Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2016/06/20 12:0 a.m.•29 views

The GIMP -- Use after Free vulnerability

The GIMP team reports: A Use-after-free vulnerability was found in the xcfloadimage function...

7.8CVSS1.9AI score0.03113EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2016/06/09 12:0 a.m.•29 views

haproxy -- denial of service

HAproxy reports: HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service uninitialized memory access and crash or possibly have unspecified other impact via unknown vectors...

7.5CVSS6.7AI score0.4282EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/05/06 12:0 a.m.•29 views

wordpress -- multiple vulnerabilities

Helen Hou-Sandi reports: WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library...

1.7AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2016/03/29 12:0 a.m.•29 views

mercurial -- multiple vulnerabilities

Mercurial reports: CVE-2016-3630: Remote code execution in binary delta decoding CVE-2016-3068: Arbitrary code execution with Git subrepos CVE-2016-3069: Arbitrary code execution when converting Git repos...

8.8CVSS3.9AI score0.05405EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/03/28 12:0 a.m.•29 views

openvswitch -- MPLS buffer overflow

Open vSwitch reports: Multiple versions of Open vSwitch are vulnerable to remote buffer overflow attacks, in which crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. The MPLS packets that trigger the vulnerability and the potential for...

9.8CVSS6.5AI score0.06279EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2016/02/24 12:0 a.m.•29 views

git -- integer overflow

Debian reports: integer overflow due to a loop which adds more to "len"...

10CVSS3.4AI score0.18808EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2016/02/21 12:0 a.m.•29 views

cacti -- multiple vulnerabilities

The Cacti Group, Inc. reports: Changelog bug:0002652: CVE-2015-8604: SQL injection in graphsnew.php bug:0002655: CVE-2015-8377: SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php bug:0002656: Authentication using web authentication as a user not in the cacti database...

8.8CVSS9.4AI score0.02686EPSS
Exploits3References5
FreeBSD
FreeBSD
•added 2016/01/28 12:0 a.m.•29 views

phpmyadmin -- Insecure password generation in JavaScript

The phpMyAdmin development team reports: Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers. We consider this vulnerability to be non-critical...

7.5CVSS1.5AI score0.02688EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/01/13 12:0 a.m.•29 views

h2o -- directory traversal vulnerability

Yakuzo OKU reports: When redirect directive is used, this flaw allows a remote attacker to inject response headers into an HTTP redirect response...

4.3CVSS4.8AI score0.01459EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/12/23 12:0 a.m.•29 views

nghttp2 -- use after free

nghttp2 reports: This release fixes heap-use-after-free bug in idle stream handling code. We strongly recommend to upgrade the older installation to this latest version as soon as possible...

10CVSS9.1AI score0.04073EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/11/22 12:0 a.m.•29 views

quassel -- remote denial of service

Pierre Schweitzer reports: Any client sending the command "/op " in a query will cause the Quassel core to crash...

7.5CVSS7.4AI score0.02825EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/16 12:0 a.m.•29 views

Salt -- multiple vulnerabilities

Salt release notes: CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials in loglevel debug output on the Salt master. These credentials are now replaced with REDACTED in the...

9.8CVSS8.5AI score0.0222EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/05 12:0 a.m.•29 views

mbedTLS/PolarSSL -- DoS and possible remote code execution

ARM Limited reports: When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the sessio...

6.8CVSS8AI score0.03629EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/09/24 12:0 a.m.•29 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Two vulnerabilities were fixed in this release: 530301 High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. 531891 High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski...

7.5CVSS9.4AI score0.01757EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2015/09/13 12:0 a.m.•29 views

pitivi -- code execution

Luke Farone reports: Double-clicking a file in the user's media library with a specially-crafted path or filename allows for arbitrary code execution with the permissions of the user running Pitivi...

10CVSS9.4AI score0.03236EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/07/12 12:0 a.m.•29 views

devel/ipython -- CSRF possible remote execution vulnerability

Kyle Kelley reports: Summary: POST requests exposed via the IPython REST API are vulnerable to cross-site request forgery CSRF. Web pages on different domains can make non-AJAX POST requests to known IPython URLs, and IPython will honor them. The user's browser will automatically send IPython...

8.8CVSS7.3AI score0.01201EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2015/06/28 12:0 a.m.•29 views

wesnoth -- disclosure of .pbl files with lowercase, uppercase, and mixed-case extension

Ignacio R. Morelle reports: As mentioned in the Wesnoth 1.12.4 and Wesnoth 1.13.1 release announcements, a security vulnerability targeting add-on authors was found bug 23504 which allowed a malicious user to obtain add-on server passphrases from the client's .pbl files and transmit them over the...

4.3CVSS4.9AI score0.01715EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/06/23 12:0 a.m.•29 views

pcre -- Heap Overflow Vulnerability in find_fixedlength()

Venustech ADLAB reports: PCRE library is prone to a vulnerability which leads to Heap Overflow. During subpattern calculation of a malformed regular expression, an offset that is used as an array index is fully controlled and can be large enough so that unexpected heap memory regions are accessed...

9.1CVSS7.2AI score0.07673EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2015/06/22 12:0 a.m.•29 views

freeradius -- insufficient CRL application vulnerability

oCERT reports: The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA...

7.5CVSS7.6AI score0.01791EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/06/09 12:0 a.m.•29 views

logstash-forwarder and logstash -- susceptibility to POODLE vulnerability

Elastic reports: The combination of Logstash Forwarder and Lumberjack input and output was vulnerable to the POODLE attack in SSLv3 protocol. We have disabled SSLv3 for this combination and set the minimum version to be TLSv1.0. We have added this vulnerability to our CVE page and are working on...

1.5AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2015/05/15 12:0 a.m.•29 views

strongswan -- Denial-of-service and potential remote code execution vulnerability

StrongSwan Project reports A denial-of-service and potential remote code execution vulnerability triggered by crafted IKE messages was discovered in strongSwan. Versions 5.2.2 and 5.3.0 are affected...

9.8CVSS9.6AI score0.04521EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/04/27 12:0 a.m.•29 views

elasticsearch -- directory traversal attack with site plugins

Elastic reports: Vulnerability Summary: All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch when one or more site plugins are installed, or when Windows is the server OS...

4.3CVSS6.3AI score0.33129EPSS
Exploits5References5
FreeBSD
FreeBSD
•added 2015/03/03 12:0 a.m.•29 views

chromium -- multiple vulnerabilities

Chrome Releases reports: 51 security fixes in this release, including: 456516 High CVE-2015-1212: Out-of-bounds write in media. Credit to anonymous. 448423 High CVE-2015-1213: Out-of-bounds write in skia filters. Credit to cloudfuzzer. 445810 High CVE-2015-1214: Out-of-bounds write in skia filter...

7.5CVSS7.2AI score0.02565EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/02/28 12:0 a.m.•29 views

PuTTY -- fails to scrub private keys from memory after use

Simon Tatham reports: When PuTTY has sensitive data in memory and has no further need for it, it should wipe the data out of its memory, in case malware later gains access to the PuTTY process or the memory is swapped out to disk or written into a crash dump file. An obvious example of this is th...

2.1CVSS6.5AI score0.00585EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/15 12:0 a.m.•29 views

samba -- Elevation of privilege to Active Directory Domain Controller

Samba team reports: In Samba's AD DC we neglected to ensure that attempted modifications of the userAccountControl attribute did not allow the UFSERVERTRUSTACCOUNT bit to be set...

8.5CVSS7.5AI score0.04264EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/07/09 12:0 a.m.•29 views

mcollective -- cert valication issue

Melissa Stone reports: The MCollective aessecurity public key plugin does not correctly validate certs against the CA. By exploiting this vulnerability within a race/initialization window, an attacker with local access could initiate an unauthorized MCollective client connection with a server, an...

4.4CVSS7.1AI score0.00175EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/02/25 12:0 a.m.•29 views

otrs -- XSS Issue

The OTRS Project reports: An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed...

4.3CVSS8.5AI score0.04913EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2014/02/18 12:0 a.m.•29 views

Icinga -- buffer overflow in classic web interface

The Icinga Team reports: Wrong strlen check against MAXINPUTBUFFER without taking '\0' into account...

5CVSS6.5AI score0.02755EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2014/01/27 12:0 a.m.•29 views

rt42 -- denial-of-service attack via the email gateway

The RT development team reports: Versions of RT between 4.2.0 and 4.2.2 inclusive are vulnerable to a denial-of-service attack via the email gateway; any installation which accepts mail from untrusted sources is vulnerable, regardless of the permissions configuration inside RT. This vulnerability...

5CVSS6.3AI score0.02427EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/12/21 12:0 a.m.•29 views

imlib2 -- denial of service vulnerabilities

Enlightenment reports: GIF loader: Fix segv on images without colormap Prevent division-by-zero crashes. Fix segfault when opening input/queue/id:000007,src:000000,op:flip1,pos:51 with feh...

7.5CVSS7.7AI score0.02709EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2013/07/18 12:0 a.m.•29 views

GnuPG and Libgcrypt -- side-channel attack vulnerability

Werner Koch of the GNU project reports: Noteworthy changes in version 1.5.3: Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys... Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes the above problem. The fix for GnuPG less than 2.0 can be found in th...

1.9CVSS6.6AI score0.00533EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2013/06/13 12:0 a.m.•29 views

dbus -- local dos

Simon McVittie reports: Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in dbusprintfstringupperbound. This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. It is platform-specific: x86-64...

1.9CVSS5.5AI score0.00383EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/06/12 12:0 a.m.•29 views

samba -- ACLs are not checked on opening an alternate data stream on a file or directory

The Samba project reports: Samba versions 3.2.0 and above all versions of 3.2.x, 3.3.x, 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x do not check the underlying file or directory ACL when opening an alternate data stream. According to the SMB1 and SMB2+ protocols the ACL on an underlying file or director...

4CVSS6.4AI score0.09017EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/05/14 12:0 a.m.•29 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.0539EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/05/14 12:0 a.m.•29 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-41 Miscellaneous memory safety hazards rv:21.0 / rv:17.0.6 MFSA 2013-42 Privileged access for content level constructor MFSA 2013-43 File input control has access to full path MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service MFSA...

10CVSS9AI score0.10893EPSS
Exploits6References10
FreeBSD
FreeBSD
•added 2013/05/14 12:0 a.m.•29 views

owncloud -- Multiple security vulnerabilities

The ownCloud development team reports: oC-SA-2013-019 / CVE-2013-2045: Multiple SQL Injections. Credit to Mateusz Goik aliantsoft.pl. oC-SA-2013-020 / CVE-2013-2039,2085: Multiple directory traversals. Credit to Mateusz Goik aliantsoft.pl. oC-SQ-2013-021 / CVE-2013-2040-2042: Multiple XSS...

6.5CVSS6.7AI score0.0204EPSS
Exploits0References10
FreeBSD
FreeBSD
•added 2013/01/10 12:0 a.m.•29 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 162494 High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. 165622 High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. 165864 High CVE-2012-5147:...

7.5CVSS9.2AI score0.02017EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/11/06 12:0 a.m.•29 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 157079 Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull. Linux 64-bit only 150729 Medium CVE-2012-5120: Out-of-bounds array access in v8. Credit to Atte Kettunen of OUSPG. 143761 High CVE-2012-5116:...

7.5CVSS1AI score0.01619EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/09/12 12:0 a.m.•29 views

mod_pagespeed -- multiple vulnerabilities

Google Reports: modpagespeed 0.10.22.6 is a security update that fixes two critical issues that affect earlier versions: CVE-2012-4001, a problem with validation of own host name. CVE-2012-4360, a cross-site scripting attack, which affects versions starting from 0.10.19.1. The effect of the first...

5CVSS5.9AI score0.01138EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/08/01 12:0 a.m.•29 views

libutp -- remote denial of service or arbitrary code execution

NVD reports: Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted "micro transport protocol packets."...

7.5CVSS7.7AI score0.05098EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2012/07/31 12:0 a.m.•29 views

Several vulnerabilities found in IcedTea-Web

The IcedTea project team reports: CVE-2012-3422: Use of uninitialized instance pointers An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the...

7.5CVSS9.5AI score0.06172EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/05/29 12:0 a.m.•29 views

asterisk -- multiple vulnerabilities

Asterisk project reports: Remote crash vulnerability in IAX2 channel driver. Skinny Channel Driver Remote Crash Vulnerability...

6.5AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2012/05/02 12:0 a.m.•29 views

p5-Config-IniFiles -- unsafe temporary file creation

Unsafe Temporary file creation Config::IniFiles used a predictable name for its temporary file without opening it correctly...

3.6CVSS6.5AI score0.00504EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2012/03/20 12:0 a.m.•29 views

NVIDIA UNIX driver -- access to arbitrary system memory

NVIDIA Unix security team reports: Security vulnerability CVE-2012-0946 in the NVIDIA UNIX driver was disclosed to NVIDIA on March 20th, 2012. The vulnerability makes it possible for an attacker who has read and write access to the GPU device nodes to reconfigure GPUs to gain access to arbitrary...

4.6CVSS6.5AI score0.00725EPSS
Exploits0
FreeBSD
FreeBSD
•added 2012/01/27 12:0 a.m.•29 views

postfixadmin -- Multiple Vulnerabilities

The Postfix Admin Team reports: Multiple XSS vulnerabilities exist: - XSS with $GETdomain in templates/menu.php and edit-vacation - XSS in some create-domain input fields - XSS in create-alias and edit-alias error message - XSS by values stored in the database in fetchmail list view, list-domain...

7.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2011/11/28 12:0 a.m.•29 views

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Tabular and graphical reports, as well as new charts have a debug mode which displays raw data as plain text. This text is not correctly escaped and a crafted URL could use this vulnerability to...

6.7AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2011/11/24 12:0 a.m.•29 views

phpMyAdmin -- Multiple XSS

The phpMyAdmin development team reports: Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the vie...

4.3CVSS6.3AI score0.0221EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/06/02 12:0 a.m.•29 views

asterisk -- Remote crash vulnerability

The Asterisk Development Team reports: If a remote user initiates a SIP call and the recipient picks up, the remote user can reply with a malformed Contact header that Asterisk will improperly handle and cause a crash due to a segmentation fault...

5CVSS6.3AI score0.04618EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/02/21 12:0 a.m.•29 views

moinmoin -- cross-site scripting via RST parser

MITRE CVE team reports: Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.4, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refu...

2.6CVSS3.8AI score0.02517EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/02/08 12:0 a.m.•29 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could cause the application to crash and could potentially allow an attacke...

9.3CVSS4.8AI score0.0769EPSS
Exploits0References1
Total number of security vulnerabilities5000