricting access to NIS maps through ypserv8: through the use of the /var/yp/securenets file, and through the /etc/hosts.allow file. While both mechanisms are implemented in the server, a change in the build process caused the "securenets"...

6.4CVSS6.3AI score0.0152EPSS
Exploits0
FreeBSD
FreeBSD
•added 2005/06/10 12:0 a.m.•41 views

gaim -- Yahoo! remote crash vulnerability

Jacopo Ottaviani reports that Gaim can be crashed by being offered files with names containing non-ASCII characters via the Yahoo! protocol...

5CVSS6.5AI score0.02481EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/02/21 12:0 a.m.•41 views

phpmyadmin -- arbitrary file include and XSS vulnerabilities

A phpMyAdmin security announcement reports: We received two bug reports by Maksymilian Arciemowicz about those vulnerabilities and we wish to thank him for his work. The vulnerabilities apply to those points: css/phpmyadmin.css.php was vulnerable against $cfg and GLOBALS variable injections. This...

6.6AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2004/09/15 12:0 a.m.•41 views

apache -- ap_resolve_env buffer overflow

SITIC discovered a vulnerability in Apache 2's handling of environmental variable settings in the httpd configuration files the main httpd.conf' and .htaccess' files. According to a SITIC advisory: The buffer overflow occurs when expanding $ENVVAR constructs in .htaccess or httpd.conf files. The...

7.8CVSS6.8AI score0.01607EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/02/11 12:0 a.m.•40 views

vscode -- multiple vulnerabilities

VSCode developers report: The update addresses these issues, including a fix for a security vulnerability. Scope nodemodule binary resolution in js-debug Elevation of Privilege Vulnerability with VS Code server for web UI...

7.3CVSS7.2AI score0.00702EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2024/05/22 12:0 a.m.•40 views

Gitlab -- Vulnerabilities

Gitlab reports: 1-click account takeover via XSS in the code editor in gitlab.com A DOS vulnerability in the 'description' field of the runner CSRF via K8s cluster-integration Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipelineid did not match Redos o...

8.8CVSS6AI score0.72648EPSS
Exploits18References1
FreeBSD
FreeBSD
•added 2024/03/13 12:0 a.m.•40 views

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.13 Changelog SECURITY - high SQL Injection in through the search engine CVE-2024-27096 SECURITY - moderate Blind SSRF using Arbitrary Object Instantiation CVE-2024-27098 SECURITY - moderate Stored XSS in dashboards CVE-2024-27104 SECURITY - moderate Reflected XSS in...

9.6CVSS7.6AI score0.58818EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2024/01/11 12:0 a.m.•42 views

Gitlab -- vulnerabilities

Gitlab reports: Account Takeover via Password Reset without user interactions Attacker can abuse Slack/Mattermost integrations to execute slash commands as another user Bypass CODEOWNERS approval removal Workspaces able to be created under different root namespace Commit signature validation...

10CVSS7.1AI score0.94955EPSS
Exploits16References1
FreeBSD
FreeBSD
•added 2023/11/08 12:0 a.m.•40 views

electron{25,26} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-5849. Security: backported fix for CVE-2023-5482...

8.8CVSS7.5AI score0.07094EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2023/09/30 12:0 a.m.•40 views

curl -- SOCKS5 heap buffer overflow

The curl team reports: This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255...

9.8CVSS7AI score0.78483EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2023/09/12 12:0 a.m.•40 views

graphics/webp heap buffer overflow

Google Chrome reports: Heap buffer overflow in WebP ... allowed a remote attacker to perform an out of bounds memory write...

8.8CVSS8.8AI score0.99735EPSS
Exploits9References1
FreeBSD
FreeBSD
•added 2023/09/06 12:0 a.m.•40 views

go -- multiple vulnerabilities

The Go project reports: cmd/go: go.mod toolchain directive allows arbitrary execution The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to...

9.8CVSS6.9AI score0.01424EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/09/05 12:0 a.m.•40 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 4 security fixes: 1476403 High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28 1473247 High CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI on 2023-08-16 1469928 High CVE-2023-4763: Use after...

8.8CVSS7.4AI score0.37987EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2023/07/19 12:0 a.m.•40 views

samba -- multiple vulnerabilities

The Samba Team reports: CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion DoS Vulnerability When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where keys are character strings and values can be any of the supported types in the...

7.5CVSS6.3AI score0.62606EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2023/05/03 12:0 a.m.•40 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 15 security fixes: 1423304 Medium CVE-2023-2459: Inappropriate implementation in Prompts. Reported by Rong Jian of VRI on 2023-03-10 1419732 Medium CVE-2023-2460: Insufficient validation of untrusted input in Extensions. Reported by Martin Bajanik,...

8.8CVSS7.4AI score0.00968EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/03/28 12:0 a.m.•40 views

rubygem-uri -- ReDoS vulnerability

Dominic Couture reports: A ReDoS issue was discovered in the URI component. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects...

5.3CVSS7.7AI score0.02637EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/01/10 12:0 a.m.•40 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 17 security fixes, including: 1353208 High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16 1382033 High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07 1370028 Medium...

8.8CVSS8.1AI score0.007EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/08/02 12:0 a.m.•40 views

rsync -- client-side arbitrary file write vulnerability

Openwall oss-security reports: We have discovered a critical arbitrary file write vulnerability in the rsync utility that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. Due to...

7.4CVSS3.1AI score0.01659EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2022/03/31 12:0 a.m.•40 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Static passwords inadvertently set during OmniAuth-based registration Stored XSS in notes Stored XSS on Multi-word milestone reference Denial of service caused by a specially crafted RDoc file GitLab Pages access tokens can be reused on multiple domains GitLab Pages uses default...

9.8CVSS2.5AI score0.87369EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2022/03/11 12:0 a.m.•40 views

kafka -- Denial Of Service vulnerability

NIST reports: jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...

7.5CVSS8.7AI score0.0486EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/12/09 12:0 a.m.•40 views

Grafana -- Directory Traversal

GitHub Security Labs reports: A vulnerability through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrar...

4.3CVSS2.3AI score0.01773EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/12/09 12:0 a.m.•40 views

Grafana -- Directory Traversal

GitHub Security Labs reports: A vulnerability through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrar...

4.3CVSS2.5AI score0.57991EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/10/06 12:0 a.m.•40 views

jenkins -- Jenkins core bundles vulnerable version of the commons-httpclient library

Jenkins Security Advisory: Description Medium SECURITY-2475 / CVE-2014-3577 Jenkins core bundles vulnerable version of the commons-httpclient library...

5.8CVSS7.7AI score0.09149EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/08/12 12:0 a.m.•40 views

PostgreSQL server -- Memory disclosure in certain queries

The PostgreSQL Project reports: A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

6.5CVSS2.7AI score0.0142EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/07/07 12:0 a.m.•40 views

fetchmail -- 6.4.19 and older denial of service or information disclosure

Matthias Andree reports: When a log message exceeds c. 2 kByte in size, for instance, with very long header contents, and depending on verbosity option, fetchmail can crash or misreport each first log message that requires a buffer reallocation...

7.5CVSS1.7AI score0.0256EPSS
Exploits0References1
Total number of security vulnerabilities5000