Lucene search
K
FreebsdRecent

6583 matches found

FreeBSD
FreeBSD
•added 2012/05/15 12:0 a.m.•35 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 112983 Low CVE-2011-3083: Browser crash with video + FTP. Credit to Aki Helin of OUSPG. 113496 Low CVE-2011-3084: Load links from internal pages in their own process. Credit to Brett Wilson of the Chromium development community. 118374 Medium CVE-2011-3085: UI...

10CVSS0.7AI score0.03344EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/05/15 12:0 a.m.•14 views

mail/sympa* -- Multiple vulnerabilities in Sympa archive management

David Verdin reports: Multiple vulnerabilities have been discovered in Sympa archive management that allow to skip the scenario-based authorization mechanisms. This vulnerability allows the attacker to: display the archives management page 'arcmanage' download the list's archives delete the list'...

2.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/05/15 12:0 a.m.•34 views

libxml2 -- An off-by-one out-of-bounds write by XPointer

Google chrome team reports: An off-by-one out-of-bounds write flaw was found in the way libxml, a library for providing XML and HTML support, evaluated certain XPointer parts XPointer is used by libxml to include only the part from the returned XML document, that can be accessed using the XPath...

6.8CVSS6.9AI score0.0266EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2012/05/14 12:0 a.m.•39 views

sympa -- Multiple Security Bypass Vulnerabilities

Secunia team reports: Multiple vulnerabilities have been reported in Sympa, which can be exploited by malicious people to bypass certain security restrictions. The vulnerabilities are caused due to the application allowing access to archive functions without checking credentials. This can be...

7.5CVSS6.8AI score0.03207EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/05/14 12:0 a.m.•31 views

socat -- Heap-based buffer overflow

The socat development team reports: This vulnerability can be exploited when socat is invoked with the READLINE address this is usually only used interactively without option "prompt" and without option "noprompt" and an attacker succeeds to provide malicious data to the other arbitrary address...

6.2CVSS6.9AI score0.00455EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/05/13 12:0 a.m.•48 views

openjpeg -- Multiple vulnerabilities

Openjpeg release notes report: That CVE-2012-3535 and CVE-2012-3358 are fixed in the 1.5.1 release. That CVE-2013-4289, CVE-2013-4290, CVE-2013-1447, CVE-2013-6045, CVE-2013-6052, CVE-2013-6054, CVE-2013-6053, CVE-2013-6887, where fixed in the 1.5.2 release...

10CVSS8.4AI score0.07695EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2012/05/10 12:0 a.m.•32 views

OpenSSL -- DTLS and TLS 1.1, 1.2 denial of service

OpenSSL security team reports: A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers...

6.8CVSS8AI score0.28154EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/05/09 12:0 a.m.•34 views

PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability

High-Tech Bridge reports: Input passed via the "file" GET parameter to /pivotx/ajaxhelper.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website...

4.3CVSS7AI score0.03262EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/05/08 12:0 a.m.•64 views

php -- multiple vulnerabilities

The PHP Development Team reports: The release of PHP 5.4.13 and 5.4.3 complete a fix for the vulnerability in CGI-based setups as originally described in CVE-2012-1823. CVE-2012-2311 Note: modphp and php-fpm are not vulnerable to this attack. PHP 5.4.3 fixes a buffer overflow vulnerability in the...

9.8CVSS9.8AI score0.99998EPSS
Exploits48
FreeBSD
FreeBSD
•added 2012/05/08 12:0 a.m.•31 views

rssh -- arbitrary command execution

Derek Martin rssh maintainer reports: Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh. As far as I can tell, there is no way to effect a root compromise, except of course if the root account is th...

2.1CVSS6.4AI score0.00388EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/05/06 12:0 a.m.•34 views

libpurple -- Invalid memory dereference in the XMPP protocol plug-in by processing serie of specially-crafted file transfer requests

Pidgin reports: A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests...

3.5CVSS6.4AI score0.02195EPSS
Exploits1
FreeBSD
FreeBSD
•added 2012/05/03 12:0 a.m.•39 views

FreeBSD -- OpenSSL multiple vulnerabilities

Problem description: OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could...

9.3CVSS8.6AI score0.48298EPSS
Exploits8
FreeBSD
FreeBSD
•added 2012/05/03 12:0 a.m.•50 views

php -- vulnerability in certain CGI-based setups

php development team reports: Security Enhancements and Fixes in PHP 5.3.12: Initial fix for cgi-bin ?-s cmdarg parse issue CVE-2012-1823...

9.8CVSS9.5AI score0.99998EPSS
Exploits42
FreeBSD
FreeBSD
•added 2012/05/02 12:0 a.m.•29 views

p5-Config-IniFiles -- unsafe temporary file creation

Unsafe Temporary file creation Config::IniFiles used a predictable name for its temporary file without opening it correctly...

3.6CVSS6.5AI score0.00504EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2012/04/30 12:0 a.m.•33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 106413 High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team Marty Barbella and independent later discovery by miaubiz. 117627 Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie. 121726 Medium CVE-2011-3080: Rac...

10CVSS1AI score0.03115EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2012/04/30 12:0 a.m.•18 views

portupgrade-devel -- lack of distfile checksums

Ports security team reports: The portupgrade-devel port fetched directly from a git respository without checking against a known good SHA hash. This means that it is possible that packages built using this port may not match the one vetted by the maintainer. Users are advised to rebuild...

1.7AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2012/04/30 12:0 a.m.•44 views

samba -- incorrect permission checks vulnerability

The Samba project reports: Samba versions 3.4.x to 3.6.4 inclusive are affected by a vulnerability that allows arbitrary users to modify privileges on a file server. Security checks were incorrectly applied to the Local Security Authority LSA remote proceedure calls RPC CreateAccount, OpenAccount...

6.5CVSS6.5AI score0.04803EPSS
Exploits0
FreeBSD
FreeBSD
•added 2012/04/29 12:0 a.m.•23 views

joomla -- Privilege Escalation

Joomla! reported a Core Privilege Escalation:: Inadequate checking leads to possible user privilege escalation...

3.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/04/28 12:0 a.m.•26 views

WebCalendar -- multiple vulnerabilities

Hanno Boeck reports: Fixes are now available for various security vulnerabilities including LFI local file inclusion, XSS cross site scripting and others...

9.8CVSS8.8AI score0.79764EPSS
Exploits15References3
FreeBSD
FreeBSD
•added 2012/04/26 12:0 a.m.•38 views

net-snmp -- Remote DoS

The Red Hat Security Response Team reports: An array index error, leading to out-of heap-based buffer read flaw was found in the way the net-snmp agent performed lookups in the extension table. When certain MIB subtrees were handled by the extend directive, a remote attacker having read privilege...

3.5CVSS6.4AI score0.02167EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2012/04/24 12:0 a.m.•50 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-20 Miscellaneous memory safety hazards rv:12.0/ rv:10.0.4 MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9 MFSA 2012-22 use-after-free in IDBKeyRange MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface MFSA 2012-24 Potential XSS...

10CVSS9.8AI score0.10098EPSS
Exploits3References14
FreeBSD
FreeBSD
•added 2012/04/23 12:0 a.m.•28 views

asterisk -- multiple vulnerabilities

Asterisk project reports: Remote Crash Vulnerability in SIP Channel Driver Heap Buffer Overflow in Skinny Channel Driver Asterisk Manager User Unauthorized Shell Access...

6.5CVSS6.5AI score0.02721EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2012/04/20 12:0 a.m.•41 views

wordpress -- multiple vulnerabilities

Wordpress reports: External code has been updated to non-vulnerable versions. In addition the following bugs have been fixed: Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances. Cross-site...

10CVSS6.8AI score0.0868EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2012/04/19 12:0 a.m.•44 views

OpenSSL -- integer conversions result in memory corruption

OpenSSL security team reports: A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1d2ireadbio. Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2ibio or d2ifp, for exampl...

7.5CVSS8.7AI score0.48298EPSS
Exploits8References2
FreeBSD
FreeBSD
•added 2012/04/18 12:0 a.m.•24 views

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Unauthorized Access Due to a lack of proper validation of the X-FORWARDED-FOR header of an authentication request, an attacker could bypass the current lockout policy used for protection against...

6.8AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2012/04/17 12:0 a.m.•15 views

node -- private information disclosure

Private information disclosure An attacker can cause private information disclosure...

1.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/04/17 12:0 a.m.•56 views

Dokuwiki -- cross site scripting vulnerability

Andy Webber reports: Add User appears to be vulnerable to Cross Site Request Forgery CSRF/XSRF...

6.6AI score
Exploits0
FreeBSD
FreeBSD
•added 2012/04/17 12:0 a.m.•33 views

typo -- Cross-Site Scripting

Typo Security Team reports: Failing to properly encode the output, the default TYPO3 Exception Handler is susceptible to Cross-Site Scripting. We are not aware of a possibility to exploit this vulnerability without third party extensions being installed that put user input in exception messages...

4.3CVSS6.2AI score0.01387EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/04/14 12:0 a.m.•19 views

phpmyfaq -- Remote PHP Code Execution Vulnerability

The phpMyFAQ project reports: The bundled ImageManager library allows injection of arbitrary PHP code to execute arbitrary PHP code and upload malware and trojan horses...

5.7AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/04/13 12:0 a.m.•27 views

foswiki -- Script Insertion Vulnerability via unchecked user registration fields

Foswiki team reports: When a new user registers, the new user can add arbitrary HTML and script code into the user topic which is generated by the RegistrationAgent via standard registration fields such as "FirstName" or "OrganisationName". By design, Foswiki's normal editing features allow...

2.1CVSS6.4AI score0.01425EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/04/12 12:0 a.m.•26 views

nginx -- Buffer overflow in the ngx_http_mp4_module

The nginx project reports: Buffer overflow in the ngxhttpmp4module...

6.8CVSS6.7AI score0.09629EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/04/10 12:0 a.m.•42 views

samba -- "root" credential remote code execution

Samba development team reports: Samba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the "root" user from an anonymous connection. As this does not require an authenticated connection it is the most serious vulnerability...

10CVSS9.4AI score0.74034EPSS
Exploits9
FreeBSD
FreeBSD
•added 2012/04/05 12:0 a.m.•28 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 106577 Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz. 117583 Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov. 117698 High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz. 117728 Hig...

6.8CVSS0.3AI score0.02106EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2012/04/05 12:0 a.m.•27 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: Multiple Priority 2 vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.05896EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2012/03/29 12:0 a.m.•30 views

png -- memory corruption/possible remote code execution

The PNG project reports: libpng fails to correctly handle malloc failures for text chunks in pngsettext2, which can lead to memory corruption and the possibility of remote code execution...

6.8CVSS9.1AI score0.06593EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/03/29 12:0 a.m.•22 views

coppermine -- Multiple vulnerabilities

The Coppermine Team reports: The release covers several path disclosure vulnerabilities. If unpatched, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information...

6AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2012/03/28 12:0 a.m.•63 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 109574 Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa. 112317 Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis. 114056 Medium CVE-2011-3060: Out-of-bounds read in text fragmen...

7.5CVSS0.4AI score0.02187EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2012/03/28 12:0 a.m.•30 views

ImageMagick -- multiple vulnerabilities

ImageMagick reports: Three vulnerabilities have been identified in ImageMagick's handling of JPEG and TIFF files. With these vulnerabilities, it is possible to cause a denial of service situation in the target system...

6.5CVSS7.4AI score0.0236EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2012/03/28 12:0 a.m.•50 views

phpMyAdmin -- Path disclosure due to missing verification of file presence

The phpMyAdmin development team reports: The showconfigerrors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to possible further attacks. For the error messages to be displayed, php.ini's errorreporting must be se...

4.3CVSS6.4AI score0.02143EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/03/26 12:0 a.m.•37 views

puppet -- Multiple Vulnerabilities

Multiple vulnerabilities exist in puppet that can result in arbitrary code execution, arbitrary file read access, denial of service, and arbitrary file write access. Please review the details in each of the CVEs for additional information...

6CVSS7.1AI score0.02632EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2012/03/24 12:0 a.m.•30 views

raptor/raptor2 -- XXE in RDF/XML File Interpretation

Timothy D. Morgan reports: In December 2011, VSR identified a vulnerability in multiple open source office products including OpenOffice, LibreOffice, KOffice, and AbiWord due to unsafe interpretation of XML files with custom entity declarations. Deeper analysis revealed that the vulnerability wa...

6.5CVSS6.5AI score0.13682EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2012/03/23 12:0 a.m.•36 views

quagga -- multiple vulnerabilities

CERT reports: The ospfd implementation of OSPF in Quagga allows a remote attacker on a local network segment with OSPF enabled to cause a denial of service daemon aborts due to an assert with a malformed OSPF LS-Update message. The ospfd implementation of OSPF in Quagga allows a remote attacker o...

3.3CVSS6.3AI score0.01822EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/03/22 12:0 a.m.•31 views

Apache Traffic Server -- heap overflow vulnerability

CERT-FI reports: A heap overflow vulnerability has been found in the HTTP Hypertext Transfer Protocol protocol handling of Apache Traffic Server. The vulnerability allows an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified HTTP message t...

5CVSS7AI score0.03473EPSS
Exploits1
FreeBSD
FreeBSD
•added 2012/03/21 12:0 a.m.•39 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 113902 High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. 116162 High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project. 116461 High CVE-2011-3051: Use-after-free in CSS cross-fad...

8.8CVSS1.9AI score0.03567EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2012/03/21 12:0 a.m.•26 views

phpList -- SQL injection and XSS vulnerability

Zero Science Lab reports: Input passed via the parameter 'sortby' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The param 'num' is vulnerable to a XSS issue where the attacker ca...

6.9AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2012/03/20 12:0 a.m.•34 views

gnutls -- possible overflow/Denial of service vulnerabilities

Mu Dynamics, Inc. reports: The block cipher decryption logic in GnuTLS assumed that a record containing any data which was a multiple of the block size was valid for further decryption processing, leading to a heap corruption vulnerability...

5CVSS8.9AI score0.04202EPSS
Exploits1
FreeBSD
FreeBSD
•added 2012/03/20 12:0 a.m.•28 views

NVIDIA UNIX driver -- access to arbitrary system memory

NVIDIA Unix security team reports: Security vulnerability CVE-2012-0946 in the NVIDIA UNIX driver was disclosed to NVIDIA on March 20th, 2012. The vulnerability makes it possible for an attacker who has read and write access to the GPU device nodes to reconfigure GPUs to gain access to arbitrary...

4.6CVSS6.5AI score0.00725EPSS
Exploits0
FreeBSD
FreeBSD
•added 2012/03/20 12:0 a.m.•32 views

libtasn1 -- ASN.1 length decoding vulnerability

Mu Dynamics, Inc. reports: Various functions using the ASN.1 length decoding logic in Libtasn1 were incorrectly assuming that the return value from asn1getlengthder is always less than the length of the enclosing ASN.1 structure, which is only true for valid structures and not for intentionally...

5CVSS8.8AI score0.0446EPSS
Exploits1
FreeBSD
FreeBSD
•added 2012/03/19 12:0 a.m.•37 views

clamav -- multiple vulnerabilities

MITRE Advisories report: The TAR parser allows remote attackers to bypass malware detection via a POSIX TAR file with an initial aliases character sequence. The TAR parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR fi...

4.3CVSS6.2AI score0.99809EPSS
Exploits0
FreeBSD
FreeBSD
•added 2012/03/19 12:0 a.m.•30 views

inspircd -- buffer overflow

InspIRCd reports: InspIRCd contains a heap corruption vulnerability that exists in the dns.cpp code. The res buffer is allocated on the heap and can be overflowed. The res buffer can be exploited during its deallocation. The number of overflowed bytes can be controlled with DNS compression featur...

7.5CVSS9.4AI score0.06896EPSS
Exploits1References1
Total number of security vulnerabilities6583