Lucene search
K
FreebsdRecent

6583 matches found

FreeBSD
FreeBSD
•added 2017/09/19 12:0 a.m.•43 views

perl -- multiple vulnerabilities

Meta CPAN reports: CVE-2017-12814: $ENV$key stack buffer overflow on Windows A possible stack buffer overflow in the %ENV code on Windows has been fixed by removing the buffer completely since it was superfluous anyway. CVE-2017-12837: Heap buffer overflow in regular expression compiler Compiling...

9.8CVSS9AI score0.06981EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2017/09/18 12:0 a.m.•96 views

Apache -- HTTP OPTIONS method can leak server memory

The Fuzzing Project reports: Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x...

7.5CVSS2AI score0.94999EPSS
Exploits9References1
FreeBSD
FreeBSD
•added 2017/09/18 12:0 a.m.•32 views

rubygem-geminabox -- XSS & CSRF vulnerabilities

Gem in a box XSS vulenrability - CVE-2017-14506: Malicious attacker create GEM file with crafted homepage value gem.homepage in .gemspec file includes XSS payload. The attacker access geminabox system and uploads the gem file or uses CSRF/SSRF attack to do so. From now on, any user access Geminab...

8.8CVSS6.8AI score0.0068EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2017/09/17 12:0 a.m.•15 views

sugarcrm -- multiple vulnerabilities

sugarcrm developers report: An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 and Sugar Community Edition 6.5.26. Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection,...

8.8CVSS7.7AI score0.05766EPSS
Exploits3References4
FreeBSD
FreeBSD
•added 2017/09/14 12:0 a.m.•39 views

ruby -- multiple vulnerabilities

Ruby blog: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby...

9.8CVSS9.4AI score0.16412EPSS
Exploits2References5
FreeBSD
FreeBSD
•added 2017/09/13 12:0 a.m.•22 views

libofx -- exploitable buffer overflow

Talos developers report: An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this...

8.8CVSS8.4AI score0.02393EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2017/09/12 12:0 a.m.•32 views

libraw -- buffer overflow

libraw developers report: LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file...

8.8CVSS9AI score0.02124EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/09/12 12:0 a.m.•38 views

Flash Player -- multiple vulnerabilities

Adobe reports: These updates resolve memory corruption vulnerabilities that could lead to remote code execution CVE-2017-11281, CVE-2017-11282...

9.8CVSS9.9AI score0.34848EPSS
Exploits8References1
FreeBSD
FreeBSD
•added 2017/09/11 12:0 a.m.•32 views

FFmpeg -- multiple vulnerabilities

FFmpeg security reports: Multiple vulnerabilities have been fixed in FFmpeg 3.3.4. Please refer to the CVE list for details...

8.8CVSS7.4AI score0.02712EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/09/11 12:0 a.m.•34 views

libraw -- denial of service and remote code execution

libraw developers report: A Stack-based Buffer Overflow was discovered in xtransinterpolate in internal/dcrawcommon.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack...

9.8CVSS9.4AI score0.04336EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/09/11 12:0 a.m.•32 views

libsndfile -- out-of-bounds reads

Xin-Jiang on Github reports: CVE-2017-14245 Medium: An out of bounds read in the function d2alawarray in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. CVE-2017-14246 Medium: An out of...

8.1CVSS7.3AI score0.02229EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/09/11 12:0 a.m.•21 views

Multiple exploitable heap-based buffer overflow vulnerabilities exists in FreeXL 1.0.3

Cisco TALOS reports: An exploitable heap based buffer overflow vulnerability exists in the readbiffnextrecord function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this...

8.8CVSS9.3AI score0.03313EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2017/09/09 12:0 a.m.•24 views

libbson -- Denial of Service

mongodb developers report: In MongoDB libbson 1.7.0, the bsonitercodewscope function in bson-iter.c miscalculates a bsonutf8validate length argument, which allows remote attackers to cause a denial of service heap-based buffer over-read in the bsonutf8validate function in bson-utf8.c, as...

7.5CVSS7.4AI score0.02797EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2017/09/07 12:0 a.m.•46 views

GitLab -- multiple vulnerabilities

GitLab reports: Please reference CVE/URL list for details...

8.8CVSS8.4AI score0.02131EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/09/07 12:0 a.m.•33 views

libgd -- Denial of servica via double free

libgd developers report: Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors...

7.5CVSS7.4AI score0.05102EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2017/09/07 12:0 a.m.•22 views

cyrus-imapd -- broken "other users" behaviour

Cyrus IMAP 3.0.4 Release Notes states: Fixed Issue 2132: Broken "Other Users" behaviour...

9.1CVSS9AI score0.02177EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/09/07 12:0 a.m.•20 views

aacplusenc -- denial of service

Gentoo developers report: DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service invalid memory write, SEGV on unknown address 0x000000000030, and application crash or possibly have unspecified other impact via a crafted .wav...

7.8CVSS7.9AI score0.01009EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2017/09/05 12:0 a.m.•11 views

py-Scrapy -- DoS vulnerability

kmike and nramirezuy report: Scrapy 1.4 allows remote attackers to cause a denial of service memory consumption via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage...

7.8CVSS6.8AI score0.01907EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2017/09/05 12:0 a.m.•29 views

Django -- possible XSS in traceback section of technical 500 debug page

Django blog: In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with DEBUG =...

6.1CVSS6.3AI score0.23566EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/09/05 12:0 a.m.•20 views

ledger -- multiple vulnerabilities

Talos reports: An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. A...

8.1AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2017/09/05 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome releases reports: 22 security fixes in this release, including: 737023 High CVE-2017-5111: Use after free in PDFium. Reported by Luat Nguyen on KeenLab, Tencent on 2017-06-27 740603 High CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein on 2017-07-10 747043 High...

8.8CVSS8AI score0.26331EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/09/04 12:0 a.m.•18 views

emacs -- enriched text remote code execution vulnerability

Paul Eggert reports: Charles A. Roelli has found a security flaw in the enriched mode in GNU Emacs. When Emacs renders MIME text/enriched data Internet RFC 1896, it is vulnerable to arbitrary code execution. Since Emacs-based mail clients decode "Content-Type: text/enriched", this code is...

3.5AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2017/09/01 12:0 a.m.•27 views

libzip -- denial of service

libzip developers report: The zipreadeocd64 function in zipopen.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service memory allocation failure in zipcdirgrow in zipdirent.c via a crafted ZIP archive...

6.5CVSS6.5AI score0.032EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/09/01 12:0 a.m.•29 views

asterisk -- RTP/RTCP information leak

The Asterisk project reports: This is a follow up advisory to AST-2017-005. Insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetricrtp" options allow redirecting where Asterisk sends the next RTCP report. The RTP stream...

7.5CVSS8.7AI score0.0433EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/31 12:0 a.m.•29 views

asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm

The Asterisk project reports: AST-2017-005 - A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support this introduced an avenue where media could be hijacked. Instead of only learning a new...

9.8CVSS8.9AI score0.14907EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/08/31 12:0 a.m.•22 views

asterisk -- Remote Crash Vulerability in res_pjsip

The Asterisk project reports: A carefully crafted URI in a From, To or Contact header could cause Asterisk to crash...

7.5CVSS7.5AI score0.50053EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/30 12:0 a.m.•31 views

gdk-pixbuf -- multiple vulnerabilities

TALOS reports: An exploitable integer overflow vulnerability exists in the tiffimageparse functionality. An exploitable heap-overflow vulnerability exists in the gdkpixbufjpegimageloadincrement functionality...

8.8CVSS8AI score0.04599EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2017/08/29 12:0 a.m.•22 views

rubygems -- multiple vulnerabilities

Official blog of RubyGems reports: The following vulnerabilities have been reported: a DNS request hijacking vulnerability, an ANSI escape sequence vulnerability, a DoS vulnerability in the query command, and a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary...

1.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/29 12:0 a.m.•34 views

ncurses -- multiple issues

ncurses developers reports: There are multiple illegal address access issues and an infinite loop issue. Please refer to the CVE list for details...

7.5CVSS7AI score0.03896EPSS
Exploits7References7
FreeBSD
FreeBSD
•added 2017/08/29 12:0 a.m.•34 views

libtiff -- Improper Input Validation

libtiff developers report: There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd in LibTIFF 4.0.8, related to tifdirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. There is a reachable assertion abort in the function...

6.5CVSS7.4AI score0.02631EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2017/08/27 12:0 a.m.•28 views

libgcrypt -- side-channel attack vulnerability

GnuPG reports: Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth Be With You"...

7.5CVSS7.5AI score0.0351EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/08/26 12:0 a.m.•47 views

Python 2.7 -- multiple vulnerabilities

Python reports: Multiple vulnerabilities have been fixed in Python 2.7.14. Please refer to the CVE list for details...

9.8CVSS8.9AI score0.13335EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2017/08/25 12:0 a.m.•25 views

py-kerberos -- DoS and MitM vulnerabilities

macosforgebot reports: The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service bad response, or have other unspecified impact by performing a man-in-the-middle attack...

8.1CVSS7.7AI score0.02303EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/21 12:0 a.m.•16 views

dnsdist -- multiple vulnerabilities

PowerDNS Security Advisory reports: The first issue can lead to a denial of service on 32-bit if a backend sends crafted answers, and the second to an alteration of dnsdist's ACL if the API is enabled, writable and an authenticated user is tricked into visiting a crafted website...

4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/18 12:0 a.m.•29 views

pspp -- multiple vulnerabilities

CVE Details reports: There is an Integer overflow in the hashint function of the libpspp library in GNU PSPP 0.10.5-pre2 CVE-2017-10791. There is a NULL Pointer Dereference in the function llinsert of the libpspp library in GNU PSPP 0.10.5-pre2 CVE-2017-10792. There is an illegal address access i...

7.5CVSS6.9AI score0.01626EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2017/08/17 12:0 a.m.•35 views

libsoup -- stack based buffer overflow

Tobias Mueller reports: libsoup is susceptible to a stack based buffer overflow attack when using chunked encoding. Regardless of libsoup being used as a server or client...

9.8CVSS9.2AI score0.24337EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2017/08/16 12:0 a.m.•27 views

salt -- Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master

SaltStack reports: Correct a flaw in minion id validation which could allow certain minions to authenticate to a master despite not having the correct credentials. To exploit the vulnerability, an attacker must create a salt-minion with an ID containing characters that will cause a directory...

9.8CVSS8.9AI score0.04629EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/08/16 12:0 a.m.•31 views

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team: CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...

9.8CVSS3AI score0.03017EPSS
Exploits0
FreeBSD
FreeBSD
•added 2017/08/15 12:0 a.m.•23 views

kanboard -- multiple privilege escalation vulnerabilities

chbi reports: an authenticated standard user could reset the password of another user including admin by altering form data...

8.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/10 12:0 a.m.•42 views

PostgreSQL vulnerabilities

The PostgreSQL project reports: CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pgusermappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: loput function ignores ACLs...

9.8CVSS4.1AI score0.61566EPSS
Exploits0
FreeBSD
FreeBSD
•added 2017/08/10 12:0 a.m.•31 views

subversion -- Arbitrary code execution vulnerability

subversion team reports: A Subversion client sometimes connects to URLs provided by the repository. This happens in two primary cases: during 'checkout', 'export', 'update', and 'switch', when the tree being downloaded contains svn:externals properties; and when using 'svnsync sync' with one URL...

9.8CVSS0.9AI score0.18892EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2017/08/10 12:0 a.m.•30 views

GitLab -- two vulnerabilities

GitLab reports: Remote Command Execution in git client An external code review performed by Recurity-Labs identified a remote command execution vulnerability in git that could be exploited via the "Repo by URL" import option in GitLab. The command line git client was not properly escaping command...

8.8CVSS9.2AI score0.0354EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2017/08/10 12:0 a.m.•40 views

Mercurial -- multiple vulnerabilities

Mercurial Release Notes: CVE-2017-1000115 Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository. CVE-2017-1000116 Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks on clients by specifying a...

10CVSS9.2AI score0.05734EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2017/08/10 12:0 a.m.•45 views

cvs -- Remote code execution via ssh command injection

Hank Leininger reports: Bugs in Git, Subversion, and Mercurial were just announced and patched which allowed arbitrary local command execution if a malicious name was used for the remote server, such as starting with - to pass options to the ssh client: git clone...

7.5CVSS7.8AI score0.05968EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2017/08/10 12:0 a.m.•56 views

FreeBSD -- OpenSSH Denial of Service vulnerability

Problem Description: There is no limit on the password length. Impact: A remote attacker may be able to cause an affected SSH server to use excessive amount of CPU by sending very long passwords, when PasswordAuthentication is enabled by the system administrator...

7.8CVSS2.7AI score0.58568EPSS
Exploits5
FreeBSD
FreeBSD
•added 2017/08/09 12:0 a.m.•48 views

cURL -- multiple vulnerabilities

The cURL project reports: FILE buffer read out of bounds TFTP sends more than buffer size URL globbing out of bounds read...

6.5CVSS7.2AI score0.03875EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/09 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Several security fixes in this release, including: 780450 High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01 787103 High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu @shhnjk on 2017-11-20 793620 High...

8.8CVSS7.6AI score0.02149EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/08 12:0 a.m.•52 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: Please reference CVE/URL list for details...

10CVSS2AI score0.13697EPSS
Exploits24References1
FreeBSD
FreeBSD
•added 2017/08/08 12:0 a.m.•82 views

sqlite3 -- heap-buffer overflow

Google reports: A heap-buffer overflow sometimes a crash can arise when running a SQL request on malformed sqlite3 databases...

9.8CVSS9.6AI score0.08609EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/08 12:0 a.m.•36 views

Flash Player -- multiple vulnerabilities

Adobe reports: These updates resolve security bypass vulnerability that could lead to information disclosure CVE-2017-3085. These updates resolve type confusion vulnerability that could lead to remote code execution CVE-2017-3106...

9.3CVSS8.4AI score0.22311EPSS
Exploits3References1
Total number of security vulnerabilities6583