Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2016/09/14 12:0 a.m.•40 views

ImageMagick7 -- multiple vulnerabilities

Multiple sources report: CVE-2016-9298: heap overflow in WaveletDenoiseImage, fixed in ImageMagick7-7.0.3.6, discovered 2016-10-31 CVE-2016-8866: memory allocation failure in AcquireMagickMemory incomplete previous fix for CVE-2016-8862, not fixed yet with the release of this announcement,...

8.8CVSS2.3AI score0.04613EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2016/07/20 12:0 a.m.•40 views

MySQL -- Multiple vulnerabilities

Oracle reports: The quarterly Critical Patch Update contains 22 new security fixes for Oracle MySQL 5.5.49, 5.6.30, 5.7.13 and earlier...

8.1CVSS2.1AI score0.3965EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2016/06/27 12:0 a.m.•40 views

libreoffice -- use-after-free vulnerability

Talos reports: An exploitable Use After Free vulnerability exists in the RTF parser LibreOffice. A specially crafted file can cause a use after free resulting in a possible arbitrary code execution. To exploit the vulnerability a malicious file needs to be opened by the user via vulnerable...

7.8CVSS5.3AI score0.02819EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2016/06/09 12:0 a.m.•40 views

expat2 -- denial of service

Adam Maris reports: It was found that original patch for issues CVE-2015-1283 and CVE-2015-2716 used overflow checks that could be optimized out by some compilers applying certain optimization settings, which can cause the vulnerability to remain even after applying the patch...

8.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2016/06/02 12:0 a.m.•40 views

xen-tools -- Unsanitised guest input in libxl device handling code

The Xen Project reports: Various parts of libxl device-handling code inappropriately use information from partially guest controlled areas of xenstore. A malicious guest administrator can cause denial of service by resource exhaustion. A malicious guest administrator can confuse and/or deny servi...

6.8CVSS1.9AI score0.00399EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/05/09 12:0 a.m.•40 views

xercesi-c3 -- multiple vulnerabilities

Apache reports: The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker. Also, CVE-2016-2099: Use-after-free vulnerability in...

10CVSS6.7AI score0.14138EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2016/04/28 12:0 a.m.•40 views

php -- multiple vulnerabilities

The PHP Group reports: BCMath: Fixed bug 72093 bcpowmod accepts negative scale and corrupts one definition. Exif: Fixed bug 72094 Out of bounds heap read access in exif header processing. GD: Fixed bug 71912 libgd: signedness vulnerability. CVE-2016-3074 Intl: Fixed bug 72061 Out-of-bounds reads ...

9.8CVSS0.6AI score0.36974EPSS
Exploits8References3
FreeBSD
FreeBSD
•added 2016/04/26 12:0 a.m.•40 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2016-39 Miscellaneous memory safety hazards rv:46.0 / rv:45.1 / rv:38.8 MFSA 2016-42 Use-after-free and buffer overflow in Service Workers MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets MFSA 2016-45 CSP not applied to pages sent with...

10CVSS2.1AI score0.04841EPSS
Exploits0References7
FreeBSD
FreeBSD
•added 2016/04/13 12:0 a.m.•40 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 20 security fixes in this release, including: 590275 High CVE-2016-1652: Universal XSS in extension bindings. Credit to anonymous. 589792 High CVE-2016-1653: Out-of-bounds write in V8. Credit to Choongwoo Han. 591785 Medium CVE-2016-1651: Out-of-bounds read in Pdfi...

10CVSS1.6AI score0.02573EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/02/26 12:0 a.m.•40 views

exim -- local privillege escalation

The Exim development team reports: All installations having Exim set-uid root and using 'perlstartup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim and this is normally any user can gain root privileges. If you do not use 'perlstartup' you should be sa...

7CVSS3.1AI score0.05901EPSS
Exploits13References1
FreeBSD
FreeBSD
•added 2016/02/23 12:0 a.m.•40 views

upnp -- multiple vulnerabilities

Matthew Garett reports: Reported this to upstream 8 months ago without response, so: libupnp's default behaviour allows anyone to write to your filesystem. Seriously. Find a device running a libupnp based server Shodan says there's rather a lot, and POST a file to /testfile. Then GET /testfile...

0.7AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2015/12/22 12:0 a.m.•40 views

Bugzilla security issues

Bugzilla Security Advisory During the generation of a dependency graph, the code for the HTML image map is generated locally if a local dot installation is used. With escaped HTML characters in a bug summary, it is possible to inject unfiltered HTML code in the map file which the CreateImagemap...

4.7CVSS5.9AI score0.01906EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2015/12/22 12:0 a.m.•40 views

NSS -- MD5 downgrade in TLS 1.2 signatures

The Mozilla Project reports: Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services NSS where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the acceptin...

5.9CVSS6.9AI score0.0288EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/12/18 12:0 a.m.•40 views

mediawiki -- multiple vulnerabilities

MediaWiki reports: T117899 SECURITY: $wgArticlePath can no longer be set to relative paths that do not begin with a slash. This enabled trivial XSS attacks. Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now...

9.8CVSS7AI score0.01888EPSS
Exploits0References8
FreeBSD
FreeBSD
•added 2015/12/15 12:0 a.m.•40 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-134 Miscellaneous memory safety hazards rv:43.0 / rv:38.5 MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation MFSA 2015-137 Firefox allows...

10CVSS9.1AI score0.06058EPSS
Exploits1References16
FreeBSD
FreeBSD
•added 2015/10/23 12:0 a.m.•40 views

phpMyAdmin -- Content spoofing vulnerability

The phpMyAdmin development team reports: This vulnerability allows an attacker to perform a content spoofing attack using the phpMyAdmin's redirection mechanism to external sites. We consider this vulnerability to be non critical since the spoofed content is escaped and no HTML injection is...

5CVSS6.7AI score0.02624EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/20 12:0 a.m.•40 views

java -- multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 25 new security fixes for Oracle Java SE. 24 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password...

10CVSS6.7AI score0.13354EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/16 12:0 a.m.•40 views

flash -- remote code execution

Adobe reports: These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2015-7645, CVE-2015-7647, CVE-2015-7648...

10CVSS9AI score0.68396EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/07/16 12:0 a.m.•40 views

elasticsearch -- directory traversal attack via snapshot API

Elastic reports: Vulnerability Summary: Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack. Remediation Summary: Users should upgrade to 1.6.1 or later, or constrain access to the snapshot API to trusted sources...

5CVSS9.1AI score0.9175EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2015/07/07 12:0 a.m.•40 views

Adobe Flash Player -- critical vulnerabilities

Adobe reports: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published...

10CVSS6.6AI score0.99344EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2015/06/05 12:0 a.m.•40 views

rubygem-paperclip -- validation bypass vulnerability

Jon Yurek reports: Thanks to MORI Shingo of DeNA Co., Ltd. for reporting this. There is an issue where if an HTML file is uploaded with a .html extension, but the content type is listed as being image/jpeg, this will bypass a validation checking for images. But it will also pass the spoof check,...

4.3CVSS9.1AI score0.02121EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2015/05/18 12:0 a.m.•40 views

avidemux26 -- multiple vulnerabilities in bundled FFmpeg

The Mageia project reports: Avidemux is built with a bundled set of FFmpeg libraries. The bundled FFmpeg version has been updated from 1.2.10 to 1.2.12 to fix these security issues and other bugs fixed upstream in FFmpeg...

7.5CVSS7.7AI score0.02568EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/04/14 12:0 a.m.•40 views

libxml2 -- Enforce the reader to run in constant memory

Daniel Veilland reports: Enforce the reader to run in constant memory. One of the operation on the reader could resolve entities leading to the classic expansion issue. Make sure the buffer used for xmlreader operation is bounded. Introduce a new allocation type for the buffers for this effect...

5CVSS9.2AI score0.0634EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/03/05 12:0 a.m.•40 views

xen-kernel -- Information leak through version information hypercall

The Xen Project reports: The code handling certain sub-operations of the HYPERVISORxenversion hypercall fails to fully initialize all fields of structures subsequently copied back to guest memory. Due to this hypervisor stack contents are copied into the destination of the operation, thus becomin...

2.1CVSS6.8AI score0.00466EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/12/09 12:0 a.m.•40 views

GNU binutils -- multiple vulnerabilities

US-CERT/NIST reports: The bfdXXiswapaouthdrin function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service out-of-bounds write and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE...

7.5CVSS9.3AI score0.06202EPSS
Exploits3References3
FreeBSD
FreeBSD
•added 2014/06/10 12:0 a.m.•40 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2014-48 Miscellaneous memory safety hazards rv:30.0 / rv:24.6 MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer MFSA 2014-51 Use-after-free in Event Listener Manager MFSA 2014-52 Use-after-free with SMIL Animation Controller MFSA...

10CVSS10AI score0.06381EPSS
Exploits0References7
FreeBSD
FreeBSD
•added 2014/04/21 12:0 a.m.•40 views

django -- multiple vulnerabilities

The Django project reports: These releases address an unexpected code-execution issue, a caching issue which can expose CSRF tokens and a MySQL typecasting issue. While these issues present limited risk and may not affect all Django users, we encourage all users to evaluate their own risk and...

6.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2014/02/15 12:0 a.m.•40 views

phpMyAdmin -- Self-XSS due to unescaped HTML output in import.

The phpMyAdmin development team reports: When importing a file with crafted filename, it is possible to trigger an XSS. We consider this vulnerability to be non critical...

3.5CVSS6.4AI score0.00967EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2014/01/25 12:0 a.m.•40 views

mumble -- NULL pointer dereference and heap-based buffer overflow

Mumble reports: A malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access. A malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow...

6.5AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2014/01/06 12:0 a.m.•40 views

openssl -- multiple vulnerabilities

OpenSSL development team reports: Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f 6 Jan 2014: Fix for TLS record tampering bug CVE-2013-4353 Fix for TLS version checking bug CVE-2013-6449 Fix for DTLS retransmission bug CVE-2013-6450...

5.8CVSS8AI score0.21174EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/12/20 12:0 a.m.•40 views

file -- out-of-bounds access in search rules with offsets from input file

Aaron Reffett reports: softmagic.c in file ... and libmagic allows context-dependent attackers to cause a denial of service out-of-bounds memory access and crash via crafted offsets in the softmagic of a PE executable...

4.3CVSS7.3AI score0.04318EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/12/04 12:0 a.m.•40 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 15 security fixes in this release, including: 307159 Medium CVE-2013-6634: Session fixation in sync related to 302 redirects. Credit to Andrey Labunets. 314469 High CVE-2013-6635: Use-after-free in editing. Credit to cloudfuzzer. 322959 Medium CVE-2013-6636: Addres...

7.5CVSS3.3AI score0.01949EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/11/28 12:0 a.m.•40 views

lighttpd -- multiple vulnerabilities

lighttpd security advisories report: It is possible to inadvertantly enable vulnerable ciphers when using ssl.cipher-list. In certain cases setuid and similar can fail, potentially triggering lighttpd to restart running as root. If FAMMonitorDirectory fails, the memory intended to store the conte...

7.6CVSS7.6AI score0.10721EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2013/10/15 12:0 a.m.•40 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 5 security fixes in this release, including: 292422 High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of OUSPG. 294456 High CVE-2013-2926: Use after free in editing. Credit to cloudfuzzer. 297478 High CVE-2013-2927: Use after free in forms. Credit ...

7.5CVSS1.4AI score0.01647EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/08/20 12:0 a.m.•40 views

gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav

Bundled version of libav in gstreamer-ffmpeg contains a number of vulnerabilities...

10CVSS9.3AI score0.06597EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2013/07/30 12:0 a.m.•40 views

typo3 -- Multiple vulnerabilities in TYPO3 Core

Typo Security Team reports: It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting and Remote Code Execution. TYPO3 bundles flash files for video and audio playback. Old versions of FlowPlayer and flashmedia are susceptible to Cross-Site Scripting. No authentication is...

9.3AI score
Exploits0
FreeBSD
FreeBSD
•added 2013/02/27 12:0 a.m.•40 views

net/openafs -- buffer overflow

Nickolai Zeldovich reports: An attacker with the ability to manipulate AFS directory ACLs may crash the fileserver hosting that volume. In addition, once a corrupt ACL is placed on a fileserver, its existence may crash client utilities manipulating ACLs on that server...

6.5CVSS6.3AI score0.03383EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/21 12:0 a.m.•40 views

django -- multiple vulnerabilities

The Django Project reports: These security releases fix four issues: one potential phishing vector, one denial-of-service vector, an information leakage issue, and a range of XML vulnerabilities. Host header poisoning an attacker could cause Django to generate and display URLs that link to...

5CVSS9.2AI score0.04863EPSS
Exploits1
FreeBSD
FreeBSD
•added 2012/09/25 12:0 a.m.•40 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 143439 High CVE-2012-2889: UXSS in frame handling. Credit to Sergey Glazunov. 143437 High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey Glazunov. 139814 High CVE-2012-2881: DOM tree corruption with plug-ins. Credit to Chamal de Silva. 135432 High...

7.5CVSS1.1AI score0.01628EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/07/11 12:0 a.m.•40 views

www/chromium -- multiple vulnerabilities

Google Chrome Releases reports: 129898 High CVE-2012-2842: Use-after-free in counter handling. Credit to miaubiz. 130595 High CVE-2012-2843: Use-after-free in layout height tracking. Credit to miaubiz. 133450 High CVE-2012-2844: Bad object access with JavaScript in PDF. Credit to Alexey Samsonov ...

9.3CVSS1.5AI score0.02027EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/06/14 12:0 a.m.•40 views

php5-sqlite -- open_basedir bypass

MITRE CVE team reports: The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

5CVSS6.6AI score0.02978EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/03/08 12:0 a.m.•40 views

chromium -- cross-site scripting vulnerability

Google Chrome Releases reports: 117226 117230 Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov...

10CVSS1.2AI score0.04871EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/02/02 12:0 a.m.•40 views

php -- arbitrary remote code execution vulnerability

Secunia reports: A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a logic error within the "phpregistervariableex" function phpvariables.c when hashing form posts and updating a hash table,...

7.5CVSS7.1AI score0.3014EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2011/12/07 12:0 a.m.•40 views

acroread9 -- Multiple Vulnerabilities

The Adobe Security Team reports: An unspecified vulnerability in the U3D component allows remote attackers to execute arbitrary code or cause a denial of service attack via unknown vectors. A heap-based buffer overflow allows attackers to execute arbitrary code via unspecified vectors...

10CVSS9.6AI score0.86238EPSS
Exploits23References2
FreeBSD
FreeBSD
•added 2011/07/27 12:0 a.m.•40 views

Samba -- cross site scripting and request forgery vulnerabilities

Samba security advisory reports: All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool SWAT. By tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate...

6.8CVSS5.7AI score0.10046EPSS
Exploits6
FreeBSD
FreeBSD
•added 2011/03/20 12:0 a.m.•40 views

php -- crash on crafted tag in exif

US-CERT/NIST reports: exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service application crash via an image with a crafted Image File Directory IFD that triggers a buffer over-read...

4.3CVSS4.9AI score0.09826EPSS
Exploits1
FreeBSD
FreeBSD
•added 2011/01/20 12:0 a.m.•40 views

linux-flashplugin -- remote code execution vulnerability

Adobe Product Security Incident Response Team reports: A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions Adobe Flash Player 10.2.154.25 and earlier for Chrome users for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for...

9.3CVSS4.9AI score0.9941EPSS
Exploits14References1
FreeBSD
FreeBSD
•added 2010/10/19 12:0 a.m.•40 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Fixed in 15.0.874.121: 103259 High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler. Fixed in 15.0.874.120: 100465 High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. 100492 100543 Medium CVE-2011-3893: Out of bounds...

10CVSS0.09754EPSS
Exploits32References1
FreeBSD
FreeBSD
•added 2010/10/01 12:0 a.m.•40 views

Webkit-gtk2 -- Multiple Vulnabilities

Gustavo Noronha Silva reports: The patches to fix the following CVEs are included with help from Vincent Danen and other members of the Red Hat security team:...

10CVSS8.7AI score0.61319EPSS
Exploits14References1
FreeBSD
FreeBSD
•added 2010/06/24 12:0 a.m.•40 views

bugzilla -- information disclosure

A Bugzilla Security Advisory reports: Normally, information about time-tracking estimated hours, actual hours, hours worked, and deadlines is restricted to users in the "time-tracking group". However, any user was able, by crafting their own search URL, to search for bugs based using those fields...

6.4AI score
Exploits0References2
Total number of security vulnerabilities5000