Lucene search
K
FreebsdRecent

6583 matches found

FreeBSD
FreeBSD
•added 2013/03/04 12:0 a.m.•39 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 176882 High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva. 176252 High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to "chromium.khalil". 172926 172331 High CVE-2013-0904: Memory corruption in Web Audio. Credit to...

7.5CVSS0.8AI score0.01336EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2013/03/04 12:0 a.m.•34 views

php5 -- Multiple vulnerabilities

The PHP development team reports: PHP does not validate the relationship between the soap.wsdlcachedir directive and the openbasedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. The...

6.7AI score
Exploits0
FreeBSD
FreeBSD
•added 2013/03/04 12:0 a.m.•31 views

perl -- denial of service via algorithmic complexity attack on hashing routines

Perl developers report: In order to prevent an algorithmic complexity attack against its hashing mechanism, perl will sometimes recalculate keys and redistribute the contents of a hash. This mechanism has made perl robust against attacks that have been demonstrated against other systems. Research...

7.5CVSS6.4AI score0.03577EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/03/03 12:0 a.m.•42 views

stunnel -- Remote Code Execution

Michal Trojnara reports: 64-bit versions of stunnel with the following conditions: NTLM authentication enabled CONNECT protocol negotiation enabled Configured in SSL client mode An attacker that can either control the proxy server specified in the "connect" option or execute MITM attacks on the T...

6.6CVSS7.5AI score0.02932EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/27 12:0 a.m.•64 views

sudo -- Authentication bypass when clock is reset

Todd Miller reports: The flaw may allow someone with physical access to a machine that is not password-protected to run sudo commands without knowing the logged in user's password. On systems where sudo is the principal way of running commands as root, such as on Ubuntu and Mac OS X, there is a...

6.9CVSS7.8AI score0.03176EPSS
Exploits8References1
FreeBSD
FreeBSD
•added 2013/02/27 12:0 a.m.•39 views

net/openafs -- buffer overflow

Nickolai Zeldovich reports: An attacker with the ability to manipulate AFS directory ACLs may crash the fileserver hosting that volume. In addition, once a corrupt ACL is placed on a fileserver, its existence may crash client utilities manipulating ACLs on that server...

6.5CVSS6.3AI score0.03383EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/27 12:0 a.m.•37 views

sudo -- Potential bypass of tty_tickets constraints

Todd Miller reports: A potentially malicious program run by a user with sudo access may be able to bypass the "ttyticket" constraints. In order for this to succeed there must exist on the machine a terminal device that the user has previously authenticated themselves on via sudo within the last...

4.4CVSS7.8AI score0.00374EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/26 12:0 a.m.•32 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.11094EPSS
Exploits1
FreeBSD
FreeBSD
•added 2013/02/24 12:0 a.m.•21 views

rubygem-ruby_parser -- insecure tmp file usage

Michael Scherer reports: This is a relatively minor tmp file usage issue...

2.1CVSS6.4AI score0.00343EPSS
Exploits1
FreeBSD
FreeBSD
•added 2013/02/22 12:0 a.m.•8 views

ruby -- DoS vulnerability in REXML

Ruby developers report: Unrestricted entity expansion can lead to a DoS vulnerability in REXML. The CVE identifier will be assigned later. We strongly recommend to upgrade ruby. When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string...

2.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/21 12:0 a.m.•36 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 172243 High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG. 171951 High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva. 167069 Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte...

7.5CVSS0.0225EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/21 12:0 a.m.•40 views

django -- multiple vulnerabilities

The Django Project reports: These security releases fix four issues: one potential phishing vector, one denial-of-service vector, an information leakage issue, and a range of XML vulnerabilities. Host header poisoning an attacker could cause Django to generate and display URLs that link to...

5CVSS9.2AI score0.04863EPSS
Exploits1
FreeBSD
FreeBSD
•added 2013/02/21 12:0 a.m.•69 views

libxml2 -- cpu consumption Dos

Kurt Seifried reports: libxml2 is affected by the expansion of internal entities which can be used to consume resources and external entities which can cause a denial of service against other services, be used to port scan, etc...

6.8CVSS8.5AI score0.03609EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2013/02/21 12:0 a.m.•38 views

krb5 -- null pointer dereference in the KDC PKINIT code [CVE-2013-1415]

No advisory has been released yet. Fix a null pointer dereference in the KDC PKINIT code CVE-2013-1415...

5CVSS6.6AI score0.04211EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/21 12:0 a.m.•45 views

texproc/expat2 -- billion laugh attack

Kurt Seifried reports: So here are the CVE's for the two big ones, libxml2 and expat. Both are affected by the expansion of internal entities which can be used to consume resources and external entities which can cause a denial of service against other services, be used to port scan, etc.. A...

6.8CVSS3.2AI score0.19433EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2013/02/20 12:0 a.m.•34 views

drupal7 -- Denial of service

Drupal Security Team reports: Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effec...

5CVSS6.3AI score0.01848EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/19 12:0 a.m.•33 views

FreeBSD -- BIND remote DoS with deliberately crafted DNS64 query

Problem description: Due to a software defect a crafted query can cause named8 to crash with an assertion failure...

7.8CVSS8.4AI score0.10896EPSS
Exploits1
FreeBSD
FreeBSD
•added 2013/02/19 12:0 a.m.•47 views

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: Cross-Site Scripting When viewing a single bug report, which is the default, the bug ID is validated and rejected if it is invalid. But when viewing several bug reports at once, which is specified by the format=multiple parameter, invalid bug IDs can go throu...

5CVSS6.7AI score0.01657EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2013/02/19 12:0 a.m.•43 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-21 Miscellaneous memory safety hazards rv:19.0 / rv:17.0.3 MFSA 2013-22 Out-of-bounds read in image rendering MFSA 2013-23 Wrapped WebIDL objects can be wrapped again MFSA 2013-24 Web content bypass of COW and SOW security wrappers MFSA 2013-25 Privacy leak ...

9.3CVSS10AI score0.04731EPSS
Exploits2References9
FreeBSD
FreeBSD
•added 2013/02/19 12:0 a.m.•46 views

FreeBSD -- glob(3) related resource exhaustion

Problem description: GLOBLIMIT is supposed to limit the number of paths to prevent against memory or CPU attacks. The implementation however is insufficient...

7.8CVSS6.5AI score0.32357EPSS
Exploits10
FreeBSD
FreeBSD
•added 2013/02/19 12:0 a.m.•19 views

rubygem-dragonfly -- arbitrary code execution

Mark Evans reports: Unfortnately there is a security vulnerability in Dragonfly when used with Rails which would potentially allow an attacker to run arbitrary code on a host machine using carefully crafted requests...

7.5CVSS6.8AI score0.03713EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/02/18 12:0 a.m.•28 views

nss-pam-ldapd -- file descriptor buffer overflow

Garth Mollett reports: A file descriptor overflow issue in the use of FDSET in nss-pam-ldapd can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary cod...

6.8CVSS7.2AI score0.03582EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/02/16 12:0 a.m.•12 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory reports: This advisory announces multiple security vulnerabilities that were found in Jenkins core. One of the vulnerabilities allows cross-site request forgery CSRF attacks on Jenkins master, which causes an user to make unwanted actions on Jenkins. Another vulnerabilit...

2.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/15 12:0 a.m.•23 views

dbus-glib -- privledge escalation

Sebastian Krahmer reports: A privilege escalation flaw was found in the way dbus-glib, the D-Bus add-on library to integrate the standard D-Bus library with the GLib thread abstraction and main loop, performed filtering of the message sender message source subject, when the NameOwnerChanged signa...

7.2CVSS6.5AI score0.0109EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2013/02/13 12:0 a.m.•30 views

libpurple -- multiple vulnerabilities

Pidgin reports: libpurple Fix a crash when receiving UPnP responses with abnormally long values. MXit Fix two bugs where a remote MXit user could possibly specify a local file path to be written to. Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted da...

6.8CVSS6.9AI score0.03121EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2013/02/11 12:0 a.m.•44 views

Ruby Activemodel Gem -- Circumvention of attr_protected

Aaron Patterson reports: The attrprotected method allows developers to specify a blacklist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected. All use...

4.3CVSS6.3AI score0.0246EPSS
Exploits1
FreeBSD
FreeBSD
•added 2013/02/11 12:0 a.m.•54 views

Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON

Aaron Patterson reports: When parsing certain JSON documents, the JSON gem can be coerced in to creating Ruby symbols in a target system. Since Ruby symbols are not garbage collected, this can result in a denial of service attack. The same technique can be used to create objects in a target syste...

7.5CVSS7.6AI score0.13911EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/02/08 12:0 a.m.•33 views

Ruby Rack Gem -- Multiple Issues

Rack developers report: Today we are proud to announce the release of Rack 1.4.5. Fix CVE-2013-0263, timing attack against Rack::Session::Cookie Fix CVE-2013-0262, symlink path traversal in Rack::File...

5.1CVSS6.4AI score0.05281EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/02/07 12:0 a.m.•36 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

9.3CVSS6.5AI score0.77597EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2013/02/06 12:0 a.m.•39 views

piwigo -- CSRF/Path Traversal

High-Tech Bridge Security Research Lab reports: The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote...

6.6AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2013/02/06 12:0 a.m.•34 views

Ruby -- XSS exploit of RDoc documentation generated by rdoc

Ruby developers report: RDoc documentation generated by rdoc bundled with ruby are vulnerable to an XSS exploit. All ruby users are recommended to update ruby to newer version which includes security-fixed RDoc. If you are publishing RDoc documentation generated by rdoc, you are recommended to...

4.3CVSS5.6AI score0.03622EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/02/05 12:0 a.m.•47 views

OpenSSL -- TLS 1.1, 1.2 denial of service

OpenSSL security team reports: A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack...

5CVSS6.9AI score0.39593EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2013/01/31 12:0 a.m.•27 views

firebird -- Remote Stack Buffer Overflow

Firebird Project reports: The FirebirdSQL server is vulnerable to a stack buffer overflow that can be triggered when an unauthenticated user sends a specially crafted packet. The result can lead to remote code execution as the user which runs the FirebirdSQL server...

6.8CVSS6.8AI score0.42166EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2013/01/30 12:0 a.m.•18 views

opera -- execution of arbitrary code

Opera reports: Particular DOM event manipulations can cause Opera to crash. In some cases, this crash might occur in a way that allows execution of arbitrary code. To inject code, additional techniques would have to be employed...

1.4AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2013/01/26 12:0 a.m.•23 views

tinc -- Buffer overflow

tinc-vpn.org reports: Drop packets forwarded via TCP if they are too big...

6.5CVSS6.5AI score0.60679EPSS
Exploits4
FreeBSD
FreeBSD
•added 2013/01/24 12:0 a.m.•54 views

wordpress -- multiple vulnerabilities

Wordpress reports: WordPress 3.5.1 also addresses the following security issues: A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress...

6.4CVSS6AI score0.28857EPSS
Exploits3
FreeBSD
FreeBSD
•added 2013/01/22 12:0 a.m.•27 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 151008 High CVE-2013-0839: Use-after-free in canvas font handling. Credit to Atte Kettunen of OUSPG. 170532 Medium CVE-2013-0840: Missing URL validation when opening new windows. 169770 High CVE-2013-0841: Unchecked array index in content blocking. Credit to Google...

10CVSS0.8AI score0.01095EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/01/16 12:0 a.m.•9 views

drupal -- multiple vulnerabilities

Drupal Security Team reports: Cross-site scripting Various core and contributed modules Access bypass Book module printer friendly version Access bypass Image module...

2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2013/01/15 12:0 a.m.•21 views

pyrad -- multiple vulnerabilities

Nathaniel McCallum reports: packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. The CreateID function in packet.py in pyrad before 2.1 uses...

5.9CVSS5AI score0.02833EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2013/01/10 12:0 a.m.•29 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 162494 High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. 165622 High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. 165864 High CVE-2012-5147:...

7.5CVSS9.2AI score0.02017EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/01/10 12:0 a.m.•41 views

java 7.x -- security manager bypass

US CERT reports: Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The Java JRE plug-in provides its own Security Manager. Typically, a web applet runs with a security manager...

10CVSS9.2AI score0.97612EPSS
Exploits38References2
FreeBSD
FreeBSD
•added 2013/01/08 12:0 a.m.•54 views

rubygem-rails -- multiple vulnerabilities

Ruby on Rails team reports: Two high-risk vulnerabilities have been discovered: CVE-2013-0155 There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. Due to the way Active Record interprets parameters in combination with the way that JSON parameters are...

7.5CVSS8.7AI score0.99449EPSS
Exploits22References3
FreeBSD
FreeBSD
•added 2013/01/08 12:0 a.m.•54 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-01 Miscellaneous memory safety hazards rv:18.0/ rv:10.0.12 / rv:17.0.2 MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer MFSA 2013-03 Buffer Overflow in Canvas MFSA 2013-04 URL spoofing in addressbar during page loads MFSA...

10CVSS10.1AI score0.73364EPSS
Exploits30References21
FreeBSD
FreeBSD
•added 2013/01/07 12:0 a.m.•33 views

ettercap -- buffer overflow in target list parsing

Host target list parsing routine in ettercap 0.7.4-series prior to 0.7.4.1 and 0.7.5-series is prone to the stack-based buffer overflow that may lead to the code execution with the privileges of the ettercap process. In order to trigger this vulnerability, user or service that use ettercap should...

4.4CVSS8.8AI score0.0084EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2013/01/04 12:0 a.m.•13 views

jenkins -- HTTP access to the server to retrieve the master cryptographic key

Jenkins Security Advisory reports: This advisory announces a security vulnerability that was found in Jenkins core. An attacker can then use this master cryptographic key to mount remote code execution attack against the Jenkins master, or impersonate arbitrary users in making REST API calls. The...

3.4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2013/01/02 12:0 a.m.•27 views

asterisk -- multiple vulnerabilities

Asterisk project reports: Crashes due to large stack allocations when using TCP Denial of Service Through Exploitation of Device State Caching...

5CVSS6.4AI score0.03032EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2013/01/02 12:0 a.m.•42 views

rubygem-rails -- SQL injection vulnerability

Ruby on Rails team reports: There is a SQL injection vulnerability in Active Record in ALL versions. Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject...

3.1AI score
Exploits2References1
FreeBSD
FreeBSD
•added 2012/12/31 12:0 a.m.•22 views

ircd-ratbox and charybdis -- remote DoS vulnerability

atheme.org reports: All versions of Charybdis are vulnerable to a remotely-triggered crash bug caused by code originating from ircd-ratbox 2.0. Incidentally, this means all versions since ircd-ratbox 2.0 are also vulnerable...

2.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/12/29 12:0 a.m.•35 views

moinmoin -- Multiple vulnerabilities

MoinMoin developers report the following vulnerabilities as fixed in version 1.9.6: remote code execution vulnerability in twikidraw/anywikidraw action, path traversal vulnerability in AttachFile action, XSS issue, escape page name in rss link. CVE entries at MITRE furher clarify: Multiple...

6.4CVSS7AI score0.30566EPSS
Exploits8References2
FreeBSD
FreeBSD
•added 2012/12/21 12:0 a.m.•35 views

nagios -- buffer overflow in history.cgi

full disclosure reports: history.cgi is vulnerable to a buffer overflow due to the use of sprintf with user supplied data that has not been restricted in size...

7.5CVSS6.7AI score0.6645EPSS
Exploits15References2
Total number of security vulnerabilities6583