Lucene search
K
FreebsdRecent

6583 matches found

FreeBSD
FreeBSD
added 2013/12/03 12:0 a.m.57 views

rails -- multiple vulnerabilities

Rails weblog: Rails 3.2.16 and 4.0.2 have been released! These two releases contain important security fixes, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue. The security fixes in 3.2.16...

6.4CVSS6.5AI score0.207EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2013/12/03 12:0 a.m.35 views

libxml2 -- entity substitution DoS

Stefan Cornelius reports: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a...

4.3CVSS7.8AI score0.081EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2013/11/30 12:0 a.m.37 views

redis -- sensitive information leak through command history file

Redis team reports: The redis-cli history file in linenoise is created with the default OS umask value which makes it world readable in most systems and could potentially expose authentication credentials to other users...

3.3CVSS4.9AI score0.00484EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2013/11/28 12:0 a.m.40 views

lighttpd -- multiple vulnerabilities

lighttpd security advisories report: It is possible to inadvertantly enable vulnerable ciphers when using ssl.cipher-list. In certain cases setuid and similar can fail, potentially triggering lighttpd to restart running as root. If FAMMonitorDirectory fails, the memory intended to store the conte...

7.6CVSS7.6AI score0.10721EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2013/11/28 12:0 a.m.21 views

OpenTTD -- Denial of service using forcefully crashed aircrafts

The OpenTTD Team reports: The problem is caused by incorrectly handling the fact that the aircraft circling the corner airport will be outside of the bounds of the map. In the 'out of fuel' crash code the height of the tile under the aircraft is determined. In this case that means a tile outside ...

5CVSS6.5AI score0.03305EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2013/11/26 12:0 a.m.14 views

phpmyfaq -- arbitrary PHP code execution vulnerability

The phpMyFAQ team reports: Secunia noticed while analysing the advisory that authenticated users with "Right to add attachments" are able to exploit an already publicly known issue in the bundled Ajax File Manager of phpMyFAQ version 2.8.3, which leads to arbitrary PHP code execution for...

4.3AI score
Exploits0References2
FreeBSD
FreeBSD
added 2013/11/24 12:0 a.m.30 views

libyaml heap overflow resulting in possible code execution

libyaml was prone to a heap overflow that could result in arbitrary code execution. Pkg uses libyaml to parse the package manifests in some cases. Pkg also used libyaml to parse the remote repository until 1.2. RedHat Product Security Team reports on libyaml: A heap-based buffer overflow flaw was...

6.8CVSS7.5AI score0.09312EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2013/11/22 12:0 a.m.43 views

ruby -- Heap Overflow in Floating Point Parsing

Ruby developers report: Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to...

6.8CVSS7.4AI score0.34968EPSS
Exploits3References2
FreeBSD
FreeBSD
added 2013/11/21 12:0 a.m.25 views

monitorix -- serious bug in the built-in HTTP server

Monitorix Project reports: A serious bug in the built-in HTTP server. It was discovered that the handlerequest routine did not properly perform input sanitization which led into a number of security vulnerabilities. An unauthenticated, remote attacker could exploit this flaw to execute arbitrary...

2.3AI score
Exploits0References2
FreeBSD
FreeBSD
added 2013/11/20 12:0 a.m.15 views

drupal -- multiple vulnerabilities

Drupal Security Team reports: Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 Multiple vulnerabilities due to weakness in pseudorandom number...

0.6AI score
Exploits0References1
FreeBSD
FreeBSD
added 2013/11/19 12:0 a.m.64 views

nginx -- Request line parsing vulnerability

The nginx project reports: Ivan Fratric of the Google Security Team discovered a bug in nginx, which might allow an attacker to bypass security restrictions in certain configurations by using a specially crafted request, or might have potential other impact CVE-2013-4547...

7.5CVSS9.1AI score0.67718EPSS
Exploits15References1
FreeBSD
FreeBSD
added 2013/11/15 12:0 a.m.22 views

subversion -- multiple vulnerabilities

Subversion Project reports: moddontdothat does not restrict requests from serf based clients moddontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs...

3.5CVSS6.3AI score0.07858EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2013/11/14 12:0 a.m.33 views

chromium -- multiple memory corruption issues

Google Chrome Releases reports: 319117 319125 Critical CVE-2013-6632: Multiple memory corruption issues. Credit to Pinkie Pie...

9.3CVSS1.9AI score0.0609EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2013/11/12 12:0 a.m.48 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 25 security fixes in this release, including: 268565 Medium CVE-2013-6621: Use after free related to speech input elements. Credit to Khalil Zhani. 272786 High CVE-2013-6622: Use after free related to media elements. Credit to cloudfuzzer. 282925 High CVE-2013-6623...

10CVSS0.6AI score0.10117EPSS
Exploits4References1
FreeBSD
FreeBSD
added 2013/11/12 12:0 a.m.31 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.1129EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2013/11/07 12:0 a.m.14 views

OpenSSH -- Memory corruption in sshd

The OpenSSH development team reports: A memory corruption vulnerability exists in the post- authentication sshd process when an AES-GCM cipher [email protected] or [email protected] is selected during kex exchange. If exploited, this vulnerability might permit code execution with the...

2.3AI score
Exploits0References1
FreeBSD
FreeBSD
added 2013/11/01 12:0 a.m.11 views

Joomla! -- Core XSS Vulnerabilities

The JSST and the Joomla! Security Center report: 20131101 Core XSS Vulnerability Inadequate filtering leads to XSS vulnerability in comcontact. 20131102 Core XSS Vulnerability Inadequate filtering leads to XSS vulnerability in comcontact, comweblinks, comnewsfeeds. 20131103 Core XSS Vulnerability...

1.4AI score
Exploits0References3
FreeBSD
FreeBSD
added 2013/11/01 12:0 a.m.27 views

strongswan -- multiple DoS vulnerabilities

strongSwan Project reports: A DoS vulnerability triggered by crafted IKEv1 fragmentation payloads was discovered in strongSwan's IKE daemon charon. All versions since 5.0.2 are affected. A DoS vulnerability and potential authorization bypass triggered by a crafted IDDERASN1DN ID payload was...

5CVSS6.4AI score0.02985EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2013/10/30 12:0 a.m.31 views

varnish -- DoS vulnerability in Varnish HTTP cache

Varnish Cache Project reports: If Varnish receives a certain illegal request, and the subroutine 'vclerror' restarts the request, the varnishd worker process will crash with an assert. The varnishd management process will restart the worker process, but there will be a brief interruption of servi...

5CVSS6.3AI score0.0305EPSS
Exploits3References1
FreeBSD
FreeBSD
added 2013/10/29 12:0 a.m.44 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-93 Miscellaneous memory safety hazards rv:25.0 / rv:24.1 / rv:17.0.10 MFSA 2013-94 Spoofing addressbar though SELECT element MFSA 2013-95 Access violation with XSLT and uninitialized data MFSA 2013-96 Improperly initialized memory and overflows in some...

10CVSS7.3AI score0.06493EPSS
Exploits0References11
FreeBSD
FreeBSD
added 2013/10/25 12:0 a.m.30 views

gnutls -- denial of service

Salvatore Bonaccorso reports: This vulnerability affects the DANE library of gnutls 3.1.x and gnutls 3.2.x. A server that returns more 4 DANE entries could corrupt the memory of a requesting client...

5CVSS6.4AI score0.01978EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2013/10/19 12:0 a.m.12 views

node.js -- DoS Vulnerability

node.js developers report This release contains a security fix for the http server implementation, please upgrade as soon as possible...

1.4AI score
Exploits0References1
FreeBSD
FreeBSD
added 2013/10/17 12:0 a.m.30 views

pycrypto -- PRNG reseed race condition

Dwayne Litzenberger reports: In PyCrypto before v2.6.1, the Crypto.Random pseudo-random number generator PRNG exhibits a race condition that may cause it to generate the same 'random' output in multiple processes that are forked from each other. Depending on the application, this could reveal...

4.3CVSS8.9AI score0.02007EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2013/10/16 12:0 a.m.34 views

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: Cross-Site Request Forgery When a user submits changes to a bug right after another user did, a midair collision page is displayed to inform the user about changes recently made. This page contains a token which can be used to validate the changes if the user...

6.8CVSS6.2AI score0.01038EPSS
Exploits4References4
FreeBSD
FreeBSD
added 2013/10/15 12:0 a.m.40 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 5 security fixes in this release, including: 292422 High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of OUSPG. 294456 High CVE-2013-2926: Use after free in editing. Credit to cloudfuzzer. 297478 High CVE-2013-2927: Use after free in forms. Credit ...

7.5CVSS1.4AI score0.01647EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2013/10/08 12:0 a.m.34 views

xorg-server -- use-after-free

Alan Coopersmith reports: Pedro Ribeiro pedrib at gmail.com reported an issue to the X.Org security team in which an authenticated X client can cause an X server to use memory after it was freed, potentially leading to crash and/or memory corruption...

6.5CVSS6.3AI score0.04077EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2013/10/07 12:0 a.m.23 views

Quassel IRC -- SQL injection vulnerability

Quassel IRC developers report: SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ backslash in a message...

6.8CVSS8AI score0.0211EPSS
Exploits0
FreeBSD
FreeBSD
added 2013/10/05 12:0 a.m.20 views

gnupg -- possible infinite recursion in the compressed packet parser

Werner Koch reports: Special crafted input data may be used to cause a denial of service against GPG GnuPG's OpenPGP part and some other OpenPGP implementations. All systems using GPG to process incoming data are affected...

5CVSS7.4AI score0.0503EPSS
Exploits0
FreeBSD
FreeBSD
added 2013/10/04 12:0 a.m.25 views

mod_pagespeed -- critical cross-site scripting (XSS) vulnerability

modpagespeed developers report: Various versions of modpagespeed are subject to critical cross-site scripting XSS vulnerability, CVE-2013-6111. This permits a hostile third party to execute JavaScript in users' browsers in context of the domain running modpagespeed, which could permit theft of...

4.3CVSS5.7AI score0.01187EPSS
Exploits0
FreeBSD
FreeBSD
added 2013/10/01 12:0 a.m.32 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 50 security fixes in this release, including: 223962270758271161284785284786 Medium CVE-2013-2906: Races in Web Audio. Credit to Atte Kettunen of OUSPG. 260667 Medium CVE-2013-2907: Out of bounds read in Window.prototype object. Credit to Boris Zbarsky. 265221 Medi...

7.5CVSS0.7AI score0.02531EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2013/10/01 12:0 a.m.32 views

polarssl -- Timing attack against protected RSA-CRT implementation

PolarSSL Project reports: The researchers Cyril Arnaud and Pierre-Alain Fouque investigated the PolarSSL RSA implementation and discovered a bias in the implementation of the Montgomery multiplication that we used. For which they then show that it can be used to mount an attack on the RSA key...

4.3CVSS5.9AI score0.02143EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2013/09/29 12:0 a.m.31 views

mod_fcgid -- possible heap buffer overwrite

Apache Project reports: Fix possible heap buffer overwrite...

7.5CVSS6.7AI score0.13141EPSS
Exploits0
FreeBSD
FreeBSD
added 2013/09/24 12:0 a.m.30 views

ruby-gems -- Algorithmic Complexity Vulnerability

Ruby Gem developers report: The patch for CVE-2013-4363 was insufficiently verified so the combined regular expression for verifying gem version remains vulnerable following CVE-2013-4363. RubyGems validates versions with a regular expression that is vulnerable to denial of service due to...

4.3CVSS6.1AI score0.0169EPSS
Exploits0
FreeBSD
FreeBSD
added 2013/09/23 12:0 a.m.20 views

py-suds -- vulnerable to symlink attacks

SUSE reports: cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/...

1.2CVSS6.1AI score0.00558EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2013/09/15 12:0 a.m.34 views

django -- denial-of-service via large passwords

The Django project reports: These releases address a denial-of-service attack against Django's authentication framework. All users of Django are encouraged to upgrade immediately...

5CVSS6.6AI score0.02661EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2013/09/11 12:0 a.m.49 views

wordpress -- multiple vulnerabilities

The wordpress development team reports: Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user. F...

7.5CVSS6.3AI score0.08749EPSS
Exploits7References1
FreeBSD
FreeBSD
added 2013/09/10 12:0 a.m.26 views

FreeBSD -- Cross-mount links between nullfs(5) mounts

Problem Description: The nullfs5 implementation of the VOPLINK9 VFS operation does not check whether the source and target of the link are both in the same nullfs instance. It is therefore possible to create a hardlink from a location in one nullfs instance to a file in another, as long as the...

3.7CVSS6.4AI score0.00294EPSS
Exploits0
FreeBSD
FreeBSD
added 2013/09/10 12:0 a.m.22 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.05759EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2013/09/10 12:0 a.m.25 views

FreeBSD -- Insufficient credential checks in network ioctl(2)

Problem Description: As is commonly the case, the IPv6 and ATM network layer ioctl request handlers are written in such a way that an unrecognized request is passed on unmodified to the link layer, which will either handle it or return an error code. Network interface drivers, however, assume tha...

6.9CVSS7.2AI score0.00376EPSS
Exploits0
FreeBSD
FreeBSD
added 2013/09/10 12:0 a.m.36 views

django -- multiple vulnerabilities

The Django project reports: These releases address a directory-traversal vulnerability in one of Django's built-in template tags. While this issue requires some fairly specific factors to be exploitable, we encourage all users of Django to upgrade promptly...

5CVSS6.3AI score0.03182EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2013/09/09 12:0 a.m.26 views

ruby-gems -- Algorithmic Complexity Vulnerability

Ruby Gem developers report: RubyGems validates versions with a regular expression that is vulnerable to denial of service due to backtracking. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption...

4.3CVSS6.1AI score0.03343EPSS
Exploits0
FreeBSD
FreeBSD
added 2013/08/30 12:0 a.m.46 views

svnserve is vulnerable to a local privilege escalation vulnerability via symlink attack.

Subversion Project reports: svnserve takes a --pid-file option which creates a file containing the process id it is running as. It does not take steps to ensure that the file it has been directed at is not a symlink. If the pid file is in a directory writeable by unprivileged users, the destinati...

3.3CVSS6.3AI score0.00688EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2013/08/27 12:0 a.m.24 views

asterisk -- multiple vulnerabilities

The Asterisk project reports: Remote Crash From Late Arriving SIP ACK With SDP Remote Crash when Invalid SDP is sent in SIP Request...

5CVSS6.5AI score0.11653EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2013/08/22 12:0 a.m.23 views

FreeBSD -- Kernel memory disclosure in sctp(4)

Problem Description: When initializing the SCTP state cookie being sent in INIT-ACK chunks, a buffer allocated from the kernel stack is not completely initialized. Impact: Fragments of kernel memory may be included in SCTP packets and transmitted over the network. For each SCTP session, there are...

7.8CVSS8.8AI score0.02511EPSS
Exploits0
FreeBSD
FreeBSD
added 2013/08/22 12:0 a.m.30 views

FreeBSD -- integer overflow in IP_MSFILTER

Problem Description: An integer overflow in computing the size of a temporary buffer can result in a buffer which is too small for the requested operation. Impact: An unprivileged process can read or write pages of memory which belong to the kernel. These may lead to exposure of sensitive...

7.2CVSS6.7AI score0.00412EPSS
Exploits0
FreeBSD
FreeBSD
added 2013/08/21 12:0 a.m.59 views

py-graphite-web -- Multiple vulnerabilities

Graphite developers report: This release contains several security fixes for cross-site scripting XSS as well as a fix for a remote-execution exploit in graphite-web CVE-2013-5903...

6.8CVSS6AI score0.38668EPSS
Exploits5References1
FreeBSD
FreeBSD
added 2013/08/21 12:0 a.m.27 views

ansible -- local symlink exploits

MITRE reports: runner/connectionplugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/. lib/ansible/playbook/init.py in Ansible 1.2.x before 1.2.3, when playbook does no...

3.3CVSS7.3AI score0.00339EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2013/08/20 12:0 a.m.27 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 25 security fixes in this release, including: 181617 High CVE-2013-2900: Incomplete path sanitization in file handling. Credit to Krystian Bigaj. 254159 Low CVE-2013-2905: Information leak via overly broad permissions on shared memory files. Credit to Christian...

7.5CVSS1.8AI score0.01627EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2013/08/20 12:0 a.m.40 views

gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav

Bundled version of libav in gstreamer-ffmpeg contains a number of vulnerabilities...

10CVSS9.3AI score0.06597EPSS
Exploits3References1
FreeBSD
FreeBSD
added 2013/08/17 12:0 a.m.37 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-76 Miscellaneous memory safety hazards rv:24.0 / rv:17.0.9 MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-80...

10CVSS7.5AI score0.08894EPSS
Exploits4References18
Total number of security vulnerabilities6583