Lucene search
K
FreebsdRecent

6583 matches found

FreeBSD
FreeBSD
•added 2013/05/29 12:0 a.m.•26 views

passenger -- security vulnerability

The Phusion reports: A denial of service and arbitrary code execution by hijacking temp files. CVE-2013-2119...

4.6CVSS7.3AI score0.004EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/05/27 12:0 a.m.•30 views

www/mod_security -- NULL pointer dereference DoS

SecurityFocus reports: When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on every call to "forceRequestBodyVariable"...

5CVSS6.4AI score0.13719EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2013/05/27 12:0 a.m.•17 views

znc -- null pointer dereference in webadmin module

No advisory has been released yet. Fix NULL pointer dereference in webadmin...

2.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2013/05/27 12:0 a.m.•24 views

telepathy-gabble -- TLS verification bypass

Simon McVittie reports: This release fixes a man-in-the-middle attack. If you use an unencrypted connection to a "legacy Jabber" pre-XMPP server, this version of Gabble will not connect until you make one of these configuration changes: . upgrade the server software to something that supports XMP...

6.8CVSS6.2AI score0.02027EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/05/26 12:0 a.m.•27 views

socat -- FD leak

Gerhard Rieger reports: Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode...

2.6CVSS6.3AI score0.02061EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/05/23 12:0 a.m.•33 views

xorg -- protocol handling issues in X Window System client libraries

freedesktop.org reports: Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. Most ...

6.8CVSS7AI score0.03082EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/05/22 12:0 a.m.•27 views

RT -- multiple vulnerabilities

Thomas Sibley reports: We discovered a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.17 and 4.0.13 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities address...

6.8CVSS9.2AI score0.02428EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2013/05/22 12:0 a.m.•27 views

PHP5 -- Integer overflow in Calendar module

The PHP development team reports: Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service application hang via a large argument to the jdtojewish function...

5CVSS6.5AI score0.0423EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/05/22 12:0 a.m.•34 views

otrs -- information disclosure

The OTRS Project reports: An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see...

6.5CVSS6.7AI score0.01577EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/05/21 12:0 a.m.•77 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 235638 High CVE-2013-2837: Use-after-free in SVG. Credit to Slawomir Blazek. 235311 Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler. 230176 High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity. 230117 High...

7.5CVSS1.5AI score0.11999EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/05/20 12:0 a.m.•37 views

suPHP -- Privilege escalation

suPHP developer Sebastian Marsching reports: When the suPHPPHPPath was set, modsuphp would use the specified PHP executable to pretty-print PHP source files MIME type x-httpd-php-source or application/x-httpd-php-source. However, it would not sanitize the environment. Thus a user that was allowed...

0.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2013/05/14 12:0 a.m.•32 views

ruby -- Object taint bypassing in DL and Fiddle in Ruby

Ruby Developers report: There is a vulnerability in DL and Fiddle in Ruby where tainted strings can be used by system calls regardless of the $SAFE level set in Ruby. Native functions exposed to Ruby with DL or Fiddle do not check the taint values set on the objects passed in. This can result in...

6.4CVSS5.8AI score0.0251EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/05/14 12:0 a.m.•29 views

owncloud -- Multiple security vulnerabilities

The ownCloud development team reports: oC-SA-2013-019 / CVE-2013-2045: Multiple SQL Injections. Credit to Mateusz Goik aliantsoft.pl. oC-SA-2013-020 / CVE-2013-2039,2085: Multiple directory traversals. Credit to Mateusz Goik aliantsoft.pl. oC-SQ-2013-021 / CVE-2013-2040-2042: Multiple XSS...

6.5CVSS6.7AI score0.0204EPSS
Exploits0References10
FreeBSD
FreeBSD
•added 2013/05/14 12:0 a.m.•29 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.0539EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/05/14 12:0 a.m.•29 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-41 Miscellaneous memory safety hazards rv:21.0 / rv:17.0.6 MFSA 2013-42 Privileged access for content level constructor MFSA 2013-43 File input control has access to full path MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service MFSA...

10CVSS9AI score0.10893EPSS
Exploits6References10
FreeBSD
FreeBSD
•added 2013/05/10 12:0 a.m.•48 views

krb5 -- UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443]

No advisory has been released yet. schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged packet that...

5CVSS5.7AI score0.06485EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/05/08 12:0 a.m.•33 views

dropbear -- exposure of sensitive information, DoS

The Dropbear project reports: A weakness and a vulnerability have been reported in Dropbear SSH Server, which can be exploited by malicious people to disclose certain sensitive information and cause a DoS...

6.3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2013/05/07 12:0 a.m.•41 views

nginx -- multiple vulnerabilities

The nginx project reports: A stack-based buffer overflow might occur in a worker process process while handling a specially crafted request, potentially resulting in arbitrary code execution. CVE-2013-2028 A security problem related to CVE-2013-2028 was identified, affecting some previous nginx...

7.5CVSS7.4AI score0.87475EPSS
Exploits18References2
FreeBSD
FreeBSD
•added 2013/05/02 12:0 a.m.•34 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory reports: This advisory announces multiple security vulnerabilities that were found in Jenkins core. SECURITY-63 / CVE-2013-2034 This creates a cross-site request forgery CSRF vulnerability on Jenkins master, where an anonymous attacker can trick an administrator to execu...

6.8CVSS6.7AI score0.06316EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2013/04/30 12:0 a.m.•35 views

strongSwan -- ECDSA signature verification issue

strongSwan security team reports: If the openssl plugin is used for ECDSA signature verification an empty, zeroed or otherwise invalid signature is handled as a legitimate one. Both IKEv1 and IKEv2 are affected. Affected are only installations that have enabled and loaded the OpenSSL crypto backe...

4.9CVSS6.4AI score0.01585EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/04/24 12:0 a.m.•43 views

phpMyAdmin -- Multiple security vulnerabilities

The phpMyAdmin development team reports: In some PHP versions, the pregreplace function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a null byte. phpMyAdmin does not correctly sanitize an argument...

6.7AI score
Exploits0
FreeBSD
FreeBSD
•added 2013/04/24 12:0 a.m.•32 views

Joomla! -- XXS and DDoS vulnerabilities

The JSST and the Joomla! Security Center report: 20130405 - Core - XSS Vulnerability Inadequate filtering leads to XSS vulnerability in Voting plugin. 20130403 - Core - XSS Vulnerability Inadequate filtering allows possibility of XSS exploit in some circumstances. 20130402 - Core - Information...

5.5CVSS5.8AI score0.04848EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2013/04/21 12:0 a.m.•28 views

FreeBSD -- NFS remote denial of service

Insufficient input validation in the NFS server allows an attacker to cause the underlying file system to treat a regular file as a directory...

7.5CVSS6.3AI score0.0351EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/04/18 12:0 a.m.•36 views

phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page

The phpMyAdmin development team reports: When modifying a URL parameter with a crafted value it is possible to trigger an XSS. These XSS can only be triggered when a valid database is known and when a valid cookie token is used...

6.1CVSS5.9AI score0.04705EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/04/14 12:0 a.m.•13 views

sieve-connect -- TLS hostname verification was not occurring

sieve-connect developer Phil Pennock reports: sieve-connect was not actually verifying TLS certificate identities matched the expected hostname...

1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2013/04/11 12:0 a.m.•48 views

libxml2 -- lack of end-of-document check DoS

CVE MITRE reports: parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service out-of-bounds read via a document that ends abruptly, related to the lack of certain checks for the XMLPARSEREOF state...

5CVSS8.4AI score0.04733EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2013/04/09 12:0 a.m.•26 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.05967EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/04/05 12:0 a.m.•30 views

Subversion -- multiple vulnerabilities

Subversion team reports: Subversion's moddavsvn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. Subversion's moddavsvn Apache HTTPD server module will crash when a LOCK request is made against activity URLs...

5CVSS6.4AI score0.51442EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/04/04 12:0 a.m.•50 views

PostgreSQL -- anonymous remote access data corruption vulnerability

PostgreSQL project reports: The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. Al...

8.5CVSS9.2AI score0.54312EPSS
Exploits4
FreeBSD
FreeBSD
•added 2013/04/04 12:0 a.m.•12 views

opera -- moderately severe issue

Opera reports: Fixed a moderately severe issue, as reported by Attila Suszte...

1.3AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2013/04/02 12:0 a.m.•30 views

FreeBSD -- BIND remote denial of service

A flaw in a library used by BIND allows an attacker to deliberately cause excessive memory consumption by the named8 process. This affects both recursive and authoritative servers...

7.8CVSS8.4AI score0.42851EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/04/02 12:0 a.m.•49 views

FreeBSD -- OpenSSL multiple vulnerabilities

A flaw in the OpenSSL handling of OCSP response verification could be exploited to cause a denial of service attack. OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. The weakness could reveal plaintext in a timing attack...

5CVSS6.8AI score0.1965EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/04/02 12:0 a.m.•51 views

otrs -- XSS vulnerability

The OTRS Project reports: An attacker with permission to write changes, workorder items or FAQ articles could inject JavaScript code into the articles which would be executed by the browser of other users reading the article...

6.1CVSS6.8AI score0.04305EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2013/04/02 12:0 a.m.•33 views

ModSecurity -- XML External Entity Processing Vulnerability

Positive Technologies has reported a vulnerability in ModSecurity, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS Denial Of Serice. The vulnerability is caused due to an error when parsing external XML entities and can be exploited to e.g...

7.5CVSS6AI score0.04208EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2013/04/02 12:0 a.m.•51 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-30 Miscellaneous memory safety hazards rv:20.0 / rv:17.0.5 MFSA 2013-31 Out-of-bounds write in Cairo library MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service MFSA 2013-33 World read and write access to apptmp directory on Android MFSA...

10CVSS6.7AI score0.07953EPSS
Exploits1References12
FreeBSD
FreeBSD
•added 2013/04/02 12:0 a.m.•36 views

otrs -- Information disclosure and Data manipulation

The OTRS Project reports: An attacker with a valid agent login could manipulate URLs in the object linking mechanism to see titles of tickets and other objects that are not obliged to be seen. Furthermore, links to objects without permission can be placed and removed...

6.5CVSS7.3AI score0.01291EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/03/27 12:0 a.m.•33 views

roundcube -- arbitrary file disclosure vulnerability

RoundCube development team reports: After getting reports about a possible vulnerability of Roundcube which allows an attacker to modify its users preferences in a way that he/she can then read files from the server, we now published updated packages as well as patches that fix this security issu...

5CVSS6.2AI score0.02287EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/03/27 12:0 a.m.•35 views

NVIDIA UNIX driver -- ARGB cursor buffer overflow in "NoScanout" mode

NVIDIA Unix security team reports: When the NVIDIA driver for the X Window System is operated in "NoScanout" mode, and an X client installs an ARGB cursor that is larger than the expected size 64x64 or 256x256, depending on the driver version, the driver will overflow a buffer. This can cause a...

7.1CVSS7AI score0.04807EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/03/27 12:0 a.m.•30 views

asterisk -- multiple vulnerabilities

Asterisk project reports: Buffer Overflow Exploit Through SIP SDP Header Username disclosure in SIP channel driver Denial of Service in HTTP server...

7.5CVSS6.4AI score0.02621EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2013/03/26 12:0 a.m.•36 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 172342 High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG. 180909 Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team Cris Neckar. 180555 Low CVE-2013-0918: Do not navigate dev tools upon drag an...

7.5CVSS6.1AI score0.01282EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/03/19 12:0 a.m.•24 views

OpenVPN -- potential side-channel/timing attack when comparing HMACs

The OpenVPN project reports: OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function...

2.6CVSS6.7AI score0.02813EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2013/03/18 12:0 a.m.•45 views

rubygem-rails -- multiple vulnerabilities

Ruby on Rails team reports: Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible. Four vulnerabilities have been discovered and fixed: CVE-2013-1854 Symbol DoS vulnerability in Active Record CVE-2013-1855 XSS...

5.8CVSS6.3AI score0.03438EPSS
Exploits2References5
FreeBSD
FreeBSD
•added 2013/03/13 12:0 a.m.•31 views

puppet26 -- multiple vulnerabilities

Moses Mendoza reports: A vulnerability found in Puppet could allow an authenticated client to cause the master to execute arbitrary code while responding to a catalog request. Specifically, in order to exploit the vulnerability, the puppet master must be made to invoke the 'template' or...

9CVSS7.4AI score0.04927EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2013/03/13 12:0 a.m.•49 views

puppet27 and puppet -- multiple vulnerabilities

Moses Mendoza reports: A vulnerability found in Puppet could allow an authenticated client to cause the master to execute arbitrary code while responding to a catalog request. Specifically, in order to exploit the vulnerability, the puppet master must be made to invoke the 'template' or...

7.5CVSS8.5AI score0.05375EPSS
Exploits0References8
FreeBSD
FreeBSD
•added 2013/03/12 12:0 a.m.•28 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.09257EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/03/11 12:0 a.m.•35 views

dns/bind9* -- Malicious Regex Can Cause Memory Exhaustion

ISC reports: A critical defect in BIND 9 allows an attacker to cause excessive memory consumption in named or other programs linked to libdns...

7.8CVSS8.6AI score0.42851EPSS
Exploits1
FreeBSD
FreeBSD
•added 2013/03/07 12:0 a.m.•46 views

chromium -- WebKit vulnerability

Google Chrome Releases reports: 180763 High CVE-2013-0912: Type confusion in WebKit. Credit to Nils and Jon of MWR Labs...

7.5CVSS0.5AI score0.04267EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/03/07 12:0 a.m.•39 views

privoxy -- malicious server spoofing as proxy vulnerability

Privoxy Developers reports: Proxy authentication headers are removed unless the new directive enable-proxy-authentication-forwarding is used. Forwarding the headers potentially allows malicious sites to trick the user into providing them with login information. Reported by Chris John Riley...

5.8CVSS6.6AI score0.04632EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2013/03/07 12:0 a.m.•23 views

mozilla -- use-after-free in HTML Editor

The Mozilla Project reports: MFSA 2013-29 Use-after-free in HTML Editor...

9.3CVSS6.6AI score0.06398EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2013/03/06 12:0 a.m.•16 views

typo3 -- Multiple vulnerabilities in TYPO3 Core

Typo Security Team reports: Extbase Framework - Failing to sanitize user input, the Extbase database abstraction layer is susceptible to SQL Injection. TYPO3 sites which have no Extbase extensions installed are not affected. Extbase extensions are affected if they use the Query Object Model and...

0.6AI score
Exploits0References1
Total number of security vulnerabilities6583