FreeBSD VuXML

Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

Please report security issues to the FreeBSD Security Team at . Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.

topic index


Topic Entered
"Content-Type" XSS vulnerability affecting other webmail systems 2004-07-05
a2ps -- insecure command line argument handling 2004-10-20
a2ps -- insecure temporary file creation 2004-12-30
abiword, koffice -- stack based buffer overflow vulnerabilities 2006-02-20
acroread -- buffer overflow vulnerability 2005-07-06
acroread -- insecure temporary file creation 2005-07-06
acroread -- plug-in buffer overflow vulnerability 2005-08-16
acroread -- XML External Entity vulnerability 2005-06-18
acroread uudecoder input validation error 2004-08-12
acroread5 -- mailListIsPdf() buffer overflow vulnerability 2004-12-21
alsaplayer -- multiple vulnerabilities 2006-08-13
amaya -- Attribute Value Buffer Overflow Vulnerabilities 2006-04-27
apache -- ap_resolve_env buffer overflow 2004-09-15
apache -- apr_uri_parse IPv6 address handling vulnerability 2004-09-15
apache -- Certificate Revocation List (CRL) off-by-one vulnerability 2005-09-17
apache -- heap overflow in mod_proxy 2004-09-19
apache -- http request smuggling 2005-07-26
apache -- mod_imap cross-site scripting flaw 2006-01-01
apache -- mod_rewrite buffer overflow vulnerability 2006-07-28
apache -- multiple vulnerabilities 2008-06-24
apache -- multiple vulnerabilities 2007-09-11
Apache 1.3 IP address access control failure on some 64-bit platforms 2004-03-08
Apache 2 mod_ssl denial-of-service 2004-03-08
apache mod_include buffer overflow vulnerability 2004-11-06
Apache-SSL optional client certificate vulnerability 2004-02-10
apache13-modssl -- format string vulnerability in proxy support 2004-10-17
apache2 -- SSL remote DoS 2004-10-21
apache2 multiple space header denial-of-service vulnerability 2004-11-10
Arbitrary code execution via a format string vulnerability in jftpgw 2004-08-13
asterisk -- denial of service vulnerability, local system access 2006-04-25
asterisk -- remote heap overwrite vulnerability 2006-10-20
awstats -- arbitrary code execution vulnerability 2005-08-14
awstats -- arbitrary command execution 2005-02-16
awstats -- arbitrary command execution vulnerability 2006-05-05
awstats -- remote command execution vulnerability 2005-01-18
axel -- remote buffer overflow 2005-04-17
base -- PHP SQL injection vulnerability 2005-10-31
bidwatcher -- format string vulnerability 2005-02-18
bind -- buffer overrun vulnerability 2005-09-03
bind -- Multiple Denial of Service vulnerabilities 2007-02-27
bind8 negative cache poison attack 2003-12-12
bind9 -- denial of service 2005-09-03
bind9 -- Denial of Service in named(8) 2006-12-19
bmon -- unsafe set-user-ID application 2004-10-05
bnc -- remotely exploitable buffer overflow in getnickuserhost 2004-12-04
bogofilter -- heap corruption through excessively long words 2006-01-07
bogofilter -- heap corruption through malformed input 2006-01-07
bogofilter -- RFC 2047 decoder denial-of-service vulnerability 2004-10-26
Boundary checking errors in syscons 2004-10-04
buffer cache invalidation implementation issues 2004-05-26
Buffer overflow in INN control message handling 2004-01-08
Buffer overflow in Mutt 1.4 2004-02-12
Buffer overflow in pam_smb password handling 2003-10-25
Buffer overflow in Squid NTLM authentication helper 2004-06-09
Buffer overflows and format string bugs in Emil 2004-03-28
Buffer overflows in libmcrypt 2003-10-25
Buffer overflows in XFree86 servers 2004-02-12
bugzilla -- "createmailregexp" security bypass vulnerability 2007-09-20
bugzilla -- cross-site scripting vulnerability 2005-01-24
bugzilla -- multiple vulnerabilities 2006-11-11
bugzilla -- multiple vulnerabilities 2007-09-21
bugzilla -- multiple vulnerabilities 2005-07-08
bugzilla -- multiple vulnerabilities 2006-02-27
bzip2 -- crash with certain malformed archive files 2008-03-20
bzip2 -- denial of service and permission race vulnerabilities 2005-06-29
c-ares -- DNS Cache Poisoning Vulnerability 2007-06-09
cabextract -- insecure directory handling 2004-10-20
cacti -- ADOdb "server.php" Insecure Test Script Security Issue 2006-04-27
cacti -- Multiple security vulnerabilities have been discovered 2008-02-12
cacti -- Multiple vulnerabilities 2007-01-12
cacti -- multiple vulnerabilities 2005-07-05
cacti -- potential SQL injection and cross site scripting attacks 2005-06-21
cacti -- SQL injection 2004-10-17
CCE contains exploitable buffer overflows 2004-02-12
cdrdao -- unspecified privilege escalation vulnerability 2005-05-19
cfengine -- arbitrary file overwriting vulnerability 2005-10-01
ChiTeX/ChiLaTeX unsafe set-user-id root 2004-02-12
clamav -- arbitrary code execution and DoS vulnerabilities 2005-09-24
clamav -- cabinet file handling DoS vulnerability 2005-07-06
clamav -- CHM unpacker and PE rebuilding vulnerabilities 2006-10-16
clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability 2008-02-15
clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability 2006-05-03
clamav -- heap overflow vulnerability 2006-08-08
clamav -- MS-Expand file handling DoS vulnerability 2005-07-06
clamav -- Multipart Nestings Denial of Service 2006-10-12
clamav -- multiple remote buffer overflows 2005-07-25
clamav -- multiple remote Denial of Service vulnerabilities 2007-09-21
clamav -- Multiple Vulnerabilities 2008-04-15
clamav -- Multiple Vulnerabilities 2006-04-06
clamav -- multiple vulnerabilities 2007-06-19
clamav -- possible heap overflow in the UPX code 2006-01-10
clamav -- zip handling DoS vulnerability 2005-03-26
clamav remote denial-of-service 2004-02-12
claws-mail -- APOP vulnerability 2007-04-19
claws-mail -- insecure temporary file creation 2008-01-22
claws-mail -- POP3 Format String Vulnerability 2007-08-27
coppermine - multiple vulnerabilities 2008-02-25
coppermine -- "file" Local File Inclusion Vulnerability 2006-05-22
coppermine -- File Inclusion Vulnerabilities 2006-05-22
coppermine -- IP spoofing and XSS vulnerability 2005-05-01
coppermine -- Multiple File Extensions Vulnerability 2006-05-22
coppermine -- multiple vulnerabilities 2007-09-20
Courier Authentication Library -- SQL Injection 2008-06-13
Courier mail services: remotely exploitable buffer overflows 2004-03-31
courier-imap -- format string vulnerability in debug mode 2004-08-22
cpio -- multiple vulnerabilities 2006-01-27
Critical SQL injection in phpBB 2004-03-28
crossfire-server -- denial of service and remote code execution vulnerability 2006-04-23
cscope -- Buffer Overflow Vulnerabilities 2006-10-02
cscope -- buffer overflow vulnerabilities 2006-05-23
cscope -- symlink attack vulnerability 2004-12-07
cups -- Incomplete SSL Negotiation Denial of Service 2007-06-12
CUPS -- local information disclosure 2004-10-13
cups -- off-by-one buffer overflow 2007-11-09
cups -- print queue browser denial-of-service 2004-09-15
cups-base -- CUPS server remote DoS vulnerability 2005-01-18
cups-base -- HPGL buffer overflow vulnerability 2005-01-17
cups-lpr -- lppasswd multiple vulnerabilities 2005-01-17
curl -- authentication buffer overflow vulnerability 2005-02-27
curl -- TFTP packet buffer overflow vulnerability 2006-03-20
curl -- URL buffer overflow vulnerability 2005-12-09
cvs -- numerous vulnerabilities 2004-08-17
CVS path validation errors 2004-04-14
cvs pserver remote heap buffer overflow 2004-05-19
cvsbug -- race condition 2006-01-27
Cyrus IMAP pre-authentication heap overflow vulnerability 2004-05-12
Cyrus IMAPd -- APPEND command uses undefined programming construct 2004-11-22
Cyrus IMAPd -- FETCH command out of bounds memory corruption 2004-11-22
Cyrus IMAPd -- IMAPMAGICPLUS preauthentification overflow 2004-11-22
Cyrus IMAPd -- PARTIAL command out of bounds memory corruption 2004-11-22
Cyrus IMSPd multiple vulnerabilities 2004-05-12
cyrus-imapd -- multiple buffer overflow vulnerabilities 2005-02-27
cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service 2006-04-22
cyrus-sasl -- dynamic library loading and set-user-ID applications 2004-10-08
cyrus-sasl -- potential buffer overflow in DIGEST-MD5 plugin 2004-10-12
Darwin Streaming Server denial-of-service vulnerability 2004-02-25
dbus -- match_rule_equal() Weakness 2006-12-14
devfs -- ruleset bypass 2005-08-05
dia -- XFig Import Plugin Buffer Overflow 2006-04-05
dillo -- format string vulnerability 2005-01-08
dircproxy -- remote denial of service 2007-11-04
distcc -- incorrect parsing of IP access control rules 2004-10-03
django -- XSS vulnerability 2008-05-14
dnrd -- remote buffer and stack overflow vulnerabilities 2005-07-21
dokuwiki -- multiple vulnerabilities 2006-09-30
dokuwiki -- multiple vulnerabilities 2006-09-30
dokuwiki -- multiple vulnerabilities 2006-06-11
dokuwiki -- spellchecker remote PHP code execution 2006-06-05
dokuwiki -- XSS vulnerability in spellchecker backend 2007-07-24
dovecot -- security hole in blocking passdbs 2008-03-10
dovecot -- Specific LDAP + auth cache configuration may mix up user logins 2007-12-29
drupal -- Cross site request forgeries 2007-07-28
drupal -- cross site request forgeries 2006-10-18
drupal -- cross site request forgery 2008-01-11
drupal -- cross site scripting (register_globals) 2008-01-11
drupal -- cross site scripting (utf8) 2008-01-11
drupal -- HTML attribute injection 2006-10-18
drupal -- Multiple cross-site scripting vulnerabilities 2007-07-28
drupal -- multiple vulnerabilities 2006-06-05
drupal -- multiple vulnerabilities 2006-03-17
drupal -- multiple vulnerabilities 2005-12-01
drupal -- multiple vulnerabilities 2008-07-13
drupal -- multiple vulnerabilities 2006-07-13
drupal -- multiple vulnerabilities 2007-01-05
drupal -- multiple XSS vulnerabilities 2006-10-18
drupal -- PHP code execution vulnerabilities 2005-07-16
drupal -- SQL injection vulnerability 2007-12-12
drupal -- XSS vulnerability 2006-08-02
drupal --- multiple vulnerabilities 2007-10-24
drupal-pubcookie -- authentication may be bypassed 2006-09-13
e2fsprogs -- heap buffer overflow 2007-12-20
ecartis -- unauthorised access to admin interface 2004-12-21
ecartis buffer overflows and input validation bugs 2004-03-29
ee -- temporary file privilege escalation 2006-01-27
egroupware -- arbitrary file download in JiNN 2005-01-21
egroupware -- multiple cross-site scripting (XSS) and SQL injection vulnerabilities 2005-07-23
ekg -- insecure temporary file creation 2005-07-08
ElGamal sign+encrypt keys created by GnuPG can be compromised 2003-12-12
elm -- remote buffer overflow in Expires header 2005-08-23
emacs -- movemail format string vulnerability 2005-02-14
enscript -- multiple vulnerabilities 2005-02-11
ethereal -- Multiple Protocol Dissector Vulnerabilities 2006-04-27
ethereal -- multiple protocol dissectors vulnerabilities 2005-06-24
ethereal -- multiple protocol dissectors vulnerabilities 2005-02-08
ethereal -- multiple protocol dissectors vulnerabilities 2005-03-14
ethereal -- multiple protocol dissectors vulnerabilities 2005-07-30
ethereal -- multiple vulnerabilities 2004-12-23
evince -- Buffer Overflow Vulnerability 2006-12-14
evolution -- arbitrary code execution vulnerability 2005-01-25
evolution -- remote format string vulnerabilities 2005-08-27
evolution-data-server -- remote execution of arbitrary code vulnerability 2007-06-25
exim -- two buffer overflow vulnerabilities 2005-01-05
exim buffer overflow when verify = header_syntax is used 2004-05-06
extman -- password bypass vulnerability 2008-04-25
eyeOS -- multiple XSS security bugs 2006-09-25
ez-ipupdate -- format string vulnerability 2004-11-11
ezbounce remote format string vulnerability 2004-03-26
f2c -- insecure temporary files 2006-04-10
fcron -- multiple vulnerabilities 2005-01-21
fd_set -- bitmap index overflow in multiple applications 2005-06-17
fetchmail -- crash when bouncing a message 2006-01-23
fetchmail -- crashes when refusing a message bound for an MDA 2007-01-06
fetchmail -- denial of service on reject of local warning message 2007-09-02
fetchmail -- denial of service/crash from malicious POP3 server 2005-07-22
fetchmail -- fetchmailconf local password exposure 2005-10-30
fetchmail -- insecure APOP authentication 2007-04-09
fetchmail -- null pointer dereference in multidrop mode with headerless email 2005-12-19
fetchmail -- potential crash in -v -v verbose mode 2008-06-20
fetchmail -- potential crash in -v -v verbose mode (revised patch) 2008-07-01
fetchmail -- remote root/code injection from malicious POP3 server 2005-07-20
fetchmail -- TLS enforcement problem/MITM attack/password exposure 2007-01-06
Fetchmail address parsing vulnerability 2003-10-25
fetchmail denial-of-service vulnerability 2004-02-25
ffmpeg -- libavcodec buffer overflow vulnerability 2005-12-07
fidogate -- write files as `news' user 2004-08-22
file disclosure in phpMyAdmin 2004-02-22
findutils -- GNU locate heap buffer overrun 2007-06-01
firebird -- multiple remote buffer overflow vulnerabilities 2007-10-04
firefox & mozilla -- buffer overflow vulnerability 2005-09-10
firefox & mozilla -- command line URL shell command injection 2005-09-22
firefox & mozilla -- multiple vulnerabilities 2005-09-23
firefox & mozilla -- multiple vulnerabilities 2005-07-16
firefox -- arbitrary code execution from sidebar panel 2005-03-24
firefox -- arbitrary code execution in sidebar panel 2005-04-16
firefox -- denial of service vulnerability 2006-05-03
firefox -- javascript garbage collector vulnerability 2008-04-25
firefox -- multiple remote unspecified memory corruption vulnerabilities 2007-11-27
firefox -- OnUnload Javascript browser entrapment vulnerability 2007-10-22
firefox -- PLUGINSPAGE privileged javascript execution 2005-04-16
flac -- media file processing integer overflow vulnerabilities 2007-11-13
flac123 -- stack overflow in comment parsing 2007-06-28
flyspray -- authentication bypass 2007-09-19
flyspray -- cross-site scripting vulnerabilities 2005-11-10
Format string vulnerability in SSLtelnet 2004-07-05
FreeBSD -- Buffer overflow in tcpdump(1) 2007-08-02
FreeBSD -- DNS cache poisoning 2008-07-13
FreeBSD -- FPU information disclosure 2006-04-19
FreeBSD -- heap overflow in file(1) 2007-05-23
FreeBSD -- Infinite loop in SACK handling 2006-02-14
FreeBSD -- IPv6 Routing Header 0 is dangerous 2007-04-28
FreeBSD -- Jail rc.d script privilege escalation 2007-02-27
FreeBSD -- Kernel memory disclosure in firewire(4) 2007-02-27
FreeBSD -- Local kernel memory disclosure 2006-02-14
FreeBSD -- Predictable query ids in named(8) 2007-08-02
freeciv -- Denial of Service Vulnerabilities 2006-09-26
freeciv -- Packet Parsing Denial of Service Vulnerability 2006-09-26
freeradius -- authentication bypass vulnerability 2006-06-08
freeradius -- denial-of-service vulnerability 2004-10-13
freeradius -- EAP-MSCHAPv2 Authentication Bypass 2006-03-29
freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability 2007-04-13
freeradius -- multiple vulnerabilities 2006-06-08
freeradius -- sql injection and denial of service vulnerability 2005-05-22
freetype -- LWFN Files Buffer Overflow Vulnerability 2006-10-02
FreeType 2 -- Heap overflow vulnerability 2007-05-24
FreeType 2 -- Multiple Vulnerabilities 2008-07-03
frontpage -- cross site scripting vulnerability 2006-05-23
fsp buffer overflow and directory traversal vulnerabilities 2004-01-19
fsplib -- multiple vulnerabilities 2007-08-02
fswiki - command injection vulnerability 2005-08-29
fswiki -- XSS problem in file upload form 2005-05-29
fswiki -- XSS vulnerability 2006-05-06
gaim -- AIM/ICQ away message buffer overflow 2005-08-12
gaim -- AIM/ICQ non-UTF-8 filename crash 2005-08-12
gaim -- AIM/ICQ remote denial of service vulnerability 2005-04-25
gaim -- buffer overflow in MSN protocol support 2004-10-25
gaim -- Content-Length header denial-of-service vulnerability 2004-10-25
gaim -- heap overflow exploitable by malicious GroupWise server 2004-10-25
gaim -- jabber remote crash 2005-04-10
gaim -- malicious smiley themes 2004-10-25
gaim -- MSN denial-of-service vulnerabilities 2004-10-25
gaim -- MSN remote DoS vulnerability 2005-05-14
gaim -- MSN Remote DoS vulnerability 2005-06-17
gaim -- multiple buffer overflows 2004-10-25
gaim -- remote crash on some protocols 2005-05-14
gaim -- remote DoS on receiving certain messages over IRC 2005-04-10
gaim -- remote DoS on receiving malformed HTML 2005-04-10
gaim -- remote DoS on receiving malformed HTML 2005-04-25
gaim -- Yahoo! remote crash vulnerability 2005-06-17
gaim remotely exploitable vulnerabilities in MSN component 2004-08-12
gallery -- cross-site scripting 2005-06-17
gallery -- remote code injection via HTTP_POST_VARS 2005-06-17
Gallery 1.4.3 and ealier user authentication bypass 2004-06-24
gallery2 -- file disclosure vulnerability 2005-10-15
gallery2 -- multiple vulnerabilities 2007-11-09
gallery2 -- multiple vulnerabilities 2007-12-25
ganglia-webfrontend -- XSS vulnerabilities 2007-12-17
gd -- integer overflow 2004-11-05
gd -- multiple vulnerabilities 2007-06-29
gdk-pixbuf -- image decoding vulnerabilities 2004-09-15
gedit -- format string vulnerability 2006-02-20
geeklog xss vulnerability 2008-01-15
getmail -- symlink vulnerability during maildir delivery 2004-10-04
gforge -- directory traversal vulnerability 2005-06-03
gforge -- XSS and email flood vulnerabilities 2005-08-09
gftp -- directory traversal vulnerability 2005-02-18
gftp -- multiple vulnerabilities 2007-11-05
ghostscript -- insecure temporary file creation vulnerability 2005-11-27
ghostscript -- zseticcspace() function buffer overflow vulnerability 2008-03-05
gld -- format string and buffer overflow vulnerabilities 2005-04-19
globus -- Multiple tmpfile races 2006-08-15
gnats -- format string vulnerability 2004-11-12
GNATS local privilege elevation 2004-07-02
gnomevfs -- unsafe URI handling 2004-08-26
GNU Anubis buffer overflows and format string vulnerabilities 2004-03-06
GNU finger vulnerability 2007-12-05
GNU libtool insecure temporary file handling 2004-02-13
gnu-radius -- SNMP-related denial-of-service 2004-09-20
gnupg -- 2 more possible memory allocation attacks 2006-08-02
gnupg -- buffer overflow 2006-11-27
gnupg -- false positive signature verification 2006-02-17
gnupg -- memory corruption vulnerability 2008-04-26
gnupg -- OpenPGP symmetric encryption vulnerability 2005-07-31
gnupg -- remotely controllable function pointer 2006-12-07
gnupg -- user id integer overflow vulnerability 2006-06-25
GnuPG does not detect injection of unsigned data 2006-03-10
gnutls -- certificate chain verification DoS 2004-10-05
gnutls -- RSA Signature Forgery Vulnerability 2006-10-02
golddig -- local buffer overflow vulnerabilities 2005-01-03
google-earth -- heap overflow in the KML engine 2006-10-14
greed -- insecure GRX file processing 2005-01-03
grip -- CDDB response multiple matches buffer overflow vulnerability 2005-03-14
groff -- groffer uses temporary files unsafely 2005-05-09
groff -- pic2graph and eqn2graph are vulnerable to symlink attack through temporary files 2005-05-09
gtar -- Directory traversal vulnerability 2007-09-01
gtar -- GNUTYPE_NAMES directory traversal vulnerability 2006-11-30
gtar -- invalid headers buffer overflow 2006-03-03
gtar -- name mangling symlink vulnerability 2007-02-27
gtetrinet -- remote code execution 2006-09-02
gzip -- directory traversal and permission race vulnerabilities 2005-06-18
gzip -- multiple vulnerabilities 2006-12-19
hafiye -- lack of terminal escape sequence filtering 2004-11-11
hashcash -- format string vulnerability 2005-04-02
hashcash -- heap overflow vulnerability 2006-06-27
heartbeat -- insecure temporary file creation vulnerability 2006-02-16
heimdal -- Multiple vulnerabilities 2006-03-20
heimdal kadmind remote heap buffer overflow 2004-05-05
helvis -- arbitrary file deletion problem 2005-01-10
helvis -- information leak vulnerabilities 2005-01-10
hlstats -- multiple cross site scripting vulnerabilities 2006-09-02
horde -- "url" disclosure of sensitive information vulnerability 2006-03-15
horde -- Cross site scripting vulnerabilities in MIME viewers 2005-11-22
horde -- Cross site scripting vulnerabilities in several of Horde's templates 2005-12-11
horde -- cross-site scripting vulnerability in help window 2004-10-27
horde -- Horde Page Title Cross-Site Scripting Vulnerability 2005-04-05
horde -- multiple parameter cross site scripting vulnerabilities 2006-06-17
horde -- Phishing and Cross-Site Scripting Vulnerabilities 2006-08-17
horde -- remote code execution vulnerability in the help viewer 2006-03-28
horde -- various problems in dereferrer 2006-07-05
horde -- XSS vulnerabilities 2005-01-22
hsftp format string vulnerabilities 2004-02-25
htdig -- cross site scripting vulnerability 2005-09-04
hylafax -- unauthorized login vulnerability 2005-01-11
icecast -- Cross-Site Scripting Vulnerability 2004-10-13
icecast -- HTTP header overflow 2004-10-13
icecast 1.x multiple vulnerabilities 2004-02-12
id3lib -- insecure temporary file creation 2007-10-01
ident2 double byte buffer overflow 2004-04-23
IEEE 802.11 -- buffer overflow 2006-02-14
ifmail -- unsafe set-user-ID application 2004-10-19
ikiwiki -- cleartext passwords 2008-06-01
ikiwiki -- cross site request forging 2008-04-13
ikiwiki -- empty password security hole 2008-05-31
ikiwiki -- improper symlink verification vulnerability 2007-11-27
ikiwiki -- javascript insertion via uris 2008-02-11
ImageMagick -- BMP decoder buffer overflow 2004-08-31
ImageMagick -- EXIF parser buffer overflow 2004-11-11
ImageMagick -- format string vulnerability 2005-03-03
ImageMagick -- multiple vulnerabilities 2007-10-10
ImageMagick -- PSD handler heap overflow vulnerability 2005-01-18
ImageMagick -- ReadPNMImage() heap overflow vulnerability 2005-04-27
ImageMagick -- SGI Image File heap overflow vulnerability 2006-12-02
ImageMagick png vulnerability fix 2004-08-04
imap-uw -- authentication bypass when CRAM-MD5 is enabled 2005-06-03
imap-uw -- mailbox name handling remote buffer vulnerability 2005-10-05
imlib -- BMP decoder heap buffer overflow 2004-08-31
imlib -- xpm heap buffer overflows and integer overflows 2005-01-21
imlib2 -- BMP decoder buffer overflow 2004-08-31
Imlib2 -- multiple image file processing vulnerabilities 2006-11-08
imp3 -- XSS hole in the HTML viewer 2004-10-05
imwheel -- insecure handling of PID file 2004-10-19
Incorrect cross-realm trust handling in Heimdal 2004-04-02
ingo -- local arbitrary shell command execution 2006-10-18
insecure temporary file creation in xine-check, xine-bugreport 2004-03-26
ipfw -- IP fragment denial of service 2006-02-14
ipsec -- Incorrect key usage in AES-XCBC-MAC 2005-08-05
ipsec -- reply attack vulnerability 2006-03-24
IRC Services-- Denial of Service Vulnerability 2008-01-19
isakmpd payload handling denial-of-service vulnerabilities 2004-03-31
isc-dhcp3-server buffer overflow in logging mechanism 2004-06-25
isc-dhcpd -- format string vulnerabilities 2005-07-23
jabberd -- 3 buffer overflows 2005-07-30
jabberd -- denial-of-service vulnerability 2004-12-26
jabberd -- remote buffer overflow vulnerability 2004-11-30
jabberd -- SASL Negotiation Denial of Service Vulnerability 2006-05-01
jailed processes can attach to other jails 2004-04-07
jailed processes can manipulate host routing tables 2004-06-07
jdk -- jar directory traversal vulnerability 2005-04-16
jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented 2007-10-08
jdk/jre -- Security Vulnerability With Java Plugin 2004-11-25
jetty -- multiple vulnerabilities 2007-12-10
jetty -- multiple vulnerability 2008-02-04
joomla -- multiple remote vulnerabilities 2007-01-17
joomla -- multiple vulnerabilities 2007-08-02
joomla -- multiple vulnerabilities 2006-08-30
Joomla -- multiple vulnerabilities 2006-06-30
junkbuster -- heap corruption vulnerability and configuration modification vulnerability 2005-04-22
kaffeine -- buffer overflow vulnerability 2006-04-07
kdebase -- Kate backup file permission leak 2005-07-18
kdelibs -- insecure temporary file creation 2005-02-18
kdelibs -- integer overflow in khtml 2006-10-22
kdelibs -- kimgio input validation errors 2005-04-22
kdelibs -- konqueror cross-domain cookie injection 2004-08-26
kdelibs -- local DCOP denial of service vulnerability 2005-03-21
kdelibs insecure temporary file handling 2004-08-12
kdelibs3 -- konqueror FTP command injection vulnerability 2005-01-01
kdepim exploitable buffer overflow in VCF reader 2004-04-15
kdewebdev -- kommander untrusted code execution vulnerability 2005-04-23
kdm -- passwordless login vulnerability 2007-09-19
kernel -- information disclosure when using HTT 2005-05-13
kernel -- ipfw packet matching errors with address tables 2005-06-29
kernel -- TCP connection stall denial of service 2005-06-29
konquerer -- address bar spoofing 2007-09-19
konqueror -- Password Disclosure for SMB Shares 2004-12-12
konversation -- shell script command injection 2005-01-19
kpdf -- heap based buffer overflow 2006-02-15
kpopup -- local root exploit and local denial of service 2006-02-07
krb5 -- ASN.1 decoder denial-of-service vulnerability 2004-08-31
krb5 -- double-free vulnerabilities 2004-08-31
krb5 -- heap buffer overflow vulnerability in libkadm5srv 2004-12-21
kronolith -- arbitrary local file inclusion vulnerability 2006-11-30
kronolith -- Cross site scripting vulnerabilities in several of the calendar name and event data fields 2005-12-11
kstars -- exploitable set-user-ID application fliccd 2005-06-17
ktorrent -- multiple vulnerabilities 2007-03-11
L2TP, ISAKMP, and RADIUS parsing vulnerabilities in tcpdump 2004-01-19
lbreakout2 vulnerability in environment variable handling 2004-02-25
ldapscripts -- Command Line User Credentials Disclosure 2007-10-23
leafnode -- denial of service vulnerability 2005-06-09
leafnode -- fetchnews denial-of-service triggered by transmission abort/timeout 2005-05-13
leafnode denial-of-service triggered by article request 2004-05-21
leafnode fetchnews denial-of-service triggered by missing header 2004-05-21
leafnode fetchnews denial-of-service triggered by truncated transmission 2004-05-21
lftp HTML parsing vulnerability 2003-12-12
lha -- numerous vulnerabilities when extracting archives 2004-09-23
lha buffer overflows and path traversal issues 2004-05-02
libarchive -- Infinite loop in corrupt archives handling in libarchive 2007-02-26
libexif -- buffer overflow vulnerability 2005-03-08
libgadu -- multiple vulnerabilities 2005-08-12
libmms -- stack-based buffer overflow 2006-09-22
libmusicbrainz -- multiple buffer overflow vulnerabilities 2006-12-02
libpng denial-of-service 2004-05-02
libpng stack-based buffer overflow and other code concerns 2004-08-04
libtomcrypt -- weak signature scheme with ECC keys 2006-02-16
libvorbis -- Multiple memory corruption flaws 2007-07-26
libvorbis -- various security issues 2008-05-17
libxine -- array index vulnerability 2008-04-24
libxine -- buffer overflow vulnerability 2006-06-11
libxine -- buffer overflow vulnerability 2008-02-26
libxine -- buffer overflow vulnerability 2008-01-29
libxine -- buffer overflow vulnerability 2008-01-19
libxine -- buffer-overflow vulnerability in aiff support 2004-12-29
libxine -- DVD subpicture decoder heap overflow 2005-01-12
libxine -- format string vulnerability 2005-10-09
libxine -- multiple buffer overflow vulnerabilities 2006-12-07
libxine -- multiple buffer overflows in RTSP 2005-01-12
libxine -- multiple vulnerabilities in VideoCD handling 2005-01-12
libxml -- remote buffer overflows 2004-11-09
libxml2 stack buffer overflow in URI parsing 2004-02-25
lifetype -- ADOdb "server.php" Insecure Test Script Security Issue 2006-04-27
lighttpd -- DOS when access files with mtime 0 2007-04-14
lighttpd -- FastCGI header overrun in mod_fastcgi 2007-09-10
lighttpd -- multiple vulnerabilities 2007-07-21
lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability 2008-04-13
lighttpd -- Remote DOS in CRLF parsing 2007-04-14
lighttpd -- script source disclosure vulnerability 2005-03-01
Linux binary compatibility mode input validation error 2004-06-30
linux-flashplugin -- arbitrary code execution vulnerability 2006-03-15
linux-flashplugin -- critical vulnerabilities 2007-07-18
linux-flashplugin -- multiple vulnerabilities 2008-01-03
linux-flashplugin -- unspecified remote code execution vulnerability 2008-05-30
linux-flashplugin7 -- arbitrary code execution vulnerabilities 2006-09-12
linux-realplayer -- buffer overrun 2006-03-27
linux-realplayer -- heap overflow 2006-03-27
linux-realplayer -- multiple vulnerabilities 2008-01-04
linux-realplayer -- RealText parsing heap overflow 2005-06-24
linux_base -- vulnerabilities in Red Hat 7.1 libraries 2005-06-01
liveMedia -- DoS vulnerability 2007-12-08
lsh -- multiple vulnerabilities 2007-09-05
lynx -- remote buffer overflow 2005-10-30
Macromedia flash player -- swf file handling arbitrary code 2005-11-13
mail-notification -- denial-of-service vulnerability 2004-10-12
mailman -- directory traversal vulnerability 2005-02-12
mailman -- generated passwords are poor quality 2005-06-01
mailman -- Multiple Vulnerabilities 2006-09-04
mailman -- password disclosure 2005-06-01
mailman -- Private Archive Script Cross-Site Scripting 2006-04-16
mailman -- script insertion vulnerability 2008-04-25
mailman denial-of-service vulnerability in MailCommandHandler 2004-02-25
mailman XSS in admin script 2004-02-25
mailman XSS in create script 2004-02-25
mailman XSS in user options page 2004-02-25
mambo -- "register_globals" emulation layer overwrite vulnerability 2005-11-30
mambo -- multiple SQL injection vulnerabilities 2006-10-05
mambo -- multiple vulnerabilities 2005-08-05
mambo -- SQL injection vulnerabilities 2006-07-05
mantis -- "t_core_path" file inclusion vulnerability 2005-12-14
mantis -- "view_filters_page.php" cross site scripting vulnerability 2006-02-16
mantis -- "view_filters_page.php" cross-site scripting vulnerability 2005-12-14
many out-of-sequence TCP packets denial-of-service 2004-04-07
maradns -- CNAME record resource rotation denial of service 2008-01-10
Mathopd buffer overflow 2003-12-12
mc -- multiple vulnerabilities 2005-01-21
mcweject -- exploitable buffer overflow 2007-04-08
mediawiki -- cross site scripting vulnerability 2007-09-21
mediawiki -- cross site scripting vulnerability 2006-04-05
mediawiki -- hardcoded placeholder string security bypass vulnerability 2006-04-05
metamail format string bugs and buffer overflows 2004-02-18
Midnight Commander buffer overflow during symlink resolution 2004-04-03
Midnight Commander buffer overflows, format string bugs, and insecure temporary file handling 2004-05-02
milter-bogom -- headerless message crash 2006-01-09
mkbold-mkitalic -- format string vulnerability 2005-02-24
mksh -- TTY attachment privilege escalation 2008-04-25
mksnap_ffs clears file system options 2004-04-07
mnemo -- Cross site scripting vulnerabilities in several of the notepad name and note data fields 2005-12-11
mnGoSearch buffer overflow in UdmDocToTextBuf() 2004-02-15
mod_access_referer -- null pointer dereference vulnerability 2004-12-11
mod_dav -- lock related denial-of-service 2004-09-15
mod_dosevasive -- insecure temporary file creation 2005-01-24
mod_jk -- information disclosure 2007-06-05
mod_jk -- long URL stack overflow vulnerability 2007-03-05
mod_perl -- remote DoS in PATH_INFO parsing 2007-04-24
mod_pubcookie -- cross site scripting vulnerability 2006-04-05
mod_python -- information leakage vulnerability 2005-02-13
mod_python denial-of-service vulnerability in parse_qs 2004-03-03
mod_ssl -- SSLCipherSuite bypass 2004-10-23
ModSecurity for Apache 2.x remote off-by-one overflow 2004-03-17
moinmoin - multiple vulnerabilities 2008-02-25