Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2006/05/31 12:0 a.m.•36 views

smbfs -- chroot escape

Problem Description smbfs does not properly sanitize paths containing a backslash character; in particular the directory name '..' is interpreted as the parent directory by the SMB/CIFS server, but smbfs handles it in the same manner as any other directory. Impact When inside a chroot environment...

6.4CVSS6.3AI score0.02751EPSS
Exploits0
FreeBSD
FreeBSD
•added 2006/03/01 12:0 a.m.•36 views

openssh -- remote denial of service

Problem description: Because OpenSSH and OpenPAM have conflicting designs one is event- driven while the other is callback-driven, it is necessary for OpenSSH to fork a child process to handle calls to the PAM framework. However, if the unprivileged child terminates while PAM authentication is...

5CVSS7.2AI score0.01875EPSS
Exploits0
FreeBSD
FreeBSD
•added 2006/01/11 12:0 a.m.•36 views

ee -- temporary file privilege escalation

Problem description The ispellop function used by ee1 while executing spell check operations employs an insecure method of temporary file generation. This method produces predictable file names based on the process ID and fails to confirm which path will be over written with the user. It should b...

2.1CVSS6.6AI score0.00362EPSS
Exploits0
FreeBSD
FreeBSD
•added 2005/12/07 12:0 a.m.•36 views

curl -- URL buffer overflow vulnerability

A Project cURL Security Advisory reports: libcurl's URL parser function can overflow a malloced buffer in two ways, if given a too long URL. 1 - pass in a URL with no protocol like "http://" prefix, using no slash and the string is 256 bytes or longer. This leads to a single zero byte overflow of...

4.6CVSS6.6AI score0.00516EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2005/08/09 12:0 a.m.•36 views

gaim -- AIM/ICQ non-UTF-8 filename crash

The GAIM team reports: A remote user could cause Gaim to crash on some systems by sending the Gaim user a file whose filename contains certain invalid characters. It is unknown what combination of systems are affected, but it is suspected that Windows users and systems with older versions of GTK+...

5CVSS6.3AI score0.01887EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/07/20 12:0 a.m.•36 views

devfs -- ruleset bypass

Problem description Due to insufficient parameter checking of the node type during device creation, any user can expose hidden device nodes on devfs mounted file systems within their jail. Device nodes will be created in the jail with their normal default access permissions. Impact Jailed process...

7.2CVSS6.5AI score0.00375EPSS
Exploits0
FreeBSD
FreeBSD
•added 2005/07/05 12:0 a.m.•36 views

ekg -- insecure temporary file creation

Eric Romang reports that ekg creates temporary files in an insecure manner. This can be exploited by an attacker using a symlink attack to overwrite arbitrary files and possibly execute arbitrary commands with the permissions of the user running ekg...

5.5CVSS7AI score0.00355EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2005/07/05 12:0 a.m.•36 views

acroread -- buffer overflow vulnerability

An Adobe Security Advisory reports: A vulnerability within Adobe Reader has been identified. Under certain circumstances, remote exploitation of a buffer overflow in Adobe Reader could allow an attacker to execute arbitrary code. If exploited, it could allow the execution of arbitrary code under...

5CVSS7.4AI score0.0458EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2005/06/29 12:0 a.m.•36 views

kernel -- TCP connection stall denial of service

Problem Description Two problems have been discovered in the FreeBSD TCP stack. First, when a TCP packets containing a timestamp is received, inadequate checking of sequence numbers is performed, allowing an attacker to artificially increase the internal "recent" timestamp for a connection. Secon...

6.4AI score
Exploits0
FreeBSD
FreeBSD
•added 2005/05/26 12:0 a.m.•36 views

qpopper -- multiple privilege escalation vulnerabilities

Jens Steube reports that qpopper is vulnerable to a privilege escalation vulnerability. qpopper does not properly drop root privileges so that user supplied configuration and trace files can be processed with root privileges. This could allow a local attacker to create or modify arbitrary files...

6.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2005/05/13 12:0 a.m.•36 views

kernel -- information disclosure when using HTT

Problem description and impact When running on processors supporting Hyper-Threading Technology, it is possible for a malicious thread to monitor the execution of another thread. Information may be disclosed to local users, allowing in many cases for privilege escalation. For example, on a...

5.6CVSS6.5AI score0.00505EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/05/06 12:0 a.m.•36 views

qmail -- 64 bit integer overflows with possible remote code execution on large SMTP requests

Georgi Guninski writes: There are several issues with qmail on 64 bit platforms - classical integer overflow, pointer with signed index and signedness problem not counting the memory consumtion dos, which just helps. Update: the problem with the signed index is exploitable on Freebsd 5.4 amd64 wi...

9.8CVSS3.7AI score0.10789EPSS
Exploits6References2
FreeBSD
FreeBSD
•added 2005/04/12 12:0 a.m.•36 views

portupgrade -- insecure temporary file handling vulnerability

Simon L. Nielsen discovered that portupgrade handles temporary files in an insecure manner. This could allow an unprivileged local attacker to execute arbitrary commands or overwrite arbitrary files with the permissions of the user running portupgrade, typically root, by way of a symlink attack...

7.2CVSS7AI score0.00385EPSS
Exploits0
FreeBSD
FreeBSD
•added 2005/04/03 12:0 a.m.•36 views

phpmyadmin -- cross site scripting vulnerability

A phpMyAdmin security announcement reports: The convcharset parameter was not correctly validated, opening the door to a XSS attack...

4.3CVSS5.9AI score0.04504EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2005/03/29 12:0 a.m.•36 views

sylpheed -- MIME-encoded file name buffer overflow vulnerability

Sylpheed is vulnerable to a buffer overflow when displaying emails with attachments that have MIME-encoded file names. This could be used by a remote attacker to crash sylpheed potentially allowing execution of arbitrary code with the permissions of the user running sylpheed...

5.1CVSS7.4AI score0.01827EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/02/09 12:0 a.m.•36 views

xview -- multiple buffer overflows in xv_parse_one

A Debian Security Advisory reports: Erik Sjölund discovered that programs linked against xview are vulnerable to a number of buffer overflows in the XView library. When the overflow is triggered in a program which is installed setuid root a malicious user could perhaps execute arbitrary code as...

7.2CVSS7.4AI score0.00448EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2005/01/05 12:0 a.m.•36 views

exim -- two buffer overflow vulnerabilities

The function hostaton can overflow a buffer if it is presented with an illegal IPv6 address that has more than 8 components. 2. The second report described a buffer overflow in the function spabase64tobits, which is part of the code for SPA authentication...

6.9AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2004/12/10 12:0 a.m.•36 views

mplayer -- multiple vulnerabilities

iDEFENSE and the MPlayer Team have found multiple vulnerabilities in MPlayer: Potential heap overflow in Real RTSP streaming code Potential stack overflow in MMST streaming code Multiple buffer overflows in BMP demuxer Potential heap overflow in pnm streaming code Potential buffer overflow in...

10CVSS3.6AI score0.05178EPSS
Exploits0References8
FreeBSD
FreeBSD
•added 2004/11/08 12:0 a.m.•36 views

isc-dhcpd -- format string vulnerabilities

The ISC DHCP programs are vulnerable to several format string vulnerabilities which may allow a remote attacker to execute arbitrary code with the permissions of the DHCP programs, typically root for the DHCP server...

10CVSS7.4AI score0.07968EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/10/14 12:0 a.m.•36 views

acroread5 -- mailListIsPdf() buffer overflow vulnerability

An iDEFENSE Security Advisory reports: Remote exploitation of a buffer overflow in version 5.09 of Adobe Acrobat Reader for Unix could allow for execution of arbitrary code. The vulnerability specifically exists in a the function mailListIsPdf. This function checks if the input file is an email...

10CVSS3.3AI score0.08272EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2004/10/02 12:0 a.m.•36 views

mpg123 -- buffer overflow in URL handling

Carlos Barros reports that mpg123 contains two buffer overflows. These vulnerabilities can potentially lead to execution of arbitrary code. The first buffer overflow can occur when mpg123 parses a URL with a user-name/password field that is more than 256 characters long. This problem can be...

10CVSS7.1AI score0.06527EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/09/30 12:0 a.m.•36 views

Boundary checking errors in syscons

The syscons CONSSCRSHOT ioctl2 does insufficient validation of its input arguments. In particular, negative coordinates or large coordinates may cause unexpected behavior. It may be possible to cause the CONSSCRSHOT ioctl to return portions of kernel memory. Such memory might contain sensitive...

4.6CVSS5.9AI score0.00422EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/09/15 12:0 a.m.•36 views

apache -- apr_uri_parse IPv6 address handling vulnerability

The Apache Software Foundation Security Team discovered a programming error in the apr-util library function apruriparse. When parsing IPv6 literal addresses, it is possible that a length is incorrectly calculated to be negative, and this value is passed to memcpy. This may result in an exploitab...

5CVSS6.4AI score0.21769EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/05/12 12:0 a.m.•36 views

URI handler vulnerabilities in several browsers

Karol Wiesek and Greg MacManus reported via iDEFENSE that the Opera web browser contains a flaw in the handling of certain URIs. When presented with these URIs, Opera would invoke external commands to process them after some validation. However, if the hostname component of a URI begins with a -'...

7.5CVSS6.5AI score0.07778EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2004/05/05 12:0 a.m.•36 views

heimdal kadmind remote heap buffer overflow

An input validation error was discovered in the kadmind code that handles the framing of Kerberos 4 compatibility administration requests. The code assumed that the length given in the framing was always two or more bytes. Smaller lengths will cause kadmind to read an arbitrary amount of data int...

10CVSS7.1AI score0.07159EPSS
Exploits0
FreeBSD
FreeBSD
•added 2004/03/24 12:0 a.m.•36 views

Buffer overflows and format string bugs in Emil

Ulf Härnhammar reports multiple buffer overflows in Emil, some of which are triggered during the parsing of attachment filenames. In addition, some format string bugs are present in the error reporting code. Depending upon local configuration, these vulnerabilities may be exploited using speciall...

7.5CVSS7.3AI score0.04146EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2024/11/08 12:0 a.m.•35 views

electron32 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-10230. Security: backported fix for CVE-2024-10231. Security: backported fix for CVE-2024-10229. Security: backported fix for CVE-2024-10487...

8.8CVSS7.4AI score0.00653EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2024/09/24 12:0 a.m.•35 views

expat -- multiple vulnerabilities

libexpat reports: CVE-2024-45490: Calling function XMLParseBuffer with len 0 without noticing and then calling XMLGetBuffer will have XMLParseBuffer fail to recognize the problem and XMLGetBuffer corrupt memory. With the fix, XMLParseBuffer now complains with error XMLERRORINVALIDARGUMENT just li...

9.8CVSS7.1AI score0.01686EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/04/16 12:0 a.m.•35 views

electron{27,28,29} -- multiple vulnerabilities

Electron develpers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-3515. Security: backported fix for CVE-2024-3516. Security: backported fix for CVE-2024-3157. Security: backported fix for CVE-2024-1580...

9.6CVSS7.4AI score0.01835EPSS
Exploits3References4
FreeBSD
FreeBSD
•added 2024/03/05 12:0 a.m.•35 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 325893559 High CVE-2024-2173: Out of bounds memory access in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-02-19 325866363 High CVE-2024-2174: Inappropriate implementation in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be...

8.8CVSS7.7AI score0.13556EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2024/01/16 12:0 a.m.•35 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 1515930 High CVE-2024-0517: Out of bounds write in V8. Reported by Toan suto Pham of Qrious Secure on 2024-01-06 1507412 High CVE-2024-0518: Type Confusion in V8. Reported by Ganjiang Zhou@refrainareu of ChaMd5-H1 team on 2023-12-03...

8.8CVSS7.5AI score0.21697EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/11/20 12:0 a.m.•35 views

strongSwan -- vulnerability in charon-tkm

strongSwan reports: A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution. All versions since 5.3.0 are affected...

9.8CVSS8.3AI score0.0229EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/10/31 12:0 a.m.•35 views

Gitlab -- Vulnerabilities

Gitlab reports: Disclosure of CI/CD variables using Custom project templates GitLab omnibus DoS crash via OOM with CI Catalogs Parsing gitlab-ci.yml with large string via timeout input leads to Denial of Service DoS - Blocking FIFO files in Tar archives Titles exposed by service-desk template...

8.5CVSS5.9AI score0.00643EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/10/25 12:0 a.m.•35 views

xorg-server -- Multiple vulnerabilities

The X.Org project reports: ZDI-CAN-22153/CVE-2023-5367: X.Org server: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty When prepending values to an existing property an invalid offset calculation causes the existing values to be appended at the wrong offset. The resulting memcpy would...

7.8CVSS7.3AI score0.00715EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/02/07 12:0 a.m.•35 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 15 security fixes, including: 1402270 High CVE-2023-0696: Type Confusion in V8. Reported by Haein Lee at KAIST Hacking Lab on 2022-12-18 1341541 High CVE-2023-0697: Inappropriate implementation in Full screen mode. Reported by Ahmed ElMasry on...

8.8CVSS8.5AI score0.00883EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/11/28 12:0 a.m.•35 views

emacs -- arbitary shell command execution vulnerability of ctags

lu4nx reports: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggeste...

7.8CVSS7.8AI score0.0063EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/11/15 12:0 a.m.•35 views

FreeBSD -- Multiple vulnerabilities in Heimdal

Problem Description: Multiple security vulnerabilities have been discovered in the Heimdal implementation of the Kerberos 5 network authentication protocols and KDC. CVE-2022-42898 PAC parse integer overflows CVE-2022-3437 Overflows and non-constant time leaks in DES,3 and arcfour CVE-2021-44758...

9.8CVSS8.5AI score0.06419EPSS
Exploits1
FreeBSD
FreeBSD
•added 2022/05/11 12:0 a.m.•35 views

PostgreSQL Server -- execute arbitrary SQL code as DBA user

The PostgreSQL project reports: Confine additional operations within "security restricted operation" sandboxes. Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW, and pgamcheck activated the "security restricted operation" protection mechanism too late, or even not at all in...

8.8CVSS2.5AI score0.12403EPSS
Exploits0
FreeBSD
FreeBSD
•added 2022/04/26 12:0 a.m.•35 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 30 security fixes, including: 1313905 High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park SeHwa on 2022-04-06 1299261 High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park SeHwa on 2022-02-20 1305190 High...

8.8CVSS0.2AI score0.0105EPSS
Exploits23References1
FreeBSD
FreeBSD
•added 2022/04/12 12:0 a.m.•35 views

Ruby -- Double free in Regexp compilation

piao reports: Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a "double free" vulnerability. Note that, in general, it is considered unsafe to create and use a Regexp object...

9.8CVSS1.3AI score0.02744EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/04/07 12:0 a.m.•35 views

zgrep -- arbitrary file write

RedHat reports: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

8.8CVSS2.7AI score0.04271EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/03/15 12:0 a.m.•35 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 11 security fixes, including: 1299422 Critical CVE-2022-0971: Use after free in Blink Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-02-21 1301320 High CVE-2022-0972: Use after free in Extensions. Reported by Sergei Glazunov of...

9.6CVSS0.1AI score0.01089EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2022/03/10 12:0 a.m.•35 views

openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins

David Sommerseth reports: OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...

9.8CVSS4.1AI score0.03519EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2022/02/12 12:0 a.m.•35 views

MariaDB -- Multiple vulnerabilities

MariaDB reports: MariaDB reports 5 vulnerabilities in supported versions resulting from fuzzing tests...

5.5CVSS3.1AI score0.00403EPSS
Exploits5References4
FreeBSD
FreeBSD
•added 2021/12/27 12:0 a.m.•35 views

minio -- User privilege escalation

minio developers report: AddUser API endpoint was exposed to a legacy behavior. i.e it accepts a "policy" field This API is mainly used to create a user or update a user's password. However, a malicious client can hand-craft an HTTP API call that allows for updating Policy for a user and gaining...

8.8CVSS1.9AI score0.35462EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2021/04/22 12:0 a.m.•35 views

go -- net/http: ReadRequest can stack overflow due to recursion with very large headers

The Go project reports: http.ReadRequest can stack overflow due to recursion when given a request with a very large header 8-10MB depending on the architecture. A http.Server which overrides the default max header of 1MB by setting Server.MaxHeaderBytes to a much larger value could also be...

5.9CVSS3AI score0.03692EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/03/31 12:0 a.m.•35 views

curl -- TLS 1.3 session ticket proxy host mixup

Daniel Stenberg reports: Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arriv...

4.3CVSS5.8AI score0.03141EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/02/26 12:0 a.m.•35 views

vault -- unauthenticated license read

vault developers report: Limited Unauthenticated License Read: We addressed a security vulnerability that allowed for the unauthenticated reading of Vault licenses from DR Secondaries...

5.3CVSS3.8AI score0.01043EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/11/20 12:0 a.m.•35 views

mutt -- authentication credentials being sent over an unencrypted connection

Kevin J. McCarthy reports: Mutt had incorrect error handling when initially connecting to an IMAP server, which could result in an attempt to authenticate without enabling TLS...

5.3CVSS1.6AI score0.02323EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/11/09 12:0 a.m.•35 views

go -- math/big: panic during recursive division of very large numbers; cmd/go: arbitrary code execution at build time through cgo

The Go project reports: A number of math/big.Int methods Div, Exp, DivMod, Quo, Rem, QuoRem, Mod, ModInverse, ModSqrt, Jacobi, and GCD can panic when provided crafted large inputs. For the panic to happen, the divisor or modulo argument must be larger than 3168 bits on 32-bit architectures or 633...

7.5CVSS7.7AI score0.03813EPSS
Exploits0References3
Total number of security vulnerabilities5000