Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2013/06/05 12:0 a.m.•33 views

phpMyAdmin -- XSS due to unescaped HTML output in Create View page

The phpMyAdmin development team reports: When creating a view with a crafted name and an incorrect CREATE statement, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from...

3.5CVSS6.2AI score0.01149EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/05/23 12:0 a.m.•33 views

xorg -- protocol handling issues in X Window System client libraries

freedesktop.org reports: Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. Most ...

6.8CVSS7AI score0.03082EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/05/08 12:0 a.m.•33 views

dropbear -- exposure of sensitive information, DoS

The Dropbear project reports: A weakness and a vulnerability have been reported in Dropbear SSH Server, which can be exploited by malicious people to disclose certain sensitive information and cause a DoS...

6.3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2013/04/02 12:0 a.m.•33 views

ModSecurity -- XML External Entity Processing Vulnerability

Positive Technologies has reported a vulnerability in ModSecurity, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS Denial Of Serice. The vulnerability is caused due to an error when parsing external XML entities and can be exploited to e.g...

7.5CVSS6AI score0.04208EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2013/03/27 12:0 a.m.•33 views

roundcube -- arbitrary file disclosure vulnerability

RoundCube development team reports: After getting reports about a possible vulnerability of Roundcube which allows an attacker to modify its users preferences in a way that he/she can then read files from the server, we now published updated packages as well as patches that fix this security issu...

5CVSS6.2AI score0.02287EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/20 12:0 a.m.•34 views

drupal7 -- Denial of service

Drupal Security Team reports: Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effec...

5CVSS6.3AI score0.01848EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/19 12:0 a.m.•33 views

FreeBSD -- BIND remote DoS with deliberately crafted DNS64 query

Problem description: Due to a software defect a crafted query can cause named8 to crash with an assertion failure...

7.8CVSS8.4AI score0.10896EPSS
Exploits1
FreeBSD
FreeBSD
•added 2013/02/08 12:0 a.m.•33 views

Ruby Rack Gem -- Multiple Issues

Rack developers report: Today we are proud to announce the release of Rack 1.4.5. Fix CVE-2013-0263, timing attack against Rack::Session::Cookie Fix CVE-2013-0262, symlink path traversal in Rack::File...

5.1CVSS6.4AI score0.05281EPSS
Exploits0
FreeBSD
FreeBSD
•added 2012/11/29 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 161564 High CVE-2012-5138: Incorrect file path handling. Credit to Google Chrome Security Team Jüri Aedla. 162835 High CVE-2012-5137: Use-after-free in media source handling. Credit to Pinkie Pie...

10CVSS1.3AI score0.02507EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/11/05 12:0 a.m.•33 views

tomcat -- authentication weaknesses

The Apache Software Foundation reports: Three weaknesses in Tomcat's implementation of DIGEST authentication were identified and resolved: Tomcat tracked client rather than server nonces and nonce count. When a session ID was present, authentication was bypassed. The user name and password were n...

3AI score
Exploits1References4
FreeBSD
FreeBSD
•added 2012/11/05 12:0 a.m.•33 views

tomcat -- Denial of Service

The Apache Software Foundation reports: The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...

5CVSS9AI score0.08742EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2012/10/16 12:0 a.m.•33 views

otrs -- XSS vulnerability

OTRS Security Advisory reports: This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while...

4.3CVSS8.3AI score0.05792EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2012/10/10 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 154983154987 Critical CVE-2012-5112: SVG use-after-free and IPC arbitrary file write. Credit to Pinkie Pie...

10CVSS1.9AI score0.04641EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/08/30 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 121347 Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. 134897 High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. 135485 Low CVE-2012-2867: Browser crash with SPDY. 136881 Medium CVE-2012-2868: Race condition with workers and...

7.5CVSS1.4AI score0.02455EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/08/13 12:0 a.m.•33 views

ansible -- enable host key checking in paramiko connection type

Ansible changelog reports: Host key checking is on by default. Disable it if you like by adding hostkeychecking=False in the default section of /etc/ansible/ansible.cfg or /ansible.cfg or by exporting ANSIBLEHOSTKEYCHECKING=False...

7.4CVSS7.6AI score0.01963EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2012/07/28 12:0 a.m.•33 views

ImageMagick and GraphicsMagick -- DoS via specially crafted PNG file

Kurt Seifried reports: There is an issue in ImageMagick that is also present in GraphicsMagick. CVE-2011-3026 deals with libpng memory allocation, and limitations have been added so that a bad PNG can't cause the system to allocate a lot of memory and a denial of service. However on further...

6.8CVSS8.7AI score0.73164EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2012/05/10 12:0 a.m.•33 views

OpenSSL -- DTLS and TLS 1.1, 1.2 denial of service

OpenSSL security team reports: A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers...

6.8CVSS8AI score0.28154EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/04/30 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 106413 High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team Marty Barbella and independent later discovery by miaubiz. 117627 Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie. 121726 Medium CVE-2011-3080: Rac...

10CVSS1AI score0.03115EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2012/04/17 12:0 a.m.•33 views

typo -- Cross-Site Scripting

Typo Security Team reports: Failing to properly encode the output, the default TYPO3 Exception Handler is susceptible to Cross-Site Scripting. We are not aware of a possibility to exploit this vulnerability without third party extensions being installed that put user input in exception messages...

4.3CVSS6.2AI score0.01387EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/03/15 12:0 a.m.•33 views

libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding

US-CERT reports: The msnoimreporttouser function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service application crash via an OIM message that lacks UTF-8 encoding...

5CVSS6.2AI score0.02504EPSS
Exploits0
FreeBSD
FreeBSD
•added 2012/01/23 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 106484 High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis. 108461 High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI ZDI-CAN-1415. 108605 High CVE-2011-3927: Uninitialized value in Skia...

7.5CVSS1.1AI score0.01831EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/01/14 12:0 a.m.•33 views

couchdb -- DOM based Cross-Site Scripting via Futon UI

Jan Lehnardt reports: Query parameters passed into the browser-based test suite are not sanitised, and can be used to load external resources. An attacker may execute JavaScript code in the browser, using the context of the remote user...

4.3CVSS6.7AI score0.03841EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/12/31 12:0 a.m.•33 views

mpack -- Information disclosure

The oss-security list reports: Incorrect permissions on temporary files can lead to information disclosure...

7.5CVSS7.4AI score0.02583EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/12/20 12:0 a.m.•33 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2011-53 Miscellaneous memory safety hazards rv:9.0 MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library MFSA 2011-55 nsSVGValue out-of-bounds access MFSA 2011-56 Key detection without JavaScript via SVG animation MFSA 2011-58 Crash...

10CVSS9.4AI score0.69882EPSS
Exploits11References5
FreeBSD
FreeBSD
•added 2011/12/11 12:0 a.m.•33 views

krb5 -- KDC null pointer dereference in TGS handling

The MIT Kerberos Team reports: In releases krb5-1.9 and later, the KDC can crash due to a NULL pointer dereference in code that handles TGS Ticket Granting Service requests. The trigger condition is trivial to produce using unmodified client software, but requires the ability to authenticate as a...

6.8CVSS2.7AI score0.02473EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/11/06 12:0 a.m.•33 views

php5 -- header splitting attack via carriage-return character

Rui Hirokawa reports: As of PHP 5.1.2, header can no longer be used to send multiple response headers in a single call to prevent the HTTP Response Splitting Attack. header only checks the linefeed LF, 0x0A as line-end marker, it doesn't check the carriage-return CR, 0x0D. However, some browsers...

4.3CVSS1AI score0.10173EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/10/12 12:0 a.m.•33 views

freetype -- Some type 1 fonts handling vulnerabilities

The FreeType project reports: A couple of vulnerabilities in handling Type 1 fonts...

4.3CVSS6.6AI score0.04138EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/09/02 12:0 a.m.•33 views

libxml -- Integer overflow

Integer overflow in xpath.c, allows context-dependent attackers to to cause a denial of service crash and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions...

9.3CVSS8.6AI score0.13727EPSS
Exploits1
FreeBSD
FreeBSD
•added 2011/08/04 12:0 a.m.•33 views

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing when viewing a patch in "Raw Unified" mode, which could trigger a cross-site scripting attack due to the execution of...

5CVSS6.4AI score0.02065EPSS
Exploits2References7
FreeBSD
FreeBSD
•added 2011/05/25 12:0 a.m.•33 views

Erlang -- ssh library uses a weak random number generator

US-CERT reports: The Erlang/OTP ssh library implements a number of cryptographic operations that depend on cryptographically strong random numbers. Unfortunately the RNG used by the library is not cryptographically strong, and is further weakened by the use of predictable seed material. The RNG...

7.8CVSS3.5AI score0.03046EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2011/05/02 12:0 a.m.•33 views

mailman -- CSRF hardening in parts of the web interface

The late Tokio Kikuchi reported: We may have to set lifetime for input forms because of recent activities on cross-site request forgery CSRF. The form lifetime is successfully deployed in frameworks like web.py or plone etc. Proposed branch lp:tkikuchi/mailman/form-lifetime implement lifetime in...

8.8CVSS0.2AI score0.0153EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/02/18 12:0 a.m.•33 views

PivotX -- administrator password reset vulnerability

US CERT reports: PivotX contains a vulnerability that allows an attacker to change the password of any account just by guessing the username. Version 2.2.4 has been reported to not be affected. This vulnerability is being exploited in the wild and users should immediately upgrade to 2.2.5 or late...

7.5CVSS4.5AI score0.04019EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/02/13 12:0 a.m.•33 views

mailman -- XSS vulnerability

CVE reports: Multiple cross-site scripting XSS vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 full name or 2 username field in a confirmation message...

4.3CVSS4AI score0.04248EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/02/02 12:0 a.m.•33 views

plone -- Remote Security Bypass

Plone developer reports: This is an escalation of privileges attack that can be used by anonymous users to gain access to a Plone site's administration controls, view unpublished content, create new content and modify a site's skin. The sandbox protecting access to the underlying system is still ...

7.5CVSS3.7AI score0.03171EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2010/12/13 12:0 a.m.•33 views

pecl-phar -- format string vulnerability

Entry for CVE-2010-2094 says: Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the 1...

6.8CVSS7.3AI score0.12652EPSS
Exploits1References5
FreeBSD
FreeBSD
•added 2010/10/19 12:0 a.m.•33 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2010-64 Miscellaneous memory safety hazards rv:1.9.2.11/ 1.9.1.14 MFSA 2010-65 Buffer overflow and memory corruption using document.write MFSA 2010-66 Use-after-free error in nsBarProp MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter MFSA 2010-...

9.3CVSS9.7AI score0.10118EPSS
Exploits2References9
FreeBSD
FreeBSD
•added 2010/07/29 12:0 a.m.•33 views

vlc -- invalid id3v2 tags may lead to invalid memory dereferencing

VideoLAN project reports: VLC fails to perform sufficient input validation when trying to extract some meta-informations about input media through ID3v2 tags. In the failure case, VLC attempt dereference an invalid memory address, and a crash will ensure...

5CVSS6.4AI score0.02638EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2010/04/15 12:0 a.m.•33 views

piwik -- cross site scripting vulnerability

The Piwik security advisory reports: A non-persistent, cross-site scripting vulnerability XSS was found in Piwik's Login form that reflected the formurl parameter without being properly escaped or filtered...

4.3CVSS5.8AI score0.02988EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2010/02/18 12:0 a.m.•33 views

pidgin -- multiple remote denial of service vulnerabilities

Three denial of service vulnerabilities where found in pidgin and allow remote attackers to crash the application. The developers summarized these problems as follows: Pidgin can become unresponsive when displaying large numbers of smileys Certain nicknames in group chat rooms can trigger a crash...

6.6AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2010/02/02 12:0 a.m.•33 views

lighttpd -- denial of service vulnerability

Lighttpd security advisory reports: If you send the request data very slow e.g. sleep 0.01 after each byte, lighttpd will easily use all available memory and die especially for parallel requests, allowing a DoS within minutes...

5CVSS6.5AI score0.12111EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2010/01/31 12:0 a.m.•33 views

bugzilla -- information leak

A Bugzilla Security Advisory reports: When moving a bug from one product to another, an intermediate page is displayed letting you select the groups the bug should be restricted to in the new product. However, a regression in the 3.4.x series made it ignore all groups which are not available in...

5CVSS6.3AI score0.017EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2009/07/01 12:0 a.m.•33 views

drupal -- multiple vulnerabilities

The Drupal Security Team reports: Cross-site scripting The Forum module does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert arbitrary HTML and script code into forum pages...

6.5CVSS6.4AI score0.02308EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2009/06/03 12:0 a.m.•33 views

pidgin -- multiple vulnerabilities

Secunia reports: Some vulnerabilities and weaknesses have been reported in Pidgin, which can be exploited by malicious people to cause a DoS or to potentially compromise a user's system. A truncation error in the processing of MSN SLP messages can be exploited to cause a buffer overflow. A bounda...

9.3CVSS7.2AI score0.13294EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2008/12/03 12:0 a.m.•33 views

squirrelmail -- Cross site scripting vulnerability

Squirrelmail team reports: An issue was fixed that allowed an attacker to send specially- crafted hyperlinks in a message that could execute cross-site scripting XSS when the user viewed the message in SquirrelMail...

4.3CVSS5.9AI score0.01776EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2008/11/07 12:0 a.m.•33 views

openfire -- multiple vulnerabilities

Andreas Kurtz reports: The jabber server Openfire = version 3.6.0a contains several serious vulnerabilities. Depending on the particular runtime environment these issues can potentially even be used by an attacker to execute code on operating system level. Authentication bypass - This vulnerabili...

7.5CVSS6.2AI score0.83382EPSS
Exploits9References3
FreeBSD
FreeBSD
•added 2008/10/09 12:0 a.m.•33 views

cups -- multiple vulnerabilities

The release note of cups 1.3.9 reports: It contains the following fixes: SECURITY: The HP-GL/2 filter did not range check pen numbers STR 2911 SECURITY: The SGI image file reader did not range check 16-bit run lengths STR 2918 SECURITY: The text filter did not range check cpi, lpi, or column valu...

10CVSS7.1AI score0.24132EPSS
Exploits1
FreeBSD
FreeBSD
•added 2008/10/02 12:0 a.m.•33 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.45.2 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system...

9.3CVSS9.7AI score0.82365EPSS
Exploits27References1
FreeBSD
FreeBSD
•added 2008/06/24 12:0 a.m.•33 views

fetchmail -- potential crash in -v -v verbose mode (revised patch)

Matthias Andree reports: 2008-06-24 1.2 also fixed issue in reportcomplete reported by Petr Uzel...

4.3CVSS7.5AI score0.03003EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/03/31 12:0 a.m.•33 views

phpmyadmin -- Username/Password Session File Information Disclosure

A phpMyAdmin security announcement report: phpMyAdmin saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host...

5.5CVSS6.3AI score0.00296EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2007/12/19 12:0 a.m.•33 views

wireshark -- multiple vulnerabilities

The Wireshark team reports of multiple vulnerabilities: Wireshark could crash when reading an MP3 file. Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet. Stefan Esser discovered a buffer overflow in the SSL dissector. The ANSI MAP dissector cou...

10CVSS7AI score0.06981EPSS
Exploits0References1
Total number of security vulnerabilities5000