Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2016/01/08 12:0 a.m.•40 views

prosody -- multiple vulnerabilities

The Prosody Team reports: Fix path traversal vulnerability in modhttpfiles CVE-2016-1231 Fix use of weak PRNG in generation of dialback secrets CVE-2016-1232...

7.5CVSS6.4AI score0.02867EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/12/22 12:0 a.m.•40 views

Bugzilla security issues

Bugzilla Security Advisory During the generation of a dependency graph, the code for the HTML image map is generated locally if a local dot installation is used. With escaped HTML characters in a bug summary, it is possible to inject unfiltered HTML code in the map file which the CreateImagemap...

4.7CVSS5.9AI score0.01906EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2015/12/22 12:0 a.m.•40 views

NSS -- MD5 downgrade in TLS 1.2 signatures

The Mozilla Project reports: Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services NSS where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the acceptin...

5.9CVSS6.9AI score0.0288EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/12/18 12:0 a.m.•40 views

mediawiki -- multiple vulnerabilities

MediaWiki reports: T117899 SECURITY: $wgArticlePath can no longer be set to relative paths that do not begin with a slash. This enabled trivial XSS attacks. Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now...

9.8CVSS7AI score0.01888EPSS
Exploits0References8
FreeBSD
FreeBSD
•added 2015/12/15 12:0 a.m.•40 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-134 Miscellaneous memory safety hazards rv:43.0 / rv:38.5 MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation MFSA 2015-137 Firefox allows...

10CVSS9.1AI score0.06058EPSS
Exploits1References16
FreeBSD
FreeBSD
•added 2015/10/20 12:0 a.m.•40 views

java -- multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 25 new security fixes for Oracle Java SE. 24 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password...

10CVSS6.7AI score0.13354EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/16 12:0 a.m.•40 views

flash -- remote code execution

Adobe reports: These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2015-7645, CVE-2015-7647, CVE-2015-7648...

10CVSS9AI score0.68396EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/07/16 12:0 a.m.•40 views

elasticsearch -- directory traversal attack via snapshot API

Elastic reports: Vulnerability Summary: Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack. Remediation Summary: Users should upgrade to 1.6.1 or later, or constrain access to the snapshot API to trusted sources...

5CVSS9.1AI score0.9175EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2015/07/07 12:0 a.m.•40 views

Adobe Flash Player -- critical vulnerabilities

Adobe reports: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published...

10CVSS6.6AI score0.99344EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2015/06/05 12:0 a.m.•40 views

rubygem-paperclip -- validation bypass vulnerability

Jon Yurek reports: Thanks to MORI Shingo of DeNA Co., Ltd. for reporting this. There is an issue where if an HTML file is uploaded with a .html extension, but the content type is listed as being image/jpeg, this will bypass a validation checking for images. But it will also pass the spoof check,...

4.3CVSS9.1AI score0.02121EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2015/05/18 12:0 a.m.•40 views

avidemux26 -- multiple vulnerabilities in bundled FFmpeg

The Mageia project reports: Avidemux is built with a bundled set of FFmpeg libraries. The bundled FFmpeg version has been updated from 1.2.10 to 1.2.12 to fix these security issues and other bugs fixed upstream in FFmpeg...

7.5CVSS7.7AI score0.02568EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/04/14 12:0 a.m.•40 views

libxml2 -- Enforce the reader to run in constant memory

Daniel Veilland reports: Enforce the reader to run in constant memory. One of the operation on the reader could resolve entities leading to the classic expansion issue. Make sure the buffer used for xmlreader operation is bounded. Introduce a new allocation type for the buffers for this effect...

5CVSS9.2AI score0.0634EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/03/05 12:0 a.m.•40 views

xen-kernel -- Information leak through version information hypercall

The Xen Project reports: The code handling certain sub-operations of the HYPERVISORxenversion hypercall fails to fully initialize all fields of structures subsequently copied back to guest memory. Due to this hypervisor stack contents are copied into the destination of the operation, thus becomin...

2.1CVSS6.8AI score0.00466EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/12/09 12:0 a.m.•40 views

GNU binutils -- multiple vulnerabilities

US-CERT/NIST reports: The bfdXXiswapaouthdrin function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service out-of-bounds write and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE...

7.5CVSS9.3AI score0.06202EPSS
Exploits3References3
FreeBSD
FreeBSD
•added 2014/11/26 12:0 a.m.•40 views

mutt -- denial of service via crafted mail message

NVD reports: The writeoneheader function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service crash via a header with an empty body, which triggers a heap-based buffer overflow in the muttsubstrdup...

5CVSS9.2AI score0.09694EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2014/06/10 12:0 a.m.•40 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2014-48 Miscellaneous memory safety hazards rv:30.0 / rv:24.6 MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer MFSA 2014-51 Use-after-free in Event Listener Manager MFSA 2014-52 Use-after-free with SMIL Animation Controller MFSA...

10CVSS10AI score0.06381EPSS
Exploits0References7
FreeBSD
FreeBSD
•added 2014/04/21 12:0 a.m.•40 views

django -- multiple vulnerabilities

The Django project reports: These releases address an unexpected code-execution issue, a caching issue which can expose CSRF tokens and a MySQL typecasting issue. While these issues present limited risk and may not affect all Django users, we encourage all users to evaluate their own risk and...

6.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2014/02/15 12:0 a.m.•40 views

phpMyAdmin -- Self-XSS due to unescaped HTML output in import.

The phpMyAdmin development team reports: When importing a file with crafted filename, it is possible to trigger an XSS. We consider this vulnerability to be non critical...

3.5CVSS6.4AI score0.00967EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2014/01/25 12:0 a.m.•40 views

mumble -- NULL pointer dereference and heap-based buffer overflow

Mumble reports: A malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access. A malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow...

6.5AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2014/01/06 12:0 a.m.•40 views

openssl -- multiple vulnerabilities

OpenSSL development team reports: Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f 6 Jan 2014: Fix for TLS record tampering bug CVE-2013-4353 Fix for TLS version checking bug CVE-2013-6449 Fix for DTLS retransmission bug CVE-2013-6450...

5.8CVSS8AI score0.21174EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/12/20 12:0 a.m.•40 views

file -- out-of-bounds access in search rules with offsets from input file

Aaron Reffett reports: softmagic.c in file ... and libmagic allows context-dependent attackers to cause a denial of service out-of-bounds memory access and crash via crafted offsets in the softmagic of a PE executable...

4.3CVSS7.3AI score0.04318EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/12/04 12:0 a.m.•40 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 15 security fixes in this release, including: 307159 Medium CVE-2013-6634: Session fixation in sync related to 302 redirects. Credit to Andrey Labunets. 314469 High CVE-2013-6635: Use-after-free in editing. Credit to cloudfuzzer. 322959 Medium CVE-2013-6636: Addres...

7.5CVSS3.3AI score0.01949EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/11/28 12:0 a.m.•40 views

lighttpd -- multiple vulnerabilities

lighttpd security advisories report: It is possible to inadvertantly enable vulnerable ciphers when using ssl.cipher-list. In certain cases setuid and similar can fail, potentially triggering lighttpd to restart running as root. If FAMMonitorDirectory fails, the memory intended to store the conte...

7.6CVSS7.6AI score0.10721EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2013/10/15 12:0 a.m.•40 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 5 security fixes in this release, including: 292422 High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of OUSPG. 294456 High CVE-2013-2926: Use after free in editing. Credit to cloudfuzzer. 297478 High CVE-2013-2927: Use after free in forms. Credit ...

7.5CVSS1.4AI score0.01647EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/08/20 12:0 a.m.•40 views

gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav

Bundled version of libav in gstreamer-ffmpeg contains a number of vulnerabilities...

10CVSS9.3AI score0.06597EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2013/07/30 12:0 a.m.•40 views

typo3 -- Multiple vulnerabilities in TYPO3 Core

Typo Security Team reports: It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting and Remote Code Execution. TYPO3 bundles flash files for video and audio playback. Old versions of FlowPlayer and flashmedia are susceptible to Cross-Site Scripting. No authentication is...

9.3AI score
Exploits0
FreeBSD
FreeBSD
•added 2013/02/21 12:0 a.m.•40 views

django -- multiple vulnerabilities

The Django Project reports: These security releases fix four issues: one potential phishing vector, one denial-of-service vector, an information leakage issue, and a range of XML vulnerabilities. Host header poisoning an attacker could cause Django to generate and display URLs that link to...

5CVSS9.2AI score0.04863EPSS
Exploits1
FreeBSD
FreeBSD
•added 2012/09/25 12:0 a.m.•40 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 143439 High CVE-2012-2889: UXSS in frame handling. Credit to Sergey Glazunov. 143437 High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey Glazunov. 139814 High CVE-2012-2881: DOM tree corruption with plug-ins. Credit to Chamal de Silva. 135432 High...

7.5CVSS1.1AI score0.01628EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/07/11 12:0 a.m.•40 views

www/chromium -- multiple vulnerabilities

Google Chrome Releases reports: 129898 High CVE-2012-2842: Use-after-free in counter handling. Credit to miaubiz. 130595 High CVE-2012-2843: Use-after-free in layout height tracking. Credit to miaubiz. 133450 High CVE-2012-2844: Bad object access with JavaScript in PDF. Credit to Alexey Samsonov ...

9.3CVSS1.5AI score0.02027EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/06/14 12:0 a.m.•40 views

php5-sqlite -- open_basedir bypass

MITRE CVE team reports: The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

5CVSS6.6AI score0.02978EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/03/08 12:0 a.m.•40 views

chromium -- cross-site scripting vulnerability

Google Chrome Releases reports: 117226 117230 Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov...

10CVSS1.2AI score0.04871EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/02/02 12:0 a.m.•40 views

php -- arbitrary remote code execution vulnerability

Secunia reports: A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a logic error within the "phpregistervariableex" function phpvariables.c when hashing form posts and updating a hash table,...

7.5CVSS7.1AI score0.3014EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2011/12/07 12:0 a.m.•40 views

acroread9 -- Multiple Vulnerabilities

The Adobe Security Team reports: An unspecified vulnerability in the U3D component allows remote attackers to execute arbitrary code or cause a denial of service attack via unknown vectors. A heap-based buffer overflow allows attackers to execute arbitrary code via unspecified vectors...

10CVSS9.6AI score0.86238EPSS
Exploits23References2
FreeBSD
FreeBSD
•added 2011/07/27 12:0 a.m.•40 views

Samba -- cross site scripting and request forgery vulnerabilities

Samba security advisory reports: All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool SWAT. By tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate...

6.8CVSS5.7AI score0.10046EPSS
Exploits6
FreeBSD
FreeBSD
•added 2011/03/20 12:0 a.m.•40 views

php -- crash on crafted tag in exif

US-CERT/NIST reports: exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service application crash via an image with a crafted Image File Directory IFD that triggers a buffer over-read...

4.3CVSS4.9AI score0.09862EPSS
Exploits1
FreeBSD
FreeBSD
•added 2011/01/20 12:0 a.m.•40 views

linux-flashplugin -- remote code execution vulnerability

Adobe Product Security Incident Response Team reports: A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions Adobe Flash Player 10.2.154.25 and earlier for Chrome users for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for...

9.3CVSS4.9AI score0.9941EPSS
Exploits14References1
FreeBSD
FreeBSD
•added 2010/10/27 12:0 a.m.•40 views

mozilla -- Heap buffer overflow mixing document.write and DOM insertion

The Mozilla Project reports: MFSA 2010-73 Heap buffer overflow mixing document.write and DOM insertion...

9.8CVSS9.9AI score0.83279EPSS
Exploits14References1
FreeBSD
FreeBSD
•added 2010/10/19 12:0 a.m.•40 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Fixed in 15.0.874.121: 103259 High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler. Fixed in 15.0.874.120: 100465 High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. 100492 100543 Medium CVE-2011-3893: Out of bounds...

10CVSS0.09754EPSS
Exploits32References1
FreeBSD
FreeBSD
•added 2010/10/01 12:0 a.m.•40 views

Webkit-gtk2 -- Multiple Vulnabilities

Gustavo Noronha Silva reports: The patches to fix the following CVEs are included with help from Vincent Danen and other members of the Red Hat security team:...

10CVSS8.7AI score0.61319EPSS
Exploits14References1
FreeBSD
FreeBSD
•added 2010/06/24 12:0 a.m.•40 views

bugzilla -- information disclosure

A Bugzilla Security Advisory reports: Normally, information about time-tracking estimated hours, actual hours, hours worked, and deadlines is restricted to users in the "time-tracking group". However, any user was able, by crafting their own search URL, to search for bugs based using those fields...

6.4AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2010/05/18 12:0 a.m.•40 views

tinyproxy -- ACL lists ineffective when range is configured

When including a line to allow a network of IP addresses, the access to tinyproxy 56 is actually allowed for all IP addresses...

2.6CVSS2.9AI score0.01755EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2010/02/12 12:0 a.m.•40 views

squid -- Denial of Service vulnerability in HTCP

Squid security advisory 2010:2 reports: Due to incorrect processing Squid is vulnerable to a denial of service attack when receiving specially crafted HTCP packets. This problem allows any machine to perform a denial of service attack on the Squid service when its HTCP port is open...

5CVSS6.3AI score0.30558EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2010/01/10 12:0 a.m.•40 views

Wireshark -- Multiple vulnerabilities

Wireshark reports: Laurent Butti discovered that Wireshark failed to properly check record sizes for many packet capture file formats Wireshark could dereference a NULL pointer and crash. The RLC dissector could overflow a buffer...

4.3CVSS6.6AI score0.06597EPSS
Exploits3References11
FreeBSD
FreeBSD
•added 2009/11/25 12:0 a.m.•40 views

libtool -- Library Search Path Privilege Escalation Issue

Secunia.com Do not attempt to load an unqualified module.la file from the current directory by default since doing so is insecure and is not compliant with the documentation...

6.9CVSS7.4AI score0.00394EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2009/07/15 12:0 a.m.•40 views

mono -- XML signature HMAC truncation spoofing

Secunia reports: A security issue has been reported in Mono, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to an error when processing certain XML signatures...

5CVSS1.6AI score0.06348EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2009/02/15 12:0 a.m.•40 views

libxine -- multiple vulnerabilities

Multiple vulnerabilities were fixed in libxine 1.1.16.2. Tobias Klein reports: FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a remote attacker to execute arbitrary code in the context of FFmpeg or an application using...

9.3CVSS6.2AI score0.05748EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2009/02/04 12:0 a.m.•40 views

firefox -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2009-06: Directives to not cache pages ignored MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies MFSA 2009-04: Chrome privilege escalation via local .desktop files MFSA 2009-03: Local file stealing with SessionStore MFSA 2009-02: XSS using a chrome XBL...

10CVSS1.9AI score0.04331EPSS
Exploits0References7
FreeBSD
FreeBSD
•added 2008/11/18 12:0 a.m.•40 views

dovecot-managesieve -- Script Name Directory Traversal Vulnerability

Secunia reports: The security issue is caused due to an input validation error when processing script names. This can be exploited to read or modify arbitrary files having ".sieve" extensions via directory traversal attacks, with the privileges of the attacker's user id...

6.4CVSS6.4AI score0.01829EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2008/10/01 12:0 a.m.•40 views

FreeBSD -- IPv6 Neighbor Discovery Protocol routing vulnerability

Problem Description IPv6 routers may allow "on-link" IPv6 nodes to create and update the router's neighbor cache and forwarding information. A malicious IPv6 node sharing a common router but on a different physical segment from another node may be able to spoof Neighbor Discovery messages, allowi...

9.3CVSS5.9AI score0.07425EPSS
Exploits0
FreeBSD
FreeBSD
•added 2008/06/16 12:0 a.m.•40 views

vim -- Vim Shell Command Injection Vulnerabilities

Rdancer.org reports: Improper quoting in some parts of Vim written in the Vim Script can lead to arbitrary code execution upon opening a crafted file...

9.3CVSS6AI score0.15044EPSS
Exploits0References1
Total number of security vulnerabilities5000