Lucene search
K
FreebsdMost viewed

6583 matches found

FreeBSD
FreeBSD
•added 2015/03/18 12:0 a.m.•25 views

django -- multiple vulnerabilities

The Django project reports: In accordance with our security release policy, the Django team is issuing multiple releases -- Django 1.4.20, 1.6.11, 1.7.7 and 1.8c1. These releases are now available on PyPI and our download page. These releases address several security issues detailed below. We...

6.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/14 12:0 a.m.•25 views

polarssl -- Remote attack using crafted certificates

PolarSSL team reports: During the parsing of a ASN.1 sequence, a pointer in the linked list of asn1sequence is not initialized by asn1getsequenceof. In case an error occurs during parsing of the list, a situation is created where the uninitialized pointer is passed to polarsslfree. This sequence...

7.5CVSS5.9AI score0.03246EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/01/10 12:0 a.m.•25 views

privoxy -- multiple vulnerabilities

Privoxy Developers reports: Fixed a memory leak when rejecting client connections due to the socket limit being reached CID 66382. This affected Privoxy 3.0.21 when compiled with IPv6 support on most platforms this is the default. Fixed an immediate-use-after-free bug CID 66394 and two additional...

7.5CVSS6.4AI score0.02427EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/01/05 12:0 a.m.•25 views

p7zip -- directory traversal vulnerability

Alexander Cherepanov reports: 7z and 7zr is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directo...

5.8CVSS6.3AI score0.03291EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2014/11/13 12:0 a.m.•25 views

kwebkitpart, kde-runtime -- insufficient input validation

Albert Aastals Cid reports: kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly allowing to some javascript being executed on the context of the referenced hostname. Whilst in most cases, the JavaScript will be executed in an untrusted context, with the bookmarks IO slav...

4.3CVSS6.4AI score0.02093EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2014/11/04 12:0 a.m.•25 views

FreeBSD -- Kernel stack disclosure in setlogin(2) / getlogin(2)

Problem Description: When setlogin2 is called while setting up a new login session, the login name is copied into an uninitialized stack buffer, which is then copied into a buffer of the same size in the session structure. The getlogin2 system call returns the entire buffer rather than just the...

2.1CVSS6.3AI score0.00392EPSS
Exploits0
FreeBSD
FreeBSD
•added 2014/10/01 12:0 a.m.•25 views

phpMyAdmin -- XSS vulnerabilities

The phpMyAdmin development team reports: With a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from...

3.5CVSS5.8AI score0.01617EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/09/23 12:0 a.m.•25 views

NSS -- RSA Signature Forgery

The Mozilla Project reports: Antoine Delignat-Lavaud discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates...

7.5CVSS6.6AI score0.1617EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/07/21 12:0 a.m.•25 views

ansible -- code execution from compromised remote host data or untrusted local data

Ansible, Inc. reports: Arbitrary execution from data from compromised remote hosts or untrusted local data - resolved in Ansible 1.6.7...

9.8CVSS9AI score0.03521EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2014/06/10 12:0 a.m.•25 views

dbus -- local DoS

Simon MvVittie reports: Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service flaw in dbus-daemon, part of the reference implementation of D-Bus. Additionally, in highly unusual environments the same flaw could lead to a side channel between processes that should not be able to...

4CVSS5.6AI score0.00444EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/12/05 12:0 a.m.•25 views

qt4-xml -- XML Entity Expansion Denial of Service

Richard J. Moore reports: QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted data then the application...

5CVSS6.4AI score0.03105EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/12/03 12:0 a.m.•25 views

zabbix -- shell command injection vulnerability

Recurity Labs Team project reports: Zabbix agent is vulnerable to remote command execution from the Zabbix server in some cases...

7.5CVSS9.2AI score0.02754EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/11/21 12:0 a.m.•25 views

monitorix -- serious bug in the built-in HTTP server

Monitorix Project reports: A serious bug in the built-in HTTP server. It was discovered that the handlerequest routine did not properly perform input sanitization which led into a number of security vulnerabilities. An unauthenticated, remote attacker could exploit this flaw to execute arbitrary...

2.3AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2013/10/04 12:0 a.m.•25 views

mod_pagespeed -- critical cross-site scripting (XSS) vulnerability

modpagespeed developers report: Various versions of modpagespeed are subject to critical cross-site scripting XSS vulnerability, CVE-2013-6111. This permits a hostile third party to execute JavaScript in users' browsers in context of the domain running modpagespeed, which could permit theft of...

4.3CVSS5.7AI score0.01187EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/09/10 12:0 a.m.•25 views

FreeBSD -- Insufficient credential checks in network ioctl(2)

Problem Description: As is commonly the case, the IPv6 and ATM network layer ioctl request handlers are written in such a way that an unrecognized request is passed on unmodified to the link layer, which will either handle it or return an error code. Network interface drivers, however, assume tha...

6.9CVSS7.2AI score0.00376EPSS
Exploits0
FreeBSD
FreeBSD
•added 2012/11/08 12:0 a.m.•25 views

typo3 -- Multiple vulnerabilities in TYPO3 Core

Typo Security Team reports: TYPO3 Backend History Module - Due to missing encoding of user input, the history module is susceptible to SQL Injection and Cross-Site Scripting. A valid backend login is required to exploit this vulnerability. Credits go to Thomas Worm who discovered and reported the...

1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/10/08 12:0 a.m.•25 views

phpMyAdmin -- Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack

The phpMyAdmin development team reports: When creating/modifying a trigger, event or procedure with a crafted name, it is possible to trigger an XSS. To display information about the current phpMyAdmin version on the main page, a piece of JavaScript is fetched from the phpmyadmin.net website in...

5.9AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2012/09/10 12:0 a.m.•25 views

freeradius -- arbitrary code execution for TLS-based authentication

freeRADIUS security team reports: Overflow in EAP-TLS for 2.1.10, 2.1.11 and 2.1.12. The issue was found by Timo Warns, and communicated to [email protected]. A sample exploit for the issue was included in the notification. The vulnerability was created in commit a368a6f4f4aaf on August 18,...

6.8CVSS6.4AI score0.0565EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2012/07/24 12:0 a.m.•25 views

FreeBSD -- named(8) DNSSEC validation Denial of Service

Problem description: BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. Under high query loads, when DNSSEC validation is active, it is possible for a condition to arise in which data from this cache of failing queries...

7.8CVSS8.5AI score0.27383EPSS
Exploits1
FreeBSD
FreeBSD
•added 2012/07/12 12:0 a.m.•25 views

libexif -- multiple remote vulnerabilities

libexif project security advisory: A number of remotely exploitable issues were discovered in libexif and exif, with effects ranging from information leakage to potential remote code execution...

7.5CVSS7AI score0.07557EPSS
Exploits0
FreeBSD
FreeBSD
•added 2012/01/05 12:0 a.m.•25 views

libxml2 -- heap buffer overflow

Google chrome team reports: Heap-based buffer overflow in libxml2, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

7.5CVSS9AI score0.02399EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/12/21 12:0 a.m.•25 views

plib -- remote code execution via buffer overflow

Secunia reports: A vulnerability has been discovered in PLIB, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error within the "ulSetError" function src/util/ulError.cxx when creating the error message, which...

9.3CVSS6.8AI score0.12795EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2011/05/25 12:0 a.m.•25 views

dovecot -- denial of service vulnerability

Timo Sirainen reports: Fixed potential crashes and other problems when parsing header names that contained NUL characters...

5CVSS6.5AI score0.0325EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/04/20 12:0 a.m.•25 views

FreeBSD -- Network ACL mishandling in mountd(8)

Problem Description: While parsing the exports5 table, a network mask in the form of "-network=netname/prefixlength" results in an incorrect network mask being computed if the prefix length is not a multiple of 8. For example, specifying the ACL for an export as "-network 192.0.2.0/23" would resu...

4.3CVSS0.9AI score0.01282EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/03/15 12:0 a.m.•25 views

krb5 -- MITKRB5-SA-2011-003, KDC vulnerable to double-free when PKINIT enabled

An advisory published by the MIT Kerberos team says: The MIT Kerberos 5 Key Distribution Center KDC daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication PKINIT capability is enabled, resulting in daemon crash or arbitrary code execution which i...

7.6CVSS4.1AI score0.08267EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/01/31 12:0 a.m.•25 views

exim -- local privilege escalation

exim.org reports: CVE-2011-0017 - check return value of setuid/setgid. This is a privilege escalation vulnerability whereby the Exim run-time user can cause root to append content of the attacker's choosing to arbitrary files...

6.9CVSS2.9AI score0.00379EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/01/25 12:0 a.m.•25 views

rubygem-mail -- Remote Arbitrary Shell Command Injection Vulnerability

Secunia reports: Input passed via an email from address is not properly sanitised in the "deliver" function lib/mail/network/deliverymethods/sendmail.rb before being used as a command line argument. This can be exploited to inject arbitrary shell commands...

6.8CVSS3.9AI score0.02706EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2010/09/07 12:0 a.m.•25 views

sudo -- Flaw in Runas group matching

Todd Miller reports: Beginning with sudo version 1.7.0 it has been possible to grant permission to run a command using a specified group via sudo -g option run as group. A flaw exists in the logic that matches Runas groups in the sudoers file when the -u option is also specified run as user. This...

6.2CVSS8.4AI score0.00362EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2010/07/20 12:0 a.m.•25 views

firefox -- Dangling pointer crash regression from plugin parameter array fix

The Mozilla Project reports: MFSA 2010-48 Dangling pointer crash regression from plugin parameter array fix...

10CVSS9.3AI score0.0413EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2010/04/01 12:0 a.m.•25 views

Zend Framework -- security issues in bundled Dojo library

The Zend Framework team reports: Several files in the bundled Dojo library were identified as having potential exploits, and the Dojo team also advised disabling or removing any PHP scripts in the Dojo library tree when deploying to production...

1.8AI score
Exploits0References6
FreeBSD
FreeBSD
•added 2010/03/03 12:0 a.m.•25 views

drupal -- multiple vulnerabilities

Drupal Team reports: A user-supplied value is directly output during installation allowing a malicious user to craft a URL and perform a cross-site scripting attack. The exploit can only be conducted on sites not yet installed. The API function drupalgoto is susceptible to a phishing attack. An...

1.3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2009/12/01 12:0 a.m.•25 views

rt -- Session fixation vulnerability

Secunia reports: A vulnerability has been reported in RT, which can be exploited by malicious people to conduct session fixation attacks. The vulnerability is caused due to an error in the handling of sessions and can be exploited to hijack another user's session by tricking the user into logging...

5.8CVSS6.3AI score0.02745EPSS
Exploits0
FreeBSD
FreeBSD
•added 2009/10/28 12:0 a.m.•25 views

opera -- multiple vulnerabilities

Opera Team Reports: Fixed an issue where certain domain names could allow execution of arbitrary code, as reported by Chris Weber of Casaba Security Fixed an issue where scripts can run on the feed subscription page, as reported by Inferno...

9.3CVSS6.6AI score0.05704EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2009/10/13 12:0 a.m.•25 views

phpmyadmin -- XSS and SQL injection vulnerabilities

phpMyAdmin Team reports: Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted MySQL table name. SQL injection vulnerability allows remote attackers to inject SQL via various interface parameters of the PDF schema generator feature...

6.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2009/06/30 12:0 a.m.•25 views

phpmyadmin -- XSS vulnerability

The phpMyAdmin project reports: It was possible to conduct an XSS attack via a crafted SQL bookmark. All 3.x releases on which the "bookmarks" feature is active are affected, previous versions are not...

4.3CVSS6.3AI score0.0198EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/05/20 12:0 a.m.•25 views

slim -- local disclosure of X authority magic cookie

Secunia reports: A security issue has been reported in SLiM, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application generating the X authority file by passing the X authority cookie via the command line to "xauth"...

2.1CVSS6.3AI score0.00464EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/05/15 12:0 a.m.•25 views

eggdrop -- denial of service vulnerability

Secunia reports: The vulnerability is caused due to an error in the processing of private messages within the server module /mod/server.mod/servrmsg.c. This can be exploited to cause a crash by sending a specially crafted message to the bot...

4.3CVSS6.2AI score0.08488EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2009/04/08 12:0 a.m.•25 views

cyrus-sasl -- buffer overflow vulnerability

US-CERT reports: The saslencode64 function converts a string into base64. The Cyrus SASL library contains buffer overflows that occur because of unsafe use of the saslencode64 function...

7.5CVSS3.6AI score0.08206EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2009/01/22 12:0 a.m.•25 views

gstreamer-plugins-good -- multiple memory overflows

Secunia reports: Tobias Klein has reported some vulnerabilities in GStreamer Good Plug-ins, which can potentially be exploited by malicious people to compromise a vulnerable system. A boundary error occurs within the "qtdemuxparsesamples" function in gst/gtdemux/qtdemux.c when performing QuickTim...

5.1AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2009/01/21 12:0 a.m.•25 views

roundcube -- webmail script insertion and php code injection

Secunia reports: Some vulnerabilities have been reported in RoundCube Webmail, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct script insertion attacks and compromise a vulnerable system. The HTML "background" attribute within e.g. HT...

4.3CVSS1.2AI score0.0198EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2009/01/15 12:0 a.m.•25 views

phplist -- local file inclusion vulnerability

Secunia reports: Input passed to the "SERVERConfigFile" parameter in admin/index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources...

7.5CVSS2.9AI score0.062EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/10/22 12:0 a.m.•25 views

drupal -- multiple vulnerabilities

The Drupal Project reports: On a server configured for IP-based virtual hosts, Drupal may be caused to include and execute specifically named files outside of its root directory. This bug affects both Drupal 5 and Drupal 6. The title of book pages is not always properly escaped, enabling users wi...

3.5CVSS6.5AI score0.01587EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/08/27 12:0 a.m.•25 views

bitlbee -- account recreation security issues

Secunia reports: Some security issues have been reported in BitlBee, which can be exploited by malicious people to bypass certain security restrictions and hijack accounts. The security issues are caused due to unspecified errors, which can be exploited to overwrite existing accounts...

7.5CVSS6.7AI score0.02407EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/05/10 12:0 a.m.•25 views

django -- XSS vulnerability

Django project reports: The Django administration application will, when accessed by a user who is not sufficiently authenticated, display a login form and ask the user to provide the necessary credentials before displaying the requested page. This form will be submitted to the URL the user...

4.3CVSS5.5AI score0.01312EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/02/05 12:0 a.m.•25 views

mailman -- script insertion vulnerability

Secunia reports: A vulnerability has been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks. Certain input when editing the list templates and the list info attribute is not properly sanitised before being stored. This can be exploited to insert...

4.3CVSS5.1AI score0.01919EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2008/01/09 12:0 a.m.•25 views

xfce -- multiple vulnerabilities

Gentoo reports: A remote attacker could entice a user to install a specially crafted "rc" file to execute arbitrary code via long strings in the "Name" and "Comment" fields or via unspecified vectors involving the second vulnerability...

10CVSS7.3AI score0.03983EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2007/12/05 12:0 a.m.•25 views

drupal -- SQL injection vulnerability

The Drupal Project reports: The function taxonomyselectnodes directly injects variables into SQL queries instead of using placeholders. While taxonomy module itself validates the input passed to taxonomyselectnodes, this is a weakness in Drupal core. Several contributed modules, such as...

7.5CVSS7.4AI score0.0165EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2007/06/05 12:0 a.m.•25 views

vlc -- format string vulnerability and integer overflow

isecpartners reports: VLC is vulnerable to a format string attack in the parsing of Vorbis comments in Ogg Vorbis and Ogg Theora files, CDDA data or SAP/SDP service discovery messages. Additionally, there are two errors in the handling of wav files, one a denial of service due to an uninitialized...

6.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2007/06/05 12:0 a.m.•25 views

libvorbis -- Multiple memory corruption flaws

isecpartners reports: libvorbis contains several vulnerabilities allowing heap overwrite, read violations and a function pointer overwrite. These bugs cause a at least a denial of service, and potentially code execution...

6.8CVSS6.7AI score0.0314EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/06/01 12:0 a.m.•25 views

wordpress -- unmoderated comments disclosure

Blogsecurity reports: An attacker can read comments on posts that have not been moderated. This can be a real security risk if blog admins are using unmoderated comments comments that have not been made public to hide sensitive notes regarding posts, future work, passwords etc. So please be caref...

1.6AI score
Exploits0References1
Total number of security vulnerabilities5000