Lucene search
K
FreebsdMost viewed

6580 matches found

FreeBSD
FreeBSD
•added 2015/07/21 12:0 a.m.•37 views

shibboleth-sp -- DoS vulnerability

Shibboleth consortium reports: Shibboleth SP software crashes on well-formed but invalid XML. The Service Provider software contains a code path with an uncaught exception that can be triggered by an unauthenticated attacker by supplying well-formed but schema-invalid XML in the form of SAML...

4CVSS6.6AI score0.0195EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/06/17 12:0 a.m.•37 views

cURL -- Multiple Vulnerability

cURL reports: libcurl can wrongly send HTTP credentials when re-using connections. libcurl allows applications to set credentials for the upcoming transfer with HTTP Basic authentication, like with CURLOPTUSERPWD for example. Name and password. Just like all other libcurl options the credentials...

9.1AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2015/06/09 12:0 a.m.•37 views

cacti -- Multiple XSS and SQL injection vulnerabilities

The Cacti Group, Inc. reports: Important Security Fixes Multiple XSS and SQL injection vulnerabilities Changelog bug: Fixed SQL injection VN: JVN78187936 / TN:JPCERT98968540 bug0002542: FG-VD-15-017 Cacti Cross-Site Scripting Vulnerability Notification bug0002571: SQL Injection and Location heade...

7.5CVSS9.3AI score0.03227EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/06/09 12:0 a.m.•37 views

Adobe Flash Player -- critical vulnerabilities

Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve a vulnerability CVE-2015-3096 that could be...

10CVSS7.7AI score0.96079EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2015/06/08 12:0 a.m.•37 views

strongswan -- Information Leak Vulnerability

strongSwan Project reports: An information leak vulnerability was fixed that, in certain IKEv2 setups, allowed rogue servers with a valid certificate accepted by the client to trick it into disclosing user credentials even plain passwords if the client accepts EAP-GTC. This was caused because...

2.6CVSS7.9AI score0.02028EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/04/25 12:0 a.m.•37 views

gnutls -- MD5 downgrade in TLS signatures

Karthikeyan Bhargavan reports: GnuTLS does not by default support MD5 signatures. Indeed the RSA-MD5 signature-hash algorithm needs to be explicitly enabled using the priority option VERIFYALLOWSIGNRSAMD5. In the NORMAL and SECURE profiles, GnuTLS clients do not offer RSA-MD5 in the signature...

1.6AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2015/04/14 12:0 a.m.•37 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 45 new security fixes, including: 456518 High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous. 313939 Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo. 461191 High CVE-2015-1237: Use-after-free in IPC. Credit to Khali...

7.5CVSS6.7AI score0.02702EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2015/02/24 12:0 a.m.•37 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA-2015-11 Miscellaneous memory safety hazards rv:36.0 / rv:31.5 MFSA-2015-12 Invoking Mozilla updater will load locally stored DLL files MFSA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections MFSA-2015-14 Malicious WebGL content crash when...

7.5CVSS8.1AI score0.06029EPSS
Exploits0References18
FreeBSD
FreeBSD
•added 2014/12/25 12:0 a.m.•37 views

cURL -- URL request injection vulnerability

cURL reports: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP...

4.3CVSS8.9AI score0.0681EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/11/18 12:0 a.m.•37 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 42 security fixes in this release, including: 389734 High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey. 406868 High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG. 413375 High CVE-2014-7901: Integer overflow in pdfium. Credit...

10CVSS6.7AI score0.0826EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/10/22 12:0 a.m.•37 views

libpurple/pidgin -- multiple vulnerabilities

The pidgin development team reports:...

6.4CVSS9.2AI score0.03838EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/08/06 12:0 a.m.•37 views

OpenSSL -- multiple vulnerabilities

The OpenSSL Project reports: A flaw in OBJobj2txt may cause pretty printing functions such as X509nameoneline, X509nameprintex et al. to leak some information from the stack. CVE-2014-3508 The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer...

7.5CVSS6.4AI score0.7408EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/05/09 12:0 a.m.•37 views

foreman-proxy SSL verification issue

Foreman Security reports: The smart proxy when running in an SSL-secured mode permits incoming API calls to any endpoint without requiring, or performing any verification of an SSL client certificate. This permits any client with access to the API to make requests and perform actions permitting...

7.5CVSS6.5AI score0.01706EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/04/07 12:0 a.m.•37 views

OpenSSL -- Local Information Disclosure

OpenSSL reports: A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information. A local attacker might be able to snoop a signing process and might recover the signing key from it...

1.9CVSS6.4AI score0.00942EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2014/02/20 12:0 a.m.•37 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 28 security fixes in this release, including: 334897 High CVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid. 331790 High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani. 333176 High...

7.5CVSS1AI score0.02057EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2014/01/27 12:0 a.m.•37 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 14 security fixes in this release, including: 330420 High CVE-2013-6649: Use-after-free in SVG images. Credit to Atte Kettunen of OUSPG. 331444 High CVE-2013-6650: Memory corruption in V8. This issue was fixed in v8 version 3.22.24.16. Credit to Christian Holler...

7.5CVSS3.8AI score0.02032EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2014/01/14 12:0 a.m.•37 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 11 security fixes in this release, including: 249502 High CVE-2013-6646: Use-after-free in web workers. Credit to Collin Payne. 326854 High CVE-2013-6641: Use-after-free related to forms. Credit to Atte Kettunen of OUSPG. 324969 High CVE-2013-6642: Address bar...

7.5CVSS0.6AI score0.01804EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2013/11/30 12:0 a.m.•37 views

redis -- sensitive information leak through command history file

Redis team reports: The redis-cli history file in linenoise is created with the default OS umask value which makes it world readable in most systems and could potentially expose authentication credentials to other users...

3.3CVSS4.9AI score0.00484EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2013/08/17 12:0 a.m.•37 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-76 Miscellaneous memory safety hazards rv:24.0 / rv:17.0.9 MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-80...

10CVSS7.5AI score0.08894EPSS
Exploits4References18
FreeBSD
FreeBSD
•added 2013/08/05 12:0 a.m.•37 views

samba -- denial of service vulnerability

The Samba project reports: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file...

5CVSS6.2AI score0.69008EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2013/07/08 12:0 a.m.•37 views

PuTTY -- Four security holes in versions before 0.63

Simon Tatham reports: This 0.63 release fixes multiple security holes in previous versions of PuTTY, which can allow an SSH-2 server to make PuTTY overrun or underrun buffers and crash. ... These vulnerabilities can be triggered before host key verification, which means that you are not even safe...

6.8CVSS6.3AI score0.03447EPSS
Exploits4References5
FreeBSD
FreeBSD
•added 2013/05/20 12:0 a.m.•37 views

suPHP -- Privilege escalation

suPHP developer Sebastian Marsching reports: When the suPHPPHPPath was set, modsuphp would use the specified PHP executable to pretty-print PHP source files MIME type x-httpd-php-source or application/x-httpd-php-source. However, it would not sanitize the environment. Thus a user that was allowed...

0.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/27 12:0 a.m.•37 views

sudo -- Potential bypass of tty_tickets constraints

Todd Miller reports: A potentially malicious program run by a user with sudo access may be able to bypass the "ttyticket" constraints. In order for this to succeed there must exist on the machine a terminal device that the user has previously authenticated themselves on via sudo within the last...

4.4CVSS7.8AI score0.00378EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/11/26 12:0 a.m.•37 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 156567 High CVE-2012-5133: Use-after-free in SVG filters. Credit to miaubiz. 148638 Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG. 155711 Low CVE-2012-5132: Browser crash with chunked encoding. Credit to Attila Szász. 158249 Hi...

7.5CVSS1.4AI score0.04382EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/10/17 12:0 a.m.•37 views

xlockmore -- local exploit

Ignatios Souvatzis of NetBSD reports: Due to an error in the dclock screensaver in xlockmore, users who explicitly use this screensaver or a random mix of screensavers using something like "xlockmore -mode random" may have their screen unlocked unexpectedly at a random time...

7.5CVSS7.3AI score0.02897EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/08/30 12:0 a.m.•37 views

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: LDAP Injection When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP...

5CVSS6.4AI score0.01741EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2012/07/05 12:0 a.m.•37 views

puppet -- multiple vulnerabilities

puppet -- multiple vulnerabilities Arbitrary file read on the puppet master from authenticated clients high. It is possible to construct an HTTP get request from an authenticated client with a valid certificate that will return the contents of an arbitrary file on the Puppet master that the maste...

4.3CVSS5.9AI score0.02453EPSS
Exploits4References5
FreeBSD
FreeBSD
•added 2012/05/21 12:0 a.m.•37 views

haproxy -- buffer overflow

HAProxy reports: A flaw was reported in HAProxy where, due to a boundary error when copying data into the trash buffer, an external attacker could cause a buffer overflow. Exploiting this flaw could lead to the execution of arbitrary code, however it requires non-default settings for the...

3.3AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2012/03/26 12:0 a.m.•37 views

puppet -- Multiple Vulnerabilities

Multiple vulnerabilities exist in puppet that can result in arbitrary code execution, arbitrary file read access, denial of service, and arbitrary file write access. Please review the details in each of the CVEs for additional information...

6CVSS7.1AI score0.02632EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2012/03/19 12:0 a.m.•37 views

clamav -- multiple vulnerabilities

MITRE Advisories report: The TAR parser allows remote attackers to bypass malware detection via a POSIX TAR file with an initial aliases character sequence. The TAR parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR fi...

4.3CVSS6.2AI score0.99809EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/11/08 12:0 a.m.•37 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2011-46 loadSubScript unwraps XPCNativeWrapper scope parameter 1.9.2 branch MFSA 2011-47 Potential XSS against sites using Shift-JIS MFSA 2011-48 Miscellaneous memory safety hazards rv:8.0 MFSA 2011-49 Memory corruption while profiling using Firebug MFSA 2011-50...

10CVSS9.7AI score0.05657EPSS
Exploits1References7
FreeBSD
FreeBSD
•added 2011/09/14 12:0 a.m.•37 views

ffmpeg -- multiple vulnerabilities

Ubuntu Security Notice USN-1320-1 reports: Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary...

7.5CVSS9.8AI score0.06597EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/07/05 12:0 a.m.•37 views

BIND -- Remote DoS with certain RPZ configurations

ISC reports: Two defects were discovered in ISC's BIND 9.8 code. These defects only affect BIND 9.8 servers which have recursion enabled and which use a specific feature of the software known as Response Policy Zones RPZ and where the RPZ zone contains a specific rule/action pattern...

2.6CVSS6.7AI score0.0888EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/06/06 12:0 a.m.•37 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.186.6 and earlier versions for Android. These vulnerabilities could cau...

9.3CVSS6.2AI score0.08197EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2011/05/19 12:0 a.m.•37 views

Apache APR -- DoS vulnerabilities

The Apache Portable Runtime Project reports: A flaw was discovered in the aprfnmatch function in the Apache Portable Runtime APR library 1.4.4 or any backported versions that contained the upstream fix for CVE-2011-0419. This could cause httpd workers to enter a hung state 100% CPU utilization...

4.3CVSS8.6AI score0.10322EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/03/28 12:0 a.m.•37 views

gdm -- privilege escalation vulnerability

Sebastian Krahmer reports: It was discovered that the GNOME Display Manager gdm cleared the cache directory, which is owned by an unprivileged user, with the privileges of the root user. A race condition exists in gdm where a local user could take advantage of this by writing to the cache directo...

6.9CVSS3.9AI score0.00376EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/03/01 12:0 a.m.•37 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2011-01 Miscellaneous memory safety hazards rv:1.9.2.14/ 1.9.1.17 MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true MFSA 2011-03 Use-after-free error in JSON.stringify MFSA 2011-04 Buffer overflow in JavaScript upvarMap MFSA 2011-05 Buff...

10CVSS10.2AI score0.072EPSS
Exploits3References10
FreeBSD
FreeBSD
•added 2011/01/06 12:0 a.m.•37 views

php -- multiple vulnerabilities

PHP developers reports: Security Enhancements and Fixes in PHP 5.3.5: Fixed bug 53632 PHP hangs on numeric value 2.2250738585072011e-308. CVE-2010-4645 Security Enhancements and Fixes in PHP 5.2.17: Fixed bug 53632 PHP hangs on numeric value 2.2250738585072011e-308. CVE-2010-4645...

5CVSS8.7AI score0.15103EPSS
Exploits1
FreeBSD
FreeBSD
•added 2010/12/13 12:0 a.m.•37 views

php-filter -- Denial of Service

The following DoS condition in filter extension was fixed in PHP 5.3.4 and PHP 5.2.15: Stack consumption vulnerability in the filtervar function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTERVALIDATEEMAIL mode is used, allows remote attackers to cause a denial of service memory...

4.3CVSS6.3AI score0.03091EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2010/09/28 12:0 a.m.•37 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654...

9.3CVSS9.7AI score0.69679EPSS
Exploits18References2
FreeBSD
FreeBSD
•added 2010/03/16 12:0 a.m.•37 views

mozilla -- multiple vulnerabilities

Mozilla Project reports: MFSA 2010-07 Fixes for potentially exploitable crashes ported to the legacy branch MFSA 2010-06 Scriptable plugin execution in SeaMonkey mail MFSA 2009-68 NTLM reflection vulnerability MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-59 Heap buffer...

10CVSS6.9AI score0.28167EPSS
Exploits48References6
FreeBSD
FreeBSD
•added 2010/02/16 12:0 a.m.•37 views

krb5 -- multiple denial of service vulnerabilities

Two vulnerabilities in krb5 can be used by remote attackers in denial of service attacks. The MIT security advisories report this as follows: An unauthenticated remote attacker can send an invalid request to a KDC process that will cause it to crash due to an assertion failure, creating a denial ...

6.7AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2010/02/11 12:0 a.m.•37 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: A critical vulnerability has been identified in Adobe Flash Player version 10.0.42.34 and earlier. This vulnerability CVE-2010-0186 could subvert the domain sandbox and make unauthorized cross-domain requests. This update also resolves a...

6.8CVSS7.4AI score0.15635EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2010/02/09 12:0 a.m.•37 views

curl -- libcurl buffer overflow vulnerability

The cURL project reports in a security advisory: Using the affected libcurl version to download compressed content over HTTP, an application can ask libcurl to automatically uncompress data. When doing so, libcurl can wrongly send data up to 64K in size to the callback which thus is much larger...

6.8CVSS7.9AI score0.04408EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2009/03/03 12:0 a.m.•37 views

libsndfile -- CAF processing integer overflow vulnerability

Secunia reports: The vulnerability is caused due to an integer overflow error in the processing of CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking the user into processing a specially crafted CAF audio file...

9.3CVSS3.4AI score0.03642EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/01/12 12:0 a.m.•37 views

amarok -- multiple vulnerabilities

Secunia reports: Tobias Klein has reported some vulnerabilities in Amarok, which potentially can be exploited by malicious people to compromise a user's system. Two integer overflow errors exist within the "Audible::Tag::readTag" function in src/metadata/audible/audibletag.cpp. These can be...

9.3CVSS5.2AI score0.06903EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2008/11/01 12:0 a.m.•37 views

qemu -- Heap overflow in Cirrus emulation

Aurelien Jarno reports: CVE-2008-4539: fix a heap overflow in Cirrus emulation The code in hw/cirrusvga.c has changed a lot between CVE-2007-1320 has been announced and the patch has been applied. As a consequence it has wrongly applied and QEMU is still vulnerable to this bug if using VNC...

7.2CVSS9AI score0.00537EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/10/04 12:0 a.m.•37 views

opera -- multiple vulnerabilities

Opera reports: If a malicious page redirects Opera to a specially crafted address URL, it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page. Once a Java applet has been cached, if a page can predict the cache path...

6.1AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2008/09/11 12:0 a.m.•37 views

mysql -- empty bit-string literal denial of service

MySQL reports: The vulnerability is caused due to an error when processing an empty bit-string literal and can be exploited to crash the server via a specially crafted SQL statement...

4CVSS6.8AI score0.06465EPSS
Exploits1References5
FreeBSD
FreeBSD
•added 2008/08/04 12:0 a.m.•37 views

python -- multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS Denial of Service or to compromise a vulnerable system. Various integer overflow errors exist in core modules e.g...

7.5CVSS6.4AI score0.04214EPSS
Exploits3References7
Total number of security vulnerabilities5000