Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2014/04/11 12:0 a.m.•26 views

botan -- cryptographic vulnerability

MITRE reports: The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group...

7.5CVSS7.6AI score0.0143EPSS
Exploits0
FreeBSD
FreeBSD
•added 2014/03/20 12:0 a.m.•26 views

mail/trojita -- may leak mail contents (not user credentials) over unencrypted connection

Jan Kundrát reports: An SSL stripping vulnerability was discovered in Trojitá, a fast Qt IMAP e-mail client. User's credentials are never leaked, but if a user tries to send an e-mail, the automatic saving into the "sent" or "draft" folders could happen over a plaintext connection even if the...

4.3CVSS6.3AI score0.00981EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/09/10 12:0 a.m.•26 views

FreeBSD -- Cross-mount links between nullfs(5) mounts

Problem Description: The nullfs5 implementation of the VOPLINK9 VFS operation does not check whether the source and target of the link are both in the same nullfs instance. It is therefore possible to create a hardlink from a location in one nullfs instance to a file in another, as long as the...

3.7CVSS6.4AI score0.00294EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/09/10 12:0 a.m.•26 views

FreeBSD -- Insufficient credential checks in network ioctl(2)

Problem Description: As is commonly the case, the IPv6 and ATM network layer ioctl request handlers are written in such a way that an unrecognized request is passed on unmodified to the link layer, which will either handle it or return an error code. Network interface drivers, however, assume tha...

6.9CVSS7.2AI score0.00376EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/09/09 12:0 a.m.•26 views

ruby-gems -- Algorithmic Complexity Vulnerability

Ruby Gem developers report: RubyGems validates versions with a regular expression that is vulnerable to denial of service due to backtracking. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption...

4.3CVSS6.1AI score0.03343EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/07/22 12:0 a.m.•26 views

lcms2 -- Null Pointer Dereference Denial of Service Vulnerability

Mageia security team reports: It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could cause Little CMS to crash CVE-2013-4160...

5CVSS6.3AI score0.02809EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2013/05/29 12:0 a.m.•26 views

passenger -- security vulnerability

The Phusion reports: A denial of service and arbitrary code execution by hijacking temp files. CVE-2013-2119...

4.6CVSS7.3AI score0.004EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/04/09 12:0 a.m.•26 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.05967EPSS
Exploits0
FreeBSD
FreeBSD
•added 2012/06/08 12:0 a.m.•26 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...

9.3CVSS6.5AI score0.078EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/04/28 12:0 a.m.•26 views

WebCalendar -- multiple vulnerabilities

Hanno Boeck reports: Fixes are now available for various security vulnerabilities including LFI local file inclusion, XSS cross site scripting and others...

9.8CVSS8.8AI score0.79764EPSS
Exploits15References3
FreeBSD
FreeBSD
•added 2012/04/12 12:0 a.m.•26 views

nginx -- Buffer overflow in the ngx_http_mp4_module

The nginx project reports: Buffer overflow in the ngxhttpmp4module...

6.8CVSS6.7AI score0.09629EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/03/21 12:0 a.m.•26 views

phpList -- SQL injection and XSS vulnerability

Zero Science Lab reports: Input passed via the parameter 'sortby' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The param 'num' is vulnerable to a XSS issue where the attacker ca...

6.9AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2012/02/15 12:0 a.m.•26 views

xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled

Thomas Swan reports: xinetd allows for services to be configured with the TCPMUX or TCPMUXPLUS service types, which makes those services available on port 1, as per RFC 1078 1, if the tcpmux-server service is enabled. When the tcpmux-server service is enabled, xinetd would expose all enabled...

4.3CVSS6.4AI score0.02779EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/12/07 12:0 a.m.•26 views

isc-dhcp-server -- Remote DoS

ISC reports: A bug exists which allows an attacker who is able to send DHCP Request packets, either directly or through a relay, to remotely crash an ISC DHCP server if that server is configured to evaluate expressions using a regular expression i.e. uses the "=" or "" comparison operators...

5CVSS6.4AI score0.15478EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/11/16 12:0 a.m.•26 views

BIND -- Remote DOS

The Internet Systems Consortium reports: Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: "INSIST! dnsrdatasetisassociatedsigrdataset"...

5CVSS8.6AI score0.16747EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/11/08 12:0 a.m.•26 views

gnutls -- client session resumption vulnerability

The GnuTLS team reports: GNUTLS-SA-2011-2 Possible buffer overflow/Denial of service...

4.3CVSS8.7AI score0.02386EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/07/26 12:0 a.m.•26 views

libXfont -- possible local privilege escalation

Tomas Hoger reports: The compress/ LZW decompress implentation does not correctly handle compressed streams that contain code words that were not yet added to the decompression table. This may lead to arbitrary memory corruption. Successfull exploitation may possible lead to a local privilege...

9.3CVSS7.7AI score0.08355EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/07/19 12:0 a.m.•26 views

mod_perl2 -- execute arbitrary Perl code

modperl2 2.0.11 fixes Arbitrary Perl code execution in the context of the user account via a user-owned .htaccess. modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configurati...

10CVSS3.2AI score0.08946EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2011/06/24 12:0 a.m.•26 views

Asterisk -- multiple vulnerabilities

The Asterisk Development Team reports: AST-2011-008: If a remote user sends a SIP packet containing a NULL, Asterisk assumes available data extends past the null to the end of the packet when the buffer is actually truncated when copied. This causes SIP header parsing to modify data past the end ...

5CVSS6.7AI score0.04612EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2011/05/13 12:0 a.m.•26 views

linux-flashplugin -- remote code execution vulnerability

Adobe Product Security Incident Response Team reports: A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.23 and earlier versions for Android. This memory corruption...

10CVSS6.3AI score0.86421EPSS
Exploits11References1
FreeBSD
FreeBSD
•added 2011/04/14 12:0 a.m.•26 views

rt -- multiple vulnerabilities

Best Practical reports: In the process of preparing the release of RT 4.0.0, we performed an extensive security audit of RT's source code. During this audit, several vulnerabilities were found which affect earlier releases of RT...

6.5CVSS1.7AI score0.03782EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/03/07 12:0 a.m.•26 views

redmine -- XSS vulnerability

Jean-Philippe Lang reports: This maintenance release for 1.1.x users includes 13 bug fixes since 1.1.1 and a security fix XSS vulnerability affecting all Redmine versions from 1.0.1 to 1.1.1...

3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2011/02/28 12:0 a.m.•26 views

Samba -- Denial of service - memory corruption

The Samba team reports: Samba is vulnerable to a denial of service, caused by a memory corruption error related to missing range checks on file descriptors being used in the "FDSET" macro. By performing a select on a bad file descriptor set, a remote attacker could exploit this vulnerability to...

5CVSS3.2AI score0.04648EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/01/15 12:0 a.m.•26 views

tor -- remote code execution and crash

The Tor Project reports: A remote heap overflow vulnerability that can allow remote code execution. Other fixes address a variety of assert and crash bugs, most of which we think are hard to exploit remotely. All Tor users should upgrade...

6.8CVSS3.9AI score0.04444EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2010/11/30 12:0 a.m.•26 views

krb5 -- RFC 3961 key-derivation checksum handling vulnerability

The MIT Kerberos team reports: MIT krb5 releases incorrectly accepts RFC 3961 key-derivation checksums using RC4 keys when verifying AD-SIGNEDPATH and AD-KDC-ISSUED authorization data. An authenticated remote attacker that controls a legitimate service principal has a 1/256 chance of forging the...

6.3CVSS6.1AI score0.01916EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2010/06/09 12:0 a.m.•26 views

p5-libwww -- possibility to remote servers to create file with a .(dot) character

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a .' dot character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Content-Disposition header that suggests a crafted filename, and...

6.8CVSS7.2AI score0.03287EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2010/05/01 12:0 a.m.•26 views

awstats -- arbitrary commands execution vulnerability

Awstats change log reports: Security fix Traverse directory of LoadPlugin Security fix Limit config to defined directory to avoid access to external config file via a nfs or webdav link...

7.5CVSS6.4AI score0.27673EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2010/01/25 12:0 a.m.•26 views

irc-ratbox -- multiple vulnerabilities

SecurityFocus reports: The first affects the /quote HELP module and allows a user to trigger an IRCD crash on some platforms. The second affects the /links processing module when the flattenlinks configuration option is not enabled...

6.8CVSS6.4AI score0.04026EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2009/11/30 12:0 a.m.•26 views

ruby -- heap overflow vulnerability

The official ruby site reports: There is a heap overflow vulnerability in Stringljust, Stringcenter and Stringrjust. This has allowed an attacker to run arbitrary code in some rare cases...

10CVSS6.9AI score0.03875EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/11/12 12:0 a.m.•26 views

wordpress -- multiple vulnerabilities

secunia reports: The security issue is caused due to the wpcheckfiletype function in /wp-includes/functions.php improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script with multiple extensions. Successful exploitation of this...

7AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2009/09/02 12:0 a.m.•26 views

cyrus-imapd -- Potential buffer overflow in Sieve

The Cyrus IMAP Server ChangeLog states: Fixed CERT VU336053 - Potential buffer overflow in Sieve...

4.4CVSS5.7AI score0.00483EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2009/08/18 12:0 a.m.•26 views

pidgin -- MSN overflow parsing SLP messages

Secunia reports: A vulnerability has been reported in Pidgin, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in the "msnslplinkprocessmsg" function when processing MSN SLP messages and can be exploited to corrupt...

10CVSS6.6AI score0.20295EPSS
Exploits8References2
FreeBSD
FreeBSD
•added 2008/11/27 12:0 a.m.•26 views

samba -- potential leakage of arbitrary memory contents

Samba Team reports: Samba 3.0.29 and beyond contain a change to deal with gcc 4 optimizations. Part of the change modified range checking for client-generated offsets of secondary trans, trans2 and nttrans requests. These requests are used to transfer arbitrary amounts of memory from clients to...

8.5CVSS6.7AI score0.04331EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2008/08/27 12:0 a.m.•26 views

bitlbee -- account recreation security issues

Secunia reports: Some security issues have been reported in BitlBee, which can be exploited by malicious people to bypass certain security restrictions and hijack accounts. The security issues are caused due to unspecified errors, which can be exploited to overwrite existing accounts...

7.5CVSS6.7AI score0.02407EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/08/24 12:0 a.m.•26 views

p5-UI-Dialog -- shell command execution vulnerability

Matthijs Kooijman reports: It seems that the whiptail, cdialog and kdialog backends apply some improper escaping in their shell commands, causing special characters present in menu item titles to be interpreted by the shell. This includes the backtick evaluation operator, so this constitutes a...

9.8CVSS9.2AI score0.03429EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2008/08/20 12:0 a.m.•26 views

opera -- multiple vulnerabilities

The Opera Team reports: Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be changed, a site can change the address of frames on other sites inside any window that it has opened. This allows sites to...

6.3AI score
Exploits0References5
FreeBSD
FreeBSD
•added 2008/08/13 12:0 a.m.•26 views

drupal -- multiple vulnerabilities

The Drupal Project reports: A bug in the output filter employed by Drupal makes it possible for malicious users to insert script code into pages cross site scripting or XSS. A bug in the private filesystem trusts the MIME type sent by the browser, enabling malicious users with the ability to uplo...

6.5CVSS6.6AI score0.02544EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/07/31 12:0 a.m.•26 views

openvpn-devel -- arbitrary code execution

James Yonan reports: Security Fix - affects non-Windows OpenVPN clients running OpenVPN 2.1-beta14 through 2.1-rc8 OpenVPN 2.0.x clients are NOT vulnerable nor are any versions of the OpenVPN server vulnerable. An OpenVPN client connecting to a malicious or compromised server could potentially...

7.6CVSS6.9AI score0.02117EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/07/13 12:0 a.m.•26 views

libxine -- denial of service vulnerability

xine team reports: A new xine-lib version is now available. This release contains some security fixes, notably a DoS via corrupted Ogg files CVE-2008-3231, some related fixes, and fixes for a few possible buffer overflows...

4.3CVSS6.6AI score0.01922EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2008/05/30 12:0 a.m.•26 views

ikiwiki -- empty password security hole

The ikiwiki development team reports: This hole allowed ikiwiki to accept logins using empty passwords to openid accounts that didn't use a password. Upgrading to a non-vulnerable ikiwiki version immediatly is recommended if your wiki allows both password and openid logins...

6.8CVSS6.5AI score0.01576EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/05/20 12:0 a.m.•26 views

Nagios -- Cross Site Scripting Vulnerability

Secunia reports: A vulnerability has been reported in Nagios, which can be exploited by malicious people to conduct cross-site scripting attacks...

4.3CVSS6.3AI score0.01774EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/04/18 12:0 a.m.•26 views

vorbis-tools -- Speex header processing vulnerability

Secunia reports: A vulnerability has been reported in vorbis-tools, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when processing Speex headers, which can be exploited via a specially crafted Spee...

9.3CVSS6.5AI score0.06494EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/04/15 12:0 a.m.•26 views

clamav -- Multiple Vulnerabilities

Secunia reports: Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS Denial of Service or to compromise a vulnerable system. 1 A boundary error exists within the "cliscanpe" function in libclamav/pe.c. This can be exploited to cause a...

7.4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2008/03/01 12:0 a.m.•26 views

phpmyadmin -- SQL injection vulnerability

A phpMyAdmin security announcement report: phpMyAdmin used the $REQUEST superglobal as a source for its parameters, instead of $GET and $POST. This means that on most servers, a cookie with the same name as one of phpMyAdmin's parameters can interfere. Another application could set a cookie for t...

5.1CVSS6.5AI score0.00912EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/01/23 12:0 a.m.•26 views

libxine -- buffer overflow vulnerability

xine project reports: A new xine-lib version is now available. This release contains a security fix remotely-expoitable buffer overflow, CVE-2006-1664. This is not the first time that that bug has been fixed... It also fixes a few more recent bugs, such as the audio output problems in 1.1.9...

7.5CVSS6.5AI score0.14637EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2007/12/03 12:0 a.m.•26 views

claws-mail -- insecure temporary file creation

Nico Golde reports: A local attacker could exploit this vulnerability to conduct symlink attacks to overwrite files with the privileges of the user running Claws Mail...

3.6CVSS6.2AI score0.00365EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2007/11/26 12:0 a.m.•26 views

firefox -- multiple remote unspecified memory corruption vulnerabilities

Mozilla Foundation reports: The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to...

9.3CVSS7AI score0.05443EPSS
Exploits0
FreeBSD
FreeBSD
•added 2007/11/20 12:0 a.m.•26 views

phpmyadmin -- Cross Site Scripting

phpMyAdmin security announcement: The login page authtype cookie was vulnerable to XSS via the convcharset parameter. An attacker could use this to execute malicious code on the visitors computer...

2.6CVSS6.2AI score0.01314EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2007/10/29 12:0 a.m.•26 views

wordpress -- cross-site scripting

A Secunia Advisory report: Input passed to the "postscolumns" parameter in wp-admin/edit-post-rows.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...

2.6CVSS6.5AI score0.07003EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2007/09/10 12:0 a.m.•26 views

mediawiki -- cross site scripting vulnerability

The MediaWiki development team reports: A possible HTML/XSS injection vector in the API pretty-printing mode has been found and fixed. The vulnerability may be worked around in an unfixed version by simply disabling the API interface if it is not in use, by adding this to LocalSettings.php:...

4.3CVSS6.8AI score0.01321EPSS
Exploits0References1
Total number of security vulnerabilities5000