Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2015/06/21 12:0 a.m.•41 views

libav -- divide by zero

Agostino Sarubbo reports: libav: divide-by-zero in ffh263decodemba...

6.5CVSS6.9AI score0.01978EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/02/26 12:0 a.m.•41 views

rt -- Remote DoS, Information disclosure and Session Hijackingvulnerabilities

Best Practical reports: RT 3.0.0 and above, if running on Perl 5.14.0 or higher, are vulnerable to a remote denial-of-service via the email gateway; any installation which accepts mail from untrusted sources is vulnerable, regardless of the permissions configuration inside RT. This...

7.1CVSS8.3AI score0.02825EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/13 12:0 a.m.•41 views

django -- multiple vulnerabilities

The Django project reports: Today the Django team is issuing multiple releases -- Django 1.4.18, Django 1.6.10, and Django 1.7.3 -- as part of our security process. These releases are now available on PyPI and our download page. These releases address several security issues. We encourage all use...

6.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/12 12:0 a.m.•41 views

asterisk -- Mitigation for libcURL HTTP request injection vulnerability

The Asterisk project reports: CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its funccurl.so module the CURL dialplan function, as well as its resconfigcurl.so cURL realtime backend modules. Since Asterisk may be configured to allow for...

4.3CVSS9.1AI score0.0681EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/12/10 12:0 a.m.•41 views

jasper -- multiple vulnerabilities

oCERT reports: The library is affected by a double-free vulnerability in function jasiccattrvaldestroy as well as a heap-based buffer overflow in function jp2decode. A specially crafted jp2 file can be used to trigger the vulnerabilities. oCERT reports: The library is affected by an off-by-one...

7.5CVSS7.7AI score0.18501EPSS
Exploits0References9
FreeBSD
FreeBSD
•added 2014/10/14 12:0 a.m.•41 views

libvpx -- out-of-bounds write

The Mozilla Project reports: Using the Address Sanitizer tool, security researcher Abhishek Arya Inferno of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash...

7.5CVSS9.2AI score0.03944EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2014/06/25 12:0 a.m.•41 views

ansible -- remote code execution vulnerability

Ansible, Inc. reports: Incomplete Fix Remote Code Execution Vulnerability - Fixed in Ansible 1.6.4...

9.8CVSS9.5AI score0.05197EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2014/06/10 12:0 a.m.•41 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 4 security fixes in this release, including: 369525 High CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne. 369539 High CVE-2014-3155: Out-if-bounds read in SPDY. Credit to James March, Daniel Sommermann and Alan Frindell of Facebook. 369621...

7.5CVSS2.2AI score0.01745EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/12/20 12:0 a.m.•41 views

OpenX -- SQL injection vulnerability

Revive reports: An SQL-injection vulnerability was recently discovered and reported to the Revive Adserver team by Florian Sander. The vulnerability is known to be already exploited to gain unauthorised access to the application using brute force mechanisms, however other kind of attacks might be...

7.5CVSS6.7AI score0.02011EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2013/12/16 12:0 a.m.•41 views

asterisk -- multiple vulnerabilities

The Asterisk project reports: A 16 bit SMS message that contains an odd message length value will cause the message decoding loop to run forever. The message buffer is not on the stack but will be overflowed resulting in corrupted memory and an immediate crash. External control protocols, such as...

5CVSS7.3AI score0.14715EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2013/07/05 12:0 a.m.•41 views

puppet -- multiple vulnerabilities

Puppet Labs reports: By using the resourcetype service, an attacker could cause puppet to load arbitrary Ruby files from the puppet master node's file system. While this behavior is not enabled by default, auth.conf settings could be modified to allow it. The exploit requires local file system...

5.1CVSS6.4AI score0.01643EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2013/05/07 12:0 a.m.•41 views

nginx -- multiple vulnerabilities

The nginx project reports: A stack-based buffer overflow might occur in a worker process process while handling a specially crafted request, potentially resulting in arbitrary code execution. CVE-2013-2028 A security problem related to CVE-2013-2028 was identified, affecting some previous nginx...

7.5CVSS7.4AI score0.87475EPSS
Exploits18References2
FreeBSD
FreeBSD
•added 2013/01/10 12:0 a.m.•41 views

java 7.x -- security manager bypass

US CERT reports: Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The Java JRE plug-in provides its own Security Manager. Typically, a web applet runs with a security manager...

10CVSS9.2AI score0.97612EPSS
Exploits38References2
FreeBSD
FreeBSD
•added 2012/07/26 12:0 a.m.•41 views

rubygem-actionpack -- Denial of Service

There is a DoS vulnerability in Action Pack digest authentication handling in authenticateorrequestwithhttpdigest...

5CVSS6.4AI score0.01905EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/04/20 12:0 a.m.•41 views

wordpress -- multiple vulnerabilities

Wordpress reports: External code has been updated to non-vulnerable versions. In addition the following bugs have been fixed: Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances. Cross-site...

10CVSS6.8AI score0.0868EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2011/08/10 12:0 a.m.•41 views

isc-dhcp-server -- server halt upon processing certain packets

ISC reports: A pair of defects cause the server to halt upon processing certain packets. The patch is to properly discard or process those packets...

7.8CVSS6.4AI score0.38775EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/08/09 12:0 a.m.•41 views

roundcube -- XSS vulnerability

RoundCube development Team reports: We just published a new release which fixes a recently reported XSS vulnerability as an update to the stable 0.5 branch. Please update your installations with this new version or patch them with the fix which is also published in the downloads section or our...

4.3CVSS5.9AI score0.02453EPSS
Exploits1
FreeBSD
FreeBSD
•added 2011/07/25 12:0 a.m.•41 views

opensaml2 -- unauthenticated login

OpenSAML developer reports: The Shibboleth software relies on the OpenSAML libraries to perform verification of signed XML messages such as attribute queries or SAML assertions. Both the Java and C++ versions are vulnerable to a so-called "wrapping attack" that allows a remote, unauthenticated...

5.8CVSS4.7AI score0.02291EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2010/02/17 12:0 a.m.•41 views

mozilla -- multiple vulnerabilities

Mozilla Project reports: MFSA 2010-05 XSS hazard using SVG document and binary Content-Type MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain MFSA 2010-03 Use-after-free crash in HTML parser MFSA 2010-02 Web Worker Array Handling Heap Corruption Vulnerability MFSA 2010-01...

10CVSS9.3AI score0.06006EPSS
Exploits1References5
FreeBSD
FreeBSD
•added 2009/10/07 12:0 a.m.•41 views

virtualbox -- privilege escalation

Sun reports: A security vulnerability in the VBoxNetAdpCtl configuration tool for certain Sun VirtualBox 3.0 packages may allow local unprivileged users who are authorized to run VirtualBox to execute arbitrary commands with root privileges...

7.2CVSS6.6AI score0.00729EPSS
Exploits6References2
FreeBSD
FreeBSD
•added 2009/09/14 12:0 a.m.•41 views

nginx -- remote denial of service vulnerability

nginx development team reports: A segmentation fault might occur in worker process while specially crafted request handling...

7.5CVSS6.5AI score0.75079EPSS
Exploits3References2
FreeBSD
FreeBSD
•added 2009/08/07 12:0 a.m.•41 views

OpenLDAP -- incorrect handling of NULL in certificate Common Name

Jan Lieskovsky reports: OpenLDAP does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authori...

4.3CVSS6.2AI score0.03094EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/08/03 12:0 a.m.•41 views

libxml -- Stack consumption vulnerability

Stack consumption vulnerability allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD...

4.3CVSS5AI score0.03121EPSS
Exploits2
FreeBSD
FreeBSD
•added 2009/07/28 12:0 a.m.•41 views

apache22 -- several vulnerabilities

Apache ChangeLog reports: CVE-2009-1891: Fix a potential Denial-of-Service attack against moddeflate or other modules. CVE-2009-1195: Prevent the "Includes" Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it. CVE-2009-1890: Fix a potential...

7.5CVSS6.9AI score0.52988EPSS
Exploits13
FreeBSD
FreeBSD
•added 2009/07/14 12:0 a.m.•42 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.32.18 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system...

9.3CVSS6.7AI score0.11556EPSS
Exploits3References3
FreeBSD
FreeBSD
•added 2009/02/19 12:0 a.m.•41 views

pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability

Secunia reports: A vulnerability has been reported in Pngcrush, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to the use of vulnerable libpng code...

6.8CVSS2.7AI score0.04825EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2009/01/21 12:0 a.m.•41 views

moinmoin -- multiple cross site scripting vulnerabilities

Secunia reports: Some vulnerabilities have been reported in MoinMoin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to multiple parameters in action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited ...

4.3CVSS0.3AI score0.05435EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2008/04/01 12:0 a.m.•41 views

extman -- password bypass vulnerability

Extmail team reports: Emergency update 4 fixes a serious security vulnerability. Successful exploit of this vulnerability would allow attacker to change user's password without knowing it by using specifically crafted HTTP request...

0.1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2008/03/12 12:0 a.m.•42 views

awstats -- multiple XSS vulnerabilities

Secunia reports: Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary...

6.3AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2007/09/28 12:0 a.m.•41 views

nagios-plugins -- Long Location Header Buffer Overflow Vulnerability

A Secunia Advisory reports: The vulnerability is caused due to a boundary error within the redir function in checkhttp.c when processing HTTP Location: header information. This can be exploited to cause a buffer overflow by returning an overly long string in the "Location:" header to a vulnerable...

6.8CVSS6.4AI score0.08017EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2007/02/09 12:0 a.m.•41 views

php -- multiple vulnerabilities

Multiple vulnerabilities have been found in PHP, including: buffer overflows, stack overflows, format string, and information disclosure vulnerabilities. The session extension contained safemode and openbasedir bypasses, but the FreeBSD Security Officer does not consider these real security...

10CVSS6.7AI score0.11752EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2006/12/15 12:0 a.m.•41 views

lighttpd -- Remote DOS in CRLF parsing

Lighttpd SA: If the connection aborts during parsing "\r\n\r\n" the server might get into a infinite loop and use 100% of the CPU time. lighttpd still responses to other requests. This can be repeated until either the server limit for concurrent connections or file descriptors is reached. The bug...

5CVSS6.4AI score0.03377EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2006/12/06 12:0 a.m.•41 views

gtar -- name mangling symlink vulnerability

Problem Description: Symlinks created using the "GNUTYPENAMES" tar extension can be absolute due to lack of proper sanity checks. Impact: If an attacker can get a user to extract a specially crafted tar archive the attacker can overwrite arbitrary files with the permissions of the user running...

4CVSS7.4AI score0.11084EPSS
Exploits1
FreeBSD
FreeBSD
•added 2006/05/31 12:0 a.m.•41 views

ypserv -- Inoperative access controls in ypserv

Problem Description There are two documented methods of restricting access to NIS maps through ypserv8: through the use of the /var/yp/securenets file, and through the /etc/hosts.allow file. While both mechanisms are implemented in the server, a change in the build process caused the "securenets"...

6.4CVSS6.3AI score0.0152EPSS
Exploits0
FreeBSD
FreeBSD
•added 2005/06/10 12:0 a.m.•41 views

gaim -- Yahoo! remote crash vulnerability

Jacopo Ottaviani reports that Gaim can be crashed by being offered files with names containing non-ASCII characters via the Yahoo! protocol...

5CVSS6.5AI score0.02481EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/02/21 12:0 a.m.•41 views

phpmyadmin -- arbitrary file include and XSS vulnerabilities

A phpMyAdmin security announcement reports: We received two bug reports by Maksymilian Arciemowicz about those vulnerabilities and we wish to thank him for his work. The vulnerabilities apply to those points: css/phpmyadmin.css.php was vulnerable against $cfg and GLOBALS variable injections. This...

6.6AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2004/11/06 12:0 a.m.•41 views

Cyrus IMAPd -- IMAPMAGICPLUS preauthentification overflow

When the option imapmagicplus is activated on a server the PROXY and LOGIN commands suffer a standard stack overflow, because the username is not checked against a maximum length when it is copied into a temporary stack buffer. This bug is especially dangerous because it can be triggered before a...

10CVSS6.5AI score0.05843EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/09/15 12:0 a.m.•41 views

apache -- ap_resolve_env buffer overflow

SITIC discovered a vulnerability in Apache 2's handling of environmental variable settings in the httpd configuration files the main httpd.conf' and .htaccess' files. According to a SITIC advisory: The buffer overflow occurs when expanding $ENVVAR constructs in .htaccess or httpd.conf files. The...

7.8CVSS6.8AI score0.01607EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/05/22 12:0 a.m.•40 views

Gitlab -- Vulnerabilities

Gitlab reports: 1-click account takeover via XSS in the code editor in gitlab.com A DOS vulnerability in the 'description' field of the runner CSRF via K8s cluster-integration Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipelineid did not match Redos o...

8.8CVSS6AI score0.72648EPSS
Exploits18References1
FreeBSD
FreeBSD
•added 2024/03/13 12:0 a.m.•40 views

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.13 Changelog SECURITY - high SQL Injection in through the search engine CVE-2024-27096 SECURITY - moderate Blind SSRF using Arbitrary Object Instantiation CVE-2024-27098 SECURITY - moderate Stored XSS in dashboards CVE-2024-27104 SECURITY - moderate Reflected XSS in...

9.6CVSS7.6AI score0.58818EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2024/01/11 12:0 a.m.•42 views

Gitlab -- vulnerabilities

Gitlab reports: Account Takeover via Password Reset without user interactions Attacker can abuse Slack/Mattermost integrations to execute slash commands as another user Bypass CODEOWNERS approval removal Workspaces able to be created under different root namespace Commit signature validation...

10CVSS7.1AI score0.94955EPSS
Exploits16References1
FreeBSD
FreeBSD
•added 2023/11/13 12:0 a.m.•40 views

MariaDB -- Denial-of-Service vulnerability

The MariaDB project reports: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete...

4.9CVSS6.4AI score0.01782EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2023/11/09 12:0 a.m.•40 views

postgresql-server -- Memory disclosure in aggregate function calls

PostgreSQL Project reports: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have...

4.3CVSS7AI score0.02775EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/09/30 12:0 a.m.•40 views

curl -- SOCKS5 heap buffer overflow

The curl team reports: This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255...

9.8CVSS7AI score0.78483EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2023/09/06 12:0 a.m.•40 views

go -- multiple vulnerabilities

The Go project reports: cmd/go: go.mod toolchain directive allows arbitrary execution The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to...

9.8CVSS6.9AI score0.01424EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/09/05 12:0 a.m.•40 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 4 security fixes: 1476403 High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28 1473247 High CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI on 2023-08-16 1469928 High CVE-2023-4763: Use after...

8.8CVSS7.4AI score0.37987EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2023/07/19 12:0 a.m.•40 views

samba -- multiple vulnerabilities

The Samba Team reports: CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion DoS Vulnerability When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where keys are character strings and values can be any of the supported types in the...

7.5CVSS6.3AI score0.62606EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2023/05/03 12:0 a.m.•40 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 15 security fixes: 1423304 Medium CVE-2023-2459: Inappropriate implementation in Prompts. Reported by Rong Jian of VRI on 2023-03-10 1419732 Medium CVE-2023-2460: Insufficient validation of untrusted input in Extensions. Reported by Martin Bajanik,...

8.8CVSS7.4AI score0.00968EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/03/28 12:0 a.m.•40 views

rubygem-uri -- ReDoS vulnerability

Dominic Couture reports: A ReDoS issue was discovered in the URI component. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects...

5.3CVSS7.7AI score0.02637EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/02/10 12:0 a.m.•40 views

GnuTLS -- timing sidechannel in RSA decryption

The GnuTLS project reports: A vulnerability was found that the response times to malformed RSA ciphertexts in ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Only TLS ciphertext processing is affected...

7.4CVSS7.6AI score0.01403EPSS
Exploits1References1
Total number of security vulnerabilities5000