Lucene search
K
FreebsdRecent

6583 matches found

FreeBSD
FreeBSD
•added 2017/08/07 12:0 a.m.•134 views

payara -- Code execution via crafted PUT requests to JSPs

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...

8.1CVSS2AI score0.99607EPSS
Exploits18References1
FreeBSD
FreeBSD
•added 2017/08/04 12:0 a.m.•36 views

nss -- Use-after-free in TLS 1.2 generating handshake hashes

Mozilla reports: During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leav...

7.5CVSS0.9AI score0.03153EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2017/08/02 12:0 a.m.•34 views

php-gd and gd -- Buffer over-read into uninitialized memory

PHP developers report: The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read 700 byt...

6.5CVSS2.4AI score0.03418EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/02 12:0 a.m.•15 views

Varnish -- Denial of service vulnerability

phk reports: A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert...

2.4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/31 12:0 a.m.•19 views

TiMidity++ -- Multiple vulnerabilities

qflb.wu of DBAPPSecurity reports: Ihe insertnotesteps function in readmidi.c in TiMidity++ 2.14.0 can cause a denial of servicedivide-by-zero error and application crash via a crafted mid file. The resamplegauss function in resample.c in TiMidity++ 2.14.0 can cause a denial of...

5.5CVSS2.2AI score0.01097EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/31 12:0 a.m.•14 views

links -- denial of service

NIST reports: The putchars function in htmlr.c in Twibright Links 2.14 allows remote attackers to cause a denial of service buffer over-read via a crafted HTML file...

5.5CVSS4.4AI score0.00892EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/27 12:0 a.m.•87 views

phpmailer -- XSS in code example and default exeception handler

PHPMailer reports: Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by...

6.1CVSS6.6AI score0.024EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2017/07/25 12:0 a.m.•31 views

chromium -- multiple vulnerabilities

Google Chrome releases reports: 40 security fixes in this release Please reference CVE/URL list for details...

8.8CVSS7.3AI score0.15513EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/24 12:0 a.m.•47 views

Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests

mnaberez reports: supervisord can be configured to run an HTTP server on a TCP socket and/or a Unix domain socket. The HTTP server is how supervisorctl communicates with supervisord. If an HTTP server has been enabled, it will always serve both HTML pages and an XML-RPC interface. A vulnerability...

9CVSS8.8AI score0.87544EPSS
Exploits10References2
FreeBSD
FreeBSD
•added 2017/07/24 12:0 a.m.•36 views

webkit2-gtk3 -- multiple vulnerabilities

The Webkit gtk team reports: Please reference CVE/URL list for details...

9.3CVSS1.7AI score0.095EPSS
Exploits49References1
FreeBSD
FreeBSD
•added 2017/07/22 12:0 a.m.•47 views

tcpdump -- multiple vulnerabilities

tcpdump developers report: Too many issues to detail, see CVE references for details...

9.8CVSS9.3AI score0.06196EPSS
Exploits3
FreeBSD
FreeBSD
•added 2017/07/21 12:0 a.m.•32 views

ansible -- information disclosure flaw

ansible developers report: Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the nolog directive where the information may not be sanitized properly...

2.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/20 12:0 a.m.•34 views

Cacti -- Cross-site scripting (XSS) vulnerability in auth_profile.php

kimiizhang reports: Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...

5.4CVSS5.6AI score0.01993EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2017/07/20 12:0 a.m.•42 views

GitLab -- Various security issues

GitLab reports: Please reference CVE/URL list for details...

6.5CVSS6.5AI score0.00619EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/19 12:0 a.m.•20 views

h2o -- DoS in workers

Frederik Deweerdt reports: Multiple Denial-of-Service vulnerabilities exist in h2o workers - see references for full details. CVE-2017-10868: Worker processes may crash when receiving a request with invalid framing. CVE-2017-10869: The stack may overflow when proxying huge requests...

7.5CVSS7.8AI score0.03467EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2017/07/19 12:0 a.m.•49 views

MySQL -- multiple vulnerabilities

Oracle reports: Please reference CVE/URL list for details...

6.5CVSS6.4AI score0.03198EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/18 12:0 a.m.•460 views

gsoap -- remote code execution via via overflow

Senrio reports: Genivia gSOAP is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. A remote attacker may exploit this issue to execute arbitrary code in the context of the affect...

8.1CVSS5.4AI score0.21894EPSS
Exploits2References5
FreeBSD
FreeBSD
•added 2017/07/14 12:0 a.m.•43 views

krb5 -- Multiple vulnerabilities

MIT reports: CVE-2017-11368: In MIT krb5 1.7 and later, an authenticated attacker can cause an assertion failure in krb5kdc by sending an invalid S4U2Self or S4U2Proxy request. CVE-2017-11462: RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or subseque...

9.8CVSS6.8AI score0.05481EPSS
Exploits0References6
FreeBSD
FreeBSD
•added 2017/07/12 12:0 a.m.•31 views

FreeBSD -- heimdal KDC-REP service name validation vulnerability

Problem Description: There is a programming error in the Heimdal implementation that used an unauthenticated, plain-text version of the KDC-REP service name found in a ticket. Impact: An attacker who has control of the network between a client and the service it talks to will be able to impersona...

6.5CVSS6.7AI score0.00992EPSS
Exploits0
FreeBSD
FreeBSD
•added 2017/07/12 12:0 a.m.•56 views

samba -- Orpheus Lyre mutual authentication validation bypass

The samba project reports: A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data...

8.1CVSS8.1AI score0.05118EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/11 12:0 a.m.•33 views

Flash Player -- multiple vulnerabilities

Adobe reports: These updates resolve security bypass vulnerability that could lead to information disclosure CVE-2017-3080. These updates resolve memory corruption vulnerability that could lead to remote code execution CVE-2017-3099. These updates resolve memory corruption vulnerability that coul...

9.3CVSS8.2AI score0.08552EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/11 12:0 a.m.•89 views

Apache httpd -- multiple vulnerabilities

The Apache httpd project reports: important: Read after free in modhttp2 CVE-2017-9789 When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. important: Uninitialized memory reflectio...

9.1CVSS1.1AI score0.5677EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/11 12:0 a.m.•83 views

nginx -- a specially crafted request might result in an integer overflow

Maxim Dounin reports: A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak CVE-2017-7529...

7.5CVSS2.8AI score0.62597EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2017/07/06 12:0 a.m.•29 views

xorg-server -- Multiple Issues

xorg-server developers reports: In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. Uninitialized data in endianness conversion in the XEve...

8.8CVSS7.8AI score0.03877EPSS
Exploits0References7
FreeBSD
FreeBSD
•added 2017/07/06 12:0 a.m.•33 views

evince and atril -- command injection vulnerability in CBT handler

GNOME reports: The comic book backend in evince 3.24.0 and earlier is vulnerable to a command injection bug that can be used to execute arbitrary commands when a CBT file is opened. The same vulnerability affects atril, the Evince fork...

7.8CVSS8.3AI score0.50826EPSS
Exploits9References2
FreeBSD
FreeBSD
•added 2017/07/06 12:0 a.m.•80 views

oniguruma -- multiple vulnerabilities

the PHP project reports: A stack out-of-bounds read occurs in matchat during regular expression searching. A logical error involving order of validation and access in matchat could result in an out-of-bounds read from a stack buffer CVE-2017-9224. A heap out-of-bounds write or read occurs in...

9.8CVSS7.2AI score0.07511EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2017/07/05 12:0 a.m.•33 views

Cacti -- Cross-site scripting (XSS) vulnerability in link.php

kimiizhang reports: Cross-site scripting XSS vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter...

5.4CVSS5.8AI score0.00637EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/07/05 12:0 a.m.•82 views

Zabbix -- Remote code execution

mitre reports: An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger...

8.1CVSS8.9AI score0.261EPSS
Exploits24References2
FreeBSD
FreeBSD
•added 2017/07/05 12:0 a.m.•31 views

irssi -- multiple vulnerabilities

irssi reports: When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each...

9.8CVSS9.1AI score0.03443EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/04 12:0 a.m.•50 views

GraphicsMagick -- multiple vulnerabilities

GraphicsMagick reports: Multiple vulnerabilities have been found in GraphicsMagick 1.3.26 or earlier. Please refer to the CVE list for details...

9.8CVSS2.1AI score0.03905EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/03 12:0 a.m.•18 views

jabberd -- authentication bypass vulnerability

SecurityFocus reports: JabberD is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks...

9.8CVSS9.1AI score0.0289EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/06/29 12:0 a.m.•32 views

libgcrypt -- side-channel attack on RSA secret keys

GnuPG reports: Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster"...

6.8CVSS2.4AI score0.03885EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/06/29 12:0 a.m.•27 views

tor -- security regression

The Tor Project reports: Tor 0.3.0.9 fixes a path selection bug that would allow a client to use a guard that was in the same network family as a chosen exit relay. This is a security regression; all clients running earlier versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or 0.3.1.4-alpha...

7.5CVSS7.4AI score0.02446EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2017/06/27 12:0 a.m.•16 views

node.js -- multiple vulnerabilities

Updates are now available for all active Node.js release lines as well as the 7.x line. These include the fix for the high severity vulnerability identified in the initial announcement, one additional lower priority Node.js vulnerability in the 4.x release line, as well as some lower priority fix...

0.4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2017/06/22 12:0 a.m.•34 views

tiff -- multiple vulnerabilities

Debian Security Advisory reports: Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code...

8.6AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2017/06/21 12:0 a.m.•36 views

poppler -- multiple denial of service issues

Poppler developers report: Poppler is prone to a stack-based buffer-overflow vulnerability. Successful exploits may allow attackers to crash the affected application, resulting in denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has n...

6.4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2017/06/21 12:0 a.m.•34 views

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team Reports: CVE-2017-6920: PECL YAML parser unsafe object handling. CVE-2017-6921: File REST resource does not properly validate CVE-2017-6922: Files uploaded by anonymous users into a private file system can be accessed by other anonymous users...

9.8CVSS1.7AI score0.20482EPSS
Exploits7
FreeBSD
FreeBSD
•added 2017/06/21 12:0 a.m.•17 views

pear-Horde_Image -- DoS vulnerability

Michael J Rubinsky reports: The second vulnerability CVE-2017-9773 is a DOS vulnerability. This only affects Horde installations that do not have a configured image handling backend, and thus use the "Null" image driver. It is exploitable by a logged in user clicking on a maliciously crafted URL...

5.7CVSS0.9AI score0.00854EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/06/21 12:0 a.m.•22 views

pear-Horde_Image -- remote code execution vulnerability

Michael J Rubinsky reports: The fist vulnerability CVE-2017-9774 is a Remote Code Execution vulnerability and is exploitable by a logged in user sending a maliciously crafted GET request to the Horde server...

8.8CVSS2AI score0.02385EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/06/20 12:0 a.m.•122 views

Apache httpd -- several vulnerabilities

The Apache httpd project reports: apgetbasicauthpw Authentication Bypass CVE-2017-3167: Use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. modssl Null Pointer Dereference CVE-2017-3169:modssl may dereferen...

9.8CVSS9.3AI score0.57472EPSS
Exploits4References2
FreeBSD
FreeBSD
•added 2017/06/19 12:0 a.m.•27 views

codeigniter -- input validation bypass

The CodeIgniter changelog reports: Form Validation Library rule validemail could be bypassed if idntoascii is available...

1.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2017/06/19 12:0 a.m.•31 views

exim -- Privilege escalation via multiple memory leaks

Qualsys reports: Exim supports the use of multiple "-p" command line arguments which are malloc'ed and never free'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has...

4CVSS5.9AI score0.0053EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/06/17 12:0 a.m.•11 views

FreeRadius -- Multiple vulnerabilities

Guido Vranken reports: Multiple vulnerabilities found via fuzzing: FR-GV-201 v2,v3 Read / write overflow in makesecret FR-GV-202 v2 Write overflow in radcoalesce FR-GV-203 v2 DHCP - Memory leak in decodetlv FR-GV-204 v2 DHCP - Memory leak in frdhcpdecode FR-GV-205 v2 DHCP - Buffer over-read in...

2.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2017/06/15 12:0 a.m.•38 views

chromium -- multiple vulnerabilities

Google Chrome releases reports: 5 security fixes in this release, including: 725032 High CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson on 2017-05-22 729991 High CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong of Tencent Security Platform Department on...

8.8CVSS7.6AI score0.03151EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/06/15 12:0 a.m.•35 views

rt and dependent modules -- multiple security vulnerabilities

BestPractical reports: Please reference CVE/URL list for details...

8.8CVSS7.4AI score0.03072EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/06/14 12:0 a.m.•22 views

cURL -- URL file scheme drive letter buffer overflow

cURL security advisory: When libcurl is given either 1. a file: URL that doesn't use two slashes following the colon, or 2. is told that file is the default scheme to use for URLs without scheme ... and the given path starts with a drive letter and libcurl is built for Windows or DOS, then libcur...

5.3CVSS1.6AI score0.03287EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/06/13 12:0 a.m.•58 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: Please reference CVE/URL list for details...

9.8CVSS8.2AI score0.05216EPSS
Exploits8References2
FreeBSD
FreeBSD
•added 2017/06/13 12:0 a.m.•37 views

Flash Player -- multiple vulnerabilities

Adobe reports: These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084. These updates resolve memory corruption vulnerabilities that could lead to code execution CVE-2017-3076, CVE-2017-3077, CVE-2017-3078,...

10CVSS9.8AI score0.30886EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2017/06/07 12:0 a.m.•12 views

GnuTLS -- Denial of service vulnerability

The GnuTLS project reports: It was found using the TLS fuzzer tools that decoding a status response TLS extension with valid contents could lead to a crash due to a null pointer dereference. The issue affects GnuTLS server applications...

1.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2017/06/07 12:0 a.m.•14 views

GitLab -- Various security issues

GitLab reports: Please reference CVE/URL list for details...

1AI score
Exploits0References1
Total number of security vulnerabilities6583