Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2017/08/10 12:0 a.m.•31 views

subversion -- Arbitrary code execution vulnerability

subversion team reports: A Subversion client sometimes connects to URLs provided by the repository. This happens in two primary cases: during 'checkout', 'export', 'update', and 'switch', when the tree being downloaded contains svn:externals properties; and when using 'svnsync sync' with one URL...

9.8CVSS0.9AI score0.18892EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2017/07/25 12:0 a.m.•31 views

chromium -- multiple vulnerabilities

Google Chrome releases reports: 40 security fixes in this release Please reference CVE/URL list for details...

8.8CVSS7.3AI score0.15513EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/12 12:0 a.m.•31 views

FreeBSD -- heimdal KDC-REP service name validation vulnerability

Problem Description: There is a programming error in the Heimdal implementation that used an unauthenticated, plain-text version of the KDC-REP service name found in a ticket. Impact: An attacker who has control of the network between a client and the service it talks to will be able to impersona...

6.5CVSS6.7AI score0.00992EPSS
Exploits0
FreeBSD
FreeBSD
•added 2017/07/05 12:0 a.m.•31 views

irssi -- multiple vulnerabilities

irssi reports: When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each...

9.8CVSS9.1AI score0.03443EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/06/19 12:0 a.m.•31 views

exim -- Privilege escalation via multiple memory leaks

Qualsys reports: Exim supports the use of multiple "-p" command line arguments which are malloc'ed and never free'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has...

4CVSS5.9AI score0.0053EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/06/03 12:0 a.m.•31 views

python -- possible integer overflow vulnerability

Python issue: There is a possible integer overflow in PyStringDecodeEscape function of the file stringobject.c, which can be abused to gain a heap overflow, possibly leading to arbitrary code execution...

9.8CVSS9.7AI score0.07944EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2017/05/30 12:0 a.m.•31 views

strongswan -- multiple vulnerabilities

strongSwan security team reports: RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception. CVE-2017-9022 ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when...

7.5CVSS0.5AI score0.02222EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/04/12 12:0 a.m.•31 views

BIND -- multiple vulnerabilities

ISC reports: A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other...

7AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2017/02/21 12:0 a.m.•31 views

xen-tools -- cirrus_bitblt_cputovideo does not check if memory region is safe

The Xen Project reports: In CIRRUSBLTMODEMEMSYSSRC mode the bitblit copy routine cirrusbitbltcputovideo fails to check whether the specified memory region is safe. A malicious guest administrator can cause an out of bounds memory write, very likely exploitable as a privilege escalation...

9.9CVSS9.4AI score0.03559EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/01/31 12:0 a.m.•31 views

libevent -- multiple vulnerabilities

Debian Security reports: CVE-2016-10195: The nameparse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the labellen variable, which triggers an out-of-bounds stack read. CVE-2016-10196: Stack-based buffer overflow in the...

9.8CVSS8.9AI score0.06681EPSS
Exploits3References5
FreeBSD
FreeBSD
•added 2017/01/29 12:0 a.m.•31 views

PuTTY -- integer overflow permits memory overwrite by forwarded ssh-agent connections

Simon G. Tatham reports: Many versions of PuTTY prior to 0.68 have a heap-corrupting integer overflow bug in the sshagentchanneldata function which processes messages sent by remote SSH clients to a forwarded agent connection. ... This bug is only exploitable at all if you have enabled SSH agent...

9.8CVSS9.1AI score0.21816EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2016/12/06 12:0 a.m.•31 views

FreeBSD -- link_ntoa(3) buffer overflow

Problem Description: A specially crafted argument can trigger a static buffer overflow in the library, with possibility to rewrite following static buffers that belong to other library functions. Impact: Due to very limited use of the function in the existing applications, and limited length of t...

9.8CVSS1.7AI score0.03699EPSS
Exploits1
FreeBSD
FreeBSD
•added 2016/11/24 12:0 a.m.•31 views

wget -- Access List Bypass / Race Condition

Dawid Golunski reports: GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode, is affected by a Race Condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions specified with -A parameter...

8.1CVSS5.8AI score0.07499EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2016/11/16 12:0 a.m.•31 views

wireshark -- multiple vulnerabilities

Wireshark project reports: Wireshark project is releasing Wireshark 2.2.2, which addresses: wnpa-sec-2016-58: Profinet I/O long loop - CVE-2016-9372 wnpa-sec-2016-59: AllJoyn crash - CVE-2016-9374 wnpa-sec-2016-60: OpenFlow crash - CVE-2016-9376 wnpa-sec-2016-61: DCERPC crash - CVE-2016-9373...

5.9CVSS6.4AI score0.0209EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/11/05 12:0 a.m.•31 views

py-cryptography -- vulnerable HKDF key generation

Alex Gaynor reports: Fixed a bug where HKDF would return an empty byte-string if used with a length less than algorithm.digestsize...

7.5CVSS1.4AI score0.03399EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/10/18 12:0 a.m.•31 views

node.js -- ares_create_query single byte out of buffer write

Node.js has released new versions containing the following security fix: The following releases all contain fixes for CVE-2016-5180 "arescreatequery single byte out of buffer write": Node.js v0.10.48 Maintenance, Node.js v0.12.17 Maintenance, Node.js v4.6.1 LTS "Argon" While this is not a critica...

9.8CVSS3.5AI score0.08583EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/09/08 12:0 a.m.•31 views

xen-kernel -- x86 HVM: Overflow of sh_ctxt->seg_reg[]

The Xen Project reports: x86 HVM guests running with shadow paging use a subset of the x86 emulator to handle the guest writing to its own pagetables. There are situations a guest can provoke which result in exceeding the space allocated for internal state. A malicious HVM guest administrator can...

4.1CVSS6.8AI score0.00392EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/08/03 12:0 a.m.•31 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 10 security fixes in this release, including: 629542 High CVE-2016-5141 Address bar spoofing. Credit to anonymous 626948 High CVE-2016-5142 Use-after-free in Blink. Credit to anonymous 625541 High CVE-2016-5139 Heap overflow in pdfium. Credit to GiWan Go of Stealie...

9.8CVSS1.4AI score0.01849EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/07/17 12:0 a.m.•31 views

Apache OpenOffice 4.1.2 -- Memory Corruption Vulnerability (Impress Presentations)

The Apache OpenOffice Project reports: An OpenDocument Presentation .ODP or Presentation Template .OTP file can contain invalid presentation elements that lead to memory corruption when the document is loaded in Apache OpenOffice Impress. The defect may cause the document to appear as corrupted a...

7.8CVSS7.7AI score0.13826EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2016/06/07 12:0 a.m.•31 views

NSS -- multiple vulnerabilities

Mozilla Foundation reports: Mozilla has updated the version of Network Security Services NSS library used in Firefox to NSS 3.23. This addresses four moderate rated networking security issues reported by Mozilla engineers Tyson Smith and Jed Davis...

9.3CVSS2.8AI score0.0338EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2016/05/04 12:0 a.m.•31 views

ikiwiki -- XSS vulnerability

Mitre reports: Cross-site scripting XSS vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message...

6.1CVSS3.9AI score0.01465EPSS
Exploits0
FreeBSD
FreeBSD
•added 2016/03/03 12:0 a.m.•31 views

Bugzilla security issues

Bugzilla Security Advisory A specially crafted bug summary could trigger XSS in dependency graphs. Due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs...

6.1CVSS2.2AI score0.01483EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/02/11 12:0 a.m.•31 views

firefox -- Same-origin-policy violation using Service Workers with plugins

The Mozilla Foundation reports: MFSA 2016-13 Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a servic...

8.8CVSS3.4AI score0.01503EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/02/09 12:0 a.m.•31 views

flash -- multiple vulnerabilities

Adobe reports: These updates resolve a type confusion vulnerability that could lead to code execution CVE-2016-0985. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984. The...

9.3CVSS9.7AI score0.55375EPSS
Exploits14References1
FreeBSD
FreeBSD
•added 2016/01/28 12:0 a.m.•31 views

hive -- authorization logic vulnerability

Sushanth Sowmyan reports: Some partition-level operations exist that do not explicitly also authorize privileges of the parent table. This can lead to issues when the parent table would have denied the operation, but no denial occurs because the partition-level privilege is not checked by the...

8.3CVSS8.3AI score0.06119EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/01/14 12:0 a.m.•31 views

FreeBSD -- TCP MD5 signature denial of service

Problem Description: A programming error in processing a TCP connection with both TCPMD5SIG and TCPNOOPT socket options may lead to kernel crash. Impact: A local attacker can crash the kernel, resulting in a denial-of-service. A remote attack is theoretically possible, if server has a listening...

7.8CVSS2.2AI score0.01948EPSS
Exploits0
FreeBSD
FreeBSD
•added 2015/12/28 12:0 a.m.•31 views

qemu -- denial of service vulnerability in Rocker switch emulation

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmittx descriptors in 'txconsume' routine, if a descriptor was to have more than allowed ROCKERTXFRAGSMAX=16...

6.5CVSS6.9AI score0.00391EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2015/12/23 12:0 a.m.•31 views

owncloud -- multiple vulnerabilities

Owncloud reports: Reflected XSS in OCS provider discovery oC-SA-2016-001 Information Exposure Through Directory Listing in the file scanner oC-SA-2016-002 Disclosure of files that begin with ".v" due to unchecked return value oC-SA-2016-003...

1.8AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2015/10/29 12:0 a.m.•31 views

xen-kernel -- leak of main per-domain vcpu pointer array

The Xen Project reports: A domain's primary array of vcpu pointers can be allocated by a toolstack exactly once in the lifetime of a domain via the XENDOMCTLmaxvcpus hypercall. This array is leaked on domain teardown. This memory leak could -- over time -- exhaust the host's memory. A domain give...

4.9CVSS7.3AI score0.00436EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/10 12:0 a.m.•31 views

p5-HTML-Scrubber -- XSS vulnerability

MITRE reports: Cross-site scripting XSS vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment...

2.6CVSS5.6AI score0.02092EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2015/09/18 12:0 a.m.•31 views

wolfssl -- DDoS amplification in DTLS

Sebastian Ramacher identified an error in wolfSSL's implementation of the server side of the DTLS handshake, which could be abused for DDoS amplification or a DoS on the DTLS server itself...

7.5CVSS7.4AI score0.0272EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2015/09/15 12:0 a.m.•31 views

ZendFramework1 -- SQL injection vulnerability

Zend Framework developers report: The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection...

9.8CVSS9.4AI score0.02972EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/08/07 12:0 a.m.•31 views

screen -- stack overflow

Kuang-che Wu reports: screen will recursively call MScrollV to depth n/256. This is time consuming and will overflow stack if n is huge...

5CVSS6.7AI score0.04148EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2015/07/29 12:0 a.m.•31 views

go -- multiple vulnerabilities

Jason Buberel, Go Product Manager, reports: CVE-2015-5739 - "Content Length" treated as valid header CVE-2015-5740 - Double content-length headers does not return 400 error CVE-2015-5741 - Additional hardening, not sending Content-Length w/Transfer-Encoding, Closing connections...

9.8CVSS9.2AI score0.09625EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2015/06/26 12:0 a.m.•31 views

cups-filters -- buffer overflow in texttopdf size allocation

Stefan Cornelius from Red Hat reports: A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filters processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute...

7.5CVSS7.2AI score0.08295EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/06/11 12:0 a.m.•31 views

xen-kernel -- GNTTABOP_swap_grant_ref operation misbehavior

The Xen Project reports: With the introduction of version 2 grant table operations, a version check became necessary for most grant table related hypercalls. The GNTTABOPswapgrantref call was lacking such a check. As a result, the subsequent code behaved as if version 2 was in use, when a guest...

4.9CVSS9.1AI score0.00439EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/06/03 12:0 a.m.•31 views

tidy -- heap-buffer-overflow

Geoff McLane reports: tidy is affected by a write out of bounds when processing malformed html files. This issue could be abused on server side applications that use php-tidy extension with user input. The issue was confirmed, analyzed, and fixed by the tidy5 maintainer...

5.9AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2015/04/30 12:0 a.m.•31 views

libssh -- null pointer dereference

Andreas Schneider reports: libssh versions 0.5.1 and above have a logical error in the handling of a SSHMSGNEWKEYS and SSHMSGKEXDHREPLY package. A detected error did not set the session into the error state correctly and further processed the packet which leads to a null pointer dereference. This...

7.5CVSS6.5AI score0.0391EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/04/10 12:0 a.m.•31 views

qemu -- Heap overflow in QEMU PCNET controller, allowing guest to host escape (CVE-2015-3209)

The QEMU security team reports: A guest which has access to an emulated PCNET network device e.g. with "model=pcnet" in their VIF configuration can exploit this vulnerability to take over the qemu process elevating its privilege to that of the qemu process...

7.5CVSS6.1AI score0.09668EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/04/10 12:0 a.m.•31 views

PostgreSQL -- minor security problems.

PostgreSQL project reports: This update fixes three security vulnerabilities reported in PostgreSQL over the past few months. Nether of these issues is seen as particularly urgent. However, users should examine them in case their installations are vulnerable:. CVE-2015-3165 Double "free" after...

9.8CVSS9.4AI score0.08565EPSS
Exploits0
FreeBSD
FreeBSD
•added 2015/02/12 12:0 a.m.•31 views

xen-kernel -- arm: vgic-v2: GICD_SGIR is not properly emulated

The Xen Project reports: When decoding a guest write to a specific register in the virtual interrupt controller Xen would treat an invalid value as a critical error and crash the host. By writing an invalid value to the GICD.SGIR register a guest can crash the host, resulting in a Denial of Servi...

4.9CVSS8.5AI score0.00415EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/29 12:0 a.m.•31 views

xen-kernel -- arm: vgic: incorrect rate limiting of guest triggered logging

The Xen Project reports: On ARM systems the code which deals with virtualizing the GIC distributor would, under various circumstances, log messages on a guest accessible code path without appropriate rate limiting. A malicious guest could cause repeated logging to the hypervisor console, leading ...

2.1CVSS8.5AI score0.00411EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/27 12:0 a.m.•31 views

FreeBSD -- SCTP SCTP_SS_VALUE kernel memory corruption and disclosure

Problem Description: Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory. Impact: An unprivileged process can read or modify 16-bits of memory which belongs to the kernel. This may lead to...

4.6CVSS5.8AI score0.00896EPSS
Exploits5
FreeBSD
FreeBSD
•added 2015/01/21 12:0 a.m.•31 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 62 security fixes in this release, including: 430353 High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning. 435880 High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne. 434136 High CVE-2014-7925: Use-after-free in WebAudio. Credit ...

7.5CVSS8.5AI score0.04339EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/07 12:0 a.m.•31 views

WebKit-gtk -- Multiple vulnerabilities

Webkit release team reports: This release fixes the following security issues: CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390...

6.8CVSS7.9AI score0.02762EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/12/07 12:0 a.m.•31 views

freetype -- Out of bounds stack-based read/write

Werner LEMBERG reports: The fix for CVE-2014-2240 was not 100% complete to fix the issue from the CVE completly...

7.5CVSS6.5AI score0.06275EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2014/10/06 12:0 a.m.•31 views

Bugzilla multiple security issues

Bugzilla Security Advisory Unauthorized Account Creation An attacker creating a new Bugzilla account can override certain parameters when finalizing the account creation that can lead to the user being created with a different email address than originally requested. The overridden login name cou...

5.6AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2014/09/09 12:0 a.m.•31 views

www/chromium -- multiple vulnerabilities

Google Chrome Releases reports: 4 security fixes in this release, including: 401362 High CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz. 411014 CVE-2014-3179: Various fixes from internal audits, fuzzing and other initiatives...

7.5CVSS1.7AI score0.01452EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/08/26 12:0 a.m.•31 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 50 security fixes in this release, including: 386988 Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox. 369860 High...

10CVSS2.5AI score0.09758EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/08/09 12:0 a.m.•31 views

e2fsprogs -- buffer overflow if s_first_meta_bg too big

Theodore Ts'o reports: If sfirstmetabg is greater than the of number block group descriptor blocks, then reading or writing the block group descriptors will end up overruning the memory buffer allocated for the descriptors. The finding is credited to a vulnerability report from Jose Duart of Goog...

4.6CVSS7.4AI score0.00897EPSS
Exploits0References3
Total number of security vulnerabilities5000