Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2015/12/08 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 7 security fixes in this release, including: 548273 High CVE-2015-6788: Type confusion in extensions. Credit to anonymous. 557981 High CVE-2015-6789: Use-after-free in Blink. Credit to cloudfuzzer. 542054 Medium CVE-2015-6790: Escaping issue in saved pages. Credit ...

10CVSS9.4AI score0.03199EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/22 12:0 a.m.•33 views

Joomla! -- Core - SQL Injection/ACL Violation vulnerabilities

The JSST and the Joomla! Security Center report: 20151001 - Core - SQL Injection Inadequate filtering of request data leads to a SQL Injection vulnerability. 20151002 - Core - ACL Violations Inadequate ACL checks in comcontenthistory provide potential read access to data which should be access...

7.5CVSS6.8AI score0.99967EPSS
Exploits10References3
FreeBSD
FreeBSD
•added 2015/09/17 12:0 a.m.•33 views

wolfssl -- leakage of private key information

Florian Weimer of Redhat discovered that an optimization in RSA signature validation can result in disclosure of the server's private key under certain fault conditions...

5.9CVSS6.3AI score0.05031EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2015/09/04 12:0 a.m.•33 views

qemu -- denial of service vulnerability in e1000 NIC support

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing transmit descriptor data when sending a network packet. A privileged user inside guest could use this flaw to...

3.5CVSS6.1AI score0.00982EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2015/06/25 12:0 a.m.•33 views

ansible -- multiple vulnerabilities

Ansible, Inc. reports: Ensure that hostnames match certificate names when using HTTPS - resolved in Ansible 1.9.2 Improper symlink handling in zone, jail, and chroot connection plugins could lead to escape from confined environment - resolved in Ansible 1.9.2...

4.3CVSS7.4AI score0.00933EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/05/19 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 37 security fixes in this release, including: 474029 High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous. 464552 High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous. 444927 High CVE-2015-1254: Cross-origin bypass in Editing. Credit to...

7.5CVSS9.5AI score0.07855EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2015/04/23 12:0 a.m.•33 views

Quassel IRC -- SQL injection vulnerability

Quassel IRC developers report: Restarting a PostgreSQL database while Quassel Core is running would not properly re-initialize the database session inside Quassel, bringing back an old security issue CVE-2013-4422...

6.8CVSS6.4AI score0.0211EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/04/12 12:0 a.m.•33 views

qt4-imageformats, qt4-gui, qt5-gui -- Multiple Vulnerabilities in Qt Image Format Handling

Richard J. Moore reports: Due to two recent vulnerabilities identified in the built-in image format handling code, it was decided that this area required further testing to determine if further issues remained. Fuzzing using afl-fuzz located a number of issues in the handling of BMP, ICO and GIF...

9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/03/16 12:0 a.m.•33 views

osc -- shell command injection via crafted _service files

SUSE Security Update reports: osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a service file...

7.5CVSS6.7AI score0.03608EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2015/02/18 12:0 a.m.•33 views

bind -- denial of service vulnerability

ISC reports: When configured to perform DNSSEC validation, named can crash when encountering a rare set of conditions in the managed trust anchors...

5.4CVSS8.5AI score0.22168EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/12/10 12:0 a.m.•33 views

FreeBSD -- Buffer overflow in stdio

Problem Description: A programming error in the standard I/O library's sflush function could erroneously adjust the buffered stream's internal state even when no write actually occurred in the case when write2 system call returns an error. Impact: The accounting mismatch would accumulate, if the...

6.9CVSS6.7AI score0.00488EPSS
Exploits0
FreeBSD
FreeBSD
•added 2014/11/20 12:0 a.m.•33 views

sox -- input sanitization errors

oCERT reports: The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions startread and AdpcmReadBlock. A specially crafted wav file can be used to trigger the vulnerabilities...

7.5CVSS6.5AI score0.07709EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2014/10/09 12:0 a.m.•33 views

twiki -- remote Perl code execution

TWiki developers report: The debugenableplugins request parameter allows arbitrary Perl code execution. Using an HTTP GET request towards a TWiki server, add a specially crafted debugenableplugins request parameter to TWiki's view script typically port 80/TCP. Prior authentication may or may not ...

9.1CVSS9.4AI score0.55637EPSS
Exploits12References1
FreeBSD
FreeBSD
•added 2014/04/08 12:0 a.m.•33 views

FreeBSD -- Deadlock in the NFS server

Problem Description: The kernel holds a lock over the source directory vnode while trying to convert the target directory file handle to a vnode, which needs to be returned with the lock held, too. This order may be in violation of normal lock order, which in conjunction with other threads that...

4CVSS6.1AI score0.02044EPSS
Exploits1
FreeBSD
FreeBSD
•added 2014/02/25 12:0 a.m.•33 views

apache -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: Clean up cookie logging with fewer redundant string parsing passes. Log only cookies with a value assignment. Prevents segfaults when logging truncated cookies. moddav: Keep track of length of cdata properly when removing leading spaces. Eliminates a potential...

7.5AI score
Exploits0
FreeBSD
FreeBSD
•added 2013/11/14 12:0 a.m.•33 views

chromium -- multiple memory corruption issues

Google Chrome Releases reports: 319117 319125 Critical CVE-2013-6632: Multiple memory corruption issues. Credit to Pinkie Pie...

9.3CVSS1.9AI score0.0609EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/07/06 12:0 a.m.•33 views

FreeBSD -- Incorrect privilege validation in the NFS server

Problem Description: The kernel incorrectly uses client supplied credentials instead of the one configured in exports5 when filling out the anonymous credential for a NFS export, when -network or -host restrictions are used at the same time. Impact: The remote client may supply privileged...

6.4CVSS6.3AI score0.02137EPSS
Exploits1
FreeBSD
FreeBSD
•added 2013/06/05 12:0 a.m.•33 views

phpMyAdmin -- XSS due to unescaped HTML output in Create View page

The phpMyAdmin development team reports: When creating a view with a crafted name and an incorrect CREATE statement, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from...

3.5CVSS6.2AI score0.01149EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/05/23 12:0 a.m.•33 views

xorg -- protocol handling issues in X Window System client libraries

freedesktop.org reports: Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. Most ...

6.8CVSS7AI score0.03082EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/05/08 12:0 a.m.•33 views

dropbear -- exposure of sensitive information, DoS

The Dropbear project reports: A weakness and a vulnerability have been reported in Dropbear SSH Server, which can be exploited by malicious people to disclose certain sensitive information and cause a DoS...

6.3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2013/04/02 12:0 a.m.•33 views

ModSecurity -- XML External Entity Processing Vulnerability

Positive Technologies has reported a vulnerability in ModSecurity, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS Denial Of Serice. The vulnerability is caused due to an error when parsing external XML entities and can be exploited to e.g...

7.5CVSS6AI score0.04208EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2013/03/27 12:0 a.m.•33 views

roundcube -- arbitrary file disclosure vulnerability

RoundCube development team reports: After getting reports about a possible vulnerability of Roundcube which allows an attacker to modify its users preferences in a way that he/she can then read files from the server, we now published updated packages as well as patches that fix this security issu...

5CVSS6.2AI score0.02287EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/03/13 12:0 a.m.•33 views

puppet26 -- multiple vulnerabilities

Moses Mendoza reports: A vulnerability found in Puppet could allow an authenticated client to cause the master to execute arbitrary code while responding to a catalog request. Specifically, in order to exploit the vulnerability, the puppet master must be made to invoke the 'template' or...

9CVSS7.4AI score0.04927EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2013/02/20 12:0 a.m.•34 views

drupal7 -- Denial of service

Drupal Security Team reports: Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effec...

5CVSS6.3AI score0.01848EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/19 12:0 a.m.•33 views

FreeBSD -- BIND remote DoS with deliberately crafted DNS64 query

Problem description: Due to a software defect a crafted query can cause named8 to crash with an assertion failure...

7.8CVSS8.4AI score0.10896EPSS
Exploits1
FreeBSD
FreeBSD
•added 2012/11/29 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 161564 High CVE-2012-5138: Incorrect file path handling. Credit to Google Chrome Security Team Jüri Aedla. 162835 High CVE-2012-5137: Use-after-free in media source handling. Credit to Pinkie Pie...

10CVSS1.3AI score0.02507EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/11/05 12:0 a.m.•33 views

tomcat -- Denial of Service

The Apache Software Foundation reports: The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...

5CVSS9AI score0.08742EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2012/11/05 12:0 a.m.•33 views

tomcat -- authentication weaknesses

The Apache Software Foundation reports: Three weaknesses in Tomcat's implementation of DIGEST authentication were identified and resolved: Tomcat tracked client rather than server nonces and nonce count. When a session ID was present, authentication was bypassed. The user name and password were n...

3AI score
Exploits1References4
FreeBSD
FreeBSD
•added 2012/10/16 12:0 a.m.•33 views

otrs -- XSS vulnerability

OTRS Security Advisory reports: This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while...

4.3CVSS8.3AI score0.05792EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2012/10/10 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 154983154987 Critical CVE-2012-5112: SVG use-after-free and IPC arbitrary file write. Credit to Pinkie Pie...

10CVSS1.9AI score0.04641EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/08/30 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 121347 Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. 134897 High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. 135485 Low CVE-2012-2867: Browser crash with SPDY. 136881 Medium CVE-2012-2868: Race condition with workers and...

7.5CVSS1.4AI score0.02455EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/08/13 12:0 a.m.•33 views

ansible -- enable host key checking in paramiko connection type

Ansible changelog reports: Host key checking is on by default. Disable it if you like by adding hostkeychecking=False in the default section of /etc/ansible/ansible.cfg or /ansible.cfg or by exporting ANSIBLEHOSTKEYCHECKING=False...

7.4CVSS7.6AI score0.01963EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2012/05/10 12:0 a.m.•33 views

OpenSSL -- DTLS and TLS 1.1, 1.2 denial of service

OpenSSL security team reports: A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers...

6.8CVSS8AI score0.28154EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/04/30 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 106413 High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team Marty Barbella and independent later discovery by miaubiz. 117627 Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie. 121726 Medium CVE-2011-3080: Rac...

10CVSS1AI score0.03115EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2012/04/17 12:0 a.m.•33 views

typo -- Cross-Site Scripting

Typo Security Team reports: Failing to properly encode the output, the default TYPO3 Exception Handler is susceptible to Cross-Site Scripting. We are not aware of a possibility to exploit this vulnerability without third party extensions being installed that put user input in exception messages...

4.3CVSS6.2AI score0.01387EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/03/15 12:0 a.m.•33 views

libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding

US-CERT reports: The msnoimreporttouser function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service application crash via an OIM message that lacks UTF-8 encoding...

5CVSS6.2AI score0.02504EPSS
Exploits0
FreeBSD
FreeBSD
•added 2012/02/22 12:0 a.m.•33 views

bugzilla Cross-Site Request Forgery

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered. If a user visits an HTML page with some malicious...

5.1CVSS6.5AI score0.00826EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/01/23 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 106484 High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis. 108461 High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI ZDI-CAN-1415. 108605 High CVE-2011-3927: Uninitialized value in Skia...

7.5CVSS1.1AI score0.01831EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/01/14 12:0 a.m.•33 views

couchdb -- DOM based Cross-Site Scripting via Futon UI

Jan Lehnardt reports: Query parameters passed into the browser-based test suite are not sanitised, and can be used to load external resources. An attacker may execute JavaScript code in the browser, using the context of the remote user...

4.3CVSS6.7AI score0.03841EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/12/31 12:0 a.m.•33 views

mpack -- Information disclosure

The oss-security list reports: Incorrect permissions on temporary files can lead to information disclosure...

7.5CVSS7.4AI score0.02583EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/12/20 12:0 a.m.•33 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2011-53 Miscellaneous memory safety hazards rv:9.0 MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library MFSA 2011-55 nsSVGValue out-of-bounds access MFSA 2011-56 Key detection without JavaScript via SVG animation MFSA 2011-58 Crash...

10CVSS9.4AI score0.69882EPSS
Exploits11References5
FreeBSD
FreeBSD
•added 2011/12/11 12:0 a.m.•33 views

krb5 -- KDC null pointer dereference in TGS handling

The MIT Kerberos Team reports: In releases krb5-1.9 and later, the KDC can crash due to a NULL pointer dereference in code that handles TGS Ticket Granting Service requests. The trigger condition is trivial to produce using unmodified client software, but requires the ability to authenticate as a...

6.8CVSS2.7AI score0.02473EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/11/06 12:0 a.m.•33 views

php5 -- header splitting attack via carriage-return character

Rui Hirokawa reports: As of PHP 5.1.2, header can no longer be used to send multiple response headers in a single call to prevent the HTTP Response Splitting Attack. header only checks the linefeed LF, 0x0A as line-end marker, it doesn't check the carriage-return CR, 0x0D. However, some browsers...

4.3CVSS1AI score0.10173EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/10/12 12:0 a.m.•33 views

freetype -- Some type 1 fonts handling vulnerabilities

The FreeType project reports: A couple of vulnerabilities in handling Type 1 fonts...

4.3CVSS6.6AI score0.04138EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/09/02 12:0 a.m.•33 views

libxml -- Integer overflow

Integer overflow in xpath.c, allows context-dependent attackers to to cause a denial of service crash and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions...

9.3CVSS8.6AI score0.13727EPSS
Exploits1
FreeBSD
FreeBSD
•added 2011/08/04 12:0 a.m.•33 views

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing when viewing a patch in "Raw Unified" mode, which could trigger a cross-site scripting attack due to the execution of...

5CVSS6.4AI score0.02065EPSS
Exploits2References7
FreeBSD
FreeBSD
•added 2011/05/25 12:0 a.m.•33 views

Unbound -- an empty error packet handling assertion failure

Unbound developer reports: NLnet Labs was notified of an error in Unbound's code-path for error replies which is triggered under special conditions. The error causes the program to abort...

4.3CVSS6.4AI score0.07085EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/05/25 12:0 a.m.•33 views

Erlang -- ssh library uses a weak random number generator

US-CERT reports: The Erlang/OTP ssh library implements a number of cryptographic operations that depend on cryptographically strong random numbers. Unfortunately the RNG used by the library is not cryptographically strong, and is further weakened by the use of predictable seed material. The RNG...

7.8CVSS3.5AI score0.03046EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2011/05/02 12:0 a.m.•33 views

mailman -- CSRF hardening in parts of the web interface

The late Tokio Kikuchi reported: We may have to set lifetime for input forms because of recent activities on cross-site request forgery CSRF. The form lifetime is successfully deployed in frameworks like web.py or plone etc. Proposed branch lp:tkikuchi/mailman/form-lifetime implement lifetime in...

8.8CVSS0.2AI score0.0153EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/02/18 12:0 a.m.•33 views

PivotX -- administrator password reset vulnerability

US CERT reports: PivotX contains a vulnerability that allows an attacker to change the password of any account just by guessing the username. Version 2.2.4 has been reported to not be affected. This vulnerability is being exploited in the wild and users should immediately upgrade to 2.2.5 or late...

7.5CVSS4.5AI score0.04019EPSS
Exploits0
Total number of security vulnerabilities5000