Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2022/07/19 12:0 a.m.•58 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 11 security fixes, including: 1336266 High CVE-2022-2477: Use after free in Guest View. Reported by anonymous on 2022-06-14 1335861 High CVE-2022-2478: Use after free in PDF. Reported by triplepwns on 2022-06-13 1329987 High CVE-2022-2479: Insufficie...

8.8CVSS0.6AI score0.17864EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/04/14 12:0 a.m.•58 views

Asterisk -- func_odbc: Possible SQL Injection

The Asterisk project reports: Some databases can use backslashes to escape certain characters, such as backticks. If input is provided to funcodbc which includes backslashes it is possible for funcodbc to construct a broken SQL query and the SQL query to fail...

9.8CVSS3.2AI score0.06976EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/07/07 12:0 a.m.•58 views

Ruby -- multiple vulnerabilities

Ruby news: This release includes security fixes. Please check the topics below for details. CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP CVE-2021-31799: A command injection vulnerability in RDoc...

7.4CVSS1.4AI score0.0305EPSS
Exploits2References6
FreeBSD
FreeBSD
•added 2021/06/01 12:0 a.m.•58 views

SOGo -- SAML user authentication impersonation

sogo.nu reports: SOGo was not validating the signatures of any SAML assertions it received. This means any actor with network access to the deployment could impersonate users when SAML was the authentication method...

7.5CVSS3.5AI score0.00987EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2020/10/20 12:0 a.m.•58 views

freetype2 -- heap buffer overlfow

The freetype project reports: A heap buffer overflow has been found in the handling of embedded PNG bitmaps, introduced in FreeType version 2.6...

9.6CVSS2.8AI score0.5063EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2019/03/15 12:0 a.m.•58 views

suricata -- buffer over-read

Mitre reports: An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow...

9.8CVSS3.7AI score0.01711EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/01/31 12:0 a.m.•58 views

Flash Player -- multiple vulnerabilities

Adobe reports: This update resolves use-after-free vulnerabilities that could lead to remote code execution CVE-2018-4877, CVE-2018-4878...

10CVSS9.5AI score0.89618EPSS
Exploits19References2
FreeBSD
FreeBSD
•added 2017/12/22 12:0 a.m.•58 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin CVE-2017-7847: Local path string can be leaked from RSS feed CVE-2017-7848: RSS Feed vulnerable to...

9.3CVSS2.5AI score0.03215EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2017/11/06 12:0 a.m.•58 views

roundcube -- file disclosure vulnerability

MITRE reports: Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target syst...

7.8CVSS7.4AI score0.42831EPSS
Exploits5References2
FreeBSD
FreeBSD
•added 2017/02/22 12:0 a.m.•58 views

cURL -- ocsp status validation error

The cURL project reports: SSLVERIFYSTATUS ignored curl and libcurl support "OCSP stapling", also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling curl to use this feature, it uses that TLS extension to ask for a fresh proof of the server'...

6.5CVSS6.9AI score0.01391EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/11/02 12:0 a.m.•58 views

FreeBSD -- OpenSSL Remote DoS vulnerability

Problem Description: Due to improper handling of alert packets, OpenSSL would consume an excessive amount of CPU time processing undefined alert messages. Impact: A remote attacker who can initiate handshakes with an OpenSSL based server can cause the server to consume a lot of computation power...

7.5CVSS1.7AI score0.39657EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2016/09/15 12:0 a.m.•58 views

PHP -- multiple vulnerabilities

PHP reports: Fixed bug 73007 add locale length check Fixed bug 72293 Heap overflow in mysqlnd related to BIT fields Fixed bug 72928 Out of bound when verify signature of zip phar in pharparsezipfile Fixed bug 73029 Missing type check when unserializing SplArray Fixed bug 73052 Memory Corruption i...

9.8CVSS1.3AI score0.11402EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2016/09/12 12:0 a.m.•58 views

Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662

LegalHackers' reports: RCE Bugs discovered in MySQL and its variants like MariaDB. It works by manipulating my.cnf files and using --malloc-lib. The bug seems fixed in MySQL 5.7.15 by Oracle...

10CVSS3.4AI score0.6773EPSS
Exploits16References2
FreeBSD
FreeBSD
•added 2015/01/08 12:0 a.m.•58 views

LibreSSL -- DTLS vulnerability

OpenSSL Security Advisory: A memory leak can occur in the dtls1bufferrecord function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Deni...

5CVSS7.4AI score0.59319EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/11/23 12:0 a.m.•58 views

cacti -- multiple security vulnerabilities

The Cacti Group, Inc. reports: Important Security Fixes CVE-2013-5588 - XSS issue via installer or device editing CVE-2013-5589 - SQL injection vulnerability in device editing CVE-2014-2326 - XSS issue via CDEF editing CVE-2014-2327 - Cross-site request forgery CSRF vulnerability CVE-2014-2328 -...

7.5CVSS9.6AI score0.03543EPSS
Exploits7References2
FreeBSD
FreeBSD
•added 2014/10/30 12:0 a.m.•58 views

asterisk -- Remote Crash Vulnerability in WebSocket Server

The Asterisk project reports: When handling a WebSocket frame the reshttpwebsocket module dynamically changes the size of the memory used to allow the provided payload to fit. If a payload length of zero was received the code would incorrectly attempt to resize to zero. This operation would succe...

5CVSS6.5AI score0.09525EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/10/20 12:0 a.m.•58 views

asterisk -- Asterisk Susceptibility to POODLE Vulnerability

The Asterisk project reports: The POODLE vulnerability is described under CVE-2014-3566. This advisory describes the Asterisk's project susceptibility to this vulnerability...

4.3CVSS5.9AI score0.99999EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2014/06/05 12:0 a.m.•58 views

OpenSSL -- multiple vulnerabilities

The OpenSSL Project reports: An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle MITM attack where the attacker can decrypt and modify traffic from the attacked client and...

7.4CVSS8.3AI score0.99977EPSS
Exploits13References1
FreeBSD
FreeBSD
•added 2014/01/24 12:0 a.m.•58 views

socat -- buffer overflow with data from command line

Florian Weimer of the Red Hat Product Security Team reports: Due to a missing check during assembly of the HTTP request line a long target server name in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name t...

1.9CVSS6.4AI score0.00404EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/08/24 12:0 a.m.•58 views

apache -- Range header DoS vulnerability

Apache HTTP server project reports: A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by Apache HTTPD server...

7.8CVSS8.4AI score0.98945EPSS
Exploits17References3
FreeBSD
FreeBSD
•added 2004/07/25 12:0 a.m.•58 views

Mozilla certificate spoofing

Mozilla and Mozilla Firefox contains a flaw that may allow a malicious user to spoof SSL certification...

5CVSS6.3AI score0.05736EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2004/07/07 12:0 a.m.•58 views

php -- memory_limit related vulnerability

Stefan Esser of e-matters discovered a condition within PHP that may lead to remote execution of arbitrary code. The memorylimit facility is used to notify functions when memory contraints have been met. Under certain conditions, the entry into this facility is able to interrupt functions such as...

5.1CVSS6.9AI score0.54856EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2024/01/04 12:0 a.m.•57 views

electron27 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6706. Security: backported fix for CVE-2023-6705. Security: backported fix for CVE-2023-6703. Security: backported fix for CVE-2023-6702. Security: backported fix for CVE-2023-6704...

8.8CVSS7.4AI score0.4351EPSS
Exploits1References5
FreeBSD
FreeBSD
•added 2023/11/09 12:0 a.m.•57 views

postgresql-server -- Buffer overrun from integer overflow in array modification

PostgreSQL Project reports: While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution. Missing overflow checks also let authenticated database users read a wide area of server...

8.8CVSS9.2AI score0.04322EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/10/18 12:0 a.m.•57 views

jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty

Jenkins Security Advisory: Description High SECURITY-3291 / CVE-2023-36478, CVE-2023-44487 HTTP/2 denial of service vulnerability in bundled Jetty...

7.5CVSS7.4AI score0.99999EPSS
Exploits20References1
FreeBSD
FreeBSD
•added 2023/10/16 12:0 a.m.•57 views

nebula -- security fix for terrapin vulnerability

Upstream reports: Security fix: Update golang.org/x/crypto, which includes a fix for CVE-2023-48795...

5.9CVSS7AI score0.93305EPSS
Exploits4References3
FreeBSD
FreeBSD
•added 2023/04/21 12:0 a.m.•57 views

mediawiki -- multiple vulnerabilities

Mediawiki reports: T335203, CVE-2023-29197 Upgrade guzzlehttp/psr7 to = 1.9.1/2.4.5. T335612, CVE-2023-36674 Manualthumb bypasses badFile lookup. T332889, CVE-2023-36675 XSS in BlockLogFormatter due to unsafe message use...

7.5CVSS6.4AI score0.01216EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/03/30 12:0 a.m.•57 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Cross-site scripting in "Maximum page reached" page Private project guests can read new changes using a fork Mirror repository error reveals password in Settings UI DOS and high resource consumption of Prometheus server through abuse of Prometheus integration proxy endpoint...

9.8CVSS6.3AI score0.01242EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/01/16 12:0 a.m.•57 views

redis -- multiple vulnerabilities

The Redis core team reports: CVE-2022-35977 Integer overflow in the Redis SETRANGE and SORT/SORTRO commands can drive Redis to OOM panic. CVE-2023-22458 Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands can lead to denial-of-service...

5.5CVSS6.3AI score0.69355EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/09/15 12:0 a.m.•57 views

cURL -- Multiple vulnerabilities

The cURL project reports: UAF and double-free in MQTT sending CVE-2021-22945 Protocol downgrade required TLS bypassed CVE-2021-22946 STARTTLS protocol injection via MITM CVE-2021-22945...

9.1CVSS3AI score0.06216EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2020/09/02 12:0 a.m.•57 views

FreeBSD -- dhclient heap overflow

Problem Description: When parsing option 119 data, dhclient8 computes the uncompressed domain list length so that it can allocate an appropriately sized buffer to store the uncompressed list. The code to compute the length failed to handle certain malformed input, resulting in a heap overflow whe...

7.5CVSS1.6AI score0.04472EPSS
Exploits1
FreeBSD
FreeBSD
•added 2020/07/02 12:0 a.m.•57 views

samba -- Multiple Vulnerabilities

The Samba Team reports: Four vulnerabilities were fixed in samba: CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and pagedresults CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume excessive CPU in the AD DC only...

7.8CVSS2.5AI score0.03874EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2018/08/16 12:0 a.m.•57 views

node.js -- multiple vulnerabilities

Node.js reports: OpenSSL: Client DoS due to large DH parameter This fixes a potential denial of service DoS attack against client connections by a malicious server. During a TLS communication handshake, where both client and server agree to use a cipher-suite using DH or DHE Diffie-Hellman, in bo...

0.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2017/10/04 12:0 a.m.•57 views

cURL -- out of bounds read

The cURL project reports: FTP PWD response parser out of bounds read libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server...

7.5CVSS7.8AI score0.08465EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/02/16 12:0 a.m.•57 views

openssl -- crash on handshake

The OpenSSL project reports: Severity: High During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL to crash dependent on ciphersuite. Both clients and servers are affected. This issue do...

7.5CVSS7.5AI score0.12874EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/05/25 12:0 a.m.•57 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 42 security fixes in this release Please reference CVE/URL list for details...

8.8CVSS1.7AI score0.03094EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2015/05/14 12:0 a.m.•57 views

php -- multiple vulnerabilities

PHP development team reports: Fixed bug 69364 PHP Multipart/form-data remote DoS Vulnerability. CVE-2015-4024 Fixed bug 69418 CVE-2006-7243 fix regressions in 5.4+. CVE-2015-4025 Fixed bug 69545 Integer overflow in ftpgenlist resulting in heap overflow. CVE-2015-4022 Fixed bug 68598 pcntlexec...

7.5CVSS8.6AI score0.50129EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2015/04/07 12:0 a.m.•57 views

ntp -- multiple vulnerabilities

ntp.org reports: Sec 2779 ntpd accepts unauthenticated packets with symmetric key crypto. Sec 2781 Authentication doesn't protect symmetric associations against DoS attacks...

6.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/03/19 12:0 a.m.•57 views

OpenSSL -- multiple vulnerabilities

OpenSSL project reports: Reclassified: RSA silently downgrades to EXPORTRSA Client CVE-2015-0204. OpenSSL only. Segmentation fault in ASN1TYPEcmp CVE-2015-0286 ASN.1 structure reuse memory corruption CVE-2015-0287 PKCS7 NULL pointer dereferences CVE-2015-0289 Base64 decode CVE-2015-0292. OpenSSL...

7.5CVSS7.1AI score0.98685EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2014/09/16 12:0 a.m.•57 views

dbus -- multiple vulnerabilities

Simon McVittie reports: Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun CVE-2014-3635. Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections...

4.4CVSS6.2AI score0.00528EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/08/14 12:0 a.m.•57 views

PHP multiple vulnerabilities

The PHP Team reports: insecure temporary file use in the configure script unserialize SPL ArrayObject / SPLObjectStorage Type Confusion Heap buffer over-read in DateInterval fileinfo: cdfreadshortsector insufficient boundary check fileinfo: CDF infinite loop in nelements DoS fileinfo: fileinfo:...

7.5CVSS8.1AI score0.30128EPSS
Exploits4References2
FreeBSD
FreeBSD
•added 2013/12/03 12:0 a.m.•57 views

rails -- multiple vulnerabilities

Rails weblog: Rails 3.2.16 and 4.0.2 have been released! These two releases contain important security fixes, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue. The security fixes in 3.2.16...

6.4CVSS6.5AI score0.207EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2012/05/30 12:0 a.m.•57 views

databases/postgresql*-server -- crypt vulnerabilities

The PostgreSQL Global Development Group reports: Today the PHP, OpenBSD and FreeBSD communities announced updates to patch a security hole involving their crypt hashing algorithms. This issue is described in CVE-2012-2143. This vulnerability also affects a minority of PostgreSQL users, and will b...

4.3CVSS6.5AI score0.05734EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2008/09/03 12:0 a.m.•57 views

FreeBSD -- amd64 swapgs local privilege escalation

Problem Description: If a General Protection Fault happens on a FreeBSD/amd64 system while it is returning from an interrupt, trap or system call, the swapgs CPU instruction may be called one extra time when it should not resulting in userland and kernel state being mixed. Impact: A local attacke...

7.2CVSS6.8AI score0.00314EPSS
Exploits1
FreeBSD
FreeBSD
•added 2005/05/27 12:0 a.m.•57 views

postnuke -- multiple vulnerabilities

Postnuke Security Announcementss reports of the following vulnerabilities: missing input validation within /modules/Messages/readpmsg.php possible path disclosure within /user.php possible path disclosure within /modules/News/article.php possible remote code injection within /includes/pnMod.php...

7.5CVSS7.2AI score0.79071EPSS
Exploits6References4
FreeBSD
FreeBSD
•added 2023/10/14 12:0 a.m.•56 views

mantis -- multiple vulnerabilities

Mantis 2.25.8 release reports: Security and maintenance release 0032432: Update guzzlehttp/psr7 to 1.9.1 CVE-2023-29197 0032981: Information Leakage on DokuWiki Integration CVE-2023-44394...

7.5CVSS7.3AI score0.01216EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2023/09/28 12:0 a.m.•56 views

electron{22,24,25} -- Heap buffer overflow in vp8 encoding in libvpx

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5217...

8.8CVSS7AI score0.49013EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2023/08/10 12:0 a.m.•57 views

postgresql-server -- MERGE fails to enforce UPDATE or SELECT row security policies

PostgreSQL Project reports PostgreSQL 15 introduced the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some row that INSERT policies do not forbid, a user could store such rows. Subsequent consequences...

4.3CVSS6.5AI score0.00956EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/07/20 12:0 a.m.•56 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 35 security fixes, including: 1210985 High CVE-2021-30565: Out of bounds write in Tab Groups. Reported by David Erceg on 2021-05-19 1202661 High CVE-2021-30566: Stack buffer overflow in Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab o...

9.6CVSS0.1AI score0.06282EPSS
Exploits28References1
FreeBSD
FreeBSD
•added 2020/10/20 12:0 a.m.•56 views

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 48 new security patches for Oracle MySQL. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 8. NOTE: MariaDB only contains CVE-2020-14812 CVE-2020-14765 CVE-2020-14776 and CVE-2020-14789...

8CVSS1.9AI score0.03012EPSS
Exploits0References1
Total number of security vulnerabilities5000