Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
added 2017/06/29 12:0 a.m.32 views

libgcrypt -- side-channel attack on RSA secret keys

GnuPG reports: Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster"...

6.8CVSS2.4AI score0.03885EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2017/04/13 12:0 a.m.32 views

heimdal -- bypass of capath policy

Viktor Dukhovni reports: Commit f469fc6 2010-10-02 inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2. Note, this may break sites that rely on the bug. With...

7.5CVSS7.8AI score0.01759EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2017/03/23 12:0 a.m.32 views

samba -- symlink race allows access outside share definition

Samba team reports: A time-of-check, time-of-use race condition can allow clients to access non-exported parts of the file system via symlinks...

7.5CVSS7.9AI score0.11091EPSS
Exploits3References1
FreeBSD
FreeBSD
added 2017/01/09 12:0 a.m.32 views

GnuTLS -- Memory corruption vulnerabilities

The GnuTLS project reports: It was found using the OSS-FUZZ fuzzer infrastructure that decoding a specially crafted OpenPGP certificate could lead to heap and stack overflows. GNUTLS-SA-2017-2 It was found using the OSS-FUZZ fuzzer infrastructure that decoding a specially crafted X.509 certificat...

2.1AI score
Exploits0References3
FreeBSD
FreeBSD
added 2016/11/09 12:0 a.m.32 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 4 security fixes in this release, including: 643948 High CVE-2016-5199: Heap corruption in FFmpeg. Credit to Paul Mehta 658114 High CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han 660678 Medium CVE-2016-5201: Info leak in extensions. Credi...

9.1CVSS1AI score0.01561EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/09/08 12:0 a.m.32 views

xen-kernel -- use after free in FIFO event channel code

The Xen Project reports: When the EVTCHNOPinitcontrol operation is called with a bad guest frame number, it takes an error path which frees a control structure without also clearing the corresponding pointer. Certain subsequent operations EVTCHNOPexpandarray or another EVTCHNOPinitcontrol, upon...

7.2CVSS1.1AI score0.00502EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/08/17 12:0 a.m.32 views

gnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output

Werner Koch reports: There was a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions...

5.3CVSS2.9AI score0.03597EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/07/26 12:0 a.m.32 views

xen-kernel -- x86: Privilege escalation in PV guests

The Xen Project reports: The PV pagetable code has fast-paths for making updates to pre-existing pagetable entries, to skip expensive re-validation in safe cases e.g. clearing only Access/Dirty bits. The bits considered safe were too broad, and not actually safe. A malicious PV guest administrato...

8.8CVSS1.5AI score0.004EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/06/16 12:0 a.m.32 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 3 security fixes in this release, including: 620742 CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives...

8.8CVSS2.6AI score0.01094EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/05/11 12:0 a.m.32 views

p7zip -- heap overflow vulnerability

Cisco Talos reports: An exploitable heap overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip that can lead to arbitrary code execution...

9.3CVSS2.5AI score0.14742EPSS
Exploits3References1
FreeBSD
FreeBSD
added 2016/04/04 12:0 a.m.32 views

cacti -- multiple vulnerabilities

The Cacti Group, Inc. reports: Changelog bug:0002667: Cacti SQL Injection Vulnerability bug:0002673: CVE-2016-3659 - Cacti graphview.php SQL Injection Vulnerability bug:0002656: Authentication using web authentication as a user not in the cacti database allows complete access regression...

8.8CVSS3.2AI score0.02256EPSS
Exploits2References4
FreeBSD
FreeBSD
added 2016/02/09 12:0 a.m.32 views

pcre -- stack buffer overflow

Philip Hazel reports: PCRE does not validate that handling the ACCEPT verb will occur within the bounds of the cworkspace stack buffer, leading to a stack buffer overflow...

9.8CVSS1.9AI score0.0843EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2016/01/28 12:0 a.m.32 views

phpmyadmin -- XSS vulnerability in normalization page

The phpMyAdmin development team reports: With a crafted table name it is possible to trigger an XSS attack in the database normalization page. We consider this vulnerability to be non-critical. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token...

5.4CVSS3.1AI score0.01269EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/12/24 12:0 a.m.32 views

radicale -- multiple vulnerabilities

Radicale reports: The multifilesystem backend allows access to arbitrary files on all platforms. Prevent regex injection in rights management...

7.9AI score
Exploits0References1
FreeBSD
FreeBSD
added 2015/12/15 12:0 a.m.32 views

kea -- unexpected termination while handling a malformed packet

ISC Support reports: ISC Kea may terminate unexpectedly crash while handling a malformed client packet. Related defects in the kea-dhcp4 and kea-dhcp6 servers can cause the server to crash during option processing if a client sends a malformed packet. An attacker sending a crafted malformed packe...

7.1CVSS6.4AI score0.03706EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/11/15 12:0 a.m.32 views

libpng buffer overflow in png_set_PLTE

libpng reports: CVE for a vulnerability in libpng, all versions, in the pngsetPLTE/pnggetPLTE functions. These functions failed to check for an out-of-range palette when reading or writing PNG files with a bitdepth less than 8. Some applications might read the bit depth from the IHDR chunk and...

7.5CVSS7.8AI score0.10339EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2015/10/14 12:0 a.m.32 views

wireshark -- Pcapng file parser crash

Wireshark development team reports: The following vulnerability has been fixed. wnpa-sec-2015-30 Pcapng file parser crash. Bug 11455...

4.3CVSS5.8AI score0.03037EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/10/09 12:0 a.m.32 views

optipng -- multiple vulnerabilities

ifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service uninitialized memory read via a crafted GIF file. The bmpreadrows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service invalid memory...

9.3CVSS7.9AI score0.04426EPSS
Exploits2
FreeBSD
FreeBSD
added 2015/08/11 12:0 a.m.32 views

libvpx -- multiple buffer overflows

The Mozilla Project reports: Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover two buffer overflow issues in the Libvpx library used for WebM video when decoding a malformed WebM video file. These buffer overflows result in...

10CVSS7.9AI score0.08447EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/08/08 12:0 a.m.32 views

vorbis-tools, opus-tools -- multiple vulnerabilities

Paris Zoumpouloglou reports: I discovered an integer overflow issue in oggenc, related to the number of channels in the input WAV file. The issue triggers an out-of-bounds memory access which causes oggenc to crash. Paris Zoumpouloglou reports: A crafted WAV file with number of channels set to 0...

5CVSS6.1AI score0.03786EPSS
Exploits3References3
FreeBSD
FreeBSD
added 2015/08/05 12:0 a.m.32 views

FreeBSD -- shell injection vulnerability in patch(1)

Problem Description: Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch1 to pass certain ed1 scripts to the ed1 editor, which would run commands. Impact: This issue could be exploited to execute arbitrary commands as the user invoking patch1...

9.3CVSS7.9AI score0.03778EPSS
Exploits0
FreeBSD
FreeBSD
added 2015/07/27 12:0 a.m.32 views

subversion -- multiple vulnerabilities

Subversion reports: CVE-2015-3184: Subversion's modauthzsvn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. CVE-2015-3187: Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by...

5CVSS8.2AI score0.10607EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2015/07/21 12:0 a.m.32 views

bind -- denial of service vulnerability

ISC reports: An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit...

7.8CVSS7.7AI score0.91284EPSS
Exploits12References1
FreeBSD
FreeBSD
added 2015/06/22 12:0 a.m.32 views

www/chromium -- multiple vulnerabilities

Google Chrome Releases reports: 4 security fixes in this release: 464922 High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous. 494640 High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 497507 Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit...

5CVSS9.2AI score0.02306EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2015/06/22 12:0 a.m.32 views

devel/ipython -- remote execution

Kyle Kelley reports: Summary: JSON error responses from the IPython notebook REST API contained URL parameters and were incorrectly reported as text/html instead of application/json. The error messages included some of these URL params, resulting in a cross site scripting attack. This affects use...

6.1CVSS6.6AI score0.01762EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/06/09 12:0 a.m.32 views

logstash -- Directory traversal vulnerability in the file output plugin

Elastic reports: An attacker could use the File output plugin with dynamic field references in the path option to traverse paths outside of Logstash directory. This technique could also be used to overwrite any files which can be accessed with permissions associated with Logstash user. This relea...

6.4CVSS6.3AI score0.0303EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2015/05/06 12:0 a.m.32 views

suricata -- TLS/DER Parser Bug (DoS)

OISF Development Team reports: The OISF development team is pleased to announce Suricata 2.0.8. This release fixes a number of issues in the 2.0 series. The most important issue is a bug in the DER parser which is used to decode SSL/TLS certificates could crash Suricata. This issue was reported b...

5CVSS6.2AI score0.01134EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2015/04/04 12:0 a.m.32 views

asterisk -- TLS Certificate Common name NULL byte exploit

The Asterisk project reports: When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of...

4.3CVSS7.4AI score0.46156EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/03/24 12:0 a.m.32 views

rest-client -- session fixation vulnerability

Andy Brody reports: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration...

9.8CVSS9.1AI score0.04345EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/01/21 12:0 a.m.32 views

Bugzilla multiple security issues

Bugzilla Security Advisory Command Injection Some code in Bugzilla does not properly utilize 3 arguments form for open and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes. Information Leak Using the WebServices API, a user c...

6.5CVSS6.8AI score0.0204EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2015/01/13 12:0 a.m.32 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA-2015-01 Miscellaneous memory safety hazards rv:35.0 / rv:31.4 MFSA-2015-02 Uninitialized memory use during bitmap rendering MFSA-2015-03 sendBeacon requests lack an Origin header MFSA-2015-04 Cookie injection through Proxy Authenticate responses MFSA-2015-05 Read...

7.5CVSS9.9AI score0.65657EPSS
Exploits4References10
FreeBSD
FreeBSD
added 2015/01/13 12:0 a.m.32 views

Adobe Flash Player -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system...

10CVSS6.6AI score0.08742EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2014/10/14 12:0 a.m.32 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2014-74 Miscellaneous memory safety hazards rv:33.0 / rv:31.2 MFSA 2014-75 Buffer overflow during CSS manipulation MFSA 2014-76 Web Audio memory corruption issues with custom waveforms MFSA 2014-78 Further uninitialized memory use during GIF MFSA 2014-79...

7.5CVSS10.1AI score0.0527EPSS
Exploits1References9
FreeBSD
FreeBSD
added 2014/10/09 12:0 a.m.32 views

twiki -- remote Perl code execution

TWiki developers report: The debugenableplugins request parameter allows arbitrary Perl code execution. Using an HTTP GET request towards a TWiki server, add a specially crafted debugenableplugins request parameter to TWiki's view script typically port 80/TCP. Prior authentication may or may not ...

9.1CVSS9.4AI score0.55637EPSS
Exploits12References1
FreeBSD
FreeBSD
added 2014/07/24 12:0 a.m.32 views

bugzilla -- Cross Site Request Forgery

A Bugzilla Security Advisory reports: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery CSRF attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF conte...

4.3CVSS6.4AI score0.00542EPSS
Exploits0
FreeBSD
FreeBSD
added 2014/07/16 12:0 a.m.32 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 26 security fixes in this release, including 380885 Medium CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit to Christian Schneider. 393765 CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives...

6.8CVSS2.2AI score0.01343EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2014/03/05 12:0 a.m.32 views

libssh -- PRNG state reuse on forking servers

Aris Adamantiadis reports: When accepting a new connection, the server forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current process id getpid to the PRNG state, which is not guaranteed to be unique...

1.9CVSS6.3AI score0.00356EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2014/03/03 12:0 a.m.32 views

gnutls -- multiple certificate verification issues

GnuTLS project reports: A vulnerability was discovered that affects the certificate verification functions of all gnutls versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat. Suman Jana reporte...

7.7AI score
Exploits0References2
FreeBSD
FreeBSD
added 2014/01/14 12:0 a.m.32 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.07117EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2013/10/01 12:0 a.m.32 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 50 security fixes in this release, including: 223962270758271161284785284786 Medium CVE-2013-2906: Races in Web Audio. Credit to Atte Kettunen of OUSPG. 260667 Medium CVE-2013-2907: Out of bounds read in Window.prototype object. Credit to Boris Zbarsky. 265221 Medi...

7.5CVSS0.7AI score0.02531EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2013/10/01 12:0 a.m.32 views

polarssl -- Timing attack against protected RSA-CRT implementation

PolarSSL Project reports: The researchers Cyril Arnaud and Pierre-Alain Fouque investigated the PolarSSL RSA implementation and discovered a bias in the implementation of the Montgomery multiplication that we used. For which they then show that it can be used to mount an attack on the RSA key...

4.3CVSS5.9AI score0.02143EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2013/06/18 12:0 a.m.32 views

FreeBSD -- Privilege escalation via mmap

Due to insufficient permission checks in the virtual memory system, a tracing process such as a debugger may be able to modify portions of the traced process's address space to which the traced process itself does not have write access...

6.9CVSS6.3AI score0.06942EPSS
Exploits10
FreeBSD
FreeBSD
added 2013/05/14 12:0 a.m.32 views

ruby -- Object taint bypassing in DL and Fiddle in Ruby

Ruby Developers report: There is a vulnerability in DL and Fiddle in Ruby where tainted strings can be used by system calls regardless of the $SAFE level set in Ruby. Native functions exposed to Ruby with DL or Fiddle do not check the taint values set on the objects passed in. This can result in...

6.4CVSS5.8AI score0.0251EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2013/04/24 12:0 a.m.32 views

Joomla! -- XXS and DDoS vulnerabilities

The JSST and the Joomla! Security Center report: 20130405 - Core - XSS Vulnerability Inadequate filtering leads to XSS vulnerability in Voting plugin. 20130403 - Core - XSS Vulnerability Inadequate filtering allows possibility of XSS exploit in some circumstances. 20130402 - Core - Information...

5.5CVSS5.8AI score0.04848EPSS
Exploits6References1
FreeBSD
FreeBSD
added 2013/03/13 12:0 a.m.32 views

puppet26 -- multiple vulnerabilities

Moses Mendoza reports: A vulnerability found in Puppet could allow an authenticated client to cause the master to execute arbitrary code while responding to a catalog request. Specifically, in order to exploit the vulnerability, the puppet master must be made to invoke the 'template' or...

9CVSS7.4AI score0.04927EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2013/02/26 12:0 a.m.32 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.11094EPSS
Exploits1
FreeBSD
FreeBSD
added 2012/05/31 12:0 a.m.32 views

libjpeg-turbo -- heap-based buffer overflow

The Changelog for version 1.2.1 says: Fixed a regression caused by 1.2.06 in which decompressing corrupt JPEG images specifically, images in which the component count was erroneously set to a large value would cause libjpeg-turbo to segfault. A Heap-based buffer overflow was found in the way...

8.8CVSS8.2AI score0.04765EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2012/05/10 12:0 a.m.32 views

OpenSSL -- DTLS and TLS 1.1, 1.2 denial of service

OpenSSL security team reports: A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers...

6.8CVSS8AI score0.28154EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2012/05/08 12:0 a.m.32 views

rssh -- arbitrary command execution

Derek Martin rssh maintainer reports: Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh. As far as I can tell, there is no way to effect a root compromise, except of course if the root account is th...

2.1CVSS6.4AI score0.00388EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2012/03/20 12:0 a.m.32 views

libtasn1 -- ASN.1 length decoding vulnerability

Mu Dynamics, Inc. reports: Various functions using the ASN.1 length decoding logic in Libtasn1 were incorrectly assuming that the return value from asn1getlengthder is always less than the length of the enclosing ASN.1 structure, which is only true for valid structures and not for intentionally...

5CVSS8.8AI score0.0446EPSS
Exploits1
Total number of security vulnerabilities5000