Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2015/10/04 12:0 a.m.•39 views

lldpd -- Buffer overflow/Denial of service

The lldpd developer Vincent Bernat reports: A buffer overflow may allow arbitrary code execution only if hardening was disabled. Malformed packets should not make lldpd crash. Ensure we can handle them by not using assert in this part...

9.8CVSS9.3AI score0.05493EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/09/21 12:0 a.m.•39 views

flash -- multiple vulnerabilities

Adobe reports: These updates resolve a type confusion vulnerability that could lead to code execution CVE-2015-5573. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, CVE-2015-6682. These updates...

10CVSS7.5AI score0.45511EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2015/06/24 12:0 a.m.•39 views

apache22 -- chunk header parsing defect

Apache Foundation reports: CVE-2015-3183 core: Fix chunk header parsing defect. Remove aprbrigadeflatten, buffering and duplicated code from the HTTPIN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters...

5CVSS6.7AI score0.73327EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/06/09 12:0 a.m.•39 views

cups -- multiple vulnerabilities

CUPS development team reports: The new release addresses two security vulnerabilities, add localizations for German and Russian, and includes several general bug fixes. Changes include: Security: Fixed CERT VU 810572/CVE-2015-1158/CVE-2015-1159 exploiting the dynamic linker STR 4609 Security: The...

10CVSS5.4AI score0.29913EPSS
Exploits9References2
FreeBSD
FreeBSD
•added 2015/05/12 12:0 a.m.•39 views

wireshark -- multiple vulnerabilities

Wireshark development team reports: The following vulnerabilities have been fixed. wnpa-sec-2015-12 The LBMR dissector could go into an infinite loop. Bug 11036 CVE-2015-3808, CVE-2015-3809 wnpa-sec-2015-13 The WebSocket dissector could recurse excessively. Bug 10989 CVE-2015-3810 wnpa-sec-2015-1...

7.8CVSS6.8AI score0.03731EPSS
Exploits0References8
FreeBSD
FreeBSD
•added 2015/04/14 12:0 a.m.•39 views

Adobe Flash Player -- critical vulnerabilities

Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2015-3043 exists in...

10CVSS7.6AI score0.95184EPSS
Exploits11References1
FreeBSD
FreeBSD
•added 2015/03/31 12:0 a.m.•39 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA-2015-30 Miscellaneous memory safety hazards rv:37.0 / rv:31.6 MFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin MFSA-2015-32 Add-on lightweight theme installation approval bypassed through MITM attack MFSA-2015-33 resource:// documents can...

7.5CVSS9.8AI score0.67465EPSS
Exploits4References14
FreeBSD
FreeBSD
•added 2015/03/12 12:0 a.m.•39 views

ffmpeg -- multiple vulnerabilities

Please reference CVE/URL list for details...

8.8CVSS7.8AI score0.05739EPSS
Exploits1References13
FreeBSD
FreeBSD
•added 2015/01/12 12:0 a.m.•39 views

rest-client -- plaintext password disclosure

The open sourced vulnerability database reports: REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information...

2.1CVSS9.2AI score0.00373EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2014/12/08 12:0 a.m.•39 views

bind -- denial of service vulnerability

ISC reports: We have today posted updated versions of 9.9.6 and 9.10.1 to address a significant security vulnerability in DNS resolution. The flaw was discovered by Florian Maury of ANSSI, and applies to any recursive resolver that does not support a limit on the number of recursions...

7.8CVSS8.4AI score0.65683EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/11/21 12:0 a.m.•39 views

asterisk -- Multiple vulnerabilities

The Asterisk project reports: AST-2014-014 - High call load may result in hung channels in ConfBridge. AST-2014-017 - Permission escalation through ConfBridge actions/dialplan functions...

6.5CVSS6.7AI score0.02357EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2014/09/28 12:0 a.m.•39 views

fish -- local privilege escalation and remote code execution

Fish developer David Adam reports: This release fixes a number of local privilege escalation vulnerability and one remote code execution vulnerability...

7.8CVSS8.8AI score0.0044EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2014/09/23 12:0 a.m.•39 views

libvncserver -- multiple security vulnerabilities

Nicolas Ruff reports: Integer overflow in MallocFrameBuffer on client side. Lack of malloc return value checking on client side. Server crash on a very large ClientCutText message. Server crash when scaling factor is set to zero. Multiple stack overflows in File Transfer feature...

7.5CVSS8.9AI score0.08272EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2014/08/06 12:0 a.m.•39 views

subversion -- several vulnerabilities

Subversion Project reports: Using the Serf RA layer of Subversion for HTTPS uses the aprfnmatch API to handle matching wildcards in certificate Common Names and Subject Alternate Names. However, aprfnmatch is not designed for this purpose. Instead it is designed to behave like common shell...

4CVSS8.3AI score0.07495EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2014/07/22 12:0 a.m.•39 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2014-66 IFRAME sandbox same-origin access through redirect MFSA 2014-65 Certificate parsing broken by non-standard character encoding MFSA 2014-64 Crash in Skia library when scaling high quality images MFSA 2014-63 Use-after-free while when manipulating...

10CVSS10AI score0.06109EPSS
Exploits0References12
FreeBSD
FreeBSD
•added 2014/05/23 12:0 a.m.•39 views

tomcat -- multiple vulnerabilities

Tomcat Security Team reports: Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...

8.3AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2014/01/14 12:0 a.m.•39 views

Python -- buffer overflow in socket.recvfrom_into()

Vincent Danen via Red Hat Issue Tracker reports: A vulnerability was reported in Python's socket module, due to a boundary error within the sockrecvfrominto function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the...

7.5CVSS8.6AI score0.28319EPSS
Exploits7References3
FreeBSD
FreeBSD
•added 2013/12/17 12:0 a.m.•39 views

cURL library -- cert name check ignore with GnuTLS

cURL project reports: libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate and independent options for verifying a server's TLS certificate. CURLOPTSSLVERIFYPEER and...

4CVSS9.2AI score0.02761EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/03/07 12:0 a.m.•39 views

privoxy -- malicious server spoofing as proxy vulnerability

Privoxy Developers reports: Proxy authentication headers are removed unless the new directive enable-proxy-authentication-forwarding is used. Forwarding the headers potentially allows malicious sites to trick the user into providing them with login information. Reported by Chris John Riley...

5.8CVSS6.6AI score0.04632EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2013/03/04 12:0 a.m.•39 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 176882 High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva. 176252 High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to "chromium.khalil". 172926 172331 High CVE-2013-0904: Memory corruption in Web Audio. Credit to...

7.5CVSS0.8AI score0.01336EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2013/02/27 12:0 a.m.•39 views

net/openafs -- buffer overflow

Nickolai Zeldovich reports: An attacker with the ability to manipulate AFS directory ACLs may crash the fileserver hosting that volume. In addition, once a corrupt ACL is placed on a fileserver, its existence may crash client utilities manipulating ACLs on that server...

6.5CVSS6.3AI score0.03383EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/06 12:0 a.m.•39 views

piwigo -- CSRF/Path Traversal

High-Tech Bridge Security Research Lab reports: The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote...

6.6AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2012/12/04 12:0 a.m.•39 views

tomcat -- denial of service

The Apache Software Foundation reports: When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading the response an infinite loop is entered leading to a denial of service...

2.6CVSS9AI score0.07452EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2012/11/13 12:0 a.m.•39 views

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Information Leak If the visibility of a custom field is controlled by a product or a component of a product you cannot see, their names are disclosed in the JavaScript code generated for this...

5CVSS8.6AI score0.02454EPSS
Exploits5References6
FreeBSD
FreeBSD
•added 2012/05/14 12:0 a.m.•39 views

sympa -- Multiple Security Bypass Vulnerabilities

Secunia team reports: Multiple vulnerabilities have been reported in Sympa, which can be exploited by malicious people to bypass certain security restrictions. The vulnerabilities are caused due to the application allowing access to archive functions without checking credentials. This can be...

7.5CVSS6.8AI score0.03207EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/05/03 12:0 a.m.•39 views

FreeBSD -- OpenSSL multiple vulnerabilities

Problem description: OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could...

9.3CVSS8.6AI score0.48298EPSS
Exploits8
FreeBSD
FreeBSD
•added 2012/04/26 12:0 a.m.•39 views

net-snmp -- Remote DoS

The Red Hat Security Response Team reports: An array index error, leading to out-of heap-based buffer read flaw was found in the way the net-snmp agent performed lookups in the extension table. When certain MIB subtrees were handled by the extend directive, a remote attacker having read privilege...

3.5CVSS6.4AI score0.02167EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2012/03/21 12:0 a.m.•39 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 113902 High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. 116162 High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project. 116461 High CVE-2011-3051: Use-after-free in CSS cross-fad...

8.8CVSS1.9AI score0.03567EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2012/03/08 12:0 a.m.•39 views

freetype -- multiple vulnerabilities

The Freetype project reports: Multiple vulnerabilities exist in freetype that can result in application crashes and remote code execution. Please review the details in each of the CVEs for additional information...

10CVSS7.4AI score0.05637EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2012/01/31 12:0 a.m.•39 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-01 Miscellaneous memory safety hazards rv:10.0/ rv:1.9.2.26 MFSA 2012-02 Overly permissive IPv6 literal syntax MFSA 2012-03 iframe element exposed across domains via name attribute MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal o...

10CVSS9.6AI score0.36511EPSS
Exploits10References9
FreeBSD
FreeBSD
•added 2011/09/28 12:0 a.m.•39 views

FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1)

Problem Description: The code used to decompress a file created by compress1 does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted fi...

9.3CVSS7.8AI score0.08355EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/07/23 12:0 a.m.•39 views

phpmyadmin -- multiple vulnerabilities

The phpMyAdmin development team reports: XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a loca...

6.8CVSS6.5AI score0.0332EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2011/01/20 12:0 a.m.•39 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.2.159.1 and earlier versions Adobe Flash Player 10.2.154.28 and earlier for Chrome users for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.2.157.51 and...

9.3CVSS3.4AI score0.05066EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2010/12/09 12:0 a.m.•39 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2010-74 Miscellaneous memory safety hazards rv:1.9.2.13/ 1.9.1.16 MFSA 2010-75 Buffer overflow while line breaking after document.write with long string MFSA 2010-76 Chrome privilege escalation with window.open and isindex element MFSA 2010-77 Crash and remote co...

9.3CVSS10.3AI score0.08669EPSS
Exploits1References11
FreeBSD
FreeBSD
•added 2010/06/09 12:0 a.m.•39 views

wget -- multiple HTTP client download filename vulnerability

GNU Wget version 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a...

6.8CVSS7.2AI score0.04214EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2010/03/30 12:0 a.m.•39 views

png -- libpng decompression buffer overflow

The PNG project describes the problem in an advisory: Several versions of libpng through 1.4.2 and through 1.2.43 in the older series contain a bug whereby progressive applications such as web browsers or the rpng2 demo app included in libpng could receive an extra row of image data beyond the...

9.8CVSS9.5AI score0.43382EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2009/11/14 12:0 a.m.•39 views

PEAR -- Net_Ping and Net_Traceroute remote arbitrary command injection

PEAR Security Advisory reports: Multiple remote arbitrary command injections have been found in the NetPing and NetTraceroute. When input from forms are used directly, the attacker could pass variables that would allow him to execute remote arbitrary command injections...

6.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2009/08/06 12:0 a.m.•39 views

fetchmail -- improper SSL certificate subject verification

Matthias Andree reports: Moxie Marlinspike demonstrated in July 2009 that some CAs would sign certificates that contain embedded NUL characters in the Common Name or subjectAltName fields of ITU-T X.509 certificates. Applications that would treat such X.509 strings as NUL-terminated C strings...

6.4CVSS6.4AI score0.01503EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/07/14 12:0 a.m.•39 views

isc-dhcp-client -- Stack overflow vulnerability

US-CERT reports: The ISC DHCP dhclient application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code with root privileges...

10CVSS5.2AI score0.2578EPSS
Exploits9References3
FreeBSD
FreeBSD
•added 2009/05/06 12:0 a.m.•39 views

ntp -- stack-based buffer overflow

US-CERT reports: ntpd contains a stack buffer overflow which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system or create a denial of service...

6.7AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2009/02/23 12:0 a.m.•39 views

ziproxy -- multiple vulnerability

Ziproxy Developers reports: Multiple HTTP proxy implementations are prone to an information-disclosure vulnerability related to the interpretation of the 'Host' HTTP header. Specifically, this issue occurs when the proxy makes a forwarding decision based on the 'Host' HTTP header instead of the...

5.4CVSS6.2AI score0.02376EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2009/01/21 12:0 a.m.•39 views

moinmoin -- multiple cross site scripting vulnerabilities

Secunia reports: Input passed to multiple parameters in action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Certain input passed to...

4.3CVSS0.2AI score0.05435EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2008/11/18 12:0 a.m.•39 views

libxml2 -- multiple vulnerabilities

Secunia reports: Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS Denial of Service or to potentially compromise an application using the library. 1 An integer overflow error in the "xmlSAX2Characters" function can be exploited to trigge...

7.6AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2008/10/15 12:0 a.m.•39 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Potential vulnerabilities have been identified in Adobe Flash Player 9.0.124.0 and earlier that could allow an attacker who successfully exploits these potential vulnerabilities to bypass Flash Player security controls. Adobe recommends users...

10CVSS6.7AI score0.08467EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2008/08/22 12:0 a.m.•39 views

libxml2 -- two vulnerabilities

Secunia reports: Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS Denial of Service or potentially compromise an application using the library. 1 A recursion error exists when processing certain XML content. This can be exploited to e.g...

7.2AI score
Exploits0
FreeBSD
FreeBSD
•added 2008/08/08 12:0 a.m.•39 views

ruby -- multiple vulnerabilities in safe level

The official ruby site reports: Several vulnerabilities in safe level have been discovereds:. untracevar is permitted at safe level 4; $PROGRAMNAME may be modified at safe level 4; insecure methods may be called at safe level 1-3; syslog operations are permitted at safe level 4; dl doesn't check...

7.5CVSS7AI score0.14085EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2008/06/17 12:0 a.m.•39 views

php -- input validation error in safe_mode

According to Maksymilian Arciemowicz research, it is possible to bypass security restrictions of safemode in various functions via directory traversal vulnerability. The attacker can use this attack to gain access to sensitive information. Functions utilizing expandfilepath may be affected. It...

6.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2007/11/24 12:0 a.m.•39 views

rubygem-rails -- session-fixation vulnerability

Rails core team reports: The rails core team has released ruby on rails 1.2.6 to address a bug in the fix for session fixation attacks CVE-2007-5380. The CVE Identifier for this new issue is CVE-2007-6077...

6.8CVSS6.4AI score0.03576EPSS
Exploits0
FreeBSD
FreeBSD
•added 2007/07/19 12:0 a.m.•39 views

opera -- multiple vulnerabilities

Opera Software ASA reports of multiple security fixes in Opera, including an arbitrary code execute vulnerability: Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function that leaves old data that was in the memory before Opera allocated it in the new pattern. The pattern c...

6.9AI score
Exploits0References6
FreeBSD
FreeBSD
•added 2007/05/09 12:0 a.m.•39 views

squirrelmail -- Cross site scripting in HTML filter

The SquirrelMail developers report: Multiple cross-site scripting XSS vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the 1 data: URI in an HTML e-mail attachment or 2 various non-ASCII character sets that a...

4.3CVSS5.6AI score0.0253EPSS
Exploits1References1
Total number of security vulnerabilities5000