Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2014/04/29 12:0 a.m.•38 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2014-34 Miscellaneous memory safety hazards rv:29.0 / rv:24.5 MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer MFSA 2014-36 Web Audio memory corruption issues MFSA 2014-37 Out of bounds read while decoding JPG images MFSA 2014-38...

10CVSS9.2AI score0.07543EPSS
Exploits12References14
FreeBSD
FreeBSD
•added 2014/03/18 12:0 a.m.•38 views

nginx-devel -- SPDY heap buffer overflow

The nginx project reports: A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem...

7.5CVSS9.5AI score0.09293EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2014/02/20 12:0 a.m.•38 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 28 security fixes in this release, including: 334897 High CVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid. 331790 High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani. 333176 High...

7.5CVSS1AI score0.02057EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2014/02/20 12:0 a.m.•38 views

PostgreSQL -- multiple privilege issues

PostgreSQL Project reports: This update fixes CVE-2014-0060, in which PostgreSQL did not properly enforce the WITH ADMIN OPTION permission for ROLE management. Before this fix, any member of a ROLE was able to grant others access to the same ROLE regardless if the member was given the WITH ADMIN...

6.5CVSS8.6AI score0.06666EPSS
Exploits6
FreeBSD
FreeBSD
•added 2013/06/13 12:0 a.m.•38 views

puppet -- Unauthenticated Remote Code Execution Vulnerability

Puppet Developers report: When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby...

7.5CVSS6.7AI score0.03408EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/02/21 12:0 a.m.•38 views

krb5 -- null pointer dereference in the KDC PKINIT code [CVE-2013-1415]

No advisory has been released yet. Fix a null pointer dereference in the KDC PKINIT code CVE-2013-1415...

5CVSS6.6AI score0.04211EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/10/25 12:0 a.m.•38 views

Exim -- remote code execution

This vulnerability affects Exim instances built with DKIM enabled this is the default for FreeBSD Exim port and running verification of DKIM signatures on the incoming mail messages. Phil Penncock reports: This is a SECURITY release, addressing a CRITICAL remote code execution flaw in versions of...

6.8CVSS6.9AI score0.08382EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/08/13 12:0 a.m.•38 views

emacs -- remote code execution vulnerability

Chong Yidong reports: Paul Ling has found a security flaw in the file-local variables code in GNU Emacs. When the Emacs user option enable-local-variables' is set to :safe' the default value is t, Emacs should automatically refuse to evaluate eval' forms in file-local variable sections. Due to th...

6.8CVSS6.7AI score0.0379EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2012/07/26 12:0 a.m.•38 views

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Information Leak Versions: 4.1.1 to 4.2.1, 4.3.1 In HTML bugmails, all bug IDs and attachment IDs are linkified, and hovering these links displays a tooltip with the bug summary or the attachment...

4.3CVSS6.4AI score0.01457EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2012/07/24 12:0 a.m.•38 views

dns/bind9* -- Heavy DNSSEC Validation Load Can Cause a 'Bad Cache' Assertion Failure

ISC reports: High numbers of queries with DNSSEC validation enabled can cause an assertion failure in named, caused by using a 'bad cache' data structure before it has been initialized. BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken...

7.8CVSS8.5AI score0.27383EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/05/16 12:0 a.m.•38 views

pidgin-otr -- format string vulnerability

The authors report: Versions 3.2.0 and earlier of the pidgin-otr plugin contain a format string security flaw. This flaw could potentially be exploited by a remote attacker to cause arbitrary code to be executed on the user's machine. The flaw is in pidgin-otr, not in libotr. Other applications...

7.5CVSS6.7AI score0.03562EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/03/26 12:0 a.m.•38 views

puppet -- Multiple Vulnerabilities

Multiple vulnerabilities exist in puppet that can result in arbitrary code execution, arbitrary file read access, denial of service, and arbitrary file write access. Please review the details in each of the CVEs for additional information...

6CVSS7.1AI score0.02632EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2012/02/18 12:0 a.m.•38 views

phpMyAdmin -- XSS in replication setup

The phpMyAdmin development team reports: It was possible to conduct XSS using a crafted database name...

4.3CVSS5.8AI score0.02234EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2012/02/08 12:0 a.m.•38 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 73478 Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community. 92550 Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne. 93106 High CVE-2011-3955: Crash aborting an...

9.3CVSS1.4AI score0.02348EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/01/18 12:0 a.m.•38 views

OpenSSL -- DTLS Denial of Service

The OpenSSL Team reports: A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack. Only DTLS applications using OpenSSL 1.0.0f and 0.9.8s are affected...

4.3CVSS8.5AI score0.15757EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/01/05 12:0 a.m.•38 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 106672 High CVE-2011-3921: Use-after-free in animation frames. Credit to Boris Zbarsky of Mozilla. 107128 High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Juri Aedla. 108006 High CVE-2011-3922: Stack-buffer-overflow in glyph handling. Credit to Google...

7.5CVSS3.2AI score0.02399EPSS
Exploits1
FreeBSD
FreeBSD
•added 2011/07/23 12:0 a.m.•38 views

phpmyadmin -- multiple vulnerabilities

The phpMyAdmin development team reports: XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a loca...

6.8CVSS6.5AI score0.0332EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2011/04/12 12:0 a.m.•38 views

krb5 -- MITKRB5-SA-2011-004, kadmind invalid pointer free() [CVE-2011-0285]

An advisory published by the MIT Kerberos team says: The password-changing capability of the MIT krb5 administration daemon kadmind has a bug that can cause it to attempt to free an invalid pointer under certain error conditions. This can cause the daemon to crash or induce the execution of...

10CVSS3.6AI score0.17945EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/04/05 12:0 a.m.•38 views

isc-dhcp-client -- dhclient does not strip or escape shell meta-characters

ISC reports: ISC dhclient did not strip or escape certain shell meta-characters in responses from the dhcp server like hostname before passing the responses on to dhclient-script. Depending on the script and OS, this can result in execution of exploit code on the client...

7.5CVSS1.2AI score0.84292EPSS
Exploits6
FreeBSD
FreeBSD
•added 2010/12/13 12:0 a.m.•38 views

php-filter -- Denial of Service

The following DoS condition in filter extension was fixed in PHP 5.3.4 and PHP 5.2.15: Stack consumption vulnerability in the filtervar function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTERVALIDATEEMAIL mode is used, allows remote attackers to cause a denial of service memory...

4.3CVSS6.3AI score0.03091EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2010/11/29 12:0 a.m.•38 views

phpMyAdmin -- XSS attack in database search

phpMyAdmin team reports: It was possible to conduct a XSS attack using spoofed request on the db search script...

4.3CVSS5.9AI score0.0253EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2010/09/07 12:0 a.m.•38 views

webkit-gtk2 -- Multiple vulnerabilities

Gustavo Noronha Silva reports: With help from Vincent Danen and other members of the Red Hat security team, the following CVE's where fixed...

10CVSS9.3AI score0.06728EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2010/07/21 12:0 a.m.•38 views

apache -- Remote DoS bug in mod_cache and mod_dav

Apache ChangeLog reports: moddav, modcache: Fix Handling of requests without a path segment...

5CVSS6.1AI score0.2187EPSS
Exploits2References3
FreeBSD
FreeBSD
•added 2010/03/22 12:0 a.m.•38 views

firefox -- WOFF heap corruption due to integer overflow

Mozilla Project reports: MFSA 2010-08 WOFF heap corruption due to integer overflow...

9.3CVSS9.4AI score0.08816EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2010/03/16 12:0 a.m.•38 views

mozilla -- multiple vulnerabilities

Mozilla Project reports: MFSA 2010-07 Fixes for potentially exploitable crashes ported to the legacy branch MFSA 2010-06 Scriptable plugin execution in SeaMonkey mail MFSA 2009-68 NTLM reflection vulnerability MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-59 Heap buffer...

10CVSS6.9AI score0.28167EPSS
Exploits48References6
FreeBSD
FreeBSD
•added 2010/01/17 12:0 a.m.•38 views

dokuwiki -- multiple vulnerabilities

Dokuwiki reports: The plugin does no checks against cross-site request forgeries CSRF which can be exploited to e.g. change the access control rules by tricking a logged in administrator into visiting a malicious web site. The bug allows listing the names of arbitrary file on the webserver - not...

6.2AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2009/03/24 12:0 a.m.•38 views

phpmyadmin -- insufficient output sanitizing when generating configuration file

phpMyAdmin reports: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

9.8CVSS6.5AI score0.95438EPSS
Exploits16References1
FreeBSD
FreeBSD
•added 2009/02/23 12:0 a.m.•38 views

ziproxy -- multiple vulnerability

Ziproxy Developers reports: Multiple HTTP proxy implementations are prone to an information-disclosure vulnerability related to the interpretation of the 'Host' HTTP header. Specifically, this issue occurs when the proxy makes a forwarding decision based on the 'Host' HTTP header instead of the...

5.4CVSS6.2AI score0.02376EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2009/02/10 12:0 a.m.•38 views

typo3 -- cross-site scripting and information disclosure

Secunia reports: Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. Input passed via unspecified fields to the backend user interface is not properly sanitised before being return...

6.5AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2008/11/08 12:0 a.m.•38 views

clamav -- off-by-one heap overflow in VBA project parser

Advisory from Moritz Jodeit, November 8th, 2008: ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the clamd' process by sending an email...

9.3CVSS6.1AI score0.08293EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2008/10/16 12:0 a.m.•38 views

vim -- multiple vulnerabilities in the netrw module

Jan Minar reports: Applying the D'' to a file with a crafted file name, or inside a directory with a crafted directory name, can lead to arbitrary code execution. Lack of sanitization throughout Netrw can lead to arbitrary code execution upon opening a directory with a crafted name. The Vim Netrw...

9.3CVSS7.3AI score0.09023EPSS
Exploits1References5
FreeBSD
FreeBSD
•added 2007/03/02 12:0 a.m.•38 views

mod_jk -- long URL stack overflow vulnerability

TippingPoint and The Zero Day Initiative reports: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Tomcat JK Web Server Connector. Authentication is not required to exploit this vulnerability. The specific flaw exists in the URI handler fo...

7.5CVSS7.4AI score0.81513EPSS
Exploits8References2
FreeBSD
FreeBSD
•added 2006/12/04 12:0 a.m.•38 views

gnupg -- remotely controllable function pointer

Werner Koch reports: GnuPG uses data structures called filters to process OpenPGP messages. These filters are used in a similar way as a pipelines in the shell. For communication between these filters context structures are used. These are usually allocated on the stack and passed to the filter...

10CVSS6.7AI score0.05713EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2006/09/06 12:0 a.m.•38 views

bind9 -- Denial of Service in named(8)

Problem Description For a recursive DNS server, a remote attacker sending enough recursive queries for the replies to arrive after all the interested clients have left the recursion queue will trigger an INSIST failure in the named8 daemon. Also for a recursive DNS server, an assertion failure ca...

8.5AI score
Exploits0
FreeBSD
FreeBSD
•added 2006/08/20 12:0 a.m.•38 views

cscope -- Buffer Overflow Vulnerabilities

Secunia reports: Will Drewry has reported some vulnerabilities in Cscope, which potentially can be exploited by malicious people to compromise a vulnerable system. Various boundary errors within the parsing of file lists or the expansion of environment variables can be exploited to cause...

5.1CVSS7AI score0.03653EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2006/06/27 12:0 a.m.•38 views

mysql -- format string vulnerability

Jean-David Maillefer reports a Denial of Service vulnerability within MySQL. The vulnerability is caused by improper checking of the dataformat routine, which cause the MySQL server to crash. The crash is triggered by the following code: "SELECT dateformat'%d%s', 1;...

4CVSS6.3AI score0.26815EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/11/01 12:0 a.m.•38 views

apache -- mod_imap cross-site scripting flaw

The Apache HTTP Server Project reports: A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...

4.3CVSS8.7AI score0.73692EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2005/10/18 12:0 a.m.•38 views

netpbm -- buffer overflow in pnmtopng

Ubuntu reports: A buffer overflow was found in the "pnmtopng" conversion program. By tricking an user or automated system to process a specially crafted PNM image with pnmtopng, this could be exploited to execute arbitrary code with the privileges of the user running pnmtopng...

7.5CVSS7.6AI score0.04873EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2005/10/12 12:0 a.m.•38 views

libwww -- multiple vulnerabilities

Mitre reports: The HTBoundaryputblock function in HTBound.c for W3C libwww w3c-libwww allows remote servers to cause a denial of service segmentation fault via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read. The big2toUtf8 function in lib/xmltok.c in libexpat in...

5CVSS6.7AI score0.27924EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2005/09/23 12:0 a.m.•38 views

phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution

If magic quotes are off there's a SQL injection when sending a forgotten password. It's possible to overwrite the admin password and to take over the whole system. In some files in the admin section there are some cross site scripting vulnerabilities. In the public frontend it's possible to inclu...

6.8CVSS7.4AI score0.08314EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2005/06/16 12:0 a.m.•38 views

opera -- "javascript:" URL cross-site scripting vulnerability

A Secunia Advisory reports: Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks and to read local files. The vulnerability is caused due to Opera not properly restricting the privileges of "javascript:" URLs...

6.8CVSS5.7AI score0.01845EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2005/01/11 12:0 a.m.•38 views

hylafax -- unauthorized login vulnerability

A flaw in HylaFAX may allow an attacker to bypass normal authentication by spoofing their DNS PTR records...

7.5CVSS2.5AI score0.01779EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/01/06 12:0 a.m.•38 views

xpdf -- makeFileKey2() buffer overflow vulnerability

An iDEFENSE Security Advisory reports: Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer included in multiple Unix and Linux distributions could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability specifically exists due to insufficient...

7.5CVSS7.6AI score0.07217EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2004/12/30 12:0 a.m.•38 views

cups-base -- CUPS server remote DoS vulnerability

Kenshi Muto discovered that the CUPS server would enter an infinite loop when processing a URL containing /...

5CVSS6.4AI score0.02969EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2004/12/09 12:0 a.m.•38 views

vim -- vulnerabilities in modeline handling

Ciaran McCreesh discovered news ways in which a VIM modeline can be used to trojan a text file. The patch by Bram Moolenaar reads: Problem: Unusual characters in an option value may cause unexpected behavior, especially for a modeline. Ciaran McCreesh Solution: Don't allow setting termcap options...

7.2CVSS2.8AI score0.0041EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2004/12/08 12:0 a.m.•38 views

web browsers -- window injection vulnerabilities

A Secunia Research advisory reports: Secunia Research has reported a vulnerability in multiple browsers, which can be exploited by malicious people to spoof the content of websites. The problem is that a website can inject content into another site's window if the target name of the window is...

7.5CVSS1.6AI score0.0272EPSS
Exploits2References10
FreeBSD
FreeBSD
•added 2004/11/24 12:0 a.m.•38 views

jdk/jre -- Security Vulnerability With Java Plugin

The Sun Java Plugin capability in Java 2 Runtime Environment JRE 1.4.201, 1.4.204, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code...

9.3CVSS6.1AI score0.17018EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2004/11/10 12:0 a.m.•38 views

bnc -- remotely exploitable buffer overflow in getnickuserhost

A LSS Security Advisory reports: There is a buffer overflow vulnerability in getnickuserhost function that is called when BNC is processing response from IRC server. Vulnerability can be exploited if attacker tricks user to connect to his fake IRC server that will exploit this vulnerability. If t...

10CVSS3.1AI score0.03577EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2004/09/15 12:0 a.m.•38 views

subversion -- WebDAV fails to protect metadata

In some situations, subversion metadata may be unexpectedly disclosed via WebDAV. A subversion advisory states: modauthzsvn, the Apache httpd module which does path-based authorization on Subversion repositories, is not correctly protecting all metadata on unreadable paths. This security issue is...

5CVSS6.3AI score0.01457EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/08/18 12:0 a.m.•38 views

mysql -- mysqlhotcopy insecure temporary file creation

According to Christian Hammers: mysqlhotcopy created temporary files in /tmp which had predictable filenames and such could be used for a tempfile run attack. Jeroen van Wolffelaar is credited with discovering the issue...

4.6CVSS6.4AI score0.00515EPSS
Exploits0References2
Total number of security vulnerabilities5000