Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2010/07/29 12:0 a.m.•33 views

vlc -- invalid id3v2 tags may lead to invalid memory dereferencing

VideoLAN project reports: VLC fails to perform sufficient input validation when trying to extract some meta-informations about input media through ID3v2 tags. In the failure case, VLC attempt dereference an invalid memory address, and a crash will ensure...

5CVSS6.4AI score0.02638EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2010/02/18 12:0 a.m.•33 views

pidgin -- multiple remote denial of service vulnerabilities

Three denial of service vulnerabilities where found in pidgin and allow remote attackers to crash the application. The developers summarized these problems as follows: Pidgin can become unresponsive when displaying large numbers of smileys Certain nicknames in group chat rooms can trigger a crash...

6.6AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2010/02/02 12:0 a.m.•33 views

lighttpd -- denial of service vulnerability

Lighttpd security advisory reports: If you send the request data very slow e.g. sleep 0.01 after each byte, lighttpd will easily use all available memory and die especially for parallel requests, allowing a DoS within minutes...

5CVSS6.5AI score0.12111EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2010/01/31 12:0 a.m.•33 views

bugzilla -- information leak

A Bugzilla Security Advisory reports: When moving a bug from one product to another, an intermediate page is displayed letting you select the groups the bug should be restricted to in the new product. However, a regression in the 3.4.x series made it ignore all groups which are not available in...

5CVSS6.3AI score0.017EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2009/07/01 12:0 a.m.•33 views

drupal -- multiple vulnerabilities

The Drupal Security Team reports: Cross-site scripting The Forum module does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert arbitrary HTML and script code into forum pages...

6.5CVSS6.4AI score0.02308EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2009/06/03 12:0 a.m.•33 views

pidgin -- multiple vulnerabilities

Secunia reports: Some vulnerabilities and weaknesses have been reported in Pidgin, which can be exploited by malicious people to cause a DoS or to potentially compromise a user's system. A truncation error in the processing of MSN SLP messages can be exploited to cause a buffer overflow. A bounda...

9.3CVSS7.2AI score0.13294EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2008/12/03 12:0 a.m.•33 views

squirrelmail -- Cross site scripting vulnerability

Squirrelmail team reports: An issue was fixed that allowed an attacker to send specially- crafted hyperlinks in a message that could execute cross-site scripting XSS when the user viewed the message in SquirrelMail...

4.3CVSS5.9AI score0.01776EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2008/11/15 12:0 a.m.•33 views

syslog-ng2 -- startup directory leakage in the chroot environment

Florian Grandel reports: I have not had the time to analyze all of syslog-ng code. But by reading the code section near the chroot call and looking at strace results I believe that syslog-ng does not chdir to the chroot jail's location before chrooting into it. This opens up ways to work around t...

9.3CVSS6.6AI score0.022EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2008/11/07 12:0 a.m.•33 views

openfire -- multiple vulnerabilities

Andreas Kurtz reports: The jabber server Openfire = version 3.6.0a contains several serious vulnerabilities. Depending on the particular runtime environment these issues can potentially even be used by an attacker to execute code on operating system level. Authentication bypass - This vulnerabili...

7.5CVSS6.2AI score0.83382EPSS
Exploits9References3
FreeBSD
FreeBSD
•added 2008/10/09 12:0 a.m.•33 views

cups -- multiple vulnerabilities

The release note of cups 1.3.9 reports: It contains the following fixes: SECURITY: The HP-GL/2 filter did not range check pen numbers STR 2911 SECURITY: The SGI image file reader did not range check 16-bit run lengths STR 2918 SECURITY: The text filter did not range check cpi, lpi, or column valu...

10CVSS7.1AI score0.24132EPSS
Exploits1
FreeBSD
FreeBSD
•added 2008/10/02 12:0 a.m.•33 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.45.2 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system...

9.3CVSS9.7AI score0.82365EPSS
Exploits27References1
FreeBSD
FreeBSD
•added 2008/06/24 12:0 a.m.•33 views

fetchmail -- potential crash in -v -v verbose mode (revised patch)

Matthias Andree reports: 2008-06-24 1.2 also fixed issue in reportcomplete reported by Petr Uzel...

4.3CVSS7.5AI score0.03003EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/03/31 12:0 a.m.•33 views

phpmyadmin -- Username/Password Session File Information Disclosure

A phpMyAdmin security announcement report: phpMyAdmin saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host...

5.5CVSS6.3AI score0.00296EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2007/12/19 12:0 a.m.•33 views

wireshark -- multiple vulnerabilities

The Wireshark team reports of multiple vulnerabilities: Wireshark could crash when reading an MP3 file. Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet. Stefan Esser discovered a buffer overflow in the SSL dissector. The ANSI MAP dissector cou...

10CVSS7AI score0.06981EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/12/05 12:0 a.m.•33 views

jetty -- multiple vulnerabilities

Cross-site scripting XSS vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies. Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters...

7.5CVSS8.7AI score0.03978EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/11/06 12:0 a.m.•33 views

plone -- unsafe data interpreted as pickles

Plone projectreports: This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process...

7.5CVSS6.6AI score0.02187EPSS
Exploits0
FreeBSD
FreeBSD
•added 2007/10/02 12:0 a.m.•33 views

xfs -- multiple vulnerabilities

Matthieu Herrb reports: Problem Description: Several vulnerabilities have been identified in xfs, the X font server. The QueryXBitmaps and QueryXExtents protocol requests suffer from lack of validation of their 'length' parameters. Impact: On most modern systems, the font server is accessible onl...

6.8CVSS6.8AI score0.03975EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/09/18 12:0 a.m.•33 views

bugzilla -- "createmailregexp" security bypass vulnerability

The Bugzilla development team reports: Bugzilla::WebService::User::offeraccountbyemail does not check the "createemailregexp" parameter, and thus allows users to create accounts who would normally be denied account creation. The "emailregexp" parameter is still checked. If you do not have the...

7.5CVSS6.4AI score0.01955EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2007/06/29 12:0 a.m.•33 views

wireshark -- Multiple problems

wireshark Team reports: It may be possible to make Wireshark or Ethereal crash or use up available memory by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file...

7.8CVSS6.3AI score0.16258EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2007/05/14 12:0 a.m.•33 views

mysql -- renaming of arbitrary tables by authenticated users

MySQL reports: The requirement of the DROP privilege for RENAME TABLE was not enforced...

4.9CVSS6.6AI score0.02848EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/04/04 12:0 a.m.•33 views

p5-Imager -- possibly exploitable buffer overflow

Imager 0.56 and all earlier versions with BMP support have a security issue when reading compressed 8-bit per pixel BMP files where either a compressed run of data or a literal run of data overflows the scan-line. Such an overflow causes a buffer overflow in a malloc allocated memory buffer,...

9.3CVSS6.9AI score0.09082EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2007/03/04 12:0 a.m.•33 views

WebCalendar -- "noSet" variable overwrite vulnerability

Secunia reports: A vulnerability has been discovered in WebCalendar, which can be exploited by malicious people to compromise a vulnerable system. Input passed to unspecified parameters is not properly verified before being used with the "noSet" parameter set. This can be exploited to overwrite...

7.5CVSS6.6AI score0.02144EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2006/10/17 12:0 a.m.•33 views

opera -- URL parsing heap overflow vulnerability

iDefense Labs reports: Remote exploitation of a heap overflow vulnerability within version 9 of Opera Software's Opera Web browser could allow an attacker to execute arbitrary code on the affected host. A flaw exists within Opera when parsing a tag that contains a URL. A heap buffer with a consta...

5.1CVSS7.5AI score0.04724EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2006/05/31 12:0 a.m.•33 views

libxine -- buffer overflow vulnerability

A Secunia Advisory reports: Federico L. Bossi Bonin has discovered a weakness in xine-lib, which can be exploited by malicious people to crash certain applications on a user's system. The weakness is cause due to a heap corruption within the "xinepluginphttp.so" plugin when handling an overly lar...

5CVSS6.6AI score0.11089EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2006/05/11 12:0 a.m.•33 views

postgresql -- encoding based SQL injection

The PostgreSQL development team reports: An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands in...

7.4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2006/03/23 12:0 a.m.•33 views

linux-realplayer -- heap overflow

iDefense Reports: Remote exploitation of a heap-based buffer overflow in RealNetwork Inc's RealPlayer could allow the execution of arbitrary code in the context of the currently logged in user. In order to exploit this vulnerability, an attacker would need to entice a user to follow a link to a...

9.3CVSS7.3AI score0.05783EPSS
Exploits5References3
FreeBSD
FreeBSD
•added 2006/02/06 12:0 a.m.•33 views

heimdal -- Multiple vulnerabilities

A Project heimdal Security Advisory reports: The telnet client program in Heimdal has buffer overflows in the functions slcaddreply and envoptadd, which may lead to remote code execution. The telnetd server program in Heimdal has buffer overflows in the function getterminaltype, which may lead to...

7.3AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2005/10/19 12:0 a.m.•33 views

squid -- FTP server response handling denial of service

A Secunia Advisory reports: M.A.Young has reported a vulnerability in Squid, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an error in handling certain FTP server responses. This can be exploited to crash Squid by visiting a...

5CVSS6.3AI score0.02102EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/10/05 12:0 a.m.•33 views

xloadimage -- buffer overflows in NIFF image title handling

Ariel Berkman reports: Unlike most of the supported image formats in xloadimage, the NIFF image format can store a title name of arbitrary length as part of the image file. When xloadimage is processing a loaded image, it is creating a new Image object and then writing the processed image to it. ...

5.1CVSS6.4AI score0.04159EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/07/13 12:0 a.m.•33 views

squirrelmail -- _$POST variable handling allows for various attacks

A Squirrelmail Advisory reports: An extract$POST was done in optionsidentities.php which allowed for an attacker to set random variables in that file. This could lead to the reading and possible writing of other people's preferences, cross site scripting or writing files in webserver-writable...

4.3CVSS6.2AI score0.04242EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2005/06/15 12:0 a.m.•33 views

acroread -- XML External Entity vulnerability

Sverre H. Huseby discovered a vulnerability in Adobe Acrobat and Adobe Reader. Under certain circumstances, using XML scripts it is possible to discover the existence of local files...

7.5CVSS6.2AI score0.14528EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2005/06/15 12:0 a.m.•33 views

mambo -- multiple vulnerabilities

A Secunia Advisory reports: Some vulnerabilities have been reported in Mambo, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing and SQL injection attacks. Input passed to the "userrating" parameter when voting isn't properly sanitised before being...

7.5CVSS7.4AI score0.01323EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/05/19 12:0 a.m.•33 views

fswiki -- XSS problem in file upload form

A Secunia security advisory reports: A vulnerability has been reported in FreeStyle Wiki and FSWikiLite, which can be exploited by malicious people to conduct script insertion attacks. Input passed in uploaded attachments is not properly sanitised before being used. This can be exploited to injec...

4.3CVSS6.4AI score0.00938EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2005/04/12 12:0 a.m.•33 views

gld -- format string and buffer overflow vulnerabilities

Gld has been found vulnerable to multiple buffer overflows as well as multiple format string vulnerabilities. An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the user running Gld, the default user being root. The FreeBSD port defaults to running gld ...

10CVSS7AI score0.67658EPSS
Exploits6References2
FreeBSD
FreeBSD
•added 2005/03/09 12:0 a.m.•33 views

ethereal -- multiple protocol dissectors vulnerabilities

An Ethreal Security Advisories reports: Issues have been discovered in the following protocol dissectors: Matevz Pustisek discovered a buffer overflow in the Etheric dissector. CVE: CAN-2005-0704 The GPRS-LLC dissector could crash if the "ignore cipher bit" option was enabled. CVE: CAN-2005-0705...

7.5CVSS6.9AI score0.07606EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2005/02/02 12:0 a.m.•33 views

perl -- vulnerabilities in PERLIO_DEBUG handling

Kevin Finisterre discovered bugs in perl's I/O debug support: The environmental variable PERLIODEBUG is honored even by the set-user-ID perl command usually named sperl or suidperl. As a result, a local attacker may be able to gain elevated privileges. CVE-2005-0155 A buffer overflow may occur in...

4.6CVSS6.9AI score0.01315EPSS
Exploits2
FreeBSD
FreeBSD
•added 2005/02/01 12:0 a.m.•33 views

postgresql -- multiple vulnerabilities

Multiple vulnerabilities had been reported in various versions of PostgreSQL: The EXECUTE restrictions can be bypassed by using the AGGREGATE function, which is missing a permissions check. A buffer overflow exists in gram.y which could allow an attacker to execute arbitrary code by sending a lar...

7.5CVSS7.6AI score0.14473EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2004/12/21 12:0 a.m.•34 views

squid -- confusing results on empty acl declarations

Applying an empty ACL list results in unexpected behavior: anything will match an empty ACL list. For example, The meaning of the configuration gets very confusing when we encounter empty ACLs such as acl something src "/path/to/emptyfile.txt" httpaccess allow something somewhere gets parsed with...

10CVSS6.4AI score0.05116EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2004/09/15 12:0 a.m.•33 views

mod_dav -- lock related denial-of-service

A malicious user with DAV write privileges can trigger a null pointer dereference in the Apache moddav module. This could cause the server to become unavailable...

5CVSS6.3AI score0.15463EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2004/08/31 12:0 a.m.•33 views

krb5 -- double-free vulnerabilities

An advisory published by the MIT Kerberos team says: The MIT Kerberos 5 implementation's Key Distribution Center KDC program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire...

7.7AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2004/08/18 12:0 a.m.•33 views

a2ps -- insecure command line argument handling

Rudolf Polzer reports: a2ps builds a command line for file containing an unescaped version of the file name, thus might call external programs described by the file name. Running a cronjob over a public writable directory a2ps-ing all files in it - or simply typing "a2ps .txt" in /tmp - is...

10CVSS0.1AI score0.15981EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2004/08/12 12:0 a.m.•33 views

gaim remotely exploitable vulnerabilities in MSN component

Sebastian Krahmer discovered several remotely exploitable buffer overflow vulnerabilities in the MSN component of gaim. In two places in the MSN protocol plugins object.c and slp.c, strncpy was used incorrectly; the size of the array was not checked before copying to it. Both bugs affect MSN's...

7.5CVSS7AI score0.0495EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/08/12 12:0 a.m.•33 views

acroread uudecoder input validation error

An iDEFENSE security advisory reports: Remote exploitation of an input validation error in the uudecoding feature of Adobe Acrobat Reader Unix 5.0 allows an attacker to execute arbitrary code. The Unix and Linux versions of Adobe Acrobat Reader 5.0 automatically attempt to convert uuencoded...

10CVSS7AI score0.08218EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/08/11 12:0 a.m.•33 views

Mutiple browser frame injection vulnerability

A class of bugs affecting many web browsers in the same way was discovered. A Secunia advisory reports: The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a nam...

6.4AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2004/05/20 12:0 a.m.•33 views

Buffer overflow in Squid NTLM authentication helper

Remote exploitation of a buffer overflow vulnerability in the NTLM authentication helper routine of the Squid Web Proxy Cache could allow a remote attacker to execute arbitrary code. A remote attacker can compromise a target system if the Squid Proxy is configured to use the NTLM authentication...

10CVSS7.5AI score0.7107EPSS
Exploits6References4
FreeBSD
FreeBSD
•added 2004/04/28 12:0 a.m.•33 views

mozilla -- automated file upload

A malicious web page can cause an automated file upload from the victim's machine when viewed with Mozilla with Javascript enabled. This is due to a bug permitting default values for type="file" elements in certain situations...

6.4CVSS5.9AI score0.01763EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/04/05 12:0 a.m.•33 views

racoon fails to verify signature during Phase 1

Ralf Spenneberg discovered a serious flaw in racoon. When using Phase 1 main or aggressive mode, racoon does not verify the client's RSA signature. Any installations using X.509 authentication are strongly urged to upgrade. Installations using pre-shared keys are believed to be unaffected...

7.5CVSS6.5AI score0.03625EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/02/03 12:0 a.m.•33 views

jailed processes can manipulate host routing tables

A programming error resulting in a failure to verify that an attempt to manipulate routing tables originated from a non-jailed process. Jailed processes running with superuser privileges could modify host routing tables. This could result in a variety of consequences including packets being sent...

7.2CVSS6.4AI score0.00337EPSS
Exploits0
FreeBSD
FreeBSD
•added 2000/02/19 12:0 a.m.•33 views

xloadimage -- buffer overflow in FACES image handling

In 2001, zen-parse discovered a buffer overflow in xloadimage's FACES image loader. A maliciously crafted image could cause xloadimage to execute arbitrary code. A published exploit exists for this vulnerability. In 2005, Rob Holland discovered that the same vulnerability was present in xli...

7.5CVSS7.4AI score0.16344EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2026/05/25 12:0 a.m.•32 views

OpenEXR -- 3.4.12 fixes multiple vulnerabilities

Cary Phillips reports: The OpenEXR 3.4.12 release addresses the following security vulnerabilities: CVE-2026-45696 OpenEXR htundoimpl heap-buffer-overflow READ via codestream/channel width mismatch in HTJ2K decode CVE-2026-44663 Integer overflow in HTJ2K decoder htundoimpl leading to...

8.3CVSS5.9AI score0.00263EPSS
Exploits2References1
Total number of security vulnerabilities5000