Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2015/10/16 12:0 a.m.•29 views

Salt -- multiple vulnerabilities

Salt release notes: CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials in loglevel debug output on the Salt master. These credentials are now replaced with REDACTED in the...

9.8CVSS8.5AI score0.0222EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/05 12:0 a.m.•29 views

mbedTLS/PolarSSL -- DoS and possible remote code execution

ARM Limited reports: When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the sessio...

6.8CVSS8AI score0.03629EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/09/24 12:0 a.m.•29 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Two vulnerabilities were fixed in this release: 530301 High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. 531891 High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski...

7.5CVSS9.4AI score0.01757EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2015/09/13 12:0 a.m.•29 views

pitivi -- code execution

Luke Farone reports: Double-clicking a file in the user's media library with a specially-crafted path or filename allows for arbitrary code execution with the permissions of the user running Pitivi...

10CVSS9.4AI score0.03236EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/07/12 12:0 a.m.•29 views

devel/ipython -- CSRF possible remote execution vulnerability

Kyle Kelley reports: Summary: POST requests exposed via the IPython REST API are vulnerable to cross-site request forgery CSRF. Web pages on different domains can make non-AJAX POST requests to known IPython URLs, and IPython will honor them. The user's browser will automatically send IPython...

8.8CVSS7.3AI score0.01201EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2015/06/28 12:0 a.m.•29 views

wesnoth -- disclosure of .pbl files with lowercase, uppercase, and mixed-case extension

Ignacio R. Morelle reports: As mentioned in the Wesnoth 1.12.4 and Wesnoth 1.13.1 release announcements, a security vulnerability targeting add-on authors was found bug 23504 which allowed a malicious user to obtain add-on server passphrases from the client's .pbl files and transmit them over the...

4.3CVSS4.9AI score0.01715EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/06/23 12:0 a.m.•29 views

pcre -- Heap Overflow Vulnerability in find_fixedlength()

Venustech ADLAB reports: PCRE library is prone to a vulnerability which leads to Heap Overflow. During subpattern calculation of a malformed regular expression, an offset that is used as an array index is fully controlled and can be large enough so that unexpected heap memory regions are accessed...

9.1CVSS7.2AI score0.07673EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2015/06/22 12:0 a.m.•29 views

freeradius -- insufficient CRL application vulnerability

oCERT reports: The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA...

7.5CVSS7.6AI score0.01791EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/06/09 12:0 a.m.•29 views

logstash-forwarder and logstash -- susceptibility to POODLE vulnerability

Elastic reports: The combination of Logstash Forwarder and Lumberjack input and output was vulnerable to the POODLE attack in SSLv3 protocol. We have disabled SSLv3 for this combination and set the minimum version to be TLSv1.0. We have added this vulnerability to our CVE page and are working on...

1.5AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2015/05/15 12:0 a.m.•29 views

strongswan -- Denial-of-service and potential remote code execution vulnerability

StrongSwan Project reports A denial-of-service and potential remote code execution vulnerability triggered by crafted IKE messages was discovered in strongSwan. Versions 5.2.2 and 5.3.0 are affected...

9.8CVSS9.6AI score0.04521EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/04/27 12:0 a.m.•29 views

elasticsearch -- directory traversal attack with site plugins

Elastic reports: Vulnerability Summary: All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch when one or more site plugins are installed, or when Windows is the server OS...

4.3CVSS6.3AI score0.33129EPSS
Exploits5References5
FreeBSD
FreeBSD
•added 2015/03/03 12:0 a.m.•29 views

chromium -- multiple vulnerabilities

Chrome Releases reports: 51 security fixes in this release, including: 456516 High CVE-2015-1212: Out-of-bounds write in media. Credit to anonymous. 448423 High CVE-2015-1213: Out-of-bounds write in skia filters. Credit to cloudfuzzer. 445810 High CVE-2015-1214: Out-of-bounds write in skia filter...

7.5CVSS7.2AI score0.02565EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/02/28 12:0 a.m.•29 views

PuTTY -- fails to scrub private keys from memory after use

Simon Tatham reports: When PuTTY has sensitive data in memory and has no further need for it, it should wipe the data out of its memory, in case malware later gains access to the PuTTY process or the memory is swapped out to disk or written into a crash dump file. An obvious example of this is th...

2.1CVSS6.5AI score0.00585EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/15 12:0 a.m.•29 views

samba -- Elevation of privilege to Active Directory Domain Controller

Samba team reports: In Samba's AD DC we neglected to ensure that attempted modifications of the userAccountControl attribute did not allow the UFSERVERTRUSTACCOUNT bit to be set...

8.5CVSS7.5AI score0.04264EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/07/09 12:0 a.m.•29 views

mcollective -- cert valication issue

Melissa Stone reports: The MCollective aessecurity public key plugin does not correctly validate certs against the CA. By exploiting this vulnerability within a race/initialization window, an attacker with local access could initiate an unauthorized MCollective client connection with a server, an...

4.4CVSS7.1AI score0.00175EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/02/25 12:0 a.m.•29 views

otrs -- XSS Issue

The OTRS Project reports: An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed...

4.3CVSS8.5AI score0.04913EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2014/02/18 12:0 a.m.•29 views

Icinga -- buffer overflow in classic web interface

The Icinga Team reports: Wrong strlen check against MAXINPUTBUFFER without taking '\0' into account...

5CVSS6.5AI score0.02755EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2014/01/27 12:0 a.m.•29 views

rt42 -- denial-of-service attack via the email gateway

The RT development team reports: Versions of RT between 4.2.0 and 4.2.2 inclusive are vulnerable to a denial-of-service attack via the email gateway; any installation which accepts mail from untrusted sources is vulnerable, regardless of the permissions configuration inside RT. This vulnerability...

5CVSS6.3AI score0.02427EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/12/21 12:0 a.m.•29 views

imlib2 -- denial of service vulnerabilities

Enlightenment reports: GIF loader: Fix segv on images without colormap Prevent division-by-zero crashes. Fix segfault when opening input/queue/id:000007,src:000000,op:flip1,pos:51 with feh...

7.5CVSS7.7AI score0.02709EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2013/07/18 12:0 a.m.•29 views

GnuPG and Libgcrypt -- side-channel attack vulnerability

Werner Koch of the GNU project reports: Noteworthy changes in version 1.5.3: Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys... Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes the above problem. The fix for GnuPG less than 2.0 can be found in th...

1.9CVSS6.6AI score0.00533EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2013/06/13 12:0 a.m.•29 views

dbus -- local dos

Simon McVittie reports: Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in dbusprintfstringupperbound. This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. It is platform-specific: x86-64...

1.9CVSS5.5AI score0.00383EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/06/12 12:0 a.m.•29 views

samba -- ACLs are not checked on opening an alternate data stream on a file or directory

The Samba project reports: Samba versions 3.2.0 and above all versions of 3.2.x, 3.3.x, 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x do not check the underlying file or directory ACL when opening an alternate data stream. According to the SMB1 and SMB2+ protocols the ACL on an underlying file or director...

4CVSS6.4AI score0.09017EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/05/14 12:0 a.m.•29 views

owncloud -- Multiple security vulnerabilities

The ownCloud development team reports: oC-SA-2013-019 / CVE-2013-2045: Multiple SQL Injections. Credit to Mateusz Goik aliantsoft.pl. oC-SA-2013-020 / CVE-2013-2039,2085: Multiple directory traversals. Credit to Mateusz Goik aliantsoft.pl. oC-SQ-2013-021 / CVE-2013-2040-2042: Multiple XSS...

6.5CVSS6.7AI score0.0204EPSS
Exploits0References10
FreeBSD
FreeBSD
•added 2013/05/14 12:0 a.m.•29 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-41 Miscellaneous memory safety hazards rv:21.0 / rv:17.0.6 MFSA 2013-42 Privileged access for content level constructor MFSA 2013-43 File input control has access to full path MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service MFSA...

10CVSS9AI score0.10893EPSS
Exploits6References10
FreeBSD
FreeBSD
•added 2013/05/14 12:0 a.m.•29 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.0539EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/01/10 12:0 a.m.•29 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 162494 High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. 165622 High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. 165864 High CVE-2012-5147:...

7.5CVSS9.2AI score0.02017EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/11/06 12:0 a.m.•29 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 157079 Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull. Linux 64-bit only 150729 Medium CVE-2012-5120: Out-of-bounds array access in v8. Credit to Atte Kettunen of OUSPG. 143761 High CVE-2012-5116:...

7.5CVSS1AI score0.01619EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/09/12 12:0 a.m.•29 views

mod_pagespeed -- multiple vulnerabilities

Google Reports: modpagespeed 0.10.22.6 is a security update that fixes two critical issues that affect earlier versions: CVE-2012-4001, a problem with validation of own host name. CVE-2012-4360, a cross-site scripting attack, which affects versions starting from 0.10.19.1. The effect of the first...

5CVSS5.9AI score0.01138EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/08/21 12:0 a.m.•29 views

jabberd -- domain spoofing in server dialback protocol

XMPP Standards Foundation reports: Some implementations of the XMPP Server Dialback protocol RFC 3920/XEP-0220 have not been checking dialback responses to ensure that validated results are correlated with requests. An attacking server could spoof one or more domains in communicating with a...

5.8CVSS6.3AI score0.0173EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/08/01 12:0 a.m.•29 views

libutp -- remote denial of service or arbitrary code execution

NVD reports: Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted "micro transport protocol packets."...

7.5CVSS7.7AI score0.05098EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2012/07/31 12:0 a.m.•29 views

Several vulnerabilities found in IcedTea-Web

The IcedTea project team reports: CVE-2012-3422: Use of uninitialized instance pointers An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the...

7.5CVSS9.5AI score0.06172EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/05/29 12:0 a.m.•29 views

asterisk -- multiple vulnerabilities

Asterisk project reports: Remote crash vulnerability in IAX2 channel driver. Skinny Channel Driver Remote Crash Vulnerability...

6.5AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2012/05/02 12:0 a.m.•29 views

p5-Config-IniFiles -- unsafe temporary file creation

Unsafe Temporary file creation Config::IniFiles used a predictable name for its temporary file without opening it correctly...

3.6CVSS6.5AI score0.00504EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2012/01/27 12:0 a.m.•29 views

postfixadmin -- Multiple Vulnerabilities

The Postfix Admin Team reports: Multiple XSS vulnerabilities exist: - XSS with $GETdomain in templates/menu.php and edit-vacation - XSS in some create-domain input fields - XSS in create-alias and edit-alias error message - XSS by values stored in the database in fetchmail list view, list-domain...

7.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2011/11/28 12:0 a.m.•29 views

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Tabular and graphical reports, as well as new charts have a debug mode which displays raw data as plain text. This text is not correctly escaped and a crafted URL could use this vulnerability to...

6.7AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2011/06/02 12:0 a.m.•29 views

asterisk -- Remote crash vulnerability

The Asterisk Development Team reports: If a remote user initiates a SIP call and the recipient picks up, the remote user can reply with a malformed Contact header that Asterisk will improperly handle and cause a crash due to a segmentation fault...

5CVSS6.3AI score0.04618EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/02/21 12:0 a.m.•29 views

moinmoin -- cross-site scripting via RST parser

MITRE CVE team reports: Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.4, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refu...

2.6CVSS3.8AI score0.02517EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/02/08 12:0 a.m.•29 views

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could cause the application to crash and could potentially allow an attacke...

9.3CVSS4.8AI score0.0769EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2010/12/17 12:0 a.m.•29 views

tor -- remote crash and potential remote code execution

The Tor Project reports: Remotely exploitable bug that could be used to crash instances of Tor remotely by overflowing on the heap. Remote-code execution hasn't been confirmed, but can't be ruled out. Everyone should upgrade...

10CVSS6.4AI score0.07876EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2010/11/30 12:0 a.m.•29 views

krb5 -- unkeyed PAC checksum handling vulnerability

The MIT Kerberos team reports: MIT krb5 incorrectly accepts an unkeyed checksum for PAC signatures. An authenticated remote attacker can forge PACs if using a KDC that does not filter client-provided PAC data. This can result in privilege escalation against a service that relies on PAC contents t...

4.3CVSS6.1AI score0.02253EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2010/01/14 12:0 a.m.•29 views

squid -- Denial of Service vulnerability in DNS handling

Squid security advisory 2010:1 reports: Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted DNS packets. This problem allows any trusted client or external server who can determine the squid receiving port to perform a short-term...

4CVSS6.3AI score0.22858EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2009/05/31 12:0 a.m.•29 views

cscope -- multiple buffer overflows

Secunia reports: Some vulnerabilities have been reported in Cscope, which potentially can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to various boundary errors, which can be exploited to cause buffer overflows when parsing specially crafted...

9.3CVSS4.5AI score0.06765EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/03/25 12:0 a.m.•29 views

FreeBSD -- remotely exploitable crash in OpenSSL

Problem Description The function ASN1STRINGprintex does not properly validate the lengths of BMPString or UniversalString objects before attempting to print them. Impact An application which attempts to print a BMPString or UniversalString which has an invalid length will crash as a result of...

5CVSS2.8AI score0.06194EPSS
Exploits0
FreeBSD
FreeBSD
•added 2009/02/07 12:0 a.m.•29 views

typo3 -- multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and session fixation attacks, and compromise a vulnerable system. The "Install tool" system extension uses...

7.5CVSS0.2AI score0.09442EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2008/11/10 12:0 a.m.•29 views

gnutls -- X.509 certificate chain validation vulnerability

SecurityFocus reports: GnuTLS is prone to a security-bypass vulnerability because the application fails to properly validate chained X.509 certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers. Unsuspecting users ma...

5.9CVSS6.2AI score0.01882EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2008/09/26 12:0 a.m.•29 views

lighttpd -- multiple vulnerabilities

Lighttpd seurity annoucement: lighttpd 1.4.19, and possibly other versions before 1.5.0, does not decode the url before matching against rewrite and redirect patterns, which allows attackers to bypass rewrites rules. this can be a security problem in certain configurations if these rules are used...

6.4AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2008/08/15 12:0 a.m.•29 views

neon -- NULL pointer dereference in Digest domain support

Joe Orton reports: A NULL pointer deference in the Digest authentication support in neon versions 0.28.0 through 0.28.2 inclusive allows a malicious server to crash a client application, resulting in possible denial of service...

4.3CVSS6.5AI score0.02266EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2008/07/25 12:0 a.m.•29 views

apache -- Cross-site scripting vulnerability

CVE Mitre reports: Cross-site scripting XSS vulnerability in proxyftp.c in the modproxyftp module in Apache 2.0.63 and earlier, and modproxyftp.c in the modproxyftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in th...

4.3CVSS5.8AI score0.38953EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2008/07/09 12:0 a.m.•29 views

drupal -- multiple vulnerabilities

The Drupal Project reports: Free tagging taxonomy terms can be used to insert arbitrary script and HTML code cross site scripting or XSS on node preview pages. A successful exploit requires that the victim selects a term containing script code and chooses to preview the node. This issue affects...

7AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2008/03/18 12:0 a.m.•29 views

bzip2 -- crash with certain malformed archive files

SecurityFocus reports: The 'bzip2' application is prone to a remote file-handling vulnerability because the application fails to properly handle malformed files. Exploit attempts likely result in application crashes...

4.3CVSS6.4AI score0.04519EPSS
Exploits2References2
Total number of security vulnerabilities5000