Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2014/09/15 12:0 a.m.•36 views

squid -- Buffer overflow in SNMP processing

The squid-cache project reports: Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer...

6.8CVSS8AI score0.23317EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/06/20 12:0 a.m.•36 views

phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names

The phpMyAdmin development team reports: Self-XSS due to unescaped HTML output in recent/favorite tables navigation. When marking a crafted database or table name as favorite or having it in recent tables, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who...

6.2AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2014/05/13 12:0 a.m.•36 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 3 security fixes in this release: 358038 High CVE-2014-1740: Use-after-free in WebSockets. Credit to Collin Payne. 349898 High CVE-2014-1741: Integer overflow in DOM ranges. Credit to John Butler. 356690 High CVE-2014-1742: Use-after-free in editing. Credit to...

7.5CVSS1.9AI score0.01648EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/04/24 12:0 a.m.•36 views

qt4-imageformats, qt5-gui -- DoS vulnerability in the GIF image handler

Richard J. Moore reports: The builtin GIF decoder in QtGui prior to Qt 5.3 contained a bug that would lead to a null pointer dereference when loading certain hand crafted corrupt GIF files. This in turn would cause the application loading these hand crafted GIFs to crash...

4.3CVSS8.5AI score0.03957EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/02/16 12:0 a.m.•36 views

file -- denial of service

The Fine Free file project reports: file before 5.17 allows context-dependent attackers to cause a denial of service infinite recursion, CPU consumption, and crash via a crafted indirect offset value in the magic of a file...

5CVSS7.3AI score0.0507EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/02/04 12:0 a.m.•36 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.99883EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2013/09/10 12:0 a.m.•36 views

django -- multiple vulnerabilities

The Django project reports: These releases address a directory-traversal vulnerability in one of Django's built-in template tags. While this issue requires some fairly specific factors to be exploitable, we encourage all users of Django to upgrade promptly...

5CVSS6.3AI score0.03182EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2013/05/31 12:0 a.m.•36 views

devel/subversion -- contrib hook-scripts can allow arbitrary code execution

Subversion team reports: The script contrib/hook-scripts/check-mime-type.pl does not escape argv arguments to 'svnlook' that start with a hyphen. This could be used to cause 'svnlook', and hence check-mime-type.pl, to error out. The script contrib/hook-scripts/svn-keyword-check.pl parses filename...

7.1CVSS6.5AI score0.31466EPSS
Exploits5
FreeBSD
FreeBSD
•added 2013/05/31 12:0 a.m.•36 views

devel/subversion -- fsfs repositories can be corrupted by newline characters in filenames

Subversion team reports: If a filename which contains a newline character ASCII 0x0a is committed to a repository using the FSFS format, the resulting revision is corrupt...

5.5CVSS6.4AI score0.02814EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/04/18 12:0 a.m.•36 views

phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page

The phpMyAdmin development team reports: When modifying a URL parameter with a crafted value it is possible to trigger an XSS. These XSS can only be triggered when a valid database is known and when a valid cookie token is used...

6.1CVSS5.9AI score0.04705EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/04/02 12:0 a.m.•36 views

otrs -- Information disclosure and Data manipulation

The OTRS Project reports: An attacker with a valid agent login could manipulate URLs in the object linking mechanism to see titles of tickets and other objects that are not obliged to be seen. Furthermore, links to objects without permission can be placed and removed...

6.5CVSS7.3AI score0.01291EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/03/26 12:0 a.m.•36 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 172342 High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG. 180909 Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team Cris Neckar. 180555 Low CVE-2013-0918: Do not navigate dev tools upon drag an...

7.5CVSS6.1AI score0.01282EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/21 12:0 a.m.•36 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 172243 High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG. 171951 High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva. 167069 Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte...

7.5CVSS0.0225EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/07 12:0 a.m.•36 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

9.3CVSS6.5AI score0.77597EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2012/12/11 12:0 a.m.•36 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 158204 High CVE-2012-5139: Use-after-free with visibility events. Credit to Chamal de Silva. 159429 High CVE-2012-5140: Use-after-free in URL loader. Credit to Chamal de Silva. 160456 Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation. Credit to...

10CVSS0.7AI score0.03533EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/10/26 12:0 a.m.•36 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-90 Fixes for Location object issues...

6.4CVSS9.2AI score0.03287EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2012/07/22 12:0 a.m.•36 views

Wireshark -- Multiple vulnerabilities

Wireshark reports: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by...

8.3CVSS6.7AI score0.06009EPSS
Exploits10References15
FreeBSD
FreeBSD
•added 2012/06/12 12:0 a.m.•36 views

FreeBSD -- Incorrect handling of zero-length RDATA fields in named(8)

Problem description: The named8 server does not properly handle DNS resource records where the RDATA field is zero length, which may cause various issues for the servers handling them. Resolving servers may crash or disclose some portion of memory to the client. Authoritative servers may crash on...

8.5CVSS8.7AI score0.13405EPSS
Exploits1
FreeBSD
FreeBSD
•added 2012/03/23 12:0 a.m.•36 views

quagga -- multiple vulnerabilities

CERT reports: The ospfd implementation of OSPF in Quagga allows a remote attacker on a local network segment with OSPF enabled to cause a denial of service daemon aborts due to an assert with a malformed OSPF LS-Update message. The ospfd implementation of OSPF in Quagga allows a remote attacker o...

3.3CVSS6.3AI score0.01822EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/11/10 12:0 a.m.•36 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions for Android. In addition a patch was release...

10CVSS9.5AI score0.0896EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/04/21 12:0 a.m.•36 views

Asterisk -- multiple vulnerabilities

The Asterisk Development Team reports: It is possible for a user of the Asterisk Manager Interface to bypass a security check and execute shell commands when they should not have that ability. Sending the "Async" header with the "Application" header during an Originate action, allows authenticate...

5CVSS1.2AI score0.02504EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/02/01 12:0 a.m.•36 views

mediawiki -- multiple vulnerabilities

Medawiki reports: An arbitrary script inclusion vulnerability was discovered. The vulnerability only allows execution of files with names ending in ".php" which are already present in the local filesystem. Only servers running Microsoft Windows and possibly Novell Netware are affected. Despite...

4.3CVSS3.1AI score0.02346EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2011/01/24 12:0 a.m.•36 views

bugzilla -- multiple serious vulnerabilities

A Bugzilla Security Advisory reports: This advisory covers three security issues that have recently been fixed in the Bugzilla code: A weakness in Bugzilla could allow a user to gain unauthorized access to another Bugzilla account. A weakness in the Perl CGI.pm module allows injecting HTTP header...

9.3CVSS9.2AI score0.0504EPSS
Exploits0References12
FreeBSD
FreeBSD
•added 2010/12/10 12:0 a.m.•36 views

exim -- local privilege escalation

David Woodhouse reports: Secondly a privilege escalation where the trusted 'exim' user is able to tell Exim to use arbitrary config files, in which further $run ... commands will be invoked as root...

7.8CVSS9.4AI score0.17794EPSS
Exploits4References2
FreeBSD
FreeBSD
•added 2010/11/30 12:0 a.m.•36 views

krb5 -- multiple checksum handling vulnerabilities

The MIT Kerberos team reports: MIT krb5 clients incorrectly accept an unkeyed checksums in the SAM-2 preauthentication challenge. An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. Under some...

3.7CVSS6.2AI score0.02847EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2010/11/12 12:0 a.m.•36 views

tomcat -- Cross-site scripting vulnerability

The Tomcat security team reports: The HTML Manager interface displayed web applciation provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administartive user when viewing the manager pages...

4.3CVSS1.1AI score0.10228EPSS
Exploits2References3
FreeBSD
FreeBSD
•added 2010/08/05 12:0 a.m.•36 views

bugzilla -- information disclosure, denial of service

A Bugzilla Security Advisory reports: Remote Information Disclosure: An unprivileged user is normally not allowed to view other users' group membership. But boolean charts let the user use group-based pronouns, indirectly disclosing group membership. This security fix restricts the use of pronoun...

6.2AI score
Exploits0References5
FreeBSD
FreeBSD
•added 2009/12/10 12:0 a.m.•36 views

piwik -- php code execution

secunia reports: Stefan Esser has reported a vulnerability in Piwik, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the core/Cookie.php script using "unserialize" with user controlled input. This can be exploited to e.g. execute...

7.5CVSS7.1AI score0.16949EPSS
Exploits2References3
FreeBSD
FreeBSD
•added 2009/08/10 12:0 a.m.•36 views

wordpress -- remote admin password reset vulnerability

WordPress reports: A specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database usually the admin account would have its password reset and a new passwor...

7.5CVSS6.4AI score0.19636EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2009/08/07 12:0 a.m.•36 views

silc-toolkit -- Format string vulnerabilities

SILC Changlog reports: An unspecified format string vulnerability exists in silc-toolkit...

7.5CVSS6.5AI score0.04827EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2009/08/03 12:0 a.m.•36 views

mozilla -- multiple vulnerabilities

Mozilla Project reports: MFSA 2009-38: Data corruption with SOCKS5 reply containing DNS name longer than 15 characters MFSA 2009-42: Compromise of SSL-protected communication MFSA 2009-43: Heap overflow in certificate regexp parsing MFSA 2009-44: Location bar and SSL indicator spoofing via...

9.5AI score
Exploits0References6
FreeBSD
FreeBSD
•added 2009/07/31 12:0 a.m.•36 views

silc-client -- Format string vulnerability

SILC changelog reports: An unspecified format string vulnerability exists in silc-client...

7.5CVSS6.5AI score0.04827EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2009/05/29 12:0 a.m.•36 views

nagios -- Command Injection Vulnerability

Secunia reports: A vulnerability has been reported in Nagios, which can be exploited by malicious users to potentially compromise a vulnerable system. Input passed to the "ping" parameter in statuswml.cgi is not properly sanitised before being used to invoke the ping command. This can be exploite...

7.5CVSS6.9AI score0.83453EPSS
Exploits14References2
FreeBSD
FreeBSD
•added 2009/04/16 12:0 a.m.•36 views

freetype2 -- multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in FreeType, which can be exploited by malicious people to potentially compromise an application using the library. An integer overflow error within the "cffcharsetcomputecids" function in cff/cffload.c can be exploited to potentially cause...

7.5CVSS9.8AI score0.08541EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/01/08 12:0 a.m.•36 views

openfire -- multiple vulnerabilities

Core Security Technologies reports: Multiple cross-site scripting vulnerabilities have been found which may lead to arbitrary remote code execution on the server running the application due to unauthorized upload of Java plugin code...

2.1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2008/12/30 12:0 a.m.•36 views

libaudiofile -- heap-based overflow in Microsoft ADPCM compression module

Debian reports: Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted WAV file...

5CVSS7.8AI score0.02179EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/12/24 12:0 a.m.•36 views

php5-gd -- uninitialized memory information disclosure vulnerability

According to CVE-2008-5498 entry: Array index error in the "imageRotate" function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument aka the "bgdcolor" or "clrBack" argument for an indexed image...

5CVSS6.5AI score0.08845EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2008/11/05 12:0 a.m.•36 views

vlc -- cue processing stack overflow

The VLC Team reports: The VLC media player contains a stack overflow vulnerability while parsing malformed cue files. The vulnerability may be exploited by a remote attacker to execute arbitrary code in the context of VLC media player...

7.4AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2008/11/03 12:0 a.m.•36 views

opera -- multiple vulnerabilities

Opera reports: When certain parameters are passed to Opera's History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera's configuration...

9.3CVSS6.8AI score0.04504EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2008/10/12 12:0 a.m.•36 views

net-snmp -- DoS for SNMP agent via crafted GETBULK request

Wes Hardaker reports through sourceforge.net forum: SECURITY ISSUE: A bug in the getbulk handling code could let anyone with even minimal access crash the agent. If you have open access to your snmp agents bad bad bad; stop doing that! or if you don't trust everyone that does have access to your...

7.5CVSS6.8AI score0.04926EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2008/01/10 12:0 a.m.•36 views

drupal -- cross site request forgery

The Drupal Project reports: The aggregator module fetches items from RSS feeds and makes them available on the site. The module provides an option to remove items from a particular feed. This has been implemented as a simple GET request and is therefore vulnerable to cross site request forgeries...

4.3CVSS5.6AI score0.0117EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2007/11/28 12:0 a.m.•36 views

Squid -- Denial of Service Vulnerability

Squid secuirty advisory reports: Due to incorrect bounds checking Squid is vulnerable to a denial of service check during some cache update reply processing. This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service...

5CVSS6.4AI score0.26858EPSS
Exploits2
FreeBSD
FreeBSD
•added 2007/09/07 12:0 a.m.•36 views

apache -- multiple vulnerabilities

Apache HTTP server project reports: The following potential security flaws are addressed: CVE-2007-3847: modproxy: Prevent reading past the end of a buffer when parsing date-related headers. CVE-2007-1863: modcache: Prevent a segmentation fault if attributes are listed in a Cache-Control header...

5CVSS6.2AI score0.27783EPSS
Exploits3
FreeBSD
FreeBSD
•added 2007/08/21 12:0 a.m.•36 views

clamav -- multiple remote Denial of Service vulnerabilities

BugTraq reports: ClamAV is prone to multiple denial-of-service vulnerabilities. A successful attack may allow an attacker to crash the application and deny service to users...

4.3CVSS6.5AI score0.01968EPSS
Exploits0
FreeBSD
FreeBSD
•added 2007/07/29 12:0 a.m.•36 views

fetchmail -- denial of service on reject of local warning message

Matthias Andree reports: fetchmail will generate warning messages in certain circumstances for instance, when leaving oversized messages on the server or login to the upstream fails and send them to the local postmaster or the user running it. If this warning message is then refused by the SMTP...

5CVSS6.2AI score0.01971EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2007/07/10 12:0 a.m.•36 views

linux-flashplugin -- critical vulnerabilities

Adobe reports: Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit...

6.8CVSS6.7AI score0.06727EPSS
Exploits0
FreeBSD
FreeBSD
•added 2007/05/28 12:0 a.m.•36 views

mutt -- buffer overflow vulnerability

Securityfocus reports: Mutt is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation. An attacker can exploit this issue to execute arbitrary code with the with the privileges of the victim. Failed...

3.5CVSS6.6AI score0.00806EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/05/05 12:0 a.m.•36 views

cups -- Incomplete SSL Negotiation Denial of Service

Secunia reports: CUPS is not using multiple workers to handle connections. This can be exploited to stop CUPS from accepting new connections by starting but never completing an SSL negotiation...

5CVSS9.1AI score0.05321EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2007/03/13 12:0 a.m.•36 views

flyspray -- authentication bypass

The Flyspray Project reports: Flyspray authentication system can be bypassed by sending a carefully crafted post request. To be vulnerable, PHP configuration directive outputbuffering has to be disabled or set to a low value...

6.8CVSS6.7AI score0.0126EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/01/04 12:0 a.m.•36 views

fetchmail -- TLS enforcement problem/MITM attack/password exposure

Matthias Andree reports: Fetchmail has had several longstanding password disclosure vulnerabilities. sslcertck/sslfingerprint options should have implied "sslproto tls1" in order to enforce TLS negotiation, but did not. Even with "sslproto tls1" in the config, fetches would go ahead in plain text...

7.8CVSS6.7AI score0.04255EPSS
Exploits0References1
Total number of security vulnerabilities5000