Lucene search
K
FreebsdRecent

6577 matches found

FreeBSD
FreeBSD
•added yesterday•3 views

xrdp -- multiple vulnerabilities

xrdp projects reports: xrdp v0.10.6.1 fixes 10 vulnerabilities and 1 regression introduced by a vulnerability fix in the previous release...

5.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added yesterday•3 views

zeek -- potential DoS vulnerabilities

Tim Wojtulewicz of Corelight reports: The NVT, Rlogin, and RSH analyzers have received fixes to avoid unbounded state growth. Due to the fact that these packets can be received from remote hosts, these are considered DoS risks. A specially crafted WebSocket payload can cause the Spicy WebSocket...

6.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2 days ago•3 views

Weechat -- Memory leak in relay-API

The Weechat project reports: Pre-auth memory leak in relay-api POST /api/handshake unfreed JSON body → unauthenticated remote memory-exhaustion DoS...

6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2 days ago•3 views

Roundcube -- Multiple vulnerabilities

The Rouncube project reports: See links for more detail...

5.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 6 days ago•6 views

openvpn -- multiple vulnerabilities

The OpenVPN community project team reports: ... OpenVPN 2.7.5 ... is a bugfix release fixing several security issues: Fix use-after-free bug in ackwritebuf, triggerable by a well-timed sequence of control channel + authentication packets CVE-2026-12996 Fix use-after-free bug in tlswrapreneg,...

6CVSS6.1AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•3 views

p5-CGI-Session -- secuity fixes

CGI-Session project reports: SECURITY: Strengthen cryptographic randomness of MD5 driver...

5.9CVSS5.9AI score0.00322EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•7 views

FreeBSD -- Incorrect audit records for ptrace(2) syscall requests

Problem Description: When auditing a system call executed via ptracePTSCREMOTE, the kernel passed the return value of an internal setup function to AUDITSYSCALLEXIT rather than the actual result of the executed system call. As a result, committed audit records for system calls which returned an...

5.8AI score
Exploits0
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•4 views

FreeBSD -- Remote DOS via uninitialized memory access in KTLS receive

Problem Description: When building the iovec array for a received TLS 1.2 CBC record, ktlsocftlscbcdecrypt incremented the iovec index for every mbuf in the chain, including mbufs that were skipped because they contained only TLS header bytes. This left uninitialized entries in the iovec array. T...

5.8AI score
Exploits0
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•5 views

FreeBSD -- Buffer overflow in libalias RTSP handler

Problem Description: The RTSP handler in libalias rewrote outgoing packets into a fixed-length stack buffer without checking whether the rewritten data fit in the buffer, or whether the result fit back in the original packet. Impact: A host sending crafted RTSP traffic from inside a NAT gateway...

6.6AI score
Exploits0
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•6 views

FreeBSD -- Jail reference count underflow

Problem Description: When the JAILATDESC flag is specified, kernjailset and kernjailget released the reference to the caller's current prison before looking up the jail descriptor. If the descriptor lookup failed, error-handling paths released the same reference a second time. Impact: An...

5.7AI score
Exploits0
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•6 views

FreeBSD -- Use-after-free in device pager page list

Problem Description: When msyncMSINVALIDATE is called on a mapping of an unmanaged device object, the physical pages in the mapping range are marked invalid but remain in the pager's page list. A subsequent page fault will cause the fault handler to re-insert the page into the object's list. This...

5.7AI score
Exploits0
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•3 views

FreeBSD -- Multiple vulnerabilities in POSIX largepage objects

Problem Description: Pages belonging to largepage shared memory objects were not explicitly wired. When sendfile2 transmitted such an object with the SFNOCACHE flag, it freed the underlying pages after transmission even though existing mappings still referred to them. CVE-2026-49427 Separately,...

5.8AI score
Exploits0
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•3 views

FreeBSD -- Multiple vulnerabilities in OpenZFS

Problem Description: The ZFSIOCUSERSPACEMANY ioctl, used by zfs-userspace8, truncated a 64-bit output buffer size to a 32-bit integer for the kernel allocation, but used the original 64-bit size as the buffer limit when writing records. The ZFSIOCRECVNEW ioctl, in the heal receive path, similarly...

6AI score
Exploits0
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•4 views

FreeBSD-kernel -- Kernel stack disclosure in 32-bit compatibility support

Problem Description: The compat32 kevent handler translates a 64-bit kevent struct into a stack- declared 32-bit struct. It did not first zero the stack struct. Impact: An unprivileged user may observe a small amount of uninitialized kernel stack data, which may contain sensitive information...

5.8AI score
Exploits0
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•4 views

FreeBSD -- Kernel stack disclosure in Linux compatibility layer

Problem Description: The Linux waitid implementation translates a FreeBSD siginfot struct into a stack-declared Linux siginfot. It did not first zero the stack struct. Impact: An unprivileged user may observe 104 bytes of uninitialized kernel stack data, which may contain sensitive information...

5.8AI score
Exploits0
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•7 views

FreeBSD -- Multiple vulnerabilities in iconv(3)

Problem Description: Several encoding modules, including HZ, UTF-7, VIQR, and ZW, did not properly check the size of the caller-supplied output buffer before writing converted characters. CVE-2026-58081 The ISO-2022 encoding module used a stack buffer sized to MBLENMAX 6 bytes for intermediate...

6AI score
Exploits0
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•6 views

FreeBSD -- Use-after-free in TCP RACK stack option handler

Problem Description: The RACK setsockopt2 handler drops the connection lock in order to copy option data from userspace, then reacquires the lock. After reacquiring, it verifies that the TCP stack had not been switched away, but did not reload its pointer to the stack's per-connection control...

5.8AI score
Exploits0
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•4 views

FreeBSD -- unlinkat(2) ignores AT_RESOLVE_BENEATH flag

Problem Description: The kernel function that implements unlinkat2 and funlinkat2 validated the ATRESOLVEBENEATH flag but failed to pass it through to the underlying path lookup. The flag was silently dropped, so path resolution was not actually restricted. Impact: A process that uses...

5.8AI score
Exploits0
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•5 views

FreeBSD -- Local privilege escalation via execve(2) TOCTOU race

Problem Description: During execve2 of a SUID binary, the new virtual address space is installed before the process credentials are updated. During this window, a process running as the same user can access the target process's memory via procfs or linprocfs, because the kernel's debugging...

5.8AI score
Exploits0
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•3 views

traefik -- Multiple vulnerabilities

The traefik project releases a new version addressing multiple CVEs: CVE-2026-54763 underscore-variant identity spoofing CVE-2026-54764 ForwardAuth middleware leaks X-Forwarded-Port spoofing CVE-2026-54765 Gateway HTTPRoute backendRef filters can leak backend context...

7.8CVSS5.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•4 views

chromium -- security fixes

Chrome Releases reports: This update includes 382 security fixes: 506558270 Critical CVE-2026-13774: Use after free in Extensions. 511766407 Critical CVE-2026-13775: Use after free in GPU. 513012139 Critical CVE-2026-13776: Type Confusion in Dawn. 513128566 Critical CVE-2026-13777: Insufficient...

10CVSS6AI score0.00448EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/30 12:0 a.m.•3 views

PostgresSQL JDBC -- Silent channel-binding authentication downgrade via unsupported certificate algorithms

PostgreSQL project reports: channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to guarantee. An attacker who can intercept the TLS connection...

8.2CVSS5.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/29 12:0 a.m.•7 views

icinga2 -- Improper access control for JSON-RPC update certificate messages

The Icinga team reports: The code handling certificate update JSON-RPC messages was flawed and did not properly validate the sender of the message, allowing an unauthenticated attacker that can connect to Icinga 2 to update both the own certificate as well as the trusted CA certificate. Updating...

5.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/25 12:0 a.m.•8 views

Multiple vulnerability found in Expat

Expat 2.8.2 was released yesterday. The key motivation for cutting a release and doing so now was getting security and non-security bugsfixes out to users. On the security side, 13 vulnerabilities have been fixed: CVE-2026-50219: missing control flow integrity checks CVE-2026-56131: missing contr...

6.9CVSS5.8AI score0.00218EPSS
Exploits0References13
FreeBSD
FreeBSD
•added 2026/06/25 12:0 a.m.•4 views

chromium -- security fixes

Chrome Releases reports: This update includes 3 security fixes: 513138301 High CVE-2026-13281: Integer overflow in Mojo. Reported by Google on 2026-05-14 517522620 High CVE-2026-13282: Use after free in Payments. Reported by Google on 2026-05-28 522561151 High CVE-2026-13283: Use after free in...

8.3CVSS5.8AI score0.00229EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/25 12:0 a.m.•5 views

NSD -- vulnerabilities

NLnet Labs reports: CVE-2026-12244: A specially crafted SVCB RR can cause a heap overflow of up to 65509 attacker controlled bytes. If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rda...

8.8CVSS6AI score0.00303EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2026/06/25 12:0 a.m.•4 views

DNSdist -- vulnerabilities

The DNSdist team reports: CVE-2026-40011: Prometheus denial of service via crafted DNS queries CVE-2026-42004: EDNS options smuggling CVE-2026-42005: Insufficient input validation of internal web server CVE-2026-40208: Denial of service via DoH3 queries CVE-2026-40209: Denial of service via IXFR...

5.3CVSS5.8AI score0.00479EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/24 12:0 a.m.•5 views

rclone -- Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation

https://github.com/rclone/rclone/security/advisories/GHSA-qw24-gh76-8rvv reports: Rclone is a command-line program to sync files and directories to and from different cloud storage providers.From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2026/06/24 12:0 a.m.•6 views

Gitlab -- Vulnerabilities

Gitlab reports: Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Cross-site Scripting issue in Web IDE workbench asset handler impacts GitLab CE/EE Information Disclosure issue in Duo Workflows impacts GitLab EE Authorization Bypass issue in Virtual Registry Cleanup Policy API...

8.7CVSS5.6AI score0.00328EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/22 12:0 a.m.•5 views

podman -- files outside build context may be included via malicious Git repo or tar archive

The Podman developers report: Building a Dockerfile using an ADD or COPY instruction accessing a malicious Git repository or tar archive could cause files outside the build context directory to be included in the build context or copied into the build...

5.8AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2026/06/18 12:0 a.m.•4 views

ffmpeg -- Out-of-bounds write

https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159 reports: An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the...

8.8CVSS6.1AI score0.00477EPSS
Exploits3References2
FreeBSD
FreeBSD
•added 2026/06/17 12:0 a.m.•6 views

mail/mailpit -- Incomplete SSRF protection in Link Check API via uncovered IPv6 forms

Mailpit authorreports: The tools.IsInternalIP deny-list relies on Go's stdlib classification helpers IsLoopback, IsPrivate, IsLinkLocalUnicast, IsLinkLocalMulticast, IsUnspecified, IsMulticast plus an inline CGNAT range, but those helpers do not match two classes of IPv6 address that should be...

5.3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/17 12:0 a.m.•10 views

nginx -- multiple vulnerabilities

The nginx developers report: A use-after-free vulnerability when using HTTP/3 and processing a specially crafted QUIC session may allow memory corruption or a segmentation fault in a worker process CVE-2026-42530. A heap memory buffer overflow vulnerability when using the "ignoreinvalidheaders...

9.2CVSS5.7AI score0.03225EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2026/06/17 12:0 a.m.•8 views

nginx -- multiple vulnerabilities

The nginx developers report: A heap memory buffer overflow vulnerability when using the "ignoreinvalidheaders off;" and "largeclientheaderbuffers" directives with large configured values while proxying a specially crafted request to an HTTP/2 or gRPC backend may allow memory corruption or a...

9.2CVSS5.7AI score0.02838EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/06/12 12:0 a.m.•7 views

gstreamer1 -- multiple vulnerabilities

The GStreamer project reports: Multiple security issues were identified and fixed in the GStreamer framework. GStreamer-SA-2026-0030: Missing bounds checks in RTCP SDES packet parsing GStreamer-SA-2026-0031: Integer overflow and truncation in MXF demuxer GStreamer-SA-2026-0032: Out-of-bounds read...

8.8CVSS5.9AI score0.00489EPSS
Exploits0References17
FreeBSD
FreeBSD
•added 2026/06/11 12:0 a.m.•8 views

chromium -- security fixes

Chrome Releases reports: This update includes 33 security fixes: 516496659 Critical CVE-2026-12437: Use after free in WebShare. 516947912 Critical CVE-2026-12438: Inappropriate implementation in WebView. 519728275 Critical CVE-2026-12439: Use after free in Digital Credentials. 519731619 Critical...

9.6CVSS5.5AI score0.00601EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/11 12:0 a.m.•8 views

chromium -- security fixes

Chrome Releases reports: This update includes 28 security fixes: 516731749 Critical CVE-2026-12007: Use after free Core. Reported by Google on 2026-05-26 516942828 Critical CVE-2026-12008: Use after free DigitalCredentials. Reported by Google on 2026-05-27 517332006 Critical CVE-2026-12009:...

9.6CVSS5.6AI score0.00287EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/11 12:0 a.m.•9 views

Gitlab -- vulnerabilities

Gitlab reports: Improper Access Control issue in Group SAML Identity API impacts GitLab EE Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Denial of Service issue in Grape API JSON parsing middleware impacts GitLab CE/EE HTML injection issue in certain group setting fields...

8.7CVSS5.4AI score0.0037EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/10 12:0 a.m.•6 views

Erlang/OTP -- TLS distribution check_ip flag does not enforce same-LAN constraint

https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cv reports: Erlang distribution over TLS run with the kernel checkip flag now properly enforces connecting nodes to be on the same LAN. Previously the constraint was not enforced...

7.5CVSS5.4AI score0.00194EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/10 12:0 a.m.•7 views

Erlang/OTP -- timing-based username enumeration in SSH password authentication

https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4 reports: A timing-based username enumeration vulnerability during password authentication with the userpasswords option has been fixed by performing a dummy PBKDF2 computation for invalid usernames, so authentication timing no...

6.3CVSS5.5AI score0.00354EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/10 12:0 a.m.•6 views

Erlang/OTP -- FTP passive-mode client does not validate server response IP

https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq reports: The FTP client in passive mode did not validate the IP address returned in the server's response, allowing a compromised or malicious server to redirect the data connection to an arbitrary host. This enables server-sid...

6.5CVSS5.6AI score0.00234EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/10 12:0 a.m.•7 views

Erlang/OTP -- httpc leaks authentication headers on cross-host redirect

https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh reports: The HTTP client httpc in inets now removes Authorization, Proxy-Authorization, Cookie, Referer, and Origin headers when following a redirect to a different host or port, following the requirements of RFC 9110 section...

7.1CVSS5.5AI score0.00335EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/10 12:0 a.m.•7 views

Erlang/OTP -- SFTP READLINK discloses server filesystem paths

https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh reports: The SSH SFTP daemon's handling of SSHFXPREADLINK returned symbolic link targets containing the server's absolute filesystem path, disclosing the backend root prefix to clients. The handler now strips the backend root...

6.5CVSS5.5AI score0.00277EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/10 12:0 a.m.•4 views

ldns -- CWE-346 Origin Validation Error

https://www.nlnetlabs.nl/downloads/ldns/CVE-2026-10846.txt reports: NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the...

8.2CVSS5.8AI score0.00147EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/10 12:0 a.m.•9 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory 2026-06-10: SECURITY-3707 / CVE-2026-53435: Deserialization vulnerability High SECURITY-3711+3755 / CVE-2026-53436, CVE-2026-53437: Open redirect vulnerability Medium SECURITY-3712 / CVE-2026-53438: Missing permission check allows canceling queue items Medium SECURITY-37...

8.8CVSS5.3AI score0.14907EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2026/06/10 12:0 a.m.•9 views

Erlang/OTP -- buffer overflow parsing SCTP ERROR/ABORT chunks

https://github.com/erlang/otp/security/advisories/GHSA-6f4f-chj5-5g97 reports: A buffer overflow error when parsing SCTP ERROR or ABORT chunks has been fixed. This could lead to stack corruption and VM crash, but ultimately with hard work by an attacker be refined into maybe even remote code...

8.8CVSS6.1AI score0.00497EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/10 12:0 a.m.•9 views

Erlang/OTP -- stack overflow in ei_s_print_term for very large integer terms

https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j reports: Fixed a stack overflow in eisprintterm in erlinterface for very large integer terms more than 2000 hexadecimal digits long...

6.9CVSS5.5AI score0.00136EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/09 12:0 a.m.•8 views

FreeBSD -- Arm CPU errata may bypass page table permission changes

Problem Description: Some Arm CPUs have errata where the ordering of stores and the TLBI+DSB sequence may be incorrect. If one CPU stores to a virtual address while another CPU invalidates the translation for that address, the second CPU's TLBI+DSB may complete before the first CPU's store has be...

9.1CVSS5.4AI score0.00474EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/06/09 12:0 a.m.•9 views

FreeBSD -- Insufficient response validation in the ldns stub resolver

Problem Description: When used as a stub resolver over UDP, ldns failed to verify that a received response belonged to the outstanding query. It did not check that the response source address and port matched the query destination, that the transaction ID matched, or that the question section of...

8.2CVSS5.6AI score0.00147EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/06/09 12:0 a.m.•7 views

FreeBSD -- Integer overflow in vt(4) CONS_HISTORY ioctl

Problem Description: The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of...

7.8CVSS5.7AI score0.00107EPSS
Exploits0
Total number of security vulnerabilities6577