Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2018/01/16 12:0 a.m.•33 views

gitlab -- Remote code execution on project import

GitLab developers report: Today we are releasing versions 10.3.4, 10.2.6, and 10.1.6 for GitLab Community Edition CE and Enterprise Edition EE. These versions contain a number of important security fixes, including two that prevent remote code execution, and we strongly recommend that all GitLab...

8.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2017/12/14 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 2 security fixes in this release, including: 788453 High CVE-2017-15429: UXSS in V8. Reported by Anonymous on 2017-11-24 794792 Various fixes from internal audits, fuzzing and other initiatives...

6.1CVSS7.6AI score0.01142EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/12/04 12:0 a.m.•33 views

libraw -- multiple DoS vulnerabilities

Secunia Research reports: CVE-2017-16909: An error related to the "LibRaw::panasonicloadraw" function dcrawcommon.cpp can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. CVE-2017-16910: An error within the...

8.8CVSS7.6AI score0.01993EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2017/10/17 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 35 security fixes in this release, including: 762930 High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07 749147 High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26 760455 High CVE-2017-5126: Use after free in PDFium...

8.8CVSS8.3AI score0.05245EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2017/10/09 12:0 a.m.•33 views

ffmpeg -- multiple vulnerabilities

MITRE reports: Multiple vulnerabilities have been found in FFmpeg. Please refer to CVE list for details. Note: CVE-2017-15186 and CVE-2017-15672 affect only the 3.3 branch before 3.3.5, CVE-2017-16840 and CVE-2017-17081 have been fixed in 3.4.1. They're listed here for completeness of the record...

9.8CVSS2.1AI score0.03332EPSS
Exploits0References6
FreeBSD
FreeBSD
•added 2017/10/08 12:0 a.m.•33 views

unbound -- vulnerability in the processing of wildcard synthesized NSEC records

Unbound reports: We discovered a vulnerability in the processing of wildcard synthesized NSEC records. While synthesis of NSEC records is allowed by RFC4592, these synthesized owner names should not be used in the NSEC processing. This does, however, happen in Unbound 1.6.7 and earlier versions...

5.3CVSS6.1AI score0.0263EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/09/23 12:0 a.m.•33 views

weechat -- crash in logger plugin

WeeChat reports: security problem: a crash can happen in logger plugin when converting date/time specifiers in file mask...

7.5CVSS7.6AI score0.02836EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/09/07 12:0 a.m.•33 views

libgd -- Denial of servica via double free

libgd developers report: Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors...

7.5CVSS7.4AI score0.05102EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2017/09/05 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome releases reports: 22 security fixes in this release, including: 737023 High CVE-2017-5111: Use after free in PDFium. Reported by Luat Nguyen on KeenLab, Tencent on 2017-06-27 740603 High CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein on 2017-07-10 747043 High...

8.8CVSS8AI score0.26331EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/09 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Several security fixes in this release, including: 780450 High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01 787103 High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu @shhnjk on 2017-11-20 793620 High...

8.8CVSS7.6AI score0.02149EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/11 12:0 a.m.•33 views

Flash Player -- multiple vulnerabilities

Adobe reports: These updates resolve security bypass vulnerability that could lead to information disclosure CVE-2017-3080. These updates resolve memory corruption vulnerability that could lead to remote code execution CVE-2017-3099. These updates resolve memory corruption vulnerability that coul...

9.3CVSS8.2AI score0.08552EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/06 12:0 a.m.•33 views

evince and atril -- command injection vulnerability in CBT handler

GNOME reports: The comic book backend in evince 3.24.0 and earlier is vulnerable to a command injection bug that can be used to execute arbitrary commands when a CBT file is opened. The same vulnerability affects atril, the Evince fork...

7.8CVSS8.3AI score0.50826EPSS
Exploits9References2
FreeBSD
FreeBSD
•added 2017/06/05 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome releases reports: 30 security fixes in this release Please reference CVE/URL list for details...

8.8CVSS7.1AI score0.31212EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2017/05/30 12:0 a.m.•33 views

strongswan -- Denial-of-service vulnerability in the x509 plugin

strongSwan security team reports: ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types. This could lead to infinite looping of the thread parsing a specifically crafted certificate...

7.5CVSS1.3AI score0.02222EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/04/28 12:0 a.m.•33 views

roundcube -- arbitrary password resets

Roundcube reports: Roundcube Webmail allows arbitrary password resets by authenticated users. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin...

8.8CVSS4.8AI score0.03471EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2017/04/04 12:0 a.m.•33 views

xen-kernel -- broken check in memory_exchange() permits PV guest breakout

The Xen Project reports: The XSA-29 fix introduced an insufficient check on XENMEMexchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays. A malicious or buggy 64-bit PV guest may be able to access all of system memory, allowing fo...

8.2CVSS2.2AI score0.01569EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2017/03/29 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 5 security fixes in this release, including: 698622 Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar 699166 High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs 662767 High CVE-2017-5052: Bad cast in...

9.6CVSS9.5AI score0.02557EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/01/10 12:0 a.m.•33 views

openssl -- timing attack vulnerability

Cesar Pereida Garcia reports: The signing function in crypto/ecdsa/ecdsaossl.c in certain OpenSSL versions and forks is vulnerable to timing attacks when signing with the standardized elliptic curve P-256 despite featuring constant-time curve operations and modular inversion. A software defect...

5.5CVSS3AI score0.00594EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/11/22 12:0 a.m.•33 views

xen-kernel -- x86 64-bit bit test instruction emulation broken

The Xen Project reports: The x86 instructions BT, BTC, BTR, and BTS, when used with a destination memory operand and a source register rather than an immediate operand, access a memory location offset from that specified by the memory operand as specified by the high bits of the register source. ...

8.8CVSS1.7AI score0.00509EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/11/13 12:0 a.m.•33 views

ImageMagick -- heap overflow vulnerability

Bastien Roucaries reports: Imagemagick before 3cbfb163cff9e5b8cdeace8312e9bfee810ed02b suffer from a heap overflow in WaveletDenoiseImage. This problem is easily trigerrable from a Perl script...

5.5CVSS1.7AI score0.01898EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2016/11/01 12:0 a.m.•33 views

django -- multiple vulnerabilities

The Django project reports: Today the Django team released Django 1.10.3, Django 1.9.11, and 1.8.16. These releases addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible. User with hardcoded password created when running tests on Oracle DNS...

1.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2016/10/11 12:0 a.m.•33 views

flash -- multiple vulnerabilities

Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve a type confusion vulnerabilit...

9.3CVSS3.1AI score0.19899EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2016/06/24 12:0 a.m.•33 views

ruby-saml -- XML signature wrapping attack

RubySec reports: ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion...

7.5CVSS2.8AI score0.01208EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2016/05/06 12:0 a.m.•33 views

squid -- multiple vulnerabilities

The squid development team reports: Please reference CVE/URL list for details...

8.6CVSS1.9AI score0.79969EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2016/05/02 12:0 a.m.•33 views

hostapd and wpa_supplicant -- psk configuration parameter update allowing arbitrary data to be written

Jouni Malinen reports: psk configuration parameter update allowing arbitrary data to be written 2016-1 - CVE-2016-4476/CVE-2016-4477...

7.8CVSS1.7AI score0.02858EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/04/22 12:0 a.m.•33 views

wireshark -- multiple vulnerabilities

Wireshark development team reports: The following vulnerabilities have been fixed: wnpa-sec-2016-19 The NCP dissector could crash. Bug 11591 wnpa-sec-2016-20 TShark could crash due to a packet reassembly bug. Bug 11799 wnpa-sec-2016-21 The IEEE 802.11 dissector could crash. Bug 11824, Bug 12187...

5.9CVSS0.7AI score0.02401EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2016/03/21 12:0 a.m.•33 views

moodle -- multiple vulnerabilities

Marina Glancy reports: MSA-16-0003: Incorrect capability check when displaying users emails in Participants list MSA-16-0004: XSS from profile fields from external db MSA-16-0005: Reflected XSS in moddata advanced search MSA-16-0006: Hidden courses are shown to students in Event Monitor...

8.8CVSS1.7AI score0.01931EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/02/22 12:0 a.m.•33 views

websvn -- reflected cross-site scripting

Sebastien Delafond reports: Jakub Palaczynski discovered that websvn, a web viewer for Subversion repositories, does not correctly sanitize user-supplied input, which allows a remote user to run reflected cross-site scripting attacks...

6.1CVSS3.8AI score0.01711EPSS
Exploits4References2
FreeBSD
FreeBSD
•added 2016/02/08 12:0 a.m.•33 views

PostgreSQL -- Security Fixes for Regular Expressions, PL/Java.

PostgreSQL project reports: Security Fixes for Regular Expressions, PL/Java CVE-2016-0773: This release closes security hole CVE-2016-0773, an issue with regular expression regex parsing. Prior code allowed users to pass in expressions which included out-of-range Unicode characters, triggering a...

9CVSS7.9AI score0.06948EPSS
Exploits0
FreeBSD
FreeBSD
•added 2016/02/02 12:0 a.m.•33 views

wordpress -- multiple vulnerabilities

Samuel Sidler reports: WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported ...

3.1AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2016/01/13 12:0 a.m.•33 views

ffmpeg -- remote attacker can access local files

Arch Linux reports: ffmpeg has a vulnerability in the current version that allows the attacker to create a specially crafted video file, downloading which will send files from a user PC to a remote attacker server. The attack does not even require the user to open that file — for example, KDE...

5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/12/28 12:0 a.m.•33 views

webkit -- UI spoof

webkit reports: The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame...

5CVSS6.2AI score0.01525EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/12/16 12:0 a.m.•33 views

Ruby -- unsafe tainted string vulnerability

Ruby developer reports: There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi. And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1, but not fixed a...

8.4CVSS7.7AI score0.07766EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/12/08 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 7 security fixes in this release, including: 548273 High CVE-2015-6788: Type confusion in extensions. Credit to anonymous. 557981 High CVE-2015-6789: Use-after-free in Blink. Credit to cloudfuzzer. 542054 Medium CVE-2015-6790: Escaping issue in saved pages. Credit ...

10CVSS9.4AI score0.03199EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/22 12:0 a.m.•33 views

Joomla! -- Core - SQL Injection/ACL Violation vulnerabilities

The JSST and the Joomla! Security Center report: 20151001 - Core - SQL Injection Inadequate filtering of request data leads to a SQL Injection vulnerability. 20151002 - Core - ACL Violations Inadequate ACL checks in comcontenthistory provide potential read access to data which should be access...

7.5CVSS6.8AI score0.99967EPSS
Exploits10References3
FreeBSD
FreeBSD
•added 2015/09/17 12:0 a.m.•33 views

wolfssl -- leakage of private key information

Florian Weimer of Redhat discovered that an optimization in RSA signature validation can result in disclosure of the server's private key under certain fault conditions...

5.9CVSS6.3AI score0.05031EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2015/09/04 12:0 a.m.•33 views

qemu -- denial of service vulnerability in e1000 NIC support

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing transmit descriptor data when sending a network packet. A privileged user inside guest could use this flaw to...

3.5CVSS6.1AI score0.00982EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2015/06/25 12:0 a.m.•33 views

ansible -- multiple vulnerabilities

Ansible, Inc. reports: Ensure that hostnames match certificate names when using HTTPS - resolved in Ansible 1.9.2 Improper symlink handling in zone, jail, and chroot connection plugins could lead to escape from confined environment - resolved in Ansible 1.9.2...

4.3CVSS7.4AI score0.00933EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/05/19 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 37 security fixes in this release, including: 474029 High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous. 464552 High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous. 444927 High CVE-2015-1254: Cross-origin bypass in Editing. Credit to...

7.5CVSS9.5AI score0.07855EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2015/04/23 12:0 a.m.•33 views

Quassel IRC -- SQL injection vulnerability

Quassel IRC developers report: Restarting a PostgreSQL database while Quassel Core is running would not properly re-initialize the database session inside Quassel, bringing back an old security issue CVE-2013-4422...

6.8CVSS6.4AI score0.0211EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/04/12 12:0 a.m.•33 views

qt4-imageformats, qt4-gui, qt5-gui -- Multiple Vulnerabilities in Qt Image Format Handling

Richard J. Moore reports: Due to two recent vulnerabilities identified in the built-in image format handling code, it was decided that this area required further testing to determine if further issues remained. Fuzzing using afl-fuzz located a number of issues in the handling of BMP, ICO and GIF...

9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/03/16 12:0 a.m.•33 views

osc -- shell command injection via crafted _service files

SUSE Security Update reports: osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a service file...

7.5CVSS6.7AI score0.03608EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2015/02/18 12:0 a.m.•33 views

bind -- denial of service vulnerability

ISC reports: When configured to perform DNSSEC validation, named can crash when encountering a rare set of conditions in the managed trust anchors...

5.4CVSS8.5AI score0.22168EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/12/10 12:0 a.m.•33 views

FreeBSD -- Buffer overflow in stdio

Problem Description: A programming error in the standard I/O library's sflush function could erroneously adjust the buffered stream's internal state even when no write actually occurred in the case when write2 system call returns an error. Impact: The accounting mismatch would accumulate, if the...

6.9CVSS6.7AI score0.00488EPSS
Exploits0
FreeBSD
FreeBSD
•added 2014/11/20 12:0 a.m.•33 views

sox -- input sanitization errors

oCERT reports: The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions startread and AdpcmReadBlock. A specially crafted wav file can be used to trigger the vulnerabilities...

7.5CVSS6.5AI score0.07709EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2014/04/08 12:0 a.m.•33 views

FreeBSD -- Deadlock in the NFS server

Problem Description: The kernel holds a lock over the source directory vnode while trying to convert the target directory file handle to a vnode, which needs to be returned with the lock held, too. This order may be in violation of normal lock order, which in conjunction with other threads that...

4CVSS6.1AI score0.02044EPSS
Exploits1
FreeBSD
FreeBSD
•added 2014/02/25 12:0 a.m.•33 views

apache -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: Clean up cookie logging with fewer redundant string parsing passes. Log only cookies with a value assignment. Prevents segfaults when logging truncated cookies. moddav: Keep track of length of cdata properly when removing leading spaces. Eliminates a potential...

7.5AI score
Exploits0
FreeBSD
FreeBSD
•added 2013/11/14 12:0 a.m.•33 views

chromium -- multiple memory corruption issues

Google Chrome Releases reports: 319117 319125 Critical CVE-2013-6632: Multiple memory corruption issues. Credit to Pinkie Pie...

9.3CVSS1.9AI score0.0609EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/07/06 12:0 a.m.•33 views

FreeBSD -- Incorrect privilege validation in the NFS server

Problem Description: The kernel incorrectly uses client supplied credentials instead of the one configured in exports5 when filling out the anonymous credential for a NFS export, when -network or -host restrictions are used at the same time. Impact: The remote client may supply privileged...

6.4CVSS6.3AI score0.02137EPSS
Exploits1
FreeBSD
FreeBSD
•added 2013/06/05 12:0 a.m.•33 views

phpMyAdmin -- XSS due to unescaped HTML output in Create View page

The phpMyAdmin development team reports: When creating a view with a crafted name and an incorrect CREATE statement, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from...

3.5CVSS6.2AI score0.01149EPSS
Exploits0References1
Total number of security vulnerabilities5000