Search criteria
3 vulnerabilities by freenas
CVE-2014-5334 (GCVE-0-2014-5334)
Vulnerability from cvelistv5 – Published: 2018-01-08 19:00 – Updated: 2024-08-06 11:41
VLAI
Summary
FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugs.freenas.org/issues/5844 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/69249 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2014/08/19/2 | mailing-listx_refsource_MLIST |
Date Public
2014-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freenas.org/issues/5844"
},
{
"name": "69249",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69249"
},
{
"name": "[oss-security] 20140819 Re: FreeNAS default blank password",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/08/19/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-08T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freenas.org/issues/5844"
},
{
"name": "69249",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69249"
},
{
"name": "[oss-security] 20140819 Re: FreeNAS default blank password",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/08/19/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-5334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freenas.org/issues/5844",
"refsource": "CONFIRM",
"url": "https://bugs.freenas.org/issues/5844"
},
{
"name": "69249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69249"
},
{
"name": "[oss-security] 20140819 Re: FreeNAS default blank password",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/08/19/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-5334",
"datePublished": "2018-01-08T19:00:00.000Z",
"dateReserved": "2014-08-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:41:48.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2739 (GCVE-0-2009-2739)
Vulnerability from cvelistv5 – Published: 2009-08-11 18:00 – Updated: 2024-08-07 05:59
VLAI
Summary
Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN89791790/index.html | third-party-advisoryx_refsource_JVN |
| http://www.freenas.org/index.php?option=com_front… | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-0… | third-party-advisoryx_refsource_JVNDB |
| http://www.securityfocus.com/bid/36146 | vdb-entryx_refsource_BID |
Date Public
2009-04-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:57.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#89791790",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN89791790/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freenas.org/index.php?option=com_frontpage\u0026Itemid=22"
},
{
"name": "JVNDB-2009-000052",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000052.html"
},
{
"name": "36146",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVN#89791790",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN89791790/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freenas.org/index.php?option=com_frontpage\u0026Itemid=22"
},
{
"name": "JVNDB-2009-000052",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000052.html"
},
{
"name": "36146",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36146"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#89791790",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN89791790/index.html"
},
{
"name": "http://www.freenas.org/index.php?option=com_frontpage\u0026Itemid=22",
"refsource": "CONFIRM",
"url": "http://www.freenas.org/index.php?option=com_frontpage\u0026Itemid=22"
},
{
"name": "JVNDB-2009-000052",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000052.html"
},
{
"name": "36146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36146"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2739",
"datePublished": "2009-08-11T18:00:00.000Z",
"dateReserved": "2009-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:59:57.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2738 (GCVE-0-2009-2738)
Vulnerability from cvelistv5 – Published: 2009-08-11 18:00 – Updated: 2024-09-17 03:32
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.freenas.org/index.php?option=com_front… | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN15267895/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-0… | third-party-advisoryx_refsource_JVNDB |
| http://www.ipa.go.jp/security/vuln/documents/2009… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:57.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freenas.org/index.php?option=com_frontpage\u0026Itemid=22"
},
{
"name": "JVN#15267895",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN15267895/index.html"
},
{
"name": "JVNDB-2009-000053",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000053.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-11T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freenas.org/index.php?option=com_frontpage\u0026Itemid=22"
},
{
"name": "JVN#15267895",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN15267895/index.html"
},
{
"name": "JVNDB-2009-000053",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000053.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.freenas.org/index.php?option=com_frontpage\u0026Itemid=22",
"refsource": "CONFIRM",
"url": "http://www.freenas.org/index.php?option=com_frontpage\u0026Itemid=22"
},
{
"name": "JVN#15267895",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN15267895/index.html"
},
{
"name": "JVNDB-2009-000053",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000053.html"
},
{
"name": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html",
"refsource": "MISC",
"url": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2738",
"datePublished": "2009-08-11T18:00:00.000Z",
"dateReserved": "2009-08-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:32:39.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}