Lucene search
K
FreebsdMost viewed

6583 matches found

FreeBSD
FreeBSD
•added 2010/12/13 12:0 a.m.•37 views

php-filter -- Denial of Service

The following DoS condition in filter extension was fixed in PHP 5.3.4 and PHP 5.2.15: Stack consumption vulnerability in the filtervar function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTERVALIDATEEMAIL mode is used, allows remote attackers to cause a denial of service memory...

4.3CVSS6.3AI score0.03091EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2010/09/28 12:0 a.m.•37 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654...

9.3CVSS9.7AI score0.69679EPSS
Exploits18References2
FreeBSD
FreeBSD
•added 2010/02/16 12:0 a.m.•37 views

krb5 -- multiple denial of service vulnerabilities

Two vulnerabilities in krb5 can be used by remote attackers in denial of service attacks. The MIT security advisories report this as follows: An unauthenticated remote attacker can send an invalid request to a KDC process that will cause it to crash due to an assertion failure, creating a denial ...

6.7AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2010/02/11 12:0 a.m.•37 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: A critical vulnerability has been identified in Adobe Flash Player version 10.0.42.34 and earlier. This vulnerability CVE-2010-0186 could subvert the domain sandbox and make unauthorized cross-domain requests. This update also resolves a...

6.8CVSS7.4AI score0.15635EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2010/02/09 12:0 a.m.•37 views

curl -- libcurl buffer overflow vulnerability

The cURL project reports in a security advisory: Using the affected libcurl version to download compressed content over HTTP, an application can ask libcurl to automatically uncompress data. When doing so, libcurl can wrongly send data up to 64K in size to the callback which thus is much larger...

6.8CVSS7.9AI score0.04408EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2009/06/11 12:0 a.m.•37 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2009-32 JavaScript chrome privilege escalation MFSA 2009-31 XUL scripts bypass content-policy checks MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar MFSA 2009-29 Arbitrary code execution using event listeners attached to an element...

9.3CVSS9.6AI score0.09282EPSS
Exploits9References10
FreeBSD
FreeBSD
•added 2009/03/03 12:0 a.m.•37 views

libsndfile -- CAF processing integer overflow vulnerability

Secunia reports: The vulnerability is caused due to an integer overflow error in the processing of CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking the user into processing a specially crafted CAF audio file...

9.3CVSS3.4AI score0.03642EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/02/04 12:0 a.m.•37 views

sudo -- certain authorized users could run commands as any user

Todd Miller reports: A bug was introduced in Sudo's group matching code in version 1.6.9 when support for matching based on the supplemental group vector was added. This bug may allow certain users listed in the sudoers file to run a command as a different user than their access rule specifies...

7.8CVSS2.5AI score0.00406EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/01/12 12:0 a.m.•37 views

amarok -- multiple vulnerabilities

Secunia reports: Tobias Klein has reported some vulnerabilities in Amarok, which potentially can be exploited by malicious people to compromise a user's system. Two integer overflow errors exist within the "Audible::Tag::readTag" function in src/metadata/audible/audibletag.cpp. These can be...

9.3CVSS5.2AI score0.06903EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2008/11/01 12:0 a.m.•37 views

qemu -- Heap overflow in Cirrus emulation

Aurelien Jarno reports: CVE-2008-4539: fix a heap overflow in Cirrus emulation The code in hw/cirrusvga.c has changed a lot between CVE-2007-1320 has been announced and the patch has been applied. As a consequence it has wrongly applied and QEMU is still vulnerable to this bug if using VNC...

7.2CVSS9AI score0.00537EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/10/04 12:0 a.m.•37 views

opera -- multiple vulnerabilities

Opera reports: If a malicious page redirects Opera to a specially crafted address URL, it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page. Once a Java applet has been cached, if a page can predict the cache path...

6.1AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2008/09/11 12:0 a.m.•37 views

mysql -- empty bit-string literal denial of service

MySQL reports: The vulnerability is caused due to an error when processing an empty bit-string literal and can be exploited to crash the server via a specially crafted SQL statement...

4CVSS6.8AI score0.06465EPSS
Exploits1References5
FreeBSD
FreeBSD
•added 2008/08/04 12:0 a.m.•37 views

python -- multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS Denial of Service or to compromise a vulnerable system. Various integer overflow errors exist in core modules e.g...

7.5CVSS6.4AI score0.04214EPSS
Exploits3References7
FreeBSD
FreeBSD
•added 2008/05/27 12:0 a.m.•37 views

linux-flashplugin -- unspecified remote code execution vulnerability

Adobe Product Security Incident Response Team reports: An exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player 9.0.124.0 CVE-2007-0071. This exploit does NOT appear to include a new,...

9.3CVSS6.1AI score0.92501EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2008/02/19 12:0 a.m.•37 views

qemu -- unchecked block read/write vulnerability

Ian Jackson reports on the debian-security mailinglist: When a block device read or write request is made by the guest, nothing checks that the request is within the range supported by the backend, but the code in the backend typically assumes that the request is sensible. Depending on the backen...

4.7CVSS6.6AI score0.00369EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2008/01/28 12:0 a.m.•37 views

pcre -- buffer overflow vulnerability

PCRE developers report: A character class containing a very large number of characters with codepoints greater than 255 in UTF-8 mode, of course caused a buffer overflow...

7.5CVSS6.8AI score0.05914EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2008/01/24 12:0 a.m.•37 views

sdl_image -- buffer overflow vulnerabilities

Secunia reports: Two vulnerabilities have been reported in SDLimage, which can be exploited by malicious people to cause a Denial of Service or potentially compromise an application using the library. A boundary error within the LWZReadByte function in IMGgif.c can be exploited to trigger the...

7AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2007/09/19 12:0 a.m.•37 views

openoffice -- arbitrary command execution vulnerability

iDefense reports: Remote exploitation of multiple integer overflow vulnerabilities within OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. These vulnerabilities exist within the TIFF parsing code of the OpenOffice suite. When...

9.3CVSS7.5AI score0.1132EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/09/11 12:0 a.m.•37 views

samba -- nss_info plugin privilege escalation vulnerability

The Samba development team reports: The idmapad.so library provides an nssinfo extension to Winbind for retrieving a user's home directory path, login shell and primary group id from an Active Directory domain controller. This functionality is enabled by defining the "winbind nss info" smb.conf...

6.9CVSS6.3AI score0.00724EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2007/08/23 12:0 a.m.•37 views

gtar -- Directory traversal vulnerability

Red Hat reports: A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. Red Hat credits Dmitry V. Levin for reporting the issue...

6.8CVSS7.5AI score0.02743EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2007/07/27 12:0 a.m.•37 views

vim -- Command Format String Vulnerability

A Secunia Advisory reports: A format string error in the "helptagsone" function in src/excmds.c when running the "helptags" command can be exploited to execute arbitrary code via specially crafted help files...

6.8CVSS7.4AI score0.04179EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2007/07/17 12:0 a.m.•37 views

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2007-25 XPCNativeWrapper pollution MFSA 2007-24 Unauthorized access to...

9.3CVSS7.1AI score0.04618EPSS
Exploits2References7
FreeBSD
FreeBSD
•added 2007/04/18 12:0 a.m.•37 views

clamav -- multiple vulnerabilities

Clamav had been found vulnerable to multiple vulnerabilities: Improper checking for the end of an buffer causing an unspecified attack vector. Insecure temporary file handling, which could be exploited to read sensitive information. A flaw in the parser engine which could allow a remote attacker ...

10CVSS6.4AI score0.03249EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/02/11 12:0 a.m.•37 views

mplayer -- DMO File Parsing Buffer Overflow Vulnerability

"Moritz Jodeit reports: There's an exploitable buffer overflow in the current version of MPlayer v1.0rc1 which can be exploited with a maliciously crafted video file. It is hidden in the DMOVideoDecoder function of loader/dmo/DMOVideoDecoder.c' file...

7.6CVSS6.8AI score0.05694EPSS
Exploits0
FreeBSD
FreeBSD
•added 2007/02/08 12:0 a.m.•37 views

libxine -- buffer overflow vulnerability

xine Team reports: A new xine-lib version is now available. This release contains a security fix array index vulnerability which may lead to a stack buffer overflow...

7.5CVSS6.5AI score0.0537EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2006/08/20 12:0 a.m.•37 views

cscope -- Buffer Overflow Vulnerabilities

Secunia reports: Will Drewry has reported some vulnerabilities in Cscope, which potentially can be exploited by malicious people to compromise a vulnerable system. Various boundary errors within the parsing of file lists or the expansion of environment variables can be exploited to cause...

5.1CVSS7AI score0.03653EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2006/04/12 12:0 a.m.•37 views

frontpage -- cross site scripting vulnerability

Esteban Martinez Fayo reports: The FrontPage Server Extensions 2002 included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP has a web page /vtibin/vtiadm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site...

6.8CVSS6AI score0.24408EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2005/10/18 12:0 a.m.•37 views

netpbm -- buffer overflow in pnmtopng

Ubuntu reports: A buffer overflow was found in the "pnmtopng" conversion program. By tricking an user or automated system to process a specially crafted PNM image with pnmtopng, this could be exploited to execute arbitrary code with the privileges of the user running pnmtopng...

7.5CVSS7.6AI score0.04873EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2005/10/12 12:0 a.m.•37 views

libwww -- multiple vulnerabilities

Mitre reports: The HTBoundaryputblock function in HTBound.c for W3C libwww w3c-libwww allows remote servers to cause a denial of service segmentation fault via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read. The big2toUtf8 function in lib/xmltok.c in libexpat in...

5CVSS6.7AI score0.27924EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2005/01/26 12:0 a.m.•37 views

gallery -- cross-site scripting

Gallery includes several cross-site scripting vulnerabilities that could allow malicious content to be injected...

6.8CVSS5.9AI score0.01611EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2005/01/20 12:0 a.m.•37 views

evolution -- arbitrary code execution vulnerability

Martin Joey Schulze reports: Max Vozeler discovered an integer overflow in the helper application camel-lock-helper which runs setuid root or setgid mail inside of Evolution, a free groupware suite. A local attacker can cause the setuid root helper to execute arbitrary code with elevated privileg...

9.8CVSS7.4AI score0.03179EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/01/16 12:0 a.m.•37 views

squid -- denial-of-service vulnerabilities

The Squid team reported several denial-of-service vulnerabilities related to the handling of DNS responses and NT Lan Manager messages. These may allow an attacker to crash the Squid cache...

5CVSS6.5AI score0.41109EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2005/01/11 12:0 a.m.•37 views

hylafax -- unauthorized login vulnerability

A flaw in HylaFAX may allow an attacker to bypass normal authentication by spoofing their DNS PTR records...

7.5CVSS2.5AI score0.01779EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/12/30 12:0 a.m.•37 views

perl -- File::Path insecure file/directory permissions

Jeroen van Wolffelaar reports that the Perl module File::Path contains a race condition wherein traversed directories and files are temporarily made world-readable/writable...

2.6CVSS6.4AI score0.00406EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2004/11/06 12:0 a.m.•37 views

Cyrus IMAPd -- PARTIAL command out of bounds memory corruption

Due to a bug within the argument parser of the partial command an argument like "bodyp" will be wrongly detected as "body.peek". Because of this the bufferposition gets increased by 10 instead of 5 and could therefore point outside the allocated memory buffer for the rest of the parsing process. ...

10CVSS6.7AI score0.05951EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/09/15 12:0 a.m.•37 views

xpm -- image decoding vulnerabilities

Chris Evans discovered several vulnerabilities in the libXpm image decoder: A stack-based buffer overflow in xpmParseColors An integer overflow in xpmParseColors A stack-based buffer overflow in ParsePixels and ParseAndPutPixels The X11R6.8.1 release announcement reads: This version is purely a...

8AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2004/08/25 12:0 a.m.•37 views

ImageMagick -- BMP decoder buffer overflow

Marcus Meissner discovered that ImageMagick's BMP decoder would crash when loading the test BMP file created by Chris Evans for testing the previous Qt vulnerability...

7.5CVSS6.5AI score0.05512EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/07/01 12:0 a.m.•37 views

MySQL authentication bypass / buffer overflow

By submitting a carefully crafted authentication packet, it is possible for an attacker to bypass password authentication in MySQL 4.1. Using a similar method, a stack buffer used in the authentication mechanism can be overflowed...

6.8AI score
Exploits0References6
FreeBSD
FreeBSD
•added 2004/04/24 12:0 a.m.•37 views

buffer cache invalidation implementation issues

Programming errors in the implementation of the msync2 system call involving the MSINVALIDATE operation lead to cache consistency problems between the virtual memory system and on-disk contents. In some situations, a user with read access to a file may be able to prevent changes to that file from...

3.6CVSS6.2AI score0.00331EPSS
Exploits0
FreeBSD
FreeBSD
•added 2003/11/20 12:0 a.m.•37 views

zebra/quagga denial of service vulnerability

A remote attacker could cause zebra/quagga to crash by sending a malformed telnet command to their management port...

2.1CVSS6.4AI score0.00362EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2003/08/16 12:0 a.m.•37 views

mpg123 buffer overflow

The mpg123 software version 0.59r contains a buffer overflow vulnerability which may permit the execution of arbitrary code as the owner of the mpg123 process...

7.5CVSS7.5AI score0.03786EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2002/03/27 12:0 a.m.•37 views

tiff -- divide-by-zero denial-of-service

A US-CERT vulnerability note reports: An Integer overflow in the LibTIFF library may allow a remote attacker to cause a divide-by-zero error that results in a denial-of-service condition...

4.3CVSS6.6AI score0.04329EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/12 12:0 a.m.•36 views

Vaultwarden -- Multiple vulnerabilities

The Vaultwarden project reports: GHSA-937x-3j8m-7w7p Unconfirmed Owner Can Purge Entire Organization Vault. GHSA-569v-845w-g82p Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another Organization GHSA-6j4w-g4jh-xjfx Refresh tokens not invalidated on security stamp rotatio...

5.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2024/07/10 12:0 a.m.•36 views

electron30 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-5493. Security: backported fix for CVE-2024-5831. Security: backported fix for CVE-2024-5832. Security: backported fix for CVE-2024-6100. Security: backported fix for CVE-2024-6101...

8.8CVSS7.8AI score0.01123EPSS
Exploits5References10
FreeBSD
FreeBSD
•added 2024/05/09 12:0 a.m.•36 views

PostgreSQL server -- Potentially allowing authenicated database users to see data that they shouldn't.

PostgreSQL project reports: A security vulnerability was found in the system views pgstatsext and pgstatsextexprs, potentially allowing authenticated database users to see data they shouldn't. If this is of concern in your installation, run the SQL script...

4.3CVSS7.7AI score0.00722EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/12/05 12:0 a.m.•36 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 10 security fixes: 1497984 High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy Kim@cassidy6564 on 2023-10-31 1494565 High CVE-2023-6509: Use after free in Side Panel Search. Reported by Khalil Zhani on 2023-10-21 1480152 Medium...

8.8CVSS8AI score0.01268EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/08/23 12:0 a.m.•36 views

electron{22,24} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4355. Security: backported fix for CVE-2023-4354. Security: backported fix for CVE-2023-4353. Security: backported fix for CVE-2023-4352. Security: backported fix for CVE-2023-4351...

8.8CVSS8.7AI score0.26819EPSS
Exploits2References5
FreeBSD
FreeBSD
•added 2023/07/10 12:0 a.m.•36 views

redis -- heap overflow in COMMAND GETKEYS and ACL evaluation

Redis core team reports: Extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Specifically: using COMMAND GETKEYS and validation of key names in ACL...

8.8CVSS8.2AI score0.74822EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2023/06/26 12:0 a.m.•36 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 4 security fixes: 1452137 High CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-06-07 1447568 High CVE-2023-3421: Use after free in Media. Reported by Piotr Bania of Cisco Talos on 2023-05-22 1450397 High...

8.8CVSS7.5AI score0.56192EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/06/22 12:0 a.m.•36 views

electron{23,24} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3215. Security: backported fix for CVE-2023-3216...

8.8CVSS8.7AI score0.13813EPSS
Exploits0References2
Total number of security vulnerabilities5000