Lucene search
K
FreebsdRecent

6583 matches found

FreeBSD
FreeBSD
•added 2012/12/20 12:0 a.m.•16 views

freetype -- Multiple vulnerabilities

The FreeType Project reports: Some vulnerabilities in the BDF implementation have been fixed. Users of this font format should upgrade...

3.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/12/18 12:0 a.m.•19 views

opera -- execution of arbitrary code

Opera reports: When loading GIF images into memory, Opera should allocate the correct amount of memory to store that image. Specially crafted image files can cause Opera to allocate the wrong amount of memory. Subsequent data may then overwrite unrelated memory with attacker-controlled data. This...

3.9AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2012/12/17 12:0 a.m.•28 views

squid -- denial of service

Squid developers report: Due to missing input validation Squid cachemgr.cgi tool is vulnerable to a denial of service attack when processing specially crafted requests. This problem allows any client able to reach the cachemgr.cgi to perform a denial of service attack on the service host. The...

6.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/12/11 12:0 a.m.•36 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 158204 High CVE-2012-5139: Use-after-free with visibility events. Credit to Chamal de Silva. 159429 High CVE-2012-5140: Use-after-free in URL loader. Credit to Chamal de Silva. 160456 Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation. Credit to...

10CVSS0.7AI score0.03533EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/12/11 12:0 a.m.•28 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.08308EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/12/10 12:0 a.m.•28 views

django -- multiple vulnerabilities

The Django Project reports: Host header poisoning Several earlier Django security releases focused on the issue of poisoning the HTTP Host header, causing Django to generate URLs pointing to arbitrary, potentially-malicious domains. In response to further input received and reports of continuing...

7.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/12/06 12:0 a.m.•47 views

Axis2 -- Security vulnerabilities on dependency Apache HttpClient

Apache Axis2 reports: Apache Axis2 1.7.4 is a maintenance release that includes fixes for several issues, including the following security issues: Session fixation AXIS2-4739 and XSS AXIS2-5683 vulnerabilities affecting the admin console. A dependency on an Apache HttpClient version affected by...

5.8CVSS6.5AI score0.09149EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2012/12/06 12:0 a.m.•43 views

libarchive -- multiple vulnerabilities

MITRE reports: Integer signedness error in the archivewritezipdata function in archivewritesetformatzip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service crash via unspecified vectors, which triggers an improper...

6.4CVSS7.5AI score0.0489EPSS
Exploits1References7
FreeBSD
FreeBSD
•added 2012/12/04 12:0 a.m.•17 views

django-cms -- XSS Vulnerability

Cross-site scripting XSS vulnerability Jonas Obrist reports: The security issue allows users with limited admin access to elevate their privileges through XSS injection using the pageattribute template tag. Only users with admin access and the permission to edit at least one django CMS page objec...

1.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/12/04 12:0 a.m.•74 views

tomcat -- bypass of CSRF prevention filter

The Apache Software Foundation reports: The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request...

4.3CVSS9.1AI score0.09146EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2012/12/04 12:0 a.m.•35 views

tomcat -- bypass of security constraints

The Apache Software Foundation reports: When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending "/jsecuritycheck" to the end of the URL if some other component such as the Single-Sign-On valve had called request.setUserPrincip...

4.3CVSS6.7AI score0.11975EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2012/12/04 12:0 a.m.•39 views

tomcat -- denial of service

The Apache Software Foundation reports: When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading the response an infinite loop is entered leading to a denial of service...

2.6CVSS9AI score0.07452EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2012/12/01 12:0 a.m.•42 views

mysql/mariadb/percona server -- multiple vulnerabilities

ORACLE reports: Multiple SQL injection vulnerabilities in the replication code Stack-based buffer overflow Heap-based buffer overflow...

6.5CVSS7.5AI score0.24564EPSS
Exploits7References3
FreeBSD
FreeBSD
•added 2012/11/29 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 161564 High CVE-2012-5138: Incorrect file path handling. Credit to Google Chrome Security Team Jüri Aedla. 162835 High CVE-2012-5137: Use-after-free in media source handling. Credit to Pinkie Pie...

10CVSS1.3AI score0.02507EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/11/27 12:0 a.m.•34 views

dns/bind9* -- servers using DNS64 can be crashed by a crafted query

ISC reports: BIND 9 nameservers using the DNS64 IPv6 transition mechanism are vulnerable to a software defect that allows a crafted query to crash the server with a REQUIRE assertion failure. Remote exploitation of this defect can be achieved without extensive effort, resulting in a...

7.8CVSS8.3AI score0.10896EPSS
Exploits1
FreeBSD
FreeBSD
•added 2012/11/26 12:0 a.m.•37 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 156567 High CVE-2012-5133: Use-after-free in SVG filters. Credit to miaubiz. 148638 Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG. 155711 Low CVE-2012-5132: Browser crash with chunked encoding. Credit to Attila Szász. 158249 Hi...

7.5CVSS1.4AI score0.04382EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/11/22 12:0 a.m.•30 views

FreeBSD -- Multiple Denial of Service vulnerabilities with named(8)

Problem description: The BIND daemon would crash when a query is made on a resource record with RDATA that exceeds 65535 bytes. The BIND daemon would lock up when a query is made on specific combinations of RDATA...

7.8CVSS7.6AI score0.36798EPSS
Exploits0
FreeBSD
FreeBSD
•added 2012/11/22 12:0 a.m.•31 views

FreeBSD -- Linux compatibility layer input validation error

Problem description: A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation...

7.8CVSS7.5AI score0.00419EPSS
Exploits0
FreeBSD
FreeBSD
•added 2012/11/22 12:0 a.m.•21 views

FreeBSD -- Insufficient message length validation for EAP-TLS messages

Problem description: The internal authentication server of hostapd does not sufficiently validate the message length field of EAP-TLS messages...

4.3CVSS6.7AI score0.0422EPSS
Exploits0
FreeBSD
FreeBSD
•added 2012/11/21 12:0 a.m.•51 views

upnp -- multiple vulnerabilities

Project changelog reports: This patch addresses three possible buffer overflows in function uniqueservicename.The three issues have the folowing CVE numbers: CVE-2012-5958 Issue 2: Stack buffer overflow of Tempbuf CVE-2012-5959 Issue 4: Stack buffer overflow of Event-UDN CVE-2012-5960 Issue 8:...

10CVSS7.4AI score0.82807EPSS
Exploits13
FreeBSD
FreeBSD
•added 2012/11/20 12:0 a.m.•45 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-91 Miscellaneous memory safety hazards rv:17.0/ rv:10.0.11 MFSA 2012-92 Buffer overflow while rendering GIF images MFSA 2012-93 evalInSanbox location context incorrectly applied MFSA 2012-94 Crash when combining SVG text on path with CSS MFSA 2012-95...

10CVSS10AI score0.11079EPSS
Exploits17References18
FreeBSD
FreeBSD
•added 2012/11/19 12:0 a.m.•15 views

opera -- execution of arbitrary code

Opera reports: When requesting pages using HTTP, Opera temporarily stores the response in a buffer. In some cases, Opera may incorrectly allocate too little space for a buffer, and may then store too much of the response in that buffer. This causes a buffer overflow, which in turn can lead to a...

1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/11/17 12:0 a.m.•47 views

lighttpd -- remote DoS in header parsing

Lighttpd security advisory reports: Certain Connection header values will trigger an endless loop, for example: "Connection: TE,,Keep-Alive" On receiving such value, lighttpd will enter an endless loop, detecting an empty token but not incrementing the current string position, and keep reading th...

5CVSS9AI score0.12038EPSS
Exploits7
FreeBSD
FreeBSD
•added 2012/11/15 12:0 a.m.•15 views

weechat -- Arbitrary shell command execution via scripts

Sebastien Helleu reports: Untrusted command for function hookprocess could lead to execution of commands, because of shell expansions. Workaround with a non-patched version: remove/unload all scripts calling function hookprocess for maximum safety...

4.2AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2012/11/13 12:0 a.m.•39 views

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Information Leak If the visibility of a custom field is controlled by a product or a component of a product you cannot see, their names are disclosed in the JavaScript code generated for this...

5CVSS8.6AI score0.02454EPSS
Exploits5References6
FreeBSD
FreeBSD
•added 2012/11/10 12:0 a.m.•27 views

ruby -- Hash-flooding DoS vulnerability for ruby 1.9

The official ruby site reports: Carefully crafted sequence of strings can cause a denial of service attack on the service that parses the sequence to create a Hash object by using the strings as keys. For instance, this vulnerability affects web application that parses the JSON data sent from...

5CVSS6.2AI score0.03357EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/11/09 12:0 a.m.•27 views

weechat -- Crash or freeze when decoding IRC colors in strings

Sebastien Helleu reports: A buffer overflow is causing a crash or freeze of WeeChat when decoding IRC colors in strings. Workaround for a non-patched version: /set irc.network.colorsreceive off...

7.5CVSS6.9AI score0.05543EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2012/11/08 12:0 a.m.•25 views

typo3 -- Multiple vulnerabilities in TYPO3 Core

Typo Security Team reports: TYPO3 Backend History Module - Due to missing encoding of user input, the history module is susceptible to SQL Injection and Cross-Site Scripting. A valid backend login is required to exploit this vulnerability. Credits go to Thomas Worm who discovered and reported the...

1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/11/06 12:0 a.m.•29 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 157079 Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull. Linux 64-bit only 150729 Medium CVE-2012-5120: Out-of-bounds array access in v8. Credit to Atte Kettunen of OUSPG. 143761 High CVE-2012-5116:...

7.5CVSS1AI score0.01619EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/11/06 12:0 a.m.•17 views

opera -- multiple vulnerabilities

Opera reports: CORS Cross-Origin Resource Sharing allows web pages to retrieve the contents of pages from other sites, with their permission, as they would appear for the current user. When requests are made in this way, the browser should only allow the page content to be retrieved if the target...

2.2AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2012/11/05 12:0 a.m.•33 views

tomcat -- Denial of Service

The Apache Software Foundation reports: The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...

5CVSS9AI score0.08742EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2012/11/05 12:0 a.m.•33 views

tomcat -- authentication weaknesses

The Apache Software Foundation reports: Three weaknesses in Tomcat's implementation of DIGEST authentication were identified and resolved: Tomcat tracked client rather than server nonces and nonce count. When a session ID was present, authentication was bypassed. The user name and password were n...

3AI score
Exploits1References4
FreeBSD
FreeBSD
•added 2012/11/02 12:0 a.m.•15 views

webmin -- potential XSS attack via real name field

The webmin updates site reports Module: Change Passwords; Version: 1.600; Problem: Fix for potential XSS attack via real name field; Solution: New module...

4.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/10/30 12:0 a.m.•292 views

YUI JavaScript library -- JavaScript injection exploits in Flash components

The YUI team reports: Vulnerability in YUI 2.4.0 through YUI 2.9.0 A XSS vulnerability has been discovered in some YUI 2 .swf files from versions 2.4.0 through 2.9.0. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files. If your site loa...

7.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/10/26 12:0 a.m.•36 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-90 Fixes for Location object issues...

6.4CVSS9.2AI score0.03287EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2012/10/26 12:0 a.m.•27 views

RT -- Multiple Vulnerabilities

BestPractical report: All versions of RT are vulnerable to an email header injection attack. Users with ModifySelf or AdminUser can cause RT to add arbitrary headers or content to outgoing mail. Depending on the scrips that are configured, this may be be leveraged for information leakage or...

6.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/10/25 12:0 a.m.•38 views

Exim -- remote code execution

This vulnerability affects Exim instances built with DKIM enabled this is the default for FreeBSD Exim port and running verification of DKIM signatures on the incoming mail messages. Phil Penncock reports: This is a SECURITY release, addressing a CRITICAL remote code execution flaw in versions of...

6.8CVSS6.9AI score0.08382EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/10/24 12:0 a.m.•23 views

DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust

US-CERT reports: DomainKeys Identified Mail DKIM Verifiers may inappropriately convey message trust when messages are signed using test or small bit signing keys...

4AI score
Exploits0
FreeBSD
FreeBSD
•added 2012/10/17 12:0 a.m.•30 views

django -- multiple vulnerabilities

The Django Project reports: Host header poisoning Some parts of Django -- independent of end-user-written applications -- make use of full URLs, including domain name, which are generated from the HTTP Host header. Some attacks against this are beyond Django's ability to control, and require the...

6.4CVSS5.9AI score0.03635EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/10/17 12:0 a.m.•20 views

bogofilter -- heap corruption by invalid base64 input

David Relson reports: Fix a heap corruption in base64 decoder on invalid input. Analysis and patch by Julius Plenz, FU Berlin, Germany...

7.5CVSS6.7AI score0.06259EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/10/17 12:0 a.m.•15 views

drupal7 -- multiple vulnerabilities

Drupal Security Team reports: Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original...

3.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/10/17 12:0 a.m.•37 views

xlockmore -- local exploit

Ignatios Souvatzis of NetBSD reports: Due to an error in the dclock screensaver in xlockmore, users who explicitly use this screensaver or a random mix of screensavers using something like "xlockmore -mode random" may have their screen unlocked unexpectedly at a random time...

7.5CVSS7.3AI score0.02897EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/10/16 12:0 a.m.•33 views

otrs -- XSS vulnerability

OTRS Security Advisory reports: This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while...

4.3CVSS8.3AI score0.05792EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2012/10/16 12:0 a.m.•35 views

otrs -- XSS vulnerability could lead to remote code execution

The OTRS Project reports: This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while displaying th...

4.3CVSS8.3AI score0.05792EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2012/10/12 12:0 a.m.•46 views

ruby -- Unintentional file creation caused by inserting an illegal NUL character

The official ruby site reports: A vulnerability was found that file creation routines can create unintended files by strategically inserting NULs in file paths. This vulnerability has been reported as CVE-2012-4522. Ruby can handle arbitrary binary patterns as Strings, including NUL chars. On the...

5CVSS5.9AI score0.02204EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2012/10/10 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 154983154987 Critical CVE-2012-5112: SVG use-after-free and IPC arbitrary file write. Credit to Pinkie Pie...

10CVSS1.9AI score0.04641EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/10/10 12:0 a.m.•15 views

libproxy -- stack-based buffer overflow

Tomas Hoger reports: A buffer overflow flaw was discovered in the libproxy's url::getpac used to download proxy.pac proxy auto-configuration file. A malicious host hosting proxy.pac, or a man in the middle attacker, could use this flaw to trigger a stack-based buffer overflow in an application...

10CVSS6.8AI score0.03476EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2012/10/09 12:0 a.m.•18 views

plib -- stack-based buffer overflow

CVE reports: Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file...

6.8CVSS7.6AI score0.09968EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/10/09 12:0 a.m.•30 views

gitolite -- path traversal vulnerability

Sitaram Chamarty reports: I'm sorry to say there is a potential path traversal vulnerability in v3. Thanks to Stephane Chazelas for finding it and alerting me. Can it affect you? This can only affect you if you are using wild card repos, and at least one of your patterns allows the string "../" t...

4.6CVSS6.5AI score0.02069EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/10/09 12:0 a.m.•53 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-74 Miscellaneous memory safety hazards rv:16.0/ rv:10.0.8 MFSA 2012-75 select element persistance allows for attacks MFSA 2012-76 Continued access to initial origin after setting document.domain MFSA 2012-77 Some DOMWindowUtils methods bypass security checks...

10CVSS10.2AI score0.42609EPSS
Exploits9References17
Total number of security vulnerabilities6583