Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2005/11/17 12:0 a.m.•24 views

mambo -- "register_globals" emulation layer overwrite vulnerability

A Secunia Advisory reports: peter MC tachatte has discovered a vulnerability in Mambo, which can be exploited by malicious people to manipulate certain information and compromise a vulnerable system. The vulnerability is caused due to an error in the "registerglobals" emulation layer in...

1.7AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2005/10/21 12:0 a.m.•24 views

fetchmail -- fetchmailconf local password exposure

The fetchmail team reports: The fetchmailconf program before and excluding version 1.49 opened the run control file, wrote the configuration to it, and only then changed the mode to 0600 rw-------. Writing the file, which usually contains passwords, before making it unreadable to other users, can...

2.1CVSS6.6AI score0.00453EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/08/16 12:0 a.m.•24 views

acroread -- plug-in buffer overflow vulnerability

A Adobe Security Advisory reports: The identified vulnerability is a buffer overflow within a core application plug-in, which is part of Adobe Acrobat and Adobe Reader. If a malicious file were opened it could trigger a buffer overflow as the file is being loaded into Adobe Acrobat and Adobe...

7.5CVSS6.9AI score0.13245EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/07/05 12:0 a.m.•24 views

phppgadmin -- "formLanguage" local file inclusion vulnerability

A Secunia Advisory reports: A vulnerability has been reported in phpPgAdmin, which can be exploited by malicious people to disclose sensitive information. Input passed to the "formLanguage" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited...

5CVSS6.1AI score0.04638EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2005/06/09 12:0 a.m.•24 views

tcpdump -- infinite loops in protocol decoding

Problem Description Several tcpdump protocol decoders contain programming errors which can cause them to go into infinite loops. Impact An attacker can inject specially crafted packets into the network which, when processed by tcpdump, could lead to a denial-of-service. After the attack, tcpdump...

6.3AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2005/05/19 12:0 a.m.•24 views

ppxp -- local root exploit

A Debian Advisory reports: Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user supplied log files. This can be tricked into opening a root shell...

7.2CVSS6.5AI score0.00399EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/05/11 12:0 a.m.•24 views

mozilla -- "Wrapped" javascript: urls bypass security checks

A Mozilla Foundation Security Advisory reports: Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source: pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute...

0.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2005/05/11 12:0 a.m.•24 views

squid -- DNS lookup spoofing vulnerability

The squid patches page notes: Malicious users may spoof DNS lookups if the DNS client UDP port random, assigned by OS as startup is unfiltered and your network is not protected from IP spoofing...

6.4CVSS6.4AI score0.02357EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2005/04/26 12:0 a.m.•24 views

rkhunter -- insecure temporary file creation

Gentoo reports: Sune Kloppenborg Jeppesen and Tavis Ormandy of the Gentoo Linux Security Team have reported that the checkupdate.sh script and the main rkhunter script insecurely creates several temporary files with predictable filenames. A local attacker could create symbolic links in the...

2.1CVSS6.1AI score0.00342EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/01/20 12:0 a.m.•24 views

yamt -- buffer overflow and directory traversal issues

Stanislav Brabec discovered errors in yamt's path name handling that lead to buffer overflows and directory traversal issues. When processing a file with a maliciously crafted ID3 tag, yamt might overwrite arbitrary files or possibly execute arbitrary code. The SuSE package ChangeLog contains:...

7.5CVSS7.1AI score0.02081EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2004/12/21 12:0 a.m.•24 views

curl -- authentication buffer overflow vulnerability

Two iDEFENSE Security Advisories reports: An exploitable stack-based buffer overflow condition exists when using NT Lan Manager NTLM authentication. The problem specifically exists within Curlinputntlm defined in lib/httpntlm.c. Successful exploitation allows remote attackers to execute arbitrary...

8.8CVSS7.6AI score0.05732EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2004/12/15 12:0 a.m.•24 views

unrtf -- buffer overflow vulnerability

Yosef Klein and Limin Wang have found a buffer overflow vulnerability in unrtf that can allow an attacker to execute arbitrary code with the permissions of the user running unrtf, by running unrtf on a specially crafted rtf document...

10CVSS5.2AI score0.05954EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2004/12/01 12:0 a.m.•24 views

bugzilla -- cross-site scripting vulnerability

A Bugzilla advisory states: This advisory covers a single cross-site scripting issue that has recently been discovered and fixed in the Bugzilla code: If a malicious user links to a Bugzilla site using a specially crafted URL, a script in the error page generated by Bugzilla will display the URL...

4.3CVSS3.2AI score0.01034EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2004/10/12 12:0 a.m.•24 views

ecartis -- unauthorised access to admin interface

A Debian security advisory reports: A problem has been discovered in ecartis, a mailing-list manager, which allows an attacker in the same domain as the list admin to gain administrator privileges and alter list settings...

4.6CVSS6.6AI score0.00365EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2004/10/09 12:0 a.m.•24 views

bogofilter -- RFC 2047 decoder denial-of-service vulnerability

The bogofilter team has been provided with a test case of a malformatted non-conformant RFC-2047 encoded word that can cause bogofilter versions 0.92.7 and prior to try to write a NUL byte into a memory location that is either one byte past the end of a flex buffer or to a location that is the...

5CVSS6.5AI score0.01926EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2004/09/29 12:0 a.m.•24 views

squid -- SNMP module denial-of-service vulnerability

The Squid-2.5 patches page notes: If a certain malformed SNMP request is received squid restarts with a Segmentation Fault error. This only affects squid installations where SNMP is explicitly enabled via "make config". As a workaround, SNMP can be disabled by defining "snmpport 0" in squid.conf...

5CVSS6.4AI score0.1603EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2004/08/04 12:0 a.m.•24 views

gnomevfs -- unsafe URI handling

Alexander Larsson reports that some versions of gnome-vfs and MidnightCommander contain a number of extfs' scripts that do not properly validate user input. If an attacker can cause her victim to process a specially-crafted URI, arbitrary commands can be executed with the privileges of the victim...

7.5CVSS6.5AI score0.01625EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2004/07/06 12:0 a.m.•24 views

cyrus-sasl -- potential buffer overflow in DIGEST-MD5 plugin

The Cyrus SASL DIGEST-MD5 plugin contains a potential buffer overflow when quoting is required in the output...

3.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2004/04/15 12:0 a.m.•24 views

ident2 double byte buffer overflow

Jack of RaptureSecurity reported a double byte buffer overflow in ident2. The bug may allow a remote attacker to execute arbitrary code within the context of the ident2 daemon. The daemon typically runs as user-ID nobody', but with group-ID wheel'...

7.5CVSS7.5AI score0.03257EPSS
Exploits0
FreeBSD
FreeBSD
•added 2004/01/30 12:0 a.m.•24 views

mksnap_ffs clears file system options

The kernel interface for creating a snapshot of a filesystem is the same as that for changing the flags on that filesystem. Due to an oversight, the mksnapffs8 command called that interface with only the snapshot flag set, causing all other flags to be reset to the default value. A regularly...

4.6CVSS6.2AI score0.0033EPSS
Exploits0
FreeBSD
FreeBSD
•added 2003/10/28 12:0 a.m.•24 views

kpopup -- local root exploit and local denial of service

Mitre CVE reports: Format string vulnerability in main.cpp in kpopup 0.9.1-0.9.5pre2 allows local users to cause a denial of service segmentation fault and possibly execute arbitrary code via format string specifiers in command line arguments. misc.cpp in KPopup 0.9.1 trusts the PATH variable whe...

7.2CVSS6.8AI score0.01005EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2026/06/08 12:0 a.m.•23 views

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: See links for details...

9.8CVSS5.4AI score0.00805EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/01 12:0 a.m.•23 views

Post-Auth Remote Code Execution found in Roundcube Webmail

Roundcube Webmail reports: Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v...

9.9CVSS7.1AI score0.94741EPSS
Exploits29References1
FreeBSD
FreeBSD
•added 2025/04/01 12:0 a.m.•23 views

sudo -- privilege escalation vulnerability through host and chroot options

Todd C. Miller reports, crediting Rich Mirch from Stratascale Cyber Research Unit CRU: Sudo 1.9.17p1: Fixed CVE-2025-32462. Sudo's -h --host option could be specified when running a command or editing a file. This could enable a local privilege escalation attack if the sudoers file allows the use...

9.3CVSS7.7AI score0.47467EPSS
Exploits77References3
FreeBSD
FreeBSD
•added 2025/04/01 12:0 a.m.•23 views

MongoDB -- crash due to improper validation of explain command

[email protected] reports: When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to...

6.5CVSS6.8AI score0.00387EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/03/10 12:0 a.m.•23 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 5 security fixes: 398065918 High CVE-2025-1920: Type Confusion in V8. Reported by Excello s.r.o. on 2025-02-21 400052777 High CVE-2025-2135: Type Confusion in V8. Reported by Zhenghang Xiao @Kipreyyy on 2025-03-02 401059730 High CVE-TBD: Out of bounds...

8.8CVSS7.7AI score0.06387EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/11/22 12:0 a.m.•23 views

keycloak -- Multiple security fixes

Keycloak reports: This update includes 5 security fixes: CVE-2024-10451: Sensitive Data Exposure in Keycloak Build Process CVE-2024-10270: Potential Denial of Service CVE-2024-10492: Keycloak path trasversal CVE-2024-9666: Keycloak proxy header handling Denial-of-Service DoS vulnerability...

6.5CVSS7AI score0.01264EPSS
Exploits0
FreeBSD
FreeBSD
•added 2024/09/24 12:0 a.m.•23 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 5 security fixes: 365254285 High CVE-2024-9120: Use after free in Dawn. Reported by Anonymous on 2024-09-08 363538434 High CVE-2024-9121: Inappropriate implementation in V8. Reported by Tashita Software Security on 2024-09-01 365802567 High...

8.8CVSS7.9AI score0.05811EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2024/09/06 12:0 a.m.•23 views

firefox -- Potential memory corruption and exploitable crash

[email protected] reports: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash...

7.5CVSS7AI score0.00656EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/09/04 12:0 a.m.•23 views

FreeBSD -- Multiple vulnerabilities in libnv

Problem Description: CVE-2024-45287 is a vulnerability that affects both the kernel and userland. A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. CVE-2024-45288 is a...

9.1CVSS7.2AI score0.00511EPSS
Exploits0
FreeBSD
FreeBSD
•added 2024/09/03 12:0 a.m.•23 views

firefox -- multiple vulnerabilities

[email protected] reports: This entry contains 8 vulnerabilities: CVE-2024-8381: A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. CVE-2024-8382: Internal browser event interfaces were exposed to web...

9.8CVSS7.6AI score0.04395EPSS
Exploits1References8
FreeBSD
FreeBSD
•added 2024/07/30 12:0 a.m.•23 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 353034820 Critical CVE-2024-6990: Uninitialized Use in Dawn. Reported by gelatin dessert on 2024-07-15 352872238 High CVE-2024-7255: Out of bounds read in WebTransport. Reported by Marten Richter on 2024-07-13 354748060 High...

8.8CVSS7.2AI score0.00916EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/07/01 12:0 a.m.•23 views

Django -- multiple vulnerabilities

Django reports: CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize. CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords. CVE-2024-39330: Potential directory-traversal in django.core.files.storage.Storage.save. CVE-2024-39614:...

7.5CVSS6.9AI score0.28637EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/04/02 12:0 a.m.•23 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 329130358 High CVE-2024-3156: Inappropriate implementation in V8. Reported by Zhenghang Xiao @Kipreyyy on 2024-03-12 329965696 High CVE-2024-3158: Use after free in Bookmarks. Reported by undoingfish on 2024-03-17 330760873 High...

8.8CVSS7.3AI score0.01599EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/03/07 12:0 a.m.•23 views

Unbound -- Denial-of-Service vulnerability

NLNet Labs reports: Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an...

7.5CVSS6.9AI score0.02516EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/02/01 12:0 a.m.•23 views

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.12 Changelog SECURITY - moderate Reflected XSS in reports pages CVE-2024-23645 SECURITY - moderate LDAP Injection during authentication CVE-2023-51446...

8.1CVSS7AI score0.00886EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/10/18 12:0 a.m.•23 views

Request Tracker -- multiple vulnerabilities

Request Tracker reports: CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface. CVE-2023-41260 SECURITY: RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST...

7.5CVSS6.7AI score0.00717EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/09/27 12:0 a.m.•23 views

File deletion through document upload process in GLPI

[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files...

9.1CVSS7.3AI score0.01043EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/06/21 12:0 a.m.•23 views

FreeBSD -- Network authentication attack via pam_krb5

Problem Description: pamkrb5 authenticates the user by essentially running kinit1 with the password, getting a ticket-granting ticket' tgt from the Kerberos KDC Key Distribution Center over the network, as a way to verify the password. Normally, the system running the pamkrb5 module will also hav...

9.8CVSS7.3AI score0.01098EPSS
Exploits0
FreeBSD
FreeBSD
•added 2023/06/15 12:0 a.m.•23 views

libX11 -- Sub-object overflows

The X.Org project reports: Buffer overflows in InitExt.c in libX11 prior to 1.8.6 CVE-2023-3138 The functions in src/InitExt.c in libX11 prior to 1.8.6 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, usi...

7.5CVSS7AI score0.01656EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/06/14 12:0 a.m.•23 views

jenkins -- CSRF protection bypass vulnerability

Jenkins Security Advisory: Description High SECURITY-3135 / CVE-2023-35141 CSRF protection bypass vulnerability...

8CVSS7.1AI score0.0086EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/01/31 12:0 a.m.•23 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Denial of Service via arbitrarily large Issue descriptions CSRF via file upload allows an attacker to take over a repository Sidekiq background job DoS by uploading malicious CI job artifact zips Sidekiq background job DoS by uploading a malicious Helm package...

6.5CVSS7.1AI score0.01247EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/08/09 12:0 a.m.•23 views

FreeBSD -- Memory disclosure by stale virtual memory mapping

Problem Description: A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. Impact: An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read...

4CVSS2.8AI score0.00174EPSS
Exploits0
FreeBSD
FreeBSD
•added 2022/04/28 12:0 a.m.•23 views

py-httpx -- input validation vulnerability

lebr0nli reports: Encode OSS httpx =1.0.0.beta0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...

9.1CVSS7.3AI score0.02026EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2021/04/06 12:0 a.m.•23 views

syncthing -- crash due to malformed relay protocol message

syncthing developers report: syncthing can be caused to crash and exit if sent a malformed relay protocol message message with a negative length field. The relay server strelaysrv can be caused to crash and exit if sent a malformed relay protocol message with a negative length field...

7.5CVSS3AI score0.0197EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/02/11 12:0 a.m.•23 views

asterisk -- An unsuspecting user could crash Asterisk with multiple hold/unhold requests

The Asterisk project reports: Due to a signedness comparison mismatch, an authenticated WebRTC client could cause a stack overflow and Asterisk crash by sending multiple hold/unhold requests in quick succession...

9.8CVSS2AI score0.02516EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/11/02 12:0 a.m.•23 views

darkhttpd -- DOS vulnerability

Mitre reports: flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability...

7.5CVSS3.8AI score0.01265EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/08/31 12:0 a.m.•23 views

py-Flask-Cors -- directory traversal vulnerability

praetorian-colby-morgan reports: An issue was discovered in Flask-CORS aka CORS Middleware for Flask before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...

7.5CVSS7AI score0.04017EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2020/06/25 12:0 a.m.•23 views

glpi -- SQL injection for all usages of "Clone" feature

MITRE Corporation reports: In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1...

7.1CVSS1.7AI score0.01233EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2020/05/24 12:0 a.m.•23 views

sympa - Security flaws in setuid wrappers

A vulnerability has been discovered in Sympa web interface by which attacker can execute arbitrary code with root privileges. Sympa uses two sorts of setuid wrappers: FastCGI wrappers newaliases wrapper The FastCGI wrappers wwsympa-wrapper.fcgi and sympasoapserver-wrapper.fcgi were used to make t...

4.6AI score
Exploits0References1
Total number of security vulnerabilities5000