Lucene search
K
FreebsdRecent

6585 matches found

FreeBSD
FreeBSD
•added 2015/01/15 12:0 a.m.•36 views

mod_jk -- information disclosure

NIST reports: Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...

5CVSS6.1AI score0.07109EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2015/01/14 12:0 a.m.•25 views

polarssl -- Remote attack using crafted certificates

PolarSSL team reports: During the parsing of a ASN.1 sequence, a pointer in the linked list of asn1sequence is not initialized by asn1getsequenceof. In case an error occurs during parsing of the list, a situation is created where the uninitialized pointer is passed to polarsslfree. This sequence...

7.5CVSS5.9AI score0.03246EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/01/13 12:0 a.m.•32 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA-2015-01 Miscellaneous memory safety hazards rv:35.0 / rv:31.4 MFSA-2015-02 Uninitialized memory use during bitmap rendering MFSA-2015-03 sendBeacon requests lack an Origin header MFSA-2015-04 Cookie injection through Proxy Authenticate responses MFSA-2015-05 Read...

7.5CVSS9.9AI score0.65657EPSS
Exploits4References10
FreeBSD
FreeBSD
•added 2015/01/13 12:0 a.m.•16 views

sympa -- Remote attackers can read arbitrary files

The Sympa Project reports: The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors...

5CVSS6.6AI score0.02436EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/13 12:0 a.m.•32 views

Adobe Flash Player -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system...

10CVSS6.6AI score0.08742EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/13 12:0 a.m.•41 views

django -- multiple vulnerabilities

The Django project reports: Today the Django team is issuing multiple releases -- Django 1.4.18, Django 1.6.10, and Django 1.7.3 -- as part of our security process. These releases are now available on PyPI and our download page. These releases address several security issues. We encourage all use...

6.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/12 12:0 a.m.•34 views

chicken -- buffer overrun in substring-index[-ci]

chicken developer Moritz Heidkamp reports: The substring-index-ci procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument. As a work-around you can switch to SRFI 13's string-contains procedure which...

7.5CVSS8.7AI score0.0147EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/01/12 12:0 a.m.•39 views

rest-client -- plaintext password disclosure

The open sourced vulnerability database reports: REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information...

2.1CVSS9.2AI score0.00373EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/01/12 12:0 a.m.•41 views

asterisk -- Mitigation for libcURL HTTP request injection vulnerability

The Asterisk project reports: CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its funccurl.so module the CURL dialplan function, as well as its resconfigcurl.so cURL realtime backend modules. Since Asterisk may be configured to allow for...

4.3CVSS9.1AI score0.0681EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/10 12:0 a.m.•25 views

privoxy -- multiple vulnerabilities

Privoxy Developers reports: Fixed a memory leak when rejecting client connections due to the socket limit being reached CID 66382. This affected Privoxy 3.0.21 when compiled with IPv6 support on most platforms this is the default. Fixed an immediate-use-after-free bug CID 66394 and two additional...

7.5CVSS6.4AI score0.02427EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/01/09 12:0 a.m.•27 views

kde-runtime -- incorrect CBC encryption handling

Valentin Rusu reports: Until KDE Applications 14.12.0, kwalletd incorrectly handled CBC encryption blocks when encrypting secrets in kwl files. The secrets were still encrypted, but the result binary data corresponded to an ECB encrypted block instead of CBC. The ECB encryption algorithm, even if...

5CVSS6.3AI score0.02147EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2015/01/08 12:0 a.m.•43 views

rabbitmq -- Security issues in management plugin

The RabbitMQ project reports: Some user-controllable content was not properly HTML-escaped before being presented to a user in the management web UI: When a user unqueued a message from the management UI, message details header names, arguments, etc. were displayed unescaped. An attacker could...

3.5CVSS7AI score0.01152EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/01/08 12:0 a.m.•58 views

LibreSSL -- DTLS vulnerability

OpenSSL Security Advisory: A memory leak can occur in the dtls1bufferrecord function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Deni...

5CVSS7.4AI score0.59319EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/08 12:0 a.m.•63 views

OpenSSL -- multiple vulnerabilities

OpenSSL project reports: DTLS segmentation fault in dtls1getrecord CVE-2014-3571 DTLS memory leak in dtls1bufferrecord CVE-2015-0206 no-ssl3 configuration sets method to NULL CVE-2014-3569 ECDHE silently downgrades to ECDH Client CVE-2014-3572 RSA silently downgrades to EXPORTRSA Client...

5CVSS6.7AI score0.98685EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/07 12:0 a.m.•26 views

Dulwich -- Remote code execution

MITRE reports: Buffer overflow in the C implementation of the applydelta function in pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file...

7.5CVSS7.4AI score0.03375EPSS
Exploits0
FreeBSD
FreeBSD
•added 2015/01/07 12:0 a.m.•31 views

WebKit-gtk -- Multiple vulnerabilities

Webkit release team reports: This release fixes the following security issues: CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390...

6.8CVSS7.9AI score0.02762EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/06 12:0 a.m.•23 views

asterisk -- File descriptor leak when incompatible codecs are offered

The Asterisk project reports: Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP por...

3.5CVSS6.4AI score0.0303EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/01/05 12:0 a.m.•25 views

p7zip -- directory traversal vulnerability

Alexander Cherepanov reports: 7z and 7zr is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directo...

5.8CVSS6.3AI score0.03291EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2015/01/05 12:0 a.m.•30 views

libevent -- integer overflow in evbuffers

Debian Security Team reports: Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this fla...

7.5CVSS6.8AI score0.02084EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/12/25 12:0 a.m.•37 views

cURL -- URL request injection vulnerability

cURL reports: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP...

4.3CVSS8.9AI score0.0681EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/12/23 12:0 a.m.•13 views

png -- heap overflow for 32-bit builds

32-bit builds of PNG library are vulnerable to an unsigned integer overflow that is triggered by a crafted wide interlaced images. Overflow results in a heap corruption that will crash the application and may lead to the controlled overwrite of a selected portions of process address space...

2AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2014/12/19 12:0 a.m.•37 views

ffmpeg -- use-after-free

NVD reports: Use-after-free vulnerability in the ffh264freetables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element tha...

6.8CVSS8.6AI score0.02568EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2014/12/19 12:0 a.m.•38 views

git -- Arbitrary command execution on case-insensitive filesystems

The Git Project reports: When using a case-insensitive filesystem an attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. If you are a hosting...

9.8CVSS9.3AI score0.63178EPSS
Exploits5References2
FreeBSD
FreeBSD
•added 2014/12/19 12:0 a.m.•54 views

ntp -- multiple vulnerabilities

CERT reports: The Network Time Protocol NTP provides networked systems with a way to synchronize time for various services and applications. ntpd version 4.2.7 and previous versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed. ntp-keygen prior...

7.5CVSS7.8AI score0.7809EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2014/12/16 12:0 a.m.•43 views

file -- multiple vulnerabilities

RedHat reports: Thomas Jarosch of Intra2net AG reported a number of denial of service issues resource consumption in the ELF parser used by file1. These issues were fixed in the 5.21 release of file1, but by mistake are missing from the changelog...

5CVSS7.5AI score0.14013EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/12/16 12:0 a.m.•30 views

otrs -- Incomplete Access Control

The OTRS project reports: An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured...

6CVSS6.4AI score0.01778EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/12/13 12:0 a.m.•26 views

subversion -- DoS vulnerabilities

Subversion Project reports: Subversion's moddavsvn Apache HTTPD server module will crash when it receives a REPORT request for some invalid formatted special URIs. Subversion's moddavsvn Apache HTTPD server module will crash when it receives a request for some invalid formatted special URIs. We...

5CVSS9.1AI score0.1067EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2014/12/11 12:0 a.m.•27 views

libmspack -- frame_end overflow which could cause infinite loop

There is a denial of service vulnerability in libmspack. The libmspack code is built into cabextract, so it is also vulnerable. MITRE reports: Integer overflow in the qtmddecompress function in libmspack 0.4 allows remote attackers to cause a denial of service hang via a crafted CAB file, which...

5CVSS5.9AI score0.02817EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2014/12/10 12:0 a.m.•41 views

jasper -- multiple vulnerabilities

oCERT reports: The library is affected by a double-free vulnerability in function jasiccattrvaldestroy as well as a heap-based buffer overflow in function jp2decode. A specially crafted jp2 file can be used to trigger the vulnerabilities. oCERT reports: The library is affected by an off-by-one...

7.5CVSS7.7AI score0.18501EPSS
Exploits0References9
FreeBSD
FreeBSD
•added 2014/12/10 12:0 a.m.•33 views

FreeBSD -- Buffer overflow in stdio

Problem Description: A programming error in the standard I/O library's sflush function could erroneously adjust the buffered stream's internal state even when no write actually occurred in the case when write2 system call returns an error. Impact: The accounting mismatch would accumulate, if the...

6.9CVSS6.7AI score0.00488EPSS
Exploits0
FreeBSD
FreeBSD
•added 2014/12/09 12:0 a.m.•40 views

GNU binutils -- multiple vulnerabilities

US-CERT/NIST reports: The bfdXXiswapaouthdrin function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service out-of-bounds write and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE...

7.5CVSS9.3AI score0.06202EPSS
Exploits3References3
FreeBSD
FreeBSD
•added 2014/12/09 12:0 a.m.•36 views

xserver -- multiple issue with X client request handling

Alan Coopersmith reports: Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way the X server code base handles requests from X clients, and has worked with X.Org's security team to analyze, confirm, and fix these issues. The vulnerabilities cou...

6.5CVSS7.3AI score0.05192EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/12/08 12:0 a.m.•39 views

bind -- denial of service vulnerability

ISC reports: We have today posted updated versions of 9.9.6 and 9.10.1 to address a significant security vulnerability in DNS resolution. The flaw was discovered by Florian Maury of ANSSI, and applies to any recursive resolver that does not support a limit on the number of recursions...

7.8CVSS8.4AI score0.65683EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/12/08 12:0 a.m.•34 views

unbound -- can be tricked into following an endless series of delegations, this consumes a lot of resources

Unbound developer reports: The resolver can be tricked into following an endless series of delegations, this consumes a lot of resources...

4.3CVSS6.4AI score0.25205EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/12/07 12:0 a.m.•31 views

freetype -- Out of bounds stack-based read/write

Werner LEMBERG reports: The fix for CVE-2014-2240 was not 100% complete to fix the issue from the CVE completly...

7.5CVSS6.5AI score0.06275EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2014/12/04 12:0 a.m.•22 views

libzmq4 -- V3 protocol handler vulnerable to downgrade attacks

Pieter Hintjens reports: It is easy to bypass the security mechanism in 4.1.0 and 4.0.5 by sending a ZMTP v2 or earlier header. The library accepts such connections without applying its security mechanism...

4.3CVSS6.4AI score0.02529EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2014/12/03 12:0 a.m.•30 views

unzip -- input sanitization errors

oCERT reports: The UnZip tool is an open source extraction utility for archives compressed in the zip format. The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification, the testcompreb and the getZip64Data functions. The input errors may result in...

7.8CVSS8.2AI score0.07448EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2014/12/03 12:0 a.m.•48 views

phpMyAdmin -- XSS and DoS vulnerabilities

The phpMyAdmin development team reports: DoS vulnerability with long passwords. With very long passwords it was possible to initiate a denial of service attack on phpMyAdmin. We consider this vulnerability to be serious. This vulnerability can be mitigated by configuring throttling in the...

5CVSS8.5AI score0.11055EPSS
Exploits4References2
FreeBSD
FreeBSD
•added 2014/12/03 12:0 a.m.•36 views

NVIDIA UNIX driver -- remote denial of service or arbitrary code execution

NVIDIA Unix security team reports: The GLX indirect rendering support supplied on NVIDIA products is subject to the recently disclosed X.Org vulnerabilities CVE-2014-8093, CVE-2014-8098 as well as internally identified vulnerabilities CVE-2014-8298. Depending on how it is configured, the X server...

7.5CVSS7.7AI score0.05192EPSS
Exploits0
FreeBSD
FreeBSD
•added 2014/12/01 12:0 a.m.•45 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer...

7.5CVSS6.3AI score0.04052EPSS
Exploits4References9
FreeBSD
FreeBSD
•added 2014/12/01 12:0 a.m.•28 views

OpenVPN -- denial of service security vulnerability

The OpenVPN project reports: In late November 2014 Dragana Damjanovic notified OpenVPN developers of a critical denial of service security vulnerability CVE-2014-8104. The vulnerability allows an tls-authenticated client to crash the server by sending a too-short control channel packet to the...

6.8CVSS6.4AI score0.03478EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/11/26 12:0 a.m.•40 views

mutt -- denial of service via crafted mail message

NVD reports: The writeoneheader function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service crash via a header with an empty body, which triggers a heap-based buffer overflow in the muttsubstrdup...

5CVSS9.2AI score0.09694EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2014/11/25 12:0 a.m.•30 views

flac -- Multiple vulnerabilities

Erik de Castro Lopo reports: Google Security Team member, Michele Spagnuolo, recently found two potential problems in the FLAC code base. They are: CVE-2014-9028: Heap buffer write overflow. CVE-2014-8962: Heap buffer read overflow...

7.5CVSS6.7AI score0.0986EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2014/11/25 12:0 a.m.•46 views

wordpress -- multiple vulnerabilities

MITRE reports: wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message. wp-includes/http.php in WordPress before 3.7.5, 3.8...

6.8CVSS6.9AI score0.82702EPSS
Exploits7
FreeBSD
FreeBSD
•added 2014/11/24 12:0 a.m.•84 views

Python -- HTTP Header Injection in Python urllib

Guido Vranken reports: HTTP header injection in urrlib2/urllib/httplib/http.client with newlines in header values, where newlines have a semantic consequence of denoting the start of an additional header line...

6.1CVSS1AI score0.09887EPSS
Exploits3References3
FreeBSD
FreeBSD
•added 2014/11/24 12:0 a.m.•13 views

graphviz -- format string vulnerability

Joshua Rogers reports: A format string vulnerability has been found in graphviz'...

3.1AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2014/11/23 12:0 a.m.•58 views

cacti -- multiple security vulnerabilities

The Cacti Group, Inc. reports: Important Security Fixes CVE-2013-5588 - XSS issue via installer or device editing CVE-2013-5589 - SQL injection vulnerability in device editing CVE-2014-2326 - XSS issue via CDEF editing CVE-2014-2327 - Cross-site request forgery CSRF vulnerability CVE-2014-2328 -...

7.5CVSS9.6AI score0.03543EPSS
Exploits7References2
FreeBSD
FreeBSD
•added 2014/11/21 12:0 a.m.•35 views

asterisk -- Multiple vulnerabilities

The Asterisk project reports: AST-2014-012 - Mixed IP address families in access control lists may permit unwanted traffic. AST-2014-018 - AMI permission escalation through DB dialplan function...

9CVSS6.6AI score0.03575EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2014/11/21 12:0 a.m.•39 views

asterisk -- Multiple vulnerabilities

The Asterisk project reports: AST-2014-014 - High call load may result in hung channels in ConfBridge. AST-2014-017 - Permission escalation through ConfBridge actions/dialplan functions...

6.5CVSS6.7AI score0.02357EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2014/11/20 12:0 a.m.•38 views

phpMyAdmin -- XSS and information disclosure vulnerabilities

The phpMyAdmin development team reports: With a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page. With a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoom search pages. With a crafted value for font siz...

6.5CVSS6AI score0.02725EPSS
Exploits3References4
Total number of security vulnerabilities6585