Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
added 2021/05/18 12:0 a.m.61 views

Prometheus -- arbitrary redirects

Prometheus reports: Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an...

6.5CVSS2.9AI score0.1956EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/03/19 12:0 a.m.61 views

rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix)

When parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269. The previous fix was incomplete, which addressed JSON.parseuserinput, but didn’t address some other...

7.5CVSS6.9AI score0.06811EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/10/29 12:0 a.m.61 views

webkit2-gtk3 -- Multiple vulnerabilities

The WebKitGTK project reports multiple vulnerabilities...

8.8CVSS1.8AI score0.01892EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/02/05 12:0 a.m.61 views

FreeBSD -- File description reference count leak

Problem Description: FreeBSD 12.0 attempts to handle the case where the receiving process does not provide a sufficiently large buffer for an incoming control message containing rights. In particular, to avoid leaking the corresponding descriptors into the receiving process' descriptor table, the...

8.8CVSS0.8AI score0.01229EPSS
Exploits4
FreeBSD
FreeBSD
added 2018/11/28 12:0 a.m.61 views

messagelib -- HTML email can open browser window automatically

Albert Astals Cid reports: messagelib is the library used by KMail to display emails. messagelib by default displays emails as plain text, but gives the user an option to "Prefer HTML to plain text" in the settings and if that option is not enabled there is way to enable HTML display when an emai...

5.3CVSS1.4AI score0.01104EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2018/07/18 12:0 a.m.61 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-897 / CVE-2018-1999001 Users without Overall/Read permission can have Jenkins reset parts of global configuration on the next restart High SECURITY-914 / CVE-2018-1999002 Arbitrary file read vulnerability Medium SECURITY-891 / CVE-2018-1999003...

8.8CVSS1.1AI score0.86641EPSS
Exploits8References1
FreeBSD
FreeBSD
added 2013/12/13 12:0 a.m.61 views

PHP5 -- memory corruption in openssl_x509_parse()

Stefan Esser reports: The PHP function opensslx509parse uses a helper function called asn1timetotimet to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes...

7.5CVSS9.7AI score0.35635EPSS
Exploits8References1
FreeBSD
FreeBSD
added 2023/03/20 12:0 a.m.60 views

redis -- specially crafted MSETNX command can lead to denial-of-service

Yupeng Yang reports: Authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process...

5.5CVSS5.8AI score0.54978EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/10/27 12:0 a.m.60 views

chromium -- Type confusion in V8

Chrome Releases reports: This release contains 1 security fix: 1378239 High CVE-2022-3723: Type Confusion in V8. Reported by Jan Vojtešek, Milánek, and Przemek Gmerek of Avast on 2022-10-25...

8.8CVSS0.8AI score0.0675EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2022/07/05 12:0 a.m.60 views

Node.js -- July 7th 2022 Security Releases

Node.js reports: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding MediumCVE-2022-32213 The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. HTTP Request Smuggling - Improper Delimiting of...

8.1CVSS7.5AI score0.77766EPSS
Exploits4References1
FreeBSD
FreeBSD
added 2022/01/04 12:0 a.m.60 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 37 security fixes, including: $TBD1275020 Critical CVE-2022-0096: Use after free in Storage. Reported by Yangkang @dnpushme of 360 ATA on 2021-11-30 1117173 High CVE-2022-0097: Inappropriate implementation in DevTools. Reported by David Erceg on...

9.6CVSS8.4AI score0.015EPSS
Exploits19References1
FreeBSD
FreeBSD
added 2020/06/09 12:0 a.m.60 views

Intel CPU issues

Intel reports: Intel CPUs suffer Special Register Buffer Data Sampling vulnerability...

5.5CVSS2.6AI score0.0054EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/04/29 12:0 a.m.60 views

samba -- multiple vulnerabilities

The Samba Team reports: CVE-2020-10700 A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server. CVE-2020-10704 A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing a SIGSEGV...

7.5CVSS1.3AI score0.03455EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/02/24 12:0 a.m.60 views

OpenSMTPd -- Local information disclosure

Qualys reports: We discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server: an unprivileged local attacker can read the first line of an arbitrary file for example, root's password hash in /etc/master.passwd or the entire contents of another user's file if this file and...

4.7CVSS2.3AI score0.009EPSS
Exploits4References1
FreeBSD
FreeBSD
added 2020/02/11 12:0 a.m.60 views

Flash Player -- arbitrary code execution

Adobe reports: This update resolves a type confusion vulnerability that could lead to arbitrary code execution CVE-2020-3757...

9.3CVSS3.4AI score0.0978EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/10/24 12:0 a.m.60 views

Python -- multiple vulnerabilities

Python reports: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager...

6.1CVSS7.2AI score0.03513EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/06/16 12:0 a.m.60 views

payara -- Multiple vulnerabilities

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution. Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Administration. Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability...

9.8CVSS2.9AI score0.34731EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2015/11/10 12:0 a.m.60 views

xen-kernel -- CPU lockup during exception delivery

The Xen Project reports: A malicious HVM guest administrator can cause a denial of service. Specifically, prevent use of a physical CPU for a significant, perhaps indefinite period. If a host watchdog Xen or dom0 is in use, this can lead to a watchdog timeout and consequently a reboot of the host...

6.3AI score
Exploits0References1
FreeBSD
FreeBSD
added 2015/02/04 12:0 a.m.60 views

apache24 -- multiple vulnerabilities

Jim Jagielski reports: CVE-2015-3183 cve.mitre.org core: Fix chunk header parsing defect. Remove aprbrigadeflatten, buffering and duplicated code from the HTTPIN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized...

5CVSS7.3AI score0.73327EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2008/09/22 12:0 a.m.60 views

proftpd -- Long Command Processing Vulnerability

Secunia reports: The vulnerability is caused due to the application truncating an overly long FTP command, and improperly interpreting the remainder string as a new FTP command. This can be exploited to execute arbitrary FTP commands with the privileges of another user by e.g. tricking the user...

6.6AI score
Exploits0References2
FreeBSD
FreeBSD
added 2007/11/06 12:0 a.m.60 views

net-snmp -- denial of service via GETBULK request

CVE reports: The SNMP agent snmpagent.c in net-snmp before 5.4.1 allows remote attackers to cause a denial of service CPU and memory consumption via a GETBULK request with a large max-repeaters value...

7.8CVSS8.2AI score0.26183EPSS
Exploits1
FreeBSD
FreeBSD
added 2024/04/03 12:0 a.m.59 views

xorg server -- Multiple vulnerabilities

The X.Org project reports: CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents The ProcXIGetSelectedEvents function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server...

7.8CVSS7.5AI score0.01843EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/02/14 12:0 a.m.59 views

powerdns-recursor -- Multiple Vulnerabilities

[email protected] reports: CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3"...

7.5CVSS7.4AI score0.99995EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2023/08/23 12:0 a.m.59 views

electron25 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4071. Security: backported fix for CVE-2023-4070. Security: backported fix for CVE-2023-4075. Security: backported fix for CVE-2023-4076. Security: backported fix for CVE-2023-4074...

8.8CVSS8.7AI score0.26819EPSS
Exploits0References12
FreeBSD
FreeBSD
added 2022/01/25 12:0 a.m.59 views

polkit -- Local Privilege Escalation

Qualys reports: We discovered a Local Privilege Escalation from any user to root in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution...

7.8CVSS3.5AI score0.94921EPSS
Exploits152References1
FreeBSD
FreeBSD
added 2021/10/28 12:0 a.m.59 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 8 security fixes, including: 1259864 High CVE-2021-37997 : Use after free in Sign-In. Reported by Wei Yuan of MoyunSec VLab on 2021-10-14 1259587 High CVE-2021-37998 : Use after free in Garbage Collection. Reported by Cassidy Kim of Amber Security La...

9.6CVSS0.4AI score0.36238EPSS
Exploits5References1
FreeBSD
FreeBSD
added 2021/08/31 12:0 a.m.59 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 27 security fixes, including: 1233975 High CVE-2021-30606: Use after free in Blink. Reported by Nan Wang @eternalsakura13 and koocola @alocook of 360 Alpha Lab on 2021-07-28 1235949 High CVE-2021-30607: Use after free in Permissions. Reported by...

8.8CVSS0.2AI score0.0559EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2021/04/29 12:0 a.m.59 views

samba -- negative idmap cache entries vulnerability

The Samba Team reports: CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token...

6.8CVSS2.9AI score0.01616EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/10/02 12:0 a.m.59 views

Gitlab -- Disclosure Vulnerabilities

Gitlab reports: Disclosure of Private Code, Merge Requests and Commits via Elasticsearch integration...

3.6AI score
Exploits0References1
FreeBSD
FreeBSD
added 2019/05/14 12:0 a.m.59 views

FreeBSD -- Microarchitectural Data Sampling (MDS)

Problem Description: On some Intel processors utilizing speculative execution a local process may be able to infer stale information from microarchitectural buffers to obtain a memory disclosure. Impact: An attacker may be able to read secret data from the kernel or from a process when executing...

9CVSS3.3AI score0.04335EPSS
Exploits0
FreeBSD
FreeBSD
added 2017/12/08 12:0 a.m.59 views

node.js -- Data Confidentiality/Integrity Vulnerability, December 2017

Node.js reports: Data Confidentiality/Integrity Vulnerability - CVE-2017-15896 Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the...

9.1CVSS6.7AI score0.02385EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2017/06/13 12:0 a.m.59 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: Please reference CVE/URL list for details...

9.8CVSS8.2AI score0.05216EPSS
Exploits8References2
FreeBSD
FreeBSD
added 2017/01/24 12:0 a.m.59 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: Please reference CVE/URL list for details...

9.8CVSS7.9AI score0.33199EPSS
Exploits24References2
FreeBSD
FreeBSD
added 2016/09/27 12:0 a.m.59 views

BIND -- Remote Denial of Service vulnerability

ISC reports: Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets...

7.8CVSS7.7AI score0.89482EPSS
Exploits7References1
FreeBSD
FreeBSD
added 2016/05/26 12:0 a.m.59 views

php -- multiple vulnerabilities

The PHP Group reports: Core: Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. CVE-2016-5096 PHP 5.5/5.6 only Fixed bug 72135 Integer Overflow in phphtmlentities. CVE-2016-5094 PHP 5.5/5.6 only GD: Fixed bug 72227 imagescale out-of-bounds read. CVE-2013-7456 Intl: Fixed bu...

8.8CVSS7.6AI score0.05487EPSS
Exploits4References3
FreeBSD
FreeBSD
added 2016/03/11 12:0 a.m.59 views

dropbear -- authorized_keys command= bypass

Matt Johnson reports: Validate X11 forwarding input. Could allow bypass of authorizedkeys command= restrictions...

6.4CVSS2.4AI score0.19302EPSS
Exploits4References1
FreeBSD
FreeBSD
added 2016/01/28 12:0 a.m.59 views

phpmyadmin -- Multiple full path disclosure vulnerabilities

The phpMyAdmin development team reports: By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to ...

5.3CVSS1.4AI score0.02564EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/07/16 12:0 a.m.59 views

elasticsearch -- remote code execution via transport protocol

Elastic reports: Vulnerability Summary: Elasticsearch versions prior to 1.6.1 are vulnerable to an attack that can result in remote code execution. Remediation Summary: Users should upgrade to 1.6.1 or 1.7.0. Alternately, ensure that only trusted applications have access to the transport protocol...

9.8CVSS9.4AI score0.14863EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2015/03/19 12:0 a.m.59 views

Several vulnerabilities found in PHP

The PHP project reports: The PHP development team announces the immediate availability of PHP 5.6.7. Several bugs have been fixed as well as CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331. All PHP 5.6 users are encouraged to upgrade to this version. The PHP development team announces the immediat...

9.8CVSS8AI score0.42593EPSS
Exploits7References1
FreeBSD
FreeBSD
added 2014/04/07 12:0 a.m.59 views

OpenSSL -- Remote Information Disclosure

OpenSSL Reports: A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with...

7.5CVSS7.8AI score0.99999EPSS
Exploits88References3
FreeBSD
FreeBSD
added 2013/08/21 12:0 a.m.59 views

py-graphite-web -- Multiple vulnerabilities

Graphite developers report: This release contains several security fixes for cross-site scripting XSS as well as a fix for a remote-execution exploit in graphite-web CVE-2013-5903...

6.8CVSS6AI score0.38668EPSS
Exploits5References1
FreeBSD
FreeBSD
added 2012/03/01 12:0 a.m.59 views

php -- multiple vulnerabilities

php development team reports: Security Enhancements for both PHP 5.3.11 and PHP 5.4.1: Insufficient validating of upload name leading to corrupted $FILES indices. CVE-2012-1172 Add openbasedir checks to readlinewritehistory and readlinereadhistory. Security Enhancements for both PHP 5.3.11 only:...

6.8CVSS6.8AI score0.06709EPSS
Exploits4References1
FreeBSD
FreeBSD
added 2009/02/06 12:0 a.m.59 views

proftpd -- multiple sql injection vulnerabilities

Secunia reports: Some vulnerabilities have been reported in ProFTPD, which can be exploited by malicious people to conduct SQL injection attacks. The application improperly sets the character encoding prior to performing SQL queries. This can be exploited to manipulate SQL queries by injecting...

2.3AI score
Exploits0References4
FreeBSD
FreeBSD
added 2008/01/18 12:0 a.m.59 views

xorg -- multiple vulnerabilities

Matthieu Herrb of X.Org reports: Several vulnerabilities have been identified in server code of the X window system caused by lack of proper input validation on user controlled data in various parts of the software, causing various kinds of overflows. Exploiting these overflows will crash the X...

9.3CVSS7AI score0.05332EPSS
Exploits7References3
FreeBSD
FreeBSD
added 2024/08/11 12:0 a.m.58 views

Vaultwarden -- Multiple vulnerabilities

The Vaultwarden Team reports: This release has several CVE Reports fixed and we recommend everybody to update to the latest version as soon as possible...

8.8CVSS6.7AI score0.13064EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2023/09/22 12:0 a.m.58 views

x11/libXpm multiple vulnerabilities

The X.Org project reports: CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer An out-of-bounds read is located in ParseComment when reading from a memory buffer instead of a file, as it continued to look for the closing comment marker past the end of the buffer. CVE-2023-43789: Out...

5.5CVSS7AI score0.00365EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/04/14 12:0 a.m.58 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 2 security fixes: 1432210 High CVE-2023-2033: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-11...

8.8CVSS8.6AI score0.40798EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2022/07/19 12:0 a.m.58 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 11 security fixes, including: 1336266 High CVE-2022-2477: Use after free in Guest View. Reported by anonymous on 2022-06-14 1335861 High CVE-2022-2478: Use after free in PDF. Reported by triplepwns on 2022-06-13 1329987 High CVE-2022-2479: Insufficie...

8.8CVSS0.6AI score0.17864EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/04/14 12:0 a.m.58 views

Asterisk -- func_odbc: Possible SQL Injection

The Asterisk project reports: Some databases can use backslashes to escape certain characters, such as backticks. If input is provided to funcodbc which includes backslashes it is possible for funcodbc to construct a broken SQL query and the SQL query to fail...

9.8CVSS3.2AI score0.06976EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/07/07 12:0 a.m.58 views

Ruby -- multiple vulnerabilities

Ruby news: This release includes security fixes. Please check the topics below for details. CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP CVE-2021-31799: A command injection vulnerability in RDoc...

7.4CVSS1.4AI score0.0305EPSS
Exploits2References6
Total number of security vulnerabilities5000