Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2012/03/26 12:0 a.m.•37 views

puppet -- Multiple Vulnerabilities

Multiple vulnerabilities exist in puppet that can result in arbitrary code execution, arbitrary file read access, denial of service, and arbitrary file write access. Please review the details in each of the CVEs for additional information...

6CVSS7.1AI score0.02632EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2012/03/19 12:0 a.m.•37 views

clamav -- multiple vulnerabilities

MITRE Advisories report: The TAR parser allows remote attackers to bypass malware detection via a POSIX TAR file with an initial aliases character sequence. The TAR parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR fi...

4.3CVSS6.2AI score0.99809EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/11/08 12:0 a.m.•37 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2011-46 loadSubScript unwraps XPCNativeWrapper scope parameter 1.9.2 branch MFSA 2011-47 Potential XSS against sites using Shift-JIS MFSA 2011-48 Miscellaneous memory safety hazards rv:8.0 MFSA 2011-49 Memory corruption while profiling using Firebug MFSA 2011-50...

10CVSS9.7AI score0.05657EPSS
Exploits1References7
FreeBSD
FreeBSD
•added 2011/09/26 12:0 a.m.•37 views

quagga -- multiple vulnerabilities

CERT-FI reports: Five vulnerabilities have been found in the BGP, OSPF, and OSPFv3 components of Quagga. The vulnerabilities allow an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified packets to an affected server. Routing messages are...

7.5CVSS10AI score0.07615EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/09/14 12:0 a.m.•37 views

ffmpeg -- multiple vulnerabilities

Ubuntu Security Notice USN-1320-1 reports: Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary...

7.5CVSS9.8AI score0.06597EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/07/05 12:0 a.m.•37 views

BIND -- Remote DoS with certain RPZ configurations

ISC reports: Two defects were discovered in ISC's BIND 9.8 code. These defects only affect BIND 9.8 servers which have recursion enabled and which use a specific feature of the software known as Response Policy Zones RPZ and where the RPZ zone contains a specific rule/action pattern...

2.6CVSS6.7AI score0.0888EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/06/06 12:0 a.m.•37 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.186.6 and earlier versions for Android. These vulnerabilities could cau...

9.3CVSS6.2AI score0.08197EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2011/05/19 12:0 a.m.•37 views

Apache APR -- DoS vulnerabilities

The Apache Portable Runtime Project reports: A flaw was discovered in the aprfnmatch function in the Apache Portable Runtime APR library 1.4.4 or any backported versions that contained the upstream fix for CVE-2011-0419. This could cause httpd workers to enter a hung state 100% CPU utilization...

4.3CVSS8.6AI score0.10322EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/03/28 12:0 a.m.•37 views

gdm -- privilege escalation vulnerability

Sebastian Krahmer reports: It was discovered that the GNOME Display Manager gdm cleared the cache directory, which is owned by an unprivileged user, with the privileges of the root user. A race condition exists in gdm where a local user could take advantage of this by writing to the cache directo...

6.9CVSS3.9AI score0.00376EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/03/01 12:0 a.m.•37 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2011-01 Miscellaneous memory safety hazards rv:1.9.2.14/ 1.9.1.17 MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true MFSA 2011-03 Use-after-free error in JSON.stringify MFSA 2011-04 Buffer overflow in JavaScript upvarMap MFSA 2011-05 Buff...

10CVSS10.2AI score0.072EPSS
Exploits3References10
FreeBSD
FreeBSD
•added 2011/01/06 12:0 a.m.•37 views

php -- multiple vulnerabilities

PHP developers reports: Security Enhancements and Fixes in PHP 5.3.5: Fixed bug 53632 PHP hangs on numeric value 2.2250738585072011e-308. CVE-2010-4645 Security Enhancements and Fixes in PHP 5.2.17: Fixed bug 53632 PHP hangs on numeric value 2.2250738585072011e-308. CVE-2010-4645...

5CVSS8.7AI score0.15103EPSS
Exploits1
FreeBSD
FreeBSD
•added 2010/09/28 12:0 a.m.•37 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654...

9.3CVSS9.7AI score0.69679EPSS
Exploits18References2
FreeBSD
FreeBSD
•added 2010/02/16 12:0 a.m.•37 views

krb5 -- multiple denial of service vulnerabilities

Two vulnerabilities in krb5 can be used by remote attackers in denial of service attacks. The MIT security advisories report this as follows: An unauthenticated remote attacker can send an invalid request to a KDC process that will cause it to crash due to an assertion failure, creating a denial ...

6.7AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2010/02/11 12:0 a.m.•37 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: A critical vulnerability has been identified in Adobe Flash Player version 10.0.42.34 and earlier. This vulnerability CVE-2010-0186 could subvert the domain sandbox and make unauthorized cross-domain requests. This update also resolves a...

6.8CVSS7.4AI score0.15635EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2010/02/09 12:0 a.m.•37 views

curl -- libcurl buffer overflow vulnerability

The cURL project reports in a security advisory: Using the affected libcurl version to download compressed content over HTTP, an application can ask libcurl to automatically uncompress data. When doing so, libcurl can wrongly send data up to 64K in size to the callback which thus is much larger...

6.8CVSS7.9AI score0.04408EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2009/06/11 12:0 a.m.•37 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2009-32 JavaScript chrome privilege escalation MFSA 2009-31 XUL scripts bypass content-policy checks MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar MFSA 2009-29 Arbitrary code execution using event listeners attached to an element...

9.3CVSS9.6AI score0.09282EPSS
Exploits9References10
FreeBSD
FreeBSD
•added 2009/03/03 12:0 a.m.•37 views

libsndfile -- CAF processing integer overflow vulnerability

Secunia reports: The vulnerability is caused due to an integer overflow error in the processing of CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking the user into processing a specially crafted CAF audio file...

9.3CVSS3.4AI score0.03612EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/02/04 12:0 a.m.•37 views

sudo -- certain authorized users could run commands as any user

Todd Miller reports: A bug was introduced in Sudo's group matching code in version 1.6.9 when support for matching based on the supplemental group vector was added. This bug may allow certain users listed in the sudoers file to run a command as a different user than their access rule specifies...

7.8CVSS2.5AI score0.00406EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/01/12 12:0 a.m.•37 views

amarok -- multiple vulnerabilities

Secunia reports: Tobias Klein has reported some vulnerabilities in Amarok, which potentially can be exploited by malicious people to compromise a user's system. Two integer overflow errors exist within the "Audible::Tag::readTag" function in src/metadata/audible/audibletag.cpp. These can be...

9.3CVSS5.2AI score0.06903EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2008/11/01 12:0 a.m.•37 views

qemu -- Heap overflow in Cirrus emulation

Aurelien Jarno reports: CVE-2008-4539: fix a heap overflow in Cirrus emulation The code in hw/cirrusvga.c has changed a lot between CVE-2007-1320 has been announced and the patch has been applied. As a consequence it has wrongly applied and QEMU is still vulnerable to this bug if using VNC...

7.2CVSS9AI score0.00537EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/10/04 12:0 a.m.•37 views

opera -- multiple vulnerabilities

Opera reports: If a malicious page redirects Opera to a specially crafted address URL, it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page. Once a Java applet has been cached, if a page can predict the cache path...

6.1AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2008/09/11 12:0 a.m.•37 views

mysql -- empty bit-string literal denial of service

MySQL reports: The vulnerability is caused due to an error when processing an empty bit-string literal and can be exploited to crash the server via a specially crafted SQL statement...

4CVSS6.8AI score0.06465EPSS
Exploits1References5
FreeBSD
FreeBSD
•added 2008/08/04 12:0 a.m.•37 views

python -- multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS Denial of Service or to compromise a vulnerable system. Various integer overflow errors exist in core modules e.g...

7.5CVSS6.4AI score0.04214EPSS
Exploits3References7
FreeBSD
FreeBSD
•added 2008/05/27 12:0 a.m.•37 views

linux-flashplugin -- unspecified remote code execution vulnerability

Adobe Product Security Incident Response Team reports: An exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player 9.0.124.0 CVE-2007-0071. This exploit does NOT appear to include a new,...

9.3CVSS6.1AI score0.92501EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2008/02/19 12:0 a.m.•37 views

qemu -- unchecked block read/write vulnerability

Ian Jackson reports on the debian-security mailinglist: When a block device read or write request is made by the guest, nothing checks that the request is within the range supported by the backend, but the code in the backend typically assumes that the request is sensible. Depending on the backen...

4.7CVSS6.6AI score0.00369EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2008/01/28 12:0 a.m.•37 views

pcre -- buffer overflow vulnerability

PCRE developers report: A character class containing a very large number of characters with codepoints greater than 255 in UTF-8 mode, of course caused a buffer overflow...

7.5CVSS6.8AI score0.05914EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2008/01/24 12:0 a.m.•37 views

sdl_image -- buffer overflow vulnerabilities

Secunia reports: Two vulnerabilities have been reported in SDLimage, which can be exploited by malicious people to cause a Denial of Service or potentially compromise an application using the library. A boundary error within the LWZReadByte function in IMGgif.c can be exploited to trigger the...

7AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2007/09/19 12:0 a.m.•37 views

openoffice -- arbitrary command execution vulnerability

iDefense reports: Remote exploitation of multiple integer overflow vulnerabilities within OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. These vulnerabilities exist within the TIFF parsing code of the OpenOffice suite. When...

9.3CVSS7.5AI score0.1132EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/09/11 12:0 a.m.•37 views

samba -- nss_info plugin privilege escalation vulnerability

The Samba development team reports: The idmapad.so library provides an nssinfo extension to Winbind for retrieving a user's home directory path, login shell and primary group id from an Active Directory domain controller. This functionality is enabled by defining the "winbind nss info" smb.conf...

6.9CVSS6.3AI score0.00724EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2007/08/23 12:0 a.m.•37 views

gtar -- Directory traversal vulnerability

Red Hat reports: A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. Red Hat credits Dmitry V. Levin for reporting the issue...

6.8CVSS7.5AI score0.02743EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2007/07/27 12:0 a.m.•37 views

vim -- Command Format String Vulnerability

A Secunia Advisory reports: A format string error in the "helptagsone" function in src/excmds.c when running the "helptags" command can be exploited to execute arbitrary code via specially crafted help files...

6.8CVSS7.4AI score0.04179EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2007/07/17 12:0 a.m.•37 views

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2007-25 XPCNativeWrapper pollution MFSA 2007-24 Unauthorized access to...

9.3CVSS7.1AI score0.04618EPSS
Exploits2References7
FreeBSD
FreeBSD
•added 2007/04/18 12:0 a.m.•37 views

clamav -- multiple vulnerabilities

Clamav had been found vulnerable to multiple vulnerabilities: Improper checking for the end of an buffer causing an unspecified attack vector. Insecure temporary file handling, which could be exploited to read sensitive information. A flaw in the parser engine which could allow a remote attacker ...

10CVSS6.4AI score0.03249EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/02/11 12:0 a.m.•37 views

mplayer -- DMO File Parsing Buffer Overflow Vulnerability

"Moritz Jodeit reports: There's an exploitable buffer overflow in the current version of MPlayer v1.0rc1 which can be exploited with a maliciously crafted video file. It is hidden in the DMOVideoDecoder function of loader/dmo/DMOVideoDecoder.c' file...

7.6CVSS6.8AI score0.05694EPSS
Exploits0
FreeBSD
FreeBSD
•added 2007/02/08 12:0 a.m.•37 views

libxine -- buffer overflow vulnerability

xine Team reports: A new xine-lib version is now available. This release contains a security fix array index vulnerability which may lead to a stack buffer overflow...

7.5CVSS6.5AI score0.0537EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2006/04/12 12:0 a.m.•37 views

frontpage -- cross site scripting vulnerability

Esteban Martinez Fayo reports: The FrontPage Server Extensions 2002 included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP has a web page /vtibin/vtiadm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site...

6.8CVSS6AI score0.24408EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2005/10/18 12:0 a.m.•37 views

netpbm -- buffer overflow in pnmtopng

Ubuntu reports: A buffer overflow was found in the "pnmtopng" conversion program. By tricking an user or automated system to process a specially crafted PNM image with pnmtopng, this could be exploited to execute arbitrary code with the privileges of the user running pnmtopng...

7.5CVSS7.6AI score0.04873EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2005/01/26 12:0 a.m.•37 views

gallery -- cross-site scripting

Gallery includes several cross-site scripting vulnerabilities that could allow malicious content to be injected...

6.8CVSS5.9AI score0.01611EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2005/01/20 12:0 a.m.•37 views

evolution -- arbitrary code execution vulnerability

Martin Joey Schulze reports: Max Vozeler discovered an integer overflow in the helper application camel-lock-helper which runs setuid root or setgid mail inside of Evolution, a free groupware suite. A local attacker can cause the setuid root helper to execute arbitrary code with elevated privileg...

9.8CVSS7.4AI score0.03179EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/01/16 12:0 a.m.•37 views

squid -- denial-of-service vulnerabilities

The Squid team reported several denial-of-service vulnerabilities related to the handling of DNS responses and NT Lan Manager messages. These may allow an attacker to crash the Squid cache...

5CVSS6.5AI score0.41109EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2005/01/11 12:0 a.m.•37 views

hylafax -- unauthorized login vulnerability

A flaw in HylaFAX may allow an attacker to bypass normal authentication by spoofing their DNS PTR records...

7.5CVSS2.5AI score0.01779EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/12/30 12:0 a.m.•37 views

perl -- File::Path insecure file/directory permissions

Jeroen van Wolffelaar reports that the Perl module File::Path contains a race condition wherein traversed directories and files are temporarily made world-readable/writable...

2.6CVSS6.4AI score0.00406EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2004/11/06 12:0 a.m.•37 views

Cyrus IMAPd -- PARTIAL command out of bounds memory corruption

Due to a bug within the argument parser of the partial command an argument like "bodyp" will be wrongly detected as "body.peek". Because of this the bufferposition gets increased by 10 instead of 5 and could therefore point outside the allocated memory buffer for the rest of the parsing process. ...

10CVSS6.7AI score0.05951EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/09/15 12:0 a.m.•37 views

xpm -- image decoding vulnerabilities

Chris Evans discovered several vulnerabilities in the libXpm image decoder: A stack-based buffer overflow in xpmParseColors An integer overflow in xpmParseColors A stack-based buffer overflow in ParsePixels and ParseAndPutPixels The X11R6.8.1 release announcement reads: This version is purely a...

8AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2004/08/25 12:0 a.m.•37 views

ImageMagick -- BMP decoder buffer overflow

Marcus Meissner discovered that ImageMagick's BMP decoder would crash when loading the test BMP file created by Chris Evans for testing the previous Qt vulnerability...

7.5CVSS6.5AI score0.05512EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/07/01 12:0 a.m.•37 views

MySQL authentication bypass / buffer overflow

By submitting a carefully crafted authentication packet, it is possible for an attacker to bypass password authentication in MySQL 4.1. Using a similar method, a stack buffer used in the authentication mechanism can be overflowed...

6.8AI score
Exploits0References6
FreeBSD
FreeBSD
•added 2004/04/24 12:0 a.m.•37 views

buffer cache invalidation implementation issues

Programming errors in the implementation of the msync2 system call involving the MSINVALIDATE operation lead to cache consistency problems between the virtual memory system and on-disk contents. In some situations, a user with read access to a file may be able to prevent changes to that file from...

3.6CVSS6.2AI score0.00331EPSS
Exploits0
FreeBSD
FreeBSD
•added 2003/11/20 12:0 a.m.•37 views

zebra/quagga denial of service vulnerability

A remote attacker could cause zebra/quagga to crash by sending a malformed telnet command to their management port...

2.1CVSS6.4AI score0.00362EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2003/08/16 12:0 a.m.•37 views

mpg123 buffer overflow

The mpg123 software version 0.59r contains a buffer overflow vulnerability which may permit the execution of arbitrary code as the owner of the mpg123 process...

7.5CVSS7.5AI score0.03786EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2002/03/27 12:0 a.m.•37 views

tiff -- divide-by-zero denial-of-service

A US-CERT vulnerability note reports: An Integer overflow in the LibTIFF library may allow a remote attacker to cause a divide-by-zero error that results in a denial-of-service condition...

4.3CVSS6.6AI score0.04329EPSS
Exploits0References1
Total number of security vulnerabilities5000