Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
added 2006/09/06 12:0 a.m.23 views

dircproxy -- remote denial of service

Securiweb reports: dircproxy allows remote attackers to cause a denial of service segmentation fault via an ACTION command without a parameter, which triggers a NULL pointer dereference, as demonstrated using a blank /me message from irssi...

5CVSS6.5AI score0.01694EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2006/08/21 12:0 a.m.23 views

zope -- restructuredText "csv_table" Information Disclosure

Secunia reports: A vulnerability has been reported in Zope, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the use of the docutils module to parse and render "restructured" text. This can be exploited to...

5CVSS6.3AI score0.02378EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2006/08/17 12:0 a.m.23 views

horde -- Phishing and Cross-Site Scripting Vulnerabilities

Secunia reports: Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks. Input passed to the "url" parameter in index.php isn't properly verified before it is being used to include an arbitrary web site in ...

0.1AI score
Exploits0References2
FreeBSD
FreeBSD
added 2006/06/12 12:0 a.m.23 views

wv2 -- Integer Overflow Vulnerability

Secunia reports: A vulnerability has been reported in wvWare wv2 Library, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to an integer overflow error in "wordhelper.h" when handling a Word document. This can b...

6.5CVSS7AI score0.02523EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2006/06/05 12:0 a.m.23 views

dokuwiki -- spellchecker remote PHP code execution

Stefan Esser reports: During the evaluation of DokuWiki for a german/korean wiki of mine a flaw in DokuWiki's spellchecker was discovered, that allows injecting arbitrary PHP commands, by requesting a spellcheck on PHP commands in 'complex curly syntax'. Because the spellchecker is written as par...

2.8AI score
Exploits0References3
FreeBSD
FreeBSD
added 2006/06/01 12:0 a.m.23 views

squirrelmail -- plugin.php local file inclusion vulnerability

The SquirrelMail Project Team reports: A security issue has been uncovered in functions/plugin.php that could allow a remote user to access local files on the server without requiring login. This issue manifests itself if registerglobals is enabled, and magicquotesgpc is disabled...

2.1AI score
Exploits0References2
FreeBSD
FreeBSD
added 2006/05/20 12:0 a.m.23 views

phpmyadmin -- XSRF vulnerabilities

phpMyAdmin security team reports: It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link. Such issue is quite common in many PHP applications and users should take care what links they follow. We consider these vulnerabilities to be quite...

7.5CVSS7.1AI score0.01462EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2006/04/21 12:0 a.m.23 views

zgv, xzgv -- heap overflow vulnerability

Gentoo reports: Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space. When xzgv or zgv attempt to render the image, data from the image overruns a heap...

7.5CVSS6.8AI score0.04073EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2006/04/19 12:0 a.m.23 views

coppermine -- "file" Local File Inclusion Vulnerability

Secunia reports: Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious people to disclose sensitive information. Input passed to the "file" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary...

5CVSS6.3AI score0.03625EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2006/04/18 12:0 a.m.23 views

fswiki -- XSS vulnerability

JVN reports: FreeStyleWiki has XSS vulnerability...

1.5AI score
Exploits0References1
FreeBSD
FreeBSD
added 2006/04/03 12:0 a.m.23 views

openvpn -- LD_PRELOAD code execution on client through malicious or compromised server

Hendrik Weimer reports: OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old...

9CVSS6.4AI score0.03021EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2006/02/01 12:0 a.m.23 views

FreeBSD -- Infinite loop in SACK handling

Problem description: When insufficient memory is available to handle an incoming selective acknowledgement, the TCP/IP stack may enter an infinite loop. Impact: By opening a TCP connection and sending a carefully crafted series of packets, an attacker may be able to cause a denial of service...

5CVSS6.4AI score0.02809EPSS
Exploits0
FreeBSD
FreeBSD
added 2006/01/12 12:0 a.m.23 views

tor -- malicious tor server can locate a hidden service

Roger Dingledine reports: If you offer a Tor hidden service, an adversary who can run a fast Tor server and who knows some basic statistics can find the location of your hidden service in a matter of minutes to hours...

5CVSS6.3AI score0.02893EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2005/12/18 12:0 a.m.23 views

rssh -- privilege escalation vulnerability

Pizzashack reports: Max Vozeler has reported a problem whereby rssh can allow users who have shell access to systems where rssh is installed and rsshchroothelper is installed SUID to gain root access to the system, due to the ability to chroot to arbitrary locations. There are a lot of potentiall...

7.2CVSS6.8AI score0.00381EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2005/12/05 12:0 a.m.23 views

trac -- search module SQL injection vulnerability

Secunia reports: A vulnerability has been reported in Trac, which can be exploited by malicious people to conduct SQL injection attacks. Some unspecified input passed in the search module isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by...

3AI score
Exploits0References2
FreeBSD
FreeBSD
added 2005/10/25 12:0 a.m.23 views

phpicalendar -- cross site scripting vulnerability

Francesco Ongaro reports that phpicalendar is vulnerable for a cross site scripting attack. The vulnerability is caused by improper validation of the index.php file allowing attackers to include an arbitrary file with the .php extension...

6.8CVSS6.2AI score0.0237EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2005/06/10 12:0 a.m.23 views

gaim -- MSN Remote DoS vulnerability

The GAIM team reports: Remote attackers can cause a denial of service crash via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error...

5CVSS6.3AI score0.02385EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2005/05/20 12:0 a.m.23 views

picasm -- buffer overflow vulnerability

Shaun Colley reports: When generating error and warning messages, picasm copies strings into fixed length buffers without bounds checking. If an attacker could trick a user into assembling a source file with a malformed 'error' directive, arbitrary code could be executed with the privileges of th...

5.1CVSS6.5AI score0.07413EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2005/03/03 12:0 a.m.23 views

libexif -- buffer overflow vulnerability

Sylvain Defresne reports that libexif is vulnerable to a buffer overflow vulnerability due to insufficient input checking. This could lead crash of applications using libexif...

2.6CVSS6.8AI score0.0446EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2005/02/21 12:0 a.m.23 views

uim -- privilege escalation vulnerability

The uim developers reports: Takumi ASAKI discovered that uim always trusts environment variables. But this is not correct behavior, sometimes environment variables shouldn't be trusted. This bug causes privilege escalation when libuim is linked against setuid/setgid application. Since GTK+...

4.6CVSS6.6AI score0.0036EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2005/01/26 12:0 a.m.23 views

ngircd -- buffer overflow vulnerability

Florian Westphal discovered a buffer overflow in ngircd which can be used remotely crash the server and possibly execute arbitrary code...

9.8CVSS7.4AI score0.18767EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2005/01/19 12:0 a.m.23 views

konversation -- shell script command injection

Konversation comes with Perl scripts that do not properly escape shell characters on executing a script. This makes it possible to attack Konversation with shell script command injection...

7.5CVSS6.5AI score0.10321EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2004/11/06 12:0 a.m.23 views

ruby -- CGI DoS

The Ruby CGI.rb module contains a bug which can cause the CGI module to go into an infinite loop, thereby causing a denial-of-service situation on the web server by using all available CPU time...

5CVSS6.4AI score0.01898EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2004/09/29 12:0 a.m.23 views

icecast -- HTTP header overflow

It is possible to execute remote code simply using HTTP request plus 31 headers followed by a shellcode that will be executed directly...

3.7AI score
Exploits0References1
FreeBSD
FreeBSD
added 2004/08/20 12:0 a.m.23 views

xv -- exploitable buffer overflows

In a Bugtraq posting, infamous41mdathotpop.com reported: there are at least 5 exploitable buffer and heap overflows in the image handling code. this allows someone to craft a malicious image, trick a user into viewing the file in xv, and upon viewing that image execute arbitrary code under...

1AI score
Exploits0References1
FreeBSD
FreeBSD
added 2004/05/12 12:0 a.m.23 views

Cyrus IMSPd multiple vulnerabilities

The Cyrus team reported multiple vulnerabilities in older versions of Cyrus IMSPd: These releases correct a recently discovered buffer overflow vulnerability, as well as clean up a significant amount of buffer handling throughout the code...

2.8AI score
Exploits0References1
FreeBSD
FreeBSD
added 2004/04/01 12:0 a.m.23 views

Incorrect cross-realm trust handling in Heimdal

Heimdal does not correctly validate the transited' field of Kerberos tickets when computing the authentication path. This could allow a rogue KDC with which cross-realm relationships have been established to impersonate any KDC in the authentication path...

5CVSS6.6AI score0.01528EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2004/03/25 12:0 a.m.23 views

MySQL insecure temporary file creation (mysqlbug)

Shaun Colley reports that the script mysqlbug' included with MySQL sometimes creates temporary files in an unsafe manner. As a result, an attacker may create a symlink in /tmp so that if another user invokes mysqlbug' and quits without making any changes, an arbitrary file may be overwritten with...

2.1CVSS6.4AI score0.00604EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2004/03/23 12:0 a.m.23 views

mysql -- FTS request denial of service vulnerability

A special crafted MySQL FTS request can cause the server to crash. Malicious MySQL users can abuse this bug in a denial of service attack against systems running an affected MySQL daemon. Note that because this bug is related to the parsing of requests, it may happen that this bug is triggered...

5CVSS6.2AI score0.03715EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2004/03/17 12:0 a.m.23 views

isakmpd payload handling denial-of-service vulnerabilities

Numerous errors in isakmpd's input packet validation lead to denial-of-service vulnerabilities. From the Rapid7 advisory: The ISAKMP packet processing functions in OpenBSD's isakmpd daemon contain multiple payload handling flaws that allow a remote attacker to launch a denial of service attack...

10CVSS6.4AI score0.04604EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2004/03/04 12:0 a.m.23 views

GNU Anubis buffer overflows and format string vulnerabilities

Ulf Härnhammar discovered several vulnerabilities in GNU Anubis. Unsafe uses of sscanf'. The %s' format specifier is used, which allows a classical buffer overflow. auth.c Format string bugs invoking syslog'. log.c, errs.c, ssl.c Ulf notes that these vulnerabilities can be exploited by a maliciou...

10CVSS6.8AI score0.04717EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2004/02/29 12:0 a.m.23 views

squid ACL bypass due to URL decoding bug

From the Squid advisory: Squid versions 2.5.STABLE4 and earlier contain a bug in the "%xx" URL decoding function. It may insert a NUL character into decoded URLs, which may allow users to bypass urlregex ACLs...

7.5CVSS6.3AI score0.13809EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2004/02/19 12:0 a.m.23 views

jailed processes can attach to other jails

A programming error has been found in the jailattach2 system call which affects the way that system call verifies the privilege level of the calling process. Instead of failing immediately if the calling process was already jailed, the jailattach system call would fail only after changing the...

4.6CVSS6.6AI score0.00331EPSS
Exploits0
FreeBSD
FreeBSD
added 2026/05/14 12:0 a.m.22 views

www/nginx -- Remote Code Execution/DoS

nginx development team reports: When using the "proxysetbody" directive, an attacker might inject data in the proxied request to an HTTP/2 backend A heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngxhttprewritemodule, potentially resultin...

9.2CVSS6.1AI score0.61469EPSS
Exploits41
FreeBSD
FreeBSD
added 2026/05/07 12:0 a.m.22 views

firefox -- Memory safety bugs present in Firefox 150

https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/ reports: Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.1CVSS5.9AI score0.00323EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/04/14 12:0 a.m.22 views

xwayland -- Multiple vulnerabilities

X.Org project reports: Multiple issues have been found in the X server and Xwayland implementations published by X.Org for which we are releasing security fixes for in xorg-server-21.1.22 and xwayland-24.1.10...

9.1CVSS5.7AI score0.00489EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2025/03/05 12:0 a.m.22 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-3495 / CVE-2025-27622 Encrypted values of secrets stored in agent configuration revealed to users with Agent/Extended Read permission Description Medium SECURITY-3496 / CVE-2025-27623 Encrypted values of secrets stored in view configuration...

5.4CVSS6.9AI score0.00727EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2025/01/14 12:0 a.m.22 views

rsync -- Multiple security fixes

rsync reports: This update includes multiple security fixes: CVE-2024-12084: Heap Buffer Overflow in Checksum Parsing CVE-2024-12085: Info Leak via uninitialized Stack contents defeats ASLR CVE-2024-12086: Server leaks arbitrary client files CVE-2024-12087: Server can make client write files...

9.8CVSS7.2AI score0.72059EPSS
Exploits8
FreeBSD
FreeBSD
added 2024/12/03 12:0 a.m.22 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 379009132 High CVE-2024-12053: Type Confusion in V8. Reported by gal1ium and chluo on 2024-11-14...

8.8CVSS7.5AI score0.00862EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/12/03 12:0 a.m.22 views

gstreamer1-plugins-gdkpixbuf -- NULL-pointer dereference

The GStreamer Security Center reports: A NULL-pointer dereference in the gdk-pixbuf decoder that can cause crashes for certain input files...

9.8CVSS7AI score0.00901EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/12/03 12:0 a.m.22 views

gstreamer1-plugins -- multiple vulnerabilities

The GStreamer Security Center reports: 3 security bugs. CVE-2024-47542: ID3v2 parser out-of-bounds read and NULL-pointer dereference CVE-2024-47600: Out-of-bounds read in gst-discoverer-1.0 commandline tool CVE-2024-47541: Out-of-bounds write in SSA subtitle parser...

9.1CVSS7AI score0.01324EPSS
Exploits2References3
FreeBSD
FreeBSD
added 2024/11/26 12:0 a.m.22 views

Gitlab -- vulnerabilities

Gitlab reports: Privilege Escalation via LFS Tokens DoS through uncontrolled resource consumption when viewing a maliciously crafted cargo.toml file Unintended Access to Usage Data via Scoped Tokens Gitlab DOS via Harbor registry integration Resource exhaustion and denial of service with testrepo...

8.8CVSS6.8AI score0.00684EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/08 12:0 a.m.22 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 368241697 High CVE-2024-9602: Type Confusion in V8. Reported by Seunghyun Lee @0x10n on 2024-09-20 367818758 High CVE-2024-9603: Type Confusion in V8. Reported by @WeShotTheMoon and @Nguyen Hoang Thach of starlabs on 2024-09-18...

8.8CVSS7.5AI score0.00773EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2024/10/02 12:0 a.m.22 views

redis,valkey -- Multiple vulnerabilities

Redis core team reports: CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE. CVE-2024-31227 Potential Denial-of-service due to malformed ACL selectors. CVE-2024-31228 Potential Denial-of-service due to unbounded pattern matching...

8.8CVSS7.2AI score0.04488EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2024/10/01 12:0 a.m.22 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 367764861 High CVE-2024-7025: Integer overflow in Layout. Reported by Tashita Software Security on 2024-09-18 368208152 High CVE-2024-9369: Insufficient data validation in Mojo. Reported by Xiantong Hou and Pisanbao of Wuheng Lab on...

9.6CVSS7.8AI score0.00592EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2024/06/11 12:0 a.m.22 views

firefox -- Multiple vulnerabilities

[email protected] reports: CVE-2024-5697: A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. CVE-2024-5698: By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box ove...

6.1CVSS6.7AI score0.00395EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2024/06/11 12:0 a.m.22 views

traefik -- Azure Identity Libraries Elevation of Privilege Vulnerability

The traefik authors report: There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...

5.5CVSS6.9AI score0.00788EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/05/28 12:0 a.m.22 views

minio -- unintentional information disclosure

Minio security advisory GHSA-95fr-cm4m-q5p9 reports: when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information...

5.3CVSS7AI score0.00549EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/05/13 12:0 a.m.22 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 1 security fix: 339458194 High CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous on 2024-05-09...

8.8CVSS7AI score0.11007EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2024/05/09 12:0 a.m.22 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 1 security fix: 339266700 High CVE-2024-4671: Use after free in Visuals. Reported by Anonymous on 2024-05-07...

9.6CVSS7.6AI score0.08348EPSS
Exploits0References1
Total number of security vulnerabilities5000