Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2020/02/24 12:0 a.m.•56 views

OpenSMTPd -- LPE and RCE in OpenSMTPD's default install

Qualys reports:...

10CVSS1.1AI score0.889EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2019/07/16 12:0 a.m.•56 views

MySQL -- Multiple vulerabilities

Oracle reports: This Critical Patch Update contains 45 new security fixes for Oracle MySQL. 4 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

9.8CVSS3.1AI score0.12771EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2019/02/12 12:0 a.m.•56 views

Flash Player -- information disclosure

Adobe reports: This update resolves an out-of-bounds vulnerability that could lead to information disclosure CVE-2019-7090...

6.5CVSS1.2AI score0.04795EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/10/26 12:0 a.m.•56 views

chromium -- Stack overflow in V8

Google Chrome Releases reports: 2 security fixes in this release, including: 770452 High CVE-2017-15396: Stack overflow in V8. Reported by Yuan Deng of Ant-financial Light-Year Security Lab on 2017-09-30 770450 Medium CVE-2017-15406: Stack overflow in V8. Reported by Yuan Deng of Ant-financial...

8.8CVSS7.9AI score0.02203EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/10/04 12:0 a.m.•56 views

cURL -- out of bounds read

The cURL project reports: FTP PWD response parser out of bounds read libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server...

7.5CVSS7.8AI score0.08465EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/10 12:0 a.m.•56 views

FreeBSD -- OpenSSH Denial of Service vulnerability

Problem Description: There is no limit on the password length. Impact: A remote attacker may be able to cause an affected SSH server to use excessive amount of CPU by sending very long passwords, when PasswordAuthentication is enabled by the system administrator...

7.8CVSS2.7AI score0.58568EPSS
Exploits5
FreeBSD
FreeBSD
•added 2017/07/12 12:0 a.m.•56 views

samba -- Orpheus Lyre mutual authentication validation bypass

The samba project reports: A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data...

8.1CVSS8.1AI score0.05118EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/01/11 12:0 a.m.•56 views

BIND -- multiple vulnerabilities

ISC reports: A malformed query response received by a recursive server in response to a query of RTYPE ANY could trigger an assertion failure while named is attempting to add the RRs in the query response to the cache. Depending on the type of query and the EDNS options in the query they receive,...

2AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2016/03/18 12:0 a.m.•56 views

expat -- multiple vulnerabilities

Sebastian Pipping reports: CVE-2012-6702 -- Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 issue 496 CVE-2016-5300 -- Use more entropy for hash initialization than the original fix to CVE-2012-0876...

7.8CVSS7.4AI score0.06539EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/10/15 12:0 a.m.•56 views

LibreSSL -- Memory leak and buffer overflow

Qualys reports: During the code review of OpenSMTPD a memory leak and buffer overflow an off-by-one, usually stack-based were discovered in LibreSSL's OBJobj2txt function. This function is called automatically during a TLS handshake both client-side, unless an anonymous mode is used, and...

9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2014/09/27 12:0 a.m.•56 views

bash -- remote code execution

Note that this is different than the public "Shellshock" issue. Specially crafted environment variables could lead to remote arbitrary code execution. This was fixed in bash 4.3.27, however the port was patched with a mitigation in 4.3.252...

8.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2008/03/26 12:0 a.m.•56 views

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2008-19 XUL popup spoofing variant cross-tab popups MFSA 2008-18 Java sock...

9.3CVSS7.5AI score0.06055EPSS
Exploits2
FreeBSD
FreeBSD
•added 2004/12/15 12:0 a.m.•56 views

cups-base -- HPGL buffer overflow vulnerability

Ariel Berkman has discovered a buffer overflow vulnerability in CUPS's HPGL input driver. This vulnerability could be exploited to execute arbitrary code with the permission of the CUPS server by printing a specially crated HPGL file...

6.5CVSS3.4AI score0.06255EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2004/10/12 12:0 a.m.•56 views

libwmf -- multiple vulnerabilities

Mitre reports: Multiple buffer overflows in the gd graphics library libgd 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than...

10CVSS8.6AI score0.13311EPSS
Exploits4
FreeBSD
FreeBSD
•added 2024/01/31 12:0 a.m.•55 views

curl -- OCSP verification bypass with TLS session reuse

Hiroki Kurosawa reports: curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS6.8AI score0.01102EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2022/06/21 12:0 a.m.•55 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 14 security fixes, including: 1335458 Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11 1327312 High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang@eternalsakura13 and...

8.8CVSS0.4AI score0.01312EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2022/01/28 12:0 a.m.•55 views

OpenSSL -- BN_mod_exp incorrect results on MIPS

The OpenSSL project reports: BNmodexp may produce incorrect results on MIPS Moderate There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the...

3.7CVSS1AI score0.83645EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/10/16 12:0 a.m.•55 views

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 66 new security patches for Oracle MySQL. 8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilitie...

9.8CVSS1.6AI score0.88497EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2021/04/05 12:0 a.m.•55 views

ruby -- XML round-trip vulnerability in REXML

Juho Nurminen reports: When parsing and serializing a crafted XML document, REXML gem including the one bundled with Ruby can create a wrong XML document whose structure is different from the original one. The impact of this issue highly depends on context, but it may lead to a vulnerability in...

7.5CVSS1.7AI score0.05061EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/03/02 12:0 a.m.•55 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release includes 47 security fixes, including the below. Google is aware of reports that an exploit for CVE-2021-21166 exists in the wild. Please see URL for details...

8.8CVSS1.8AI score0.26525EPSS
Exploits24References1
FreeBSD
FreeBSD
•added 2020/09/08 12:0 a.m.•55 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 5 security fixes: 1116304 High CVE-2020-6573: Use after free in video. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-08-14 1102196 High CVE-2020-6574: Insufficient policy enforcement in installer. Reported by...

9.6CVSS0.4AI score0.01769EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/01/30 12:0 a.m.•55 views

spamassassin -- Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings

the Apache Spamassassin project reports: nefarious rule configuration .cf files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings...

9.3CVSS2.3AI score0.06464EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2020/01/28 12:0 a.m.•55 views

MariaDB -- Vulnerability in C API

MariaDB reports: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client...

5.9CVSS6.9AI score0.03485EPSS
Exploits0References7
FreeBSD
FreeBSD
•added 2019/07/29 12:0 a.m.•55 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: GitHub Integration SSRF Trigger Token Impersonation Build Status Disclosure SSRF Mitigation Bypass Information Disclosure New Issue ID IDOR Label Name Enumeration Persistent XSS Wiki Pages User Revokation Bypass with Mattermost Integration Arbitrary File Upload via Import Project...

3.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2019/06/04 12:0 a.m.•55 views

phpMyAdmin -- CSRF vulnerability in login form

The phpMyAdmin development team reports: Summary CSRF vulnerability in login form Description A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmi...

6.5CVSS7AI score0.19184EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2019/05/14 12:0 a.m.•55 views

samba -- multiple vulnerabilities

The samba project reports: The checksum validation in the S4U2Self handler in the embedded Heimdal KDC did not first confirm that the checksum was keyed, allowing replacement of the requested target client principal Authenticated users with write permission can trigger a symlink traversal to writ...

7.5CVSS2.6AI score0.03392EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2019/05/14 12:0 a.m.•55 views

Flash Player -- arbitrary code execution

Adobe reports: This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2019-7837...

9.3CVSS3.1AI score0.09732EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/05/09 12:0 a.m.•55 views

PostgreSQL -- Memory disclosure in partition routing

The PostgreSQL project reports: Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table...

6.5CVSS2AI score0.01633EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/04/10 12:0 a.m.•55 views

webkit2-gtk3 -- Multiple vulnerabilities

The WebKitGTK project reports many vulnerabilities, including several arbitrary code execution vulnerabilities...

9.3CVSS2.8AI score0.18108EPSS
Exploits9References2
FreeBSD
FreeBSD
•added 2019/01/31 12:0 a.m.•55 views

Gitlab -- Multiple vulnerabilities

Gitlab reports: Remote Command Execution via GitLab Pages Covert Redirect to Steal GitHub/Bitbucket Tokens Remote Mirror Branches Leaked by Git Transfer Refs Denial of Service with Markdown Guests Can View List of Group Merge Requests Guest Can View Merge Request Titles via System Notes Persisten...

9.8CVSS1.8AI score0.05471EPSS
Exploits16References1
FreeBSD
FreeBSD
•added 2019/01/15 12:0 a.m.•55 views

MySQL -- multiple vulnerabilities

Oracle reports: Please reference CVE/URL list for details Not all listed CVE's are present in all versions/flavors...

7.1CVSS1.6AI score0.0461EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/01/15 12:0 a.m.•55 views

ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet

Network Time Foundation reports: A crafted malicious authenticated mode 6 ntpq packet from a permitted network address can trigger a NULL pointer dereference, crashing ntpd. Note that for this attack to work, the sending system must be on an address that the target's ntpd accepts mode 6 packets...

7.5CVSS1.6AI score0.05726EPSS
Exploits2References4
FreeBSD
FreeBSD
•added 2017/11/29 12:0 a.m.•55 views

FreeBSD -- OpenSSL multiple vulnerabilities

Problem Description: If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. CVE-2017-3735 There is a carry propagating bug in the x8664 Montgomery squaring procedure. This only affects processors that support the BMI1, BMI2 and ADX extensio...

6.5CVSS7.2AI score0.17699EPSS
Exploits0
FreeBSD
FreeBSD
•added 2017/09/23 12:0 a.m.•55 views

wordpress -- multiple issues

wordpress developers report: Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Before versi...

7.5CVSS6.4AI score0.13385EPSS
Exploits1References12
FreeBSD
FreeBSD
•added 2017/03/07 12:0 a.m.•55 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: Please reference CVE/URL list for details...

10CVSS8.1AI score0.17484EPSS
Exploits21References2
FreeBSD
FreeBSD
•added 2016/10/28 12:0 a.m.•55 views

sudo -- Potential bypass of sudo_noexec.so via wordexp()

Todd C. Miller reports: A flaw exists in sudo's noexec functionality that may allow a user with sudo privileges to run additional commands even when the NOEXEC tag has been applied to a command that uses the wordexp function...

7.8CVSS3.7AI score0.00493EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/01 12:0 a.m.•55 views

php -- multiple vulnerabilities

PHP reports: Phar: Fixed bug 69720 Null pointer dereference in phargetfpoffset. Fixed bug 70433 Uninitialized pointer in pharmakedirstream when zip entry filename is "/"...

6.8CVSS8.5AI score0.10288EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/04/16 12:0 a.m.•55 views

Several vulnerabilities found in PHP

The PHP project reports: The PHP development team announces the immediate availability of PHP 5.4.40. 14 security-related bugs were fixed in this release, including CVE-2014-9709, CVE-2015-2301, CVE-2015-2783, CVE-2015-1352. All PHP 5.4 users are encouraged to upgrade to this version. The PHP...

7.5CVSS8.1AI score0.15531EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2014/10/15 12:0 a.m.•55 views

drupal7 -- SQL injection

Drupal Security Team reports: Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution...

7.5CVSS8AI score0.99974EPSS
Exploits20References2
FreeBSD
FreeBSD
•added 2014/07/19 12:0 a.m.•55 views

apache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: moddeflate: The DEFLATE input filter inflates request bodies now limits the length and compression ratio of inflated request bodies to avoid denial of service via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,...

6.1AI score
Exploits0
FreeBSD
FreeBSD
•added 2013/01/24 12:0 a.m.•55 views

wordpress -- multiple vulnerabilities

Wordpress reports: WordPress 3.5.1 also addresses the following security issues: A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress...

6.4CVSS6AI score0.28857EPSS
Exploits3
FreeBSD
FreeBSD
•added 2012/08/21 12:0 a.m.•55 views

wireshark -- denial of service in DRDA dissector

RedHat security team reports: A denial of service flaw was found in the way Distributed Relational Database Architecture DRDA dissector of Wireshark, a network traffic analyzer, performed processing of certain DRDA packet capture files. A remote attacker could create a specially-crafted capture...

4.3CVSS6.2AI score0.01565EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/07/17 12:0 a.m.•55 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-42 Miscellaneous memory safety hazards rv:14.0/ rv:10.0.6 MFSA 2012-43 Incorrect URL displayed in addressbar through drag and drop MFSA 2012-44 Gecko memory corruption MFSA 2012-45 Spoofing issue with location MFSA 2012-46 XSS through data: URLs MFSA 2012-47...

10CVSS9.5AI score0.05488EPSS
Exploits1References16
FreeBSD
FreeBSD
•added 2012/04/17 12:0 a.m.•56 views

Dokuwiki -- cross site scripting vulnerability

Andy Webber reports: Add User appears to be vulnerable to Cross Site Request Forgery CSRF/XSRF...

6.6AI score
Exploits0
FreeBSD
FreeBSD
•added 2009/09/17 12:0 a.m.•55 views

php5 -- Multiple security issues

Vendor reports Security Enhancements and Fixes in PHP 5.2.11: Fixed certificate validation inside phpopensslapplyverificationpolicy. Fixed sanity check for the color index in imagecolortransparent. Added missing sanity checks around exif processing. Fixed bug 44683 popen crashes when an invalid...

7.5CVSS6.7AI score0.0291EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/07/08 12:0 a.m.•55 views

FreeBSD -- DNS cache poisoning

Problem Description: The BIND DNS implementation does not randomize the UDP source port when doing remote queries, and the query id alone does not provide adequate randomization. Impact: The lack of source port randomization reduces the amount of data the attacker needs to guess in order to...

6.8CVSS7.1AI score0.95182EPSS
Exploits20
FreeBSD
FreeBSD
•added 2007/09/09 12:0 a.m.•55 views

lighttpd -- FastCGI header overrun in mod_fastcgi

lighttpd maintainer reports: Lighttpd is prone to a header overflow when using the modfastcgi extension, this can lead to arbitrary code execution in the fastcgi application. For a detailed description of the bug see the external reference. This bug was found by Mattias Bengtsson and Philip Olaus...

6.8CVSS7.4AI score0.12895EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2006/09/14 12:0 a.m.•55 views

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-64 Crashes with evidence of memory corruption rv:1.8.0.7 MFSA 2006-63...

10CVSS6.8AI score0.14074EPSS
Exploits1References8
FreeBSD
FreeBSD
•added 2005/08/09 12:0 a.m.•55 views

awstats -- arbitrary code execution vulnerability

An iDEFENSE Security Advisory reports: Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. The problem specifically exists because of insufficient input filtering before passing user-supplied data to an eval function. As part ...

5CVSS7AI score0.02665EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2004/08/23 12:0 a.m.•55 views

cups -- print queue browser denial-of-service

If the CUPS server cupsd receives a zero-length UDP message, it will disable its print queue browser service...

5CVSS6.4AI score0.26794EPSS
Exploits0References1
Total number of security vulnerabilities5000