Lucene search
K
FreebsdMost viewed

6583 matches found

FreeBSD
FreeBSD
•added 2009/06/05 12:0 a.m.•35 views

apr -- multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in APR-util, which can be exploited by malicious users and malicious people to cause a DoS Denial of Service. A vulnerability is caused due to an error in the processing of XML files and can be exploited to exhaust all available memory via ...

7.5CVSS7.1AI score0.52988EPSS
Exploits3References3
FreeBSD
FreeBSD
•added 2009/04/04 12:0 a.m.•35 views

libxine -- multiple vulnerabilities

xine developers report: Fix another possible int overflow in the 4XM demuxer. ref. TKADV2009-004, CVE-2009-0385 Fix an integer overflow in the Quicktime demuxer...

9.3CVSS6.7AI score0.06664EPSS
Exploits2References3
FreeBSD
FreeBSD
•added 2009/01/26 12:0 a.m.•35 views

epiphany -- untrusted search path vulnerability

CVE Mitre reports: Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function...

6.9CVSS9.4AI score0.0051EPSS
Exploits2
FreeBSD
FreeBSD
•added 2008/09/08 12:0 a.m.•35 views

rubygem-rails -- SQL injection vulnerability

Jonathan Weiss reports, that it is possible to perform an SQL injection in Rails applications via not correctly sanitized :limit and :offset parameters. It is possible to change arbitrary values in affected tables or gain access to the sensitive data...

7.5CVSS7.5AI score0.0303EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/08/12 12:0 a.m.•35 views

squirrelmail -- Session hijacking vulnerability

Hanno Boeck reports: When configuring a web application to use only ssl e.g. by forwarding all http-requests to https, a user would expect that sniffing and hijacking the session is impossible. Though, for this to be secure, one needs to set the session cookie to have the secure flag. Otherwise t...

5CVSS6.3AI score0.02159EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2008/07/07 12:0 a.m.•35 views

poppler -- uninitialized pointer

Felipe Andres Manzano reports: The libpoppler pdf rendering library, can free uninitialized pointers, leading to arbitrary code execution. This vulnerability results from memory management bugs in the Page class constructor/destructor...

7.5CVSS6.7AI score0.14253EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2007/12/22 12:0 a.m.•35 views

jetty -- multiple vulnerability

Greg Wilkins reports: jetty allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' characters in the URI...

5CVSS9AI score0.03832EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/12/10 12:0 a.m.•35 views

samba -- buffer overflow vulnerability

Secuna Research reports: Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "sendmailslot" function. This can be exploited to cause a stack-based...

9.3CVSS7.1AI score0.27482EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2007/11/30 12:0 a.m.•35 views

qemu -- Translation Block Local Denial of Service Vulnerability

SecurityFocus reports: QEMU is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks when handling user-supplied input. Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of the issue, attackers may also be able...

7.2CVSS8.7AI score0.00707EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/11/05 12:0 a.m.•35 views

perl -- regular expressions unicode data buffer overflow

Red Hat reports: A flaw was found in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the user running Perl...

7.5CVSS9.3AI score0.0483EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2007/10/29 12:0 a.m.•35 views

openldap -- multiple remote denial of service vulnerabilities

BugTraq reports: OpenLDAP is prone to multiple remote denial-of-service vulnerabilities because of an incorrect NULL-termination issue and a double-free issue...

6.6AI score
Exploits0
FreeBSD
FreeBSD
•added 2007/09/19 12:0 a.m.•35 views

kdm -- passwordless login vulnerability

The KDE development team reports: KDM can be tricked into performing a password-less login even for accounts with a password set under certain circumstances, namely autologin to be configured and "shutdown with password" enabled...

6.8CVSS6.5AI score0.01015EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/03/29 12:0 a.m.•35 views

mod_perl -- remote DoS in PATH_INFO parsing

Mandriva reports: PerlRun.pm in Apache modperl 1.29 and earlier, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

5CVSS6.2AI score0.10111EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2006/12/17 12:0 a.m.•35 views

sql-ledger -- multiple vulnerabilities

The Debian security Team reports: Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Travers...

7.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2006/12/01 12:0 a.m.•35 views

tnftpd -- Remote root Exploit

The tnftpd port suffer from a remote stack overrun, which can lead to a root compromise...

9CVSS6.5AI score0.19415EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2006/10/23 12:0 a.m.•35 views

screen -- combined UTF-8 characters vulnerability

A vulnerability in the handling of combined UTF-8 characters in screen may allow an user-assisted attacker to crash screen or potentially allow code execution as the user running screen. To exploit this issue the user running scren must in some way interact with the attacker...

2.6CVSS7AI score0.02113EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2006/10/14 12:0 a.m.•35 views

kdelibs -- integer overflow in khtml

Red Hat reports: An integer overflow flaw was found in the way Qt handled pixmap images. The KDE khtml library uses Qt in such a way that untrusted parameters could be passed to Qt, triggering the overflow. An attacker could for example create a malicious web page that when viewed by a victim in...

6.8CVSS7.5AI score0.04146EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2006/09/30 12:0 a.m.•35 views

torrentflux -- User-Agent XSS Vulnerability

Steven Roddis reports that User-Agent string is not properly escaped when handled by torrentflux. This allows for arbitrary code insertion...

6.8CVSS7.1AI score0.0165EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2006/08/11 12:0 a.m.•35 views

squirrelmail -- random variable overwrite vulnerability

The SquirrelMail developers report: A logged in user could overwrite random variables in compose.php, which might make it possible to read/write other users' preferences or attachments...

6.4CVSS6.4AI score0.09798EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2006/07/25 12:0 a.m.•35 views

mozilla -- multiple vulnerabilities

A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-56 chrome: scheme loading remote content MFSA 2006-55 Crashes with evidence of memory corruption rv:1.8.0.5 MFSA...

7.5CVSS7.3AI score0.78359EPSS
Exploits11References14
FreeBSD
FreeBSD
•added 2006/06/09 12:0 a.m.•35 views

mailman -- Multiple Vulnerabilities

Secunia reports: Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS Denial of Service. 1 An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL. Successfu...

6.4AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2006/06/09 12:0 a.m.•35 views

shoutcast -- cross-site scripting, information exposure

Goober's advisory reports reports that shoutcast is vulnerable to an arbitrary file reading vulnerability: Impact of the vulnerability depends on the way the product was installed. In general, the vulnerability allows the attacker to read any file which can be read by the Shoutcast server process...

4.3CVSS6.4AI score0.01528EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2006/01/11 12:0 a.m.•35 views

texindex -- temporary file privilege escalation

Problem description The "sortoffline" function used by texindex1 employs the "maketempname" function, which produces predictable file names and fails to validate that the paths do not exist. Impact These predictable temporary file names are problematic because they allow an attacker to take...

1.2CVSS6.6AI score0.00505EPSS
Exploits2
FreeBSD
FreeBSD
•added 2005/08/15 12:0 a.m.•35 views

pear-XML_RPC -- remote PHP code injection vulnerability

A Hardened-PHP Project Security Advisory reports: When the library parses XMLRPC requests/responses, it constructs a string of PHP code, that is later evaluated. This means any failure to properly handle the construction of this string can result in arbitrary execution of PHP code. This new...

7.5CVSS7.5AI score0.05091EPSS
Exploits0References8
FreeBSD
FreeBSD
•added 2005/08/09 12:0 a.m.•35 views

gaim -- AIM/ICQ away message buffer overflow

The GAIM team reports: A remote AIM or ICQ user can cause a buffer overflow in Gaim by setting an away message containing many AIM substitution strings such as %t or %n...

9.8CVSS6.9AI score0.16055EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/07/25 12:0 a.m.•35 views

apache -- http request smuggling

A Watchfire whitepaper reports an vulnerability in the Apache webserver. The vulnerability can be exploited by malicious people causing cross site scripting, web cache poisoining, session hijacking and most importantly the ability to bypass web application firewall protection. Exploiting this...

4.3CVSS9.1AI score0.20461EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2005/06/28 12:0 a.m.•35 views

phpbb -- remote PHP code execution vulnerability

FrSIRT Advisory reports: A vulnerability was identified in phpBB, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to an input validation error in the "viewtopic.php" script that does not properly filter the "highlight" parameter before calling the...

7.5CVSS6.7AI score0.85366EPSS
Exploits9References2
FreeBSD
FreeBSD
•added 2005/04/16 12:0 a.m.•35 views

mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities

A xine security announcement reports: By a user receiving data from a malicious network streaming server, an attacker can overrun a heap buffer, which can, on some systems, lead to or help in executing attacker-chosen malicious code with the permissions of the user running a xine-lib based media...

7.5CVSS6AI score0.0438EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2005/03/16 12:0 a.m.•35 views

kdelibs -- local DCOP denial of service vulnerability

A KDE Security Advisory reports: Sebastian Krahmer of the SUSE LINUX Security Team reported a local denial of service vulnerability in KDE's Desktop Communication Protocol DCOP daemon better known as dcopserver. A local user can lock up the dcopserver of arbitrary other users on the same machine...

2.1CVSS6AI score0.00401EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/03/10 12:0 a.m.•35 views

mozilla -- heap buffer overflow in GIF image processing

A Mozilla Foundation Security Advisory states: An sic GIF processing error when parsing the obsolete Netscape extension 2 can lead to an exploitable heap overrun, allowing an attacker to run arbitrary code on the user's machine...

5.1CVSS7AI score0.15116EPSS
Exploits4References3
FreeBSD
FreeBSD
•added 2005/03/01 12:0 a.m.•35 views

realplayer -- remote heap overflow

Two exploits have been identified in the Linux RealPlayer client. RealNetworks states: RealNetworks, Inc. has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no...

5.1CVSS7.7AI score0.03831EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2005/02/22 12:0 a.m.•35 views

phpmyadmin -- information disclosure vulnerability

A phpMyAdmin security announcement reports: By calling some scripts that are part of phpMyAdmin in an unexpected way especially scripts in the libraries subdirectory, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin...

5CVSS6.4AI score0.01457EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/01/21 12:0 a.m.•35 views

postgresql -- privilege escalation vulnerability

John Heasman and others disovered that non-privileged users could use the LOAD extension to load arbitrary libraries into the postgres server process space. This could be used by non-privileged local users to execute arbitrary code with the privileges of the postgresql server...

4.3CVSS6.7AI score0.00499EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2004/12/29 12:0 a.m.•35 views

mozilla -- heap overflow in NNTP handler

Maurycy Prodeus reports a critical vulnerability in Mozilla-based browsers: Mozilla browser supports NNTP urls. Remote side is able to trigger news:// connection to any server. I found a flaw in NNTP handling code which may cause heap overflow and allow remote attacker to execute arbitrary code o...

5CVSS4.9AI score0.03449EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2004/12/15 12:0 a.m.•35 views

mailman -- generated passwords are poor quality

Florian Weimer wrote: Mailman 2.1.5 uses weak auto-generated passwords for new subscribers. These passwords are assigned when members subscribe without specifying their own password either by email or the web frontend. Knowledge of this password allows an attacker to gain access to the list archi...

7.5CVSS2.9AI score0.01616EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2004/12/06 12:0 a.m.•35 views

krb5 -- heap buffer overflow vulnerability in libkadm5srv

A MIT krb5 Security Advisory reports: The MIT Kerberos 5 administration library libkadm5srv contains a heap buffer overflow in password history handling code which could be exploited to execute arbitrary code on a Key Distribution Center KDC host. The overflow occurs during a password change of a...

7.2CVSS2AI score0.00734EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/08/12 12:0 a.m.•35 views

rsync -- path sanitizing vulnerability

An rsync security advisory reports: There is a path-sanitizing bug that affects daemon mode in all recent rsync versions including 2.6.2 but only if chroot is disabled. The bug may allow a remote user to access files outside of an rsync module's configured path with the privileges configured for...

6.4CVSS6.4AI score0.02317EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2004/02/20 12:0 a.m.•35 views

Apache 2 mod_ssl denial-of-service

Joe Orton reports a memory leak in Apache 2's modssl. A remote attacker may issue HTTP requests on an HTTPS port, causing an error. Due to a bug in processing this condition, memory associated with the connection is not freed. Repeated requests can result in consuming all available memory...

5CVSS6.3AI score0.09898EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2004/01/06 12:0 a.m.•35 views

fsp buffer overflow and directory traversal vulnerabilities

The Debian security team reported a pair of vulnerabilities in fsp: A vulnerability was discovered in fsp, client utilities for File Service Protocol FSP, whereby a remote user could both escape from the FSP root directory CAN-2003-1022, and also overflow a fixed-length buffer to execute arbitrar...

7.5CVSS7.3AI score0.04177EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/02/26 12:0 a.m.•34 views

Gitlab -- Vulnerabilities

Gitlab reports: XSS in k8s proxy endpoint XSS Maven Dependency Proxy HTML injection leads to XSS on self hosted instances Improper Authorisation Check Allows Guest User to Read Security Policy Planner role can read code review analytics in private projects...

8.7CVSS6.9AI score0.00475EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/09/04 12:0 a.m.•34 views

FreeBSD -- umtx Kernel panic or Use-After-Free

Problem Description: Concurrent removals of such a mapping by using the UMTXSHMDESTROY sub-request of UMTXOPSHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. Impact: A malicious code exercizing the UMTXSHMDESTRO...

10CVSS7.4AI score0.00681EPSS
Exploits0
FreeBSD
FreeBSD
•added 2024/08/06 12:0 a.m.•34 views

firefox -- multiple vulnerabilities

[email protected] reports: CVE-2024-7531: Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the...

9.8CVSS7.2AI score0.00602EPSS
Exploits0References9
FreeBSD
FreeBSD
•added 2024/07/16 12:0 a.m.•34 views

MySQL -- Multiple vulnerabilities

Oracle reports: 36 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 9.8...

7.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2024/04/16 12:0 a.m.•34 views

electron{27,28,29} -- multiple vulnerabilities

Electron develpers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-3515. Security: backported fix for CVE-2024-3516. Security: backported fix for CVE-2024-3157. Security: backported fix for CVE-2024-1580...

9.6CVSS7.4AI score0.01835EPSS
Exploits3References4
FreeBSD
FreeBSD
•added 2024/04/03 12:0 a.m.•34 views

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 16 security bugs in Chromium: CVE-2024-2625: Object lifecycle issue in V8 CVE-2024-2626: Out of bounds read in Swiftshader CVE-2024-2885: Use after free in Dawn CVE-2024-2887: Type Confusion in WebAssembly CVE-2024-3157: Out of bounds write in...

9.6CVSS8.6AI score0.19883EPSS
Exploits13References1
FreeBSD
FreeBSD
•added 2024/03/27 12:0 a.m.•34 views

Gitlab -- vulnerabilities

Gitlab reports: Stored-XSS injected in Wiki page via Banzai pipeline DOS using crafted emojis...

8.7CVSS7.3AI score0.00945EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/03/20 12:0 a.m.•34 views

jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty

Jenkins Security Advisory: Description High SECURITY-3379 / CVE-2024-22201 HTTP/2 denial of service vulnerability in bundled Jetty...

7.5CVSS7.2AI score0.01433EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/10 12:0 a.m.•34 views

electron{26,27} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-0224. Security: backported fix for CVE-2024-0225. Security: backported fix for CVE-2024-0223. Security: backported fix for CVE-2024-0222...

8.8CVSS7AI score0.10114EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2023/12/21 12:0 a.m.•34 views

electron{26,27} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6508. Security: backported fix for CVE-2023-7024...

8.8CVSS7.1AI score0.07356EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2023/11/22 12:0 a.m.•34 views

electron{25,26} -- use after free in Garbage Collection

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5997...

8.8CVSS7.1AI score0.00972EPSS
Exploits0References1
Total number of security vulnerabilities5000