Lucene search
K
FreebsdRecent

6585 matches found

FreeBSD
FreeBSD
•added 2015/10/22 12:0 a.m.•33 views

Joomla! -- Core - SQL Injection/ACL Violation vulnerabilities

The JSST and the Joomla! Security Center report: 20151001 - Core - SQL Injection Inadequate filtering of request data leads to a SQL Injection vulnerability. 20151002 - Core - ACL Violations Inadequate ACL checks in comcontenthistory provide potential read access to data which should be access...

7.5CVSS6.8AI score0.99967EPSS
Exploits10References3
FreeBSD
FreeBSD
•added 2015/10/21 12:0 a.m.•98 views

ntp -- 13 low- and medium-severity vulnerabilities

ntp.org reports: NTF's NTP Project has been notified of the following 13 low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on Wednesday, 21 October 2015: Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association authentication bypass via crypto-NAK Cisco ASIG...

9.8CVSS6.8AI score0.81762EPSS
Exploits8References1
FreeBSD
FreeBSD
•added 2015/10/21 12:0 a.m.•54 views

ntp -- denial of service vulnerability

Network Time Foundation reports: NTF's NTP Project has been notified of the following 1 medium-severity vulnerability that is fixed in ntp-4.2.8p5, released on Thursday, 7 January 2016: NtpBug2956: Small-step/Big-step CVE-2015-5300...

7.5CVSS7.7AI score0.0913EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2015/10/21 12:0 a.m.•27 views

drupal -- open redirect vulnerability

Drupal development team reports: The Overlay module in Drupal core displays administrative pages as a layer over the current page using JavaScript, rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents,...

6.1CVSS6.2AI score0.01774EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/10/20 12:0 a.m.•40 views

java -- multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 25 new security fixes for Oracle Java SE. 24 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password...

10CVSS6.7AI score0.13354EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/20 12:0 a.m.•26 views

libebml -- multiple vulnerabilities

Mortiz Bunkus reports: Multiple invalid memory accesses vulnerabilities...

9.6CVSS6.1AI score0.02126EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/16 12:0 a.m.•43 views

mediawiki -- multiple vulnerabilities

MediaWiki reports: Wikipedia user RobinHood70 reported two issues in the chunked upload API. The API failed to correctly stop adding new chunks to the upload when the reported size was exceeded T91203, allowing a malicious users to upload add an infinite number of chunks for a single file upload...

9.8CVSS8.4AI score0.02871EPSS
Exploits1References7
FreeBSD
FreeBSD
•added 2015/10/16 12:0 a.m.•42 views

qemu -- denial of service vulnerabilities in eepro100 NIC support

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the i8255x PRO100 emulation support is vulnerable to an infinite loop issue. It could occur while processing a chain of commands located in the Command Block List CBL. Each Command BlockCB points to the next command...

6.5CVSS8AI score0.00393EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2015/10/16 12:0 a.m.•29 views

Salt -- multiple vulnerabilities

Salt release notes: CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials in loglevel debug output on the Salt master. These credentials are now replaced with REDACTED in the...

9.8CVSS8.5AI score0.0222EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/16 12:0 a.m.•40 views

flash -- remote code execution

Adobe reports: These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2015-7645, CVE-2015-7647, CVE-2015-7648...

10CVSS9AI score0.68396EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/15 12:0 a.m.•56 views

LibreSSL -- Memory leak and buffer overflow

Qualys reports: During the code review of OpenSMTPD a memory leak and buffer overflow an off-by-one, usually stack-based were discovered in LibreSSL's OBJobj2txt function. This function is called automatically during a TLS handshake both client-side, unless an anonymous mode is used, and...

9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/15 12:0 a.m.•27 views

firefox -- Cross-origin restriction bypass using Fetch

Firefox Developers report: Security researcher Abdulrahman Alqabandi reported that the fetch API did not correctly implement the Cross-Origin Resource Sharing CORS specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reporte...

6.8CVSS9.1AI score0.01662EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/14 12:0 a.m.•32 views

wireshark -- Pcapng file parser crash

Wireshark development team reports: The following vulnerability has been fixed. wnpa-sec-2015-30 Pcapng file parser crash. Bug 11455...

4.3CVSS5.8AI score0.03037EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/13 12:0 a.m.•45 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 24 security fixes in this release, including: 519558 High CVE-2015-6755: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 507316 High CVE-2015-6756: Use-after-free in PDFium. Credit to anonymous. 529520 High CVE-2015-6757: Use-after-free in ServiceWorker...

7.5CVSS9.6AI score0.06974EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2015/10/13 12:0 a.m.•28 views

flash -- multiple vulnerabilities

Adobe reports: These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure CVE-2015-7628. These updates include a defense-in-depth feature in the Flash broker API CVE-2015-5569. These updates resolve use-after-free...

10CVSS7.7AI score0.08245EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/10 12:0 a.m.•31 views

p5-HTML-Scrubber -- XSS vulnerability

MITRE reports: Cross-site scripting XSS vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment...

2.6CVSS5.6AI score0.02092EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2015/10/09 12:0 a.m.•31 views

optipng -- multiple vulnerabilities

ifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service uninitialized memory read via a crafted GIF file. The bmpreadrows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service invalid memory...

9.3CVSS7.9AI score0.04426EPSS
Exploits2
FreeBSD
FreeBSD
•added 2015/10/08 12:0 a.m.•24 views

codeigniter -- multiple XSS vulnerabilities

The CodeIgniter changelog reports: Fixed a number of XSS attack vectors in Security Library method xssclean thanks to Frans Rosén from Detectify...

3.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/08 12:0 a.m.•27 views

PostgreSQL -- minor security problems.

PostgreSQL project reports: Two security issues have been fixed in this release which affect users of specific PostgreSQL features. CVE-2015-5289 json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. CVE-2015-5288: The cryp...

6.4CVSS8.3AI score0.05045EPSS
Exploits0
FreeBSD
FreeBSD
•added 2015/10/05 12:0 a.m.•29 views

mbedTLS/PolarSSL -- DoS and possible remote code execution

ARM Limited reports: When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the sessio...

6.8CVSS8AI score0.03629EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/04 12:0 a.m.•39 views

lldpd -- Buffer overflow/Denial of service

The lldpd developer Vincent Bernat reports: A buffer overflow may allow arbitrary code execution only if hardening was disabled. Malformed packets should not make lldpd crash. Ensure we can handle them by not using assert in this part...

9.8CVSS9.3AI score0.05493EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/10/04 12:0 a.m.•15 views

OpenSMTPD -- multiple vulnerabilities

OpenSMTPD developers report: fix an mda buffer truncation bug which allows a user to create forward files that pass session checks but fail delivery later down the chain, within the user mda fix remote buffer overflow in unprivileged pony process reworked offline enqueue to better protect against...

4AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2015/10/02 12:0 a.m.•27 views

librsvg2 -- denial of service vulnerability

Adam Maris, Red Hat Product Security, reports: CVE-2015-7558: Stack exhaustion due to cyclic dependency causing to crash an application was found in librsvg2 while parsing SVG file. It has been fixed in 2.40.12 by many commits that has rewritten the checks for cyclic references...

7.5CVSS7.4AI score0.02399EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/10/02 12:0 a.m.•35 views

gdk-pixbuf2 -- head overflow and DoS

reports: We found a heap overflow and a DoS in the gdk-pixbuf implementation triggered by the scaling of tga file. We found a heap overflow in the gdk-pixbuf implementation triggered by the scaling of gif file...

6.8CVSS7.7AI score0.05796EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2015/10/02 12:0 a.m.•28 views

OpenSMTPD -- multiple vulnerabilities

OpenSMTPD developers report: an oversight in the portable version of fgetln that allows attackers to read and write out-of-bounds memory multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD a stack-based buffer overflow that allows local users to crash...

9.8CVSS9.8AI score0.04094EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2015/10/01 12:0 a.m.•55 views

php -- multiple vulnerabilities

PHP reports: Phar: Fixed bug 69720 Null pointer dereference in phargetfpoffset. Fixed bug 70433 Uninitialized pointer in pharmakedirstream when zip entry filename is "/"...

6.8CVSS8.5AI score0.10288EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/10/01 12:0 a.m.•36 views

VirtualBox -- undisclosed vulnerabilities

Oracle reports reports: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core. Unspecified...

6.3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/09/30 12:0 a.m.•26 views

james -- multiple vulnerabilities

The Apache James Project reports: This release has many enhancements and bug fixes over the previous release. See the Release Notes for a detailed list of changes. Some of the earlier defects could turn a James mail server into an Open Relay and allow files to be written on disk. All users of Jam...

9.3CVSS7.9AI score0.68603EPSS
Exploits5References2
FreeBSD
FreeBSD
•added 2015/09/29 12:0 a.m.•25 views

FreeBSD -- rpcbind(8) remote denial of service [REVISED]

Problem Description: In rpcbind8, netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash...

7.5CVSS7.5AI score0.06408EPSS
Exploits0
FreeBSD
FreeBSD
•added 2015/09/28 12:0 a.m.•27 views

pygments -- shell injection vulnerability

NVD reports: The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

9.3CVSS9AI score0.06664EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/09/26 12:0 a.m.•35 views

unzip -- multiple vulnerabilities

Gustavo Grieco reports: Two issues were found in unzip 6.0: A heap overflow triggered by unzipping a file with password e.g unzip -p -P x sigsegv.zip. A denegation of service with a file that never finishes unzipping e.g. unzip sigxcpu.zip...

6.8CVSS6.5AI score0.07184EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/09/24 12:0 a.m.•30 views

git -- potential code execution

Debian reports: "int" is the wrong data type for ... nlen assignment...

10CVSS3.6AI score0.17979EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2015/09/24 12:0 a.m.•29 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Two vulnerabilities were fixed in this release: 530301 High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. 531891 High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski...

7.5CVSS9.4AI score0.01757EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2015/09/23 12:0 a.m.•43 views

Git -- Execute arbitrary code

Git release notes: Some protocols like git-remote-ext can execute arbitrary code found in the URL. The URLs that submodules use may come from arbitrary sources e.g., .gitmodules files in a remote repository, and can hurt those who blindly enable recursive fetch. Restrict the allowed protocols to...

9.8CVSS9.3AI score0.20144EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/09/22 12:0 a.m.•35 views

libvpx -- buffer overflow in vp9_init_context_buffers

The Mozilla Project reports: Security researcher Khalil Zhani reported that a maliciously crafted vp9 format video could be used to trigger a buffer overflow while parsing the file. This leads to a potentially exploitable crash due to a flaw in the libvpx library...

6.8CVSS9.4AI score0.04925EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/09/22 12:0 a.m.•44 views

xen-tools -- libxl fails to honour readonly flag on disks with qemu-xen

The Xen Project reports: Callers of libxl can specify that a disk should be read-only to the guest. However, there is no code in libxl to pass this information to qemu-xen the upstream-based qemu; and indeed there is no way in qemu to make a disk read-only. The vulnerability is exploitable only v...

3.6CVSS7.7AI score0.00417EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/09/22 12:0 a.m.•36 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-96 Miscellaneous memory safety hazards rv:41.0 / rv:38.3 MFSA 2015-97 Memory leak in mozTCPSocket to servers MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes MFSA 2015-99 Site attribute spoofing on Android by pasting URL with...

9.3CVSS9.6AI score0.0608EPSS
Exploits0References19
FreeBSD
FreeBSD
•added 2015/09/21 12:0 a.m.•22 views

owncloudclient -- Improper validation of certificates when using self-signed certificates

owncloud.org reports: The ownCloud Desktop Client was vulnerable against MITM attacks until version 2.0.0 in combination with self-signed certificates...

5.1CVSS6.5AI score0.00668EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/09/21 12:0 a.m.•39 views

flash -- multiple vulnerabilities

Adobe reports: These updates resolve a type confusion vulnerability that could lead to code execution CVE-2015-5573. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, CVE-2015-6682. These updates...

10CVSS7.5AI score0.45511EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2015/09/20 12:0 a.m.•22 views

redmine -- open redirect vulnerability

Redmine reports: Open Redirect vulnerability...

7.4CVSS7.4AI score0.01849EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/09/18 12:0 a.m.•34 views

qemu -- denial of service vulnerability in virtio-net support

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the Virtual Network Devicevirtio-net support is vulnerable to a DoS issue. It could occur while receiving large packets over the tuntap/macvtap interfaces and when guest's virtio-net driver did not support...

5CVSS7.6AI score0.04935EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2015/09/18 12:0 a.m.•31 views

wolfssl -- DDoS amplification in DTLS

Sebastian Ramacher identified an error in wolfSSL's implementation of the server side of the DTLS handshake, which could be abused for DDoS amplification or a DoS on the DTLS server itself...

7.5CVSS7.4AI score0.0272EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2015/09/18 12:0 a.m.•13 views

mbedTLS/PolarSSL -- multiple vulnerabilities

ARM Limited reports: Florian Weimar from Red Hat published on Lenstra's RSA-CRT attach for PKCS1 v1.5 signatures. These releases include countermeasures against that attack. Fabian Foerg of Gotham Digital Science found a possible client-side NULL pointer dereference, using the AFL Fuzzer. This...

0.1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/09/18 12:0 a.m.•9 views

squid -- TLS/SSL parser denial of service vulnerability

Amos Jeffries, release manager of the Squid-3 series, reports: Vulnerable versions are 3.5.0.1 to 3.5.8 inclusive, which are built with OpenSSL and configured for "SSL-Bump" decryption. Integer overflows can lead to invalid pointer math reading from random memory on some CPU architectures. In the...

1AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2015/09/17 12:0 a.m.•25 views

otrs -- Scheduler Process ID File Access

The OTRS project reports: An attacker with valid LOCAL credentials could access and manipulate the process ID file for bin/otrs.schduler.pl from the CLI. The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an...

6.3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/09/17 12:0 a.m.•33 views

wolfssl -- leakage of private key information

Florian Weimer of Redhat discovered that an optimization in RSA signature validation can result in disclosure of the server's private key under certain fault conditions...

5.9CVSS6.3AI score0.05031EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2015/09/16 12:0 a.m.•28 views

optipng -- use-after-free vulnerability

Gustavo Grieco reports: We found a use-after-free causing an invalid/double free in optipng 0.6.4...

9.3CVSS8.7AI score0.05383EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2015/09/16 12:0 a.m.•26 views

openslp -- denial of service vulnerability

Qinghao Tang reports: The function ParseExtension in openslp 1.2.1 contains vulnerability: an attacker can cause a denial of service infinite loop via a packet with crafted "nextoffset" value and "extid" value...

4.2AI score
Exploits1References1
FreeBSD
FreeBSD
•added 2015/09/15 12:0 a.m.•37 views

qemu -- denial of service vulnerabilities in NE2000 NIC support

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the NE2000 NIC emulation support is vulnerable to an infinite loop issue. It could occur when receiving packets over the network. A privileged user inside guest could use this flaw to crash the Qemu instance resulti...

8.1AI score
Exploits0References6
FreeBSD
FreeBSD
•added 2015/09/15 12:0 a.m.•44 views

miniupnpc -- buffer overflow

Talos reports: An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigg...

6.8CVSS7.4AI score0.04783EPSS
Exploits1References2
Total number of security vulnerabilities6585