Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2015/03/23 12:0 a.m.•36 views

qemu -- denial of service vulnerability

Daniel P. Berrange reports: The VNC server websockets decoder will read and buffer data from websockets clients until it sees the end of the HTTP headers, as indicated by \r\n\r\n. In theory this allows a malicious to trick QEMU into consuming an arbitrary amount of RAM...

8.6CVSS8.5AI score0.07393EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/15 12:0 a.m.•36 views

mod_jk -- information disclosure

NIST reports: Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...

5CVSS6.1AI score0.07109EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2014/12/09 12:0 a.m.•36 views

xserver -- multiple issue with X client request handling

Alan Coopersmith reports: Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way the X server code base handles requests from X clients, and has worked with X.Org's security team to analyze, confirm, and fix these issues. The vulnerabilities cou...

6.5CVSS7.3AI score0.05192EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/12/03 12:0 a.m.•36 views

NVIDIA UNIX driver -- remote denial of service or arbitrary code execution

NVIDIA Unix security team reports: The GLX indirect rendering support supplied on NVIDIA products is subject to the recently disclosed X.Org vulnerabilities CVE-2014-8093, CVE-2014-8098 as well as internally identified vulnerabilities CVE-2014-8298. Depending on how it is configured, the X server...

7.5CVSS7.7AI score0.05192EPSS
Exploits0
FreeBSD
FreeBSD
•added 2014/10/30 12:0 a.m.•36 views

jenkins -- slave-originated arbitrary code execution on master servers

Kohsuke Kawaguchi from Jenkins team reports: Historically, Jenkins master and slaves behaved as if they altogether form a single distributed process. This means a slave can ask a master to do just about anything within the confinement of the operating system, such as accessing files on the master...

6.8CVSS6.5AI score0.99999EPSS
Exploits7References3
FreeBSD
FreeBSD
•added 2014/10/27 12:0 a.m.•36 views

wget -- path traversal vulnerability in recursive FTP mode

MITRE reports: Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates...

9.3CVSS6.9AI score0.39883EPSS
Exploits4
FreeBSD
FreeBSD
•added 2014/09/15 12:0 a.m.•36 views

squid -- Buffer overflow in SNMP processing

The squid-cache project reports: Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer...

6.8CVSS8AI score0.23317EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/06/20 12:0 a.m.•36 views

phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names

The phpMyAdmin development team reports: Self-XSS due to unescaped HTML output in recent/favorite tables navigation. When marking a crafted database or table name as favorite or having it in recent tables, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who...

6.2AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2014/05/13 12:0 a.m.•36 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 3 security fixes in this release: 358038 High CVE-2014-1740: Use-after-free in WebSockets. Credit to Collin Payne. 349898 High CVE-2014-1741: Integer overflow in DOM ranges. Credit to John Butler. 356690 High CVE-2014-1742: Use-after-free in editing. Credit to...

7.5CVSS1.9AI score0.01648EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/02/16 12:0 a.m.•36 views

file -- denial of service

The Fine Free file project reports: file before 5.17 allows context-dependent attackers to cause a denial of service infinite recursion, CPU consumption, and crash via a crafted indirect offset value in the magic of a file...

5CVSS7.3AI score0.0507EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/02/04 12:0 a.m.•36 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.99883EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2013/09/10 12:0 a.m.•36 views

django -- multiple vulnerabilities

The Django project reports: These releases address a directory-traversal vulnerability in one of Django's built-in template tags. While this issue requires some fairly specific factors to be exploitable, we encourage all users of Django to upgrade promptly...

5CVSS6.3AI score0.03182EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2013/05/31 12:0 a.m.•36 views

devel/subversion -- contrib hook-scripts can allow arbitrary code execution

Subversion team reports: The script contrib/hook-scripts/check-mime-type.pl does not escape argv arguments to 'svnlook' that start with a hyphen. This could be used to cause 'svnlook', and hence check-mime-type.pl, to error out. The script contrib/hook-scripts/svn-keyword-check.pl parses filename...

7.1CVSS6.5AI score0.31466EPSS
Exploits5
FreeBSD
FreeBSD
•added 2013/05/31 12:0 a.m.•36 views

devel/subversion -- fsfs repositories can be corrupted by newline characters in filenames

Subversion team reports: If a filename which contains a newline character ASCII 0x0a is committed to a repository using the FSFS format, the resulting revision is corrupt...

5.5CVSS6.4AI score0.02814EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/04/30 12:0 a.m.•36 views

strongSwan -- ECDSA signature verification issue

strongSwan security team reports: If the openssl plugin is used for ECDSA signature verification an empty, zeroed or otherwise invalid signature is handled as a legitimate one. Both IKEv1 and IKEv2 are affected. Affected are only installations that have enabled and loaded the OpenSSL crypto backe...

4.9CVSS6.4AI score0.01585EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/04/18 12:0 a.m.•36 views

phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page

The phpMyAdmin development team reports: When modifying a URL parameter with a crafted value it is possible to trigger an XSS. These XSS can only be triggered when a valid database is known and when a valid cookie token is used...

6.1CVSS5.9AI score0.04705EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/04/02 12:0 a.m.•36 views

otrs -- Information disclosure and Data manipulation

The OTRS Project reports: An attacker with a valid agent login could manipulate URLs in the object linking mechanism to see titles of tickets and other objects that are not obliged to be seen. Furthermore, links to objects without permission can be placed and removed...

6.5CVSS7.3AI score0.01291EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/03/26 12:0 a.m.•36 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 172342 High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG. 180909 Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team Cris Neckar. 180555 Low CVE-2013-0918: Do not navigate dev tools upon drag an...

7.5CVSS6.1AI score0.01282EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/21 12:0 a.m.•36 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 172243 High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG. 171951 High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva. 167069 Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte...

7.5CVSS0.0225EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/07 12:0 a.m.•36 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

9.3CVSS6.5AI score0.77597EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2012/12/11 12:0 a.m.•36 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 158204 High CVE-2012-5139: Use-after-free with visibility events. Credit to Chamal de Silva. 159429 High CVE-2012-5140: Use-after-free in URL loader. Credit to Chamal de Silva. 160456 Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation. Credit to...

10CVSS0.7AI score0.03533EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/10/26 12:0 a.m.•36 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-90 Fixes for Location object issues...

6.4CVSS9.2AI score0.03287EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2012/08/28 12:0 a.m.•36 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-57 Miscellaneous memory safety hazards rv:15.0/ rv:10.0.7 MFSA 2012-58 Use-after-free issues found using Address Sanitizer MFSA 2012-59 Location object can be shadowed using Object.defineProperty MFSA 2012-60 Escalation of privilege through about:newtab MFSA...

10CVSS10.1AI score0.07762EPSS
Exploits5References17
FreeBSD
FreeBSD
•added 2012/07/22 12:0 a.m.•36 views

Wireshark -- Multiple vulnerabilities

Wireshark reports: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by...

8.3CVSS6.7AI score0.06009EPSS
Exploits10References15
FreeBSD
FreeBSD
•added 2012/06/12 12:0 a.m.•36 views

FreeBSD -- Incorrect handling of zero-length RDATA fields in named(8)

Problem description: The named8 server does not properly handle DNS resource records where the RDATA field is zero length, which may cause various issues for the servers handling them. Resolving servers may crash or disclose some portion of memory to the client. Authoritative servers may crash on...

8.5CVSS8.7AI score0.13405EPSS
Exploits1
FreeBSD
FreeBSD
•added 2012/03/23 12:0 a.m.•36 views

quagga -- multiple vulnerabilities

CERT reports: The ospfd implementation of OSPF in Quagga allows a remote attacker on a local network segment with OSPF enabled to cause a denial of service daemon aborts due to an assert with a malformed OSPF LS-Update message. The ospfd implementation of OSPF in Quagga allows a remote attacker o...

3.3CVSS6.3AI score0.01822EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/11/10 12:0 a.m.•36 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions for Android. In addition a patch was release...

10CVSS9.5AI score0.0896EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/04/21 12:0 a.m.•36 views

Asterisk -- multiple vulnerabilities

The Asterisk Development Team reports: It is possible for a user of the Asterisk Manager Interface to bypass a security check and execute shell commands when they should not have that ability. Sending the "Async" header with the "Application" header during an Originate action, allows authenticate...

5CVSS1.2AI score0.02504EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/02/01 12:0 a.m.•36 views

mediawiki -- multiple vulnerabilities

Medawiki reports: An arbitrary script inclusion vulnerability was discovered. The vulnerability only allows execution of files with names ending in ".php" which are already present in the local filesystem. Only servers running Microsoft Windows and possibly Novell Netware are affected. Despite...

4.3CVSS3.1AI score0.02346EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2011/01/24 12:0 a.m.•36 views

bugzilla -- multiple serious vulnerabilities

A Bugzilla Security Advisory reports: This advisory covers three security issues that have recently been fixed in the Bugzilla code: A weakness in Bugzilla could allow a user to gain unauthorized access to another Bugzilla account. A weakness in the Perl CGI.pm module allows injecting HTTP header...

9.3CVSS9.2AI score0.0504EPSS
Exploits0References12
FreeBSD
FreeBSD
•added 2010/12/10 12:0 a.m.•36 views

exim -- local privilege escalation

David Woodhouse reports: Secondly a privilege escalation where the trusted 'exim' user is able to tell Exim to use arbitrary config files, in which further $run ... commands will be invoked as root...

7.8CVSS9.4AI score0.17794EPSS
Exploits4References2
FreeBSD
FreeBSD
•added 2010/11/30 12:0 a.m.•36 views

krb5 -- multiple checksum handling vulnerabilities

The MIT Kerberos team reports: MIT krb5 clients incorrectly accept an unkeyed checksums in the SAM-2 preauthentication challenge. An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. Under some...

3.7CVSS6.2AI score0.02847EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2010/11/12 12:0 a.m.•36 views

tomcat -- Cross-site scripting vulnerability

The Tomcat security team reports: The HTML Manager interface displayed web applciation provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administartive user when viewing the manager pages...

4.3CVSS1.1AI score0.10228EPSS
Exploits2References3
FreeBSD
FreeBSD
•added 2010/08/05 12:0 a.m.•36 views

bugzilla -- information disclosure, denial of service

A Bugzilla Security Advisory reports: Remote Information Disclosure: An unprivileged user is normally not allowed to view other users' group membership. But boolean charts let the user use group-based pronouns, indirectly disclosing group membership. This security fix restricts the use of pronoun...

6.2AI score
Exploits0References5
FreeBSD
FreeBSD
•added 2009/08/10 12:0 a.m.•36 views

wordpress -- remote admin password reset vulnerability

WordPress reports: A specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database usually the admin account would have its password reset and a new passwor...

7.5CVSS6.4AI score0.19636EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2009/08/07 12:0 a.m.•36 views

silc-toolkit -- Format string vulnerabilities

SILC Changlog reports: An unspecified format string vulnerability exists in silc-toolkit...

7.5CVSS6.5AI score0.04827EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2009/08/03 12:0 a.m.•36 views

mozilla -- multiple vulnerabilities

Mozilla Project reports: MFSA 2009-38: Data corruption with SOCKS5 reply containing DNS name longer than 15 characters MFSA 2009-42: Compromise of SSL-protected communication MFSA 2009-43: Heap overflow in certificate regexp parsing MFSA 2009-44: Location bar and SSL indicator spoofing via...

9.5AI score
Exploits0References6
FreeBSD
FreeBSD
•added 2009/07/31 12:0 a.m.•36 views

silc-client -- Format string vulnerability

SILC changelog reports: An unspecified format string vulnerability exists in silc-client...

7.5CVSS6.5AI score0.04827EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2009/05/29 12:0 a.m.•36 views

nagios -- Command Injection Vulnerability

Secunia reports: A vulnerability has been reported in Nagios, which can be exploited by malicious users to potentially compromise a vulnerable system. Input passed to the "ping" parameter in statuswml.cgi is not properly sanitised before being used to invoke the ping command. This can be exploite...

7.5CVSS6.9AI score0.83453EPSS
Exploits14References2
FreeBSD
FreeBSD
•added 2009/04/16 12:0 a.m.•36 views

freetype2 -- multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in FreeType, which can be exploited by malicious people to potentially compromise an application using the library. An integer overflow error within the "cffcharsetcomputecids" function in cff/cffload.c can be exploited to potentially cause...

7.5CVSS9.8AI score0.08541EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/01/08 12:0 a.m.•36 views

openfire -- multiple vulnerabilities

Core Security Technologies reports: Multiple cross-site scripting vulnerabilities have been found which may lead to arbitrary remote code execution on the server running the application due to unauthorized upload of Java plugin code...

2.1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2008/12/30 12:0 a.m.•36 views

libaudiofile -- heap-based overflow in Microsoft ADPCM compression module

Debian reports: Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted WAV file...

5CVSS7.8AI score0.02179EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/12/24 12:0 a.m.•36 views

php5-gd -- uninitialized memory information disclosure vulnerability

According to CVE-2008-5498 entry: Array index error in the "imageRotate" function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument aka the "bgdcolor" or "clrBack" argument for an indexed image...

5CVSS6.5AI score0.08845EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2008/11/05 12:0 a.m.•36 views

vlc -- cue processing stack overflow

The VLC Team reports: The VLC media player contains a stack overflow vulnerability while parsing malformed cue files. The vulnerability may be exploited by a remote attacker to execute arbitrary code in the context of VLC media player...

7.4AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2008/11/03 12:0 a.m.•36 views

opera -- multiple vulnerabilities

Opera reports: When certain parameters are passed to Opera's History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera's configuration...

9.3CVSS6.8AI score0.04504EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2008/10/12 12:0 a.m.•36 views

net-snmp -- DoS for SNMP agent via crafted GETBULK request

Wes Hardaker reports through sourceforge.net forum: SECURITY ISSUE: A bug in the getbulk handling code could let anyone with even minimal access crash the agent. If you have open access to your snmp agents bad bad bad; stop doing that! or if you don't trust everyone that does have access to your...

7.5CVSS6.8AI score0.04926EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2008/01/10 12:0 a.m.•36 views

drupal -- cross site request forgery

The Drupal Project reports: The aggregator module fetches items from RSS feeds and makes them available on the site. The module provides an option to remove items from a particular feed. This has been implemented as a simple GET request and is therefore vulnerable to cross site request forgeries...

4.3CVSS5.6AI score0.0117EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2007/11/28 12:0 a.m.•36 views

Squid -- Denial of Service Vulnerability

Squid secuirty advisory reports: Due to incorrect bounds checking Squid is vulnerable to a denial of service check during some cache update reply processing. This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service...

5CVSS6.4AI score0.26858EPSS
Exploits2
FreeBSD
FreeBSD
•added 2007/09/07 12:0 a.m.•36 views

apache -- multiple vulnerabilities

Apache HTTP server project reports: The following potential security flaws are addressed: CVE-2007-3847: modproxy: Prevent reading past the end of a buffer when parsing date-related headers. CVE-2007-1863: modcache: Prevent a segmentation fault if attributes are listed in a Cache-Control header...

5CVSS6.2AI score0.27783EPSS
Exploits3
FreeBSD
FreeBSD
•added 2007/08/21 12:0 a.m.•36 views

clamav -- multiple remote Denial of Service vulnerabilities

BugTraq reports: ClamAV is prone to multiple denial-of-service vulnerabilities. A successful attack may allow an attacker to crash the application and deny service to users...

4.3CVSS6.5AI score0.01968EPSS
Exploits0
Total number of security vulnerabilities5000