Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2004/04/14 12:0 a.m.•55 views

neon format string vulnerabilities

Greuff reports that the neon WebDAV client library contains several format string bugs within error reporting code. A malicious server may exploit these bugs by sending specially crafted PROPFIND or PROPPATCH responses. Although several applications include neon, such as cadaver and subversion, t...

6.8CVSS6.5AI score0.11056EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2003/11/02 12:0 a.m.•55 views

grip -- CDDB response multiple matches buffer overflow vulnerability

Joseph VanAndel reports that grip is vulnerability to a buffer overflow vulnerability when receiving more than 16 CDDB responses. This could lead to a crash in grip and potentially execution arbitrary code. A workaround is to disable CDDB lookups...

7.5CVSS7AI score0.04621EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/04/11 12:0 a.m.•54 views

php -- Multiple vulnerabilities

This update includes 3 security fixes: High CVE-2024-1874: Command injection via array-ish $command parameter of procopen even if bypassshell option enabled on Windows High CVE-2024-1874: Command injection via array-ish $command parameter of procopen even if bypassshell option enabled on Windows...

9.4CVSS7.5AI score0.3786EPSS
Exploits4References4
FreeBSD
FreeBSD
•added 2024/02/14 12:0 a.m.•54 views

NodeJS -- Vulnerabilities

Node.js reports: Code injection and privilege escalation through Linux capabilities- High http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- High Path traversal by monkey-patching Buffer internals- High setuid does not drop all privileges due to iouring - Hi...

9.8CVSS7.9AI score0.03168EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/04/11 12:0 a.m.•54 views

libxml2 -- multiple vulnerabilities

The libxml2 project reports: Hashing of empty dict strings isn't deterministic Fix null deref in xmlSchemaFixupComplexType...

6.9AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2022/11/08 12:0 a.m.•54 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 10 security fixes, including: 1377816 High CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24 1372999 High CVE-2022-3886: Use after free in Speech Recognition. Reported by anonymous on 2022-10-10 1372695 High CVE-2022-3887: Use...

9.6CVSS0.5AI score0.00706EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/02/25 12:0 a.m.•54 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Runner registration token disclosure through Quick Actions Unprivileged users can add other users to groups through an API endpoint Inaccurate display of Snippet contents can be potentially misleading to users Environment variables can be leaked via the sendmail delivery method...

10CVSS3.8AI score0.80004EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2022/01/18 12:0 a.m.•54 views

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 78 new security patches for Oracle MySQL. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilitie...

7.5CVSS7.1AI score0.50445EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/04/13 12:0 a.m.•54 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains two security fixes: 1196781 High CVE-2021-21206: Use after free in Blink. Reported by Anonymous on 2021-04-07 1196683 High CVE-2021-21220: Insufficient validation of untrusted input in V8 for x8664. Reported by Bruno Keith @bkth and Niklas Baumstark...

8.8CVSS7.4AI score0.70435EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2020/08/17 12:0 a.m.•54 views

jenkins -- Buffer corruption in bundled Jetty

Jenkins Security Advisory: Description Critical SECURITY-1983 / CVE-2019-17638 Buffer corruption in bundled Jetty...

9.4CVSS1.6AI score0.11138EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/07/22 12:0 a.m.•54 views

PyYAML -- arbitrary code execution

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

9.8AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2019/12/13 12:0 a.m.•54 views

Template::Toolkit -- Directory traversal on write

Art Manion and Will Dormann report: By using an older and less-secure form of open, it is possible for untrusted template files to cause reads/writes outside of the template directories. This vulnerability is a component of the recent Citrix exploit...

9.8CVSS2.7AI score0.99999EPSS
Exploits48References2
FreeBSD
FreeBSD
•added 2019/03/20 12:0 a.m.•54 views

Gitlab -- Vulnerability

Gitlab reports: Project Runner Token Exposed Through Issues Quick Actions...

6.5CVSS2.6AI score0.01181EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/07/09 12:0 a.m.•54 views

clamav -- multiple vulnerabilities

Joel Esler reports: 3 security fixes in this release: CVE-2017-16932: Vulnerability in libxml2 dependency affects ClamAV on Windows only. CVE-2018-0360: HWP integer overflow, infinite loop vulnerability. Reported by Secunia Research at Flexera. CVE-2018-0361: ClamAV PDF object length check,...

7.5CVSS4AI score0.05928EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/01/03 12:0 a.m.•54 views

samba -- multiple vulnerabilities

The samba project reports: Missing null pointer checks may crash the external print server process. On a Samba 4 AD DC any authenticated user can change other user's passwords over LDAP, including the passwords of administrative users and service accounts...

8.8CVSS7.1AI score0.10308EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2017/04/19 12:0 a.m.•54 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: Please reference CVE/URL list for details...

9.8CVSS8AI score0.18756EPSS
Exploits26References3
FreeBSD
FreeBSD
•added 2016/09/16 12:0 a.m.•54 views

PHP -- multiple vulnerabilities

PHP reports: Fixed bug 73007 add locale length check Fixed bug 72293 Heap overflow in mysqlnd related to BIT fields Fixed bug 72928 Out of bound when verify signature of zip phar in pharparsezipfile Fixed bug 73029 Missing type check when unserializing SplArray Fixed bug 73052 Memory Corruption i...

9.8CVSS1.3AI score0.11402EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2016/06/23 12:0 a.m.•54 views

phpMyAdmin -- multiple vulnerabilities

Please reference CVE/URL list for details...

9.8CVSS1.8AI score0.81373EPSS
Exploits8References12
FreeBSD
FreeBSD
•added 2016/05/23 12:0 a.m.•54 views

libxml2 -- multiple vulnerabilities

Daniel Veillard reports: More format string warnings with possible format string vulnerability David Kilzer Avoid building recursive entities Daniel Veillard Heap-based buffer overread in htmlCurrentChar Pranjal Jumde Heap-based buffer-underreads due to xmlParseName David Kilzer Heap use-after-fr...

9.3CVSS0.1AI score0.07347EPSS
Exploits11References6
FreeBSD
FreeBSD
•added 2015/10/21 12:0 a.m.•54 views

ntp -- denial of service vulnerability

Network Time Foundation reports: NTF's NTP Project has been notified of the following 1 medium-severity vulnerability that is fixed in ntp-4.2.8p5, released on Thursday, 7 January 2016: NtpBug2956: Small-step/Big-step CVE-2015-5300...

7.5CVSS7.7AI score0.0913EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2015/09/08 12:0 a.m.•54 views

phpMyAdmin -- reCaptcha bypass

The phpMyAdmin development team reports: This vulnerability allows to complete the reCaptcha test and subsequently perform a brute force attack to guess user credentials without having to complete further reCaptcha tests. We consider this vulnerability to be non critical since reCaptcha is an...

5CVSS6.4AI score0.0979EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2015/06/11 12:0 a.m.•54 views

php5 -- multiple vulnerabilities

The PHP project reports: DOM and GD: Fixed bug 69719 Incorrect handling of paths with NULs. FTP: Improved fix for bug 69545 Integer overflow in ftpgenlist resulting in heap overflow. CVE-2015-4643 Postgres: Fixed bug 69667 segfault in phppgsqlmetadata. CVE-2015-4644...

9.8CVSS9.1AI score0.16948EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2015/04/13 12:0 a.m.•54 views

Ruby -- OpenSSL Hostname Verification Vulnerability

Ruby Developers report: After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates. Ruby’s OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. I...

5.9CVSS6.4AI score0.02815EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/12/19 12:0 a.m.•54 views

ntp -- multiple vulnerabilities

CERT reports: The Network Time Protocol NTP provides networked systems with a way to synchronize time for various services and applications. ntpd version 4.2.7 and previous versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed. ntp-keygen prior...

7.5CVSS7.8AI score0.7809EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2013/08/06 12:0 a.m.•54 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-63 Miscellaneous memory safety hazards rv:23.0 / rv:17.0.8 MFSA 2013-64 Use after free mutating DOM during SetBody MFSA 2013-65 Buffer underflow when generating CRMF requests MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater MFS...

10CVSS8.1AI score0.40118EPSS
Exploits15References11
FreeBSD
FreeBSD
•added 2013/07/09 12:0 a.m.•54 views

otrs -- Sql Injection + Xss Issue

The OTRS Project reports: An attacker with a valid agent login could manipulate URLs leading to SQL injection. An attacker with a valid agent login could manipulate URLs in the ITSM ConfigItem search, leading to a JavaScript code injection XSS problem...

8.8CVSS7.8AI score0.01322EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/02/11 12:0 a.m.•54 views

Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON

Aaron Patterson reports: When parsing certain JSON documents, the JSON gem can be coerced in to creating Ruby symbols in a target system. Since Ruby symbols are not garbage collected, this can result in a denial of service attack. The same technique can be used to create objects in a target syste...

7.5CVSS7.6AI score0.13911EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/01/08 12:0 a.m.•54 views

rubygem-rails -- multiple vulnerabilities

Ruby on Rails team reports: Two high-risk vulnerabilities have been discovered: CVE-2013-0155 There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. Due to the way Active Record interprets parameters in combination with the way that JSON parameters are...

7.5CVSS8.7AI score0.99449EPSS
Exploits22References3
FreeBSD
FreeBSD
•added 2013/01/08 12:0 a.m.•54 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-01 Miscellaneous memory safety hazards rv:18.0/ rv:10.0.12 / rv:17.0.2 MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer MFSA 2013-03 Buffer Overflow in Canvas MFSA 2013-04 URL spoofing in addressbar during page loads MFSA...

10CVSS10.1AI score0.73364EPSS
Exploits30References21
FreeBSD
FreeBSD
•added 2011/09/27 12:0 a.m.•54 views

Mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2011-36 Miscellaneous memory safety hazards rv:7.0 / rv:1.9.2.23 MFSA 2011-37 Integer underflow when using JavaScript RegExp MFSA 2011-38 XSS via plugins and shadowed window.location object MFSA 2011-39 Defense against multiple Location headers due to CRLF...

10CVSS9.8AI score0.05312EPSS
Exploits5References10
FreeBSD
FreeBSD
•added 2011/01/26 12:0 a.m.•54 views

opera -- multiple vulnerabilities

Opera reports: Opera 11.01 is a recommended upgrade offering security and stability enhancements. The following security vulnerabilities have been fixed: Removed support for "javascript:" URLs in CSS -o-link values, to make it easier for sites to filter untrusted CSS. Fixed an issue where large...

9.3CVSS1.8AI score0.05637EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2008/07/31 12:0 a.m.•54 views

vim6 -- heap-based overflow while parsing shell metacharacters

Description for CVE-2008-3432 says: Heap-based buffer overflow in the mchexpandwildcards function in osunix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case...

6.8CVSS7.8AI score0.0862EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/03/19 12:0 a.m.•54 views

libtremor -- multiple vulnerabilities

The RedHat Project reports: Will Drewry of the Google Security Team reported multiple issues in OGG Vorbis and Tremor libraries, that could cause application using those libraries to crash NULL pointer dereference or divide by zero, enter an infinite loop or cause heap overflow caused by integer...

9.3CVSS6.7AI score0.08126EPSS
Exploits2References4
FreeBSD
FreeBSD
•added 2007/10/12 12:0 a.m.•55 views

phpmyadmin -- cross-site scripting vulnerability

SecurityFocus reports: phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

4.3CVSS6.2AI score0.03326EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2004/12/16 12:0 a.m.•54 views

php -- multiple vulnerabilities

Secunia reports: Multiple vulnerabilities have been reported in PHP, which can be exploited to gain escalated privileges, bypass certain security restrictions, gain knowledge of sensitive information, or compromise a vulnerable system...

6.9AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2004/03/07 12:0 a.m.•54 views

Apache 1.3 IP address access control failure on some 64-bit platforms

Henning Brauer discovered a programming error in Apache 1.3's modaccess that results in the netmasks in IP address access control rules being interpreted incorrectly on 64-bit, big-endian platforms. In some cases, this could cause a deny from' IP address access control rule including a netmask to...

7.5CVSS6.4AI score0.09744EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2025/03/13 12:0 a.m.•53 views

shibboleth-sp -- Parameter manipulation allows the forging of signed SAML messages

The Shibboleth Project reports: An updated version of the OpenSAML C++ library is available which corrects a parameter manipulation vulnerability when using SAML bindings that rely on non-XML signatures. The Shibboleth Service Provider is impacted by this issue, and it manifests as a critical...

6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/25 12:0 a.m.•53 views

Gitlab -- vulnerabilities

Gitlab reports: Arbitrary file write while creating workspace ReDoS in Cargo.toml blob viewer Arbitrary API PUT requests via HTML injection in user's name Disclosure of the public email in Tags RSS Feed Non-Member can update MR Assignees of owned MRs...

9.9CVSS7.1AI score0.04392EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2023/03/29 12:0 a.m.•53 views

xorg-server -- Overlay Window Use-After-Free

The X.Org project reports: ZDI-CAN-19866/CVE-2023-1393: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability If a client explicitly destroys the compositor overlay window aka COW, the Xserver would leave a dangling pointer to that window in the CompScreen structure,...

7.8CVSS7.5AI score0.0044EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/08/23 12:0 a.m.•53 views

gitea -- multiple issues

The Gitea team reports: Remove ReverseProxy authentication from the API Support Go Vulnerability Management Forbid HTML string tooltips...

1.9AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2022/06/27 12:0 a.m.•53 views

Grafana -- OAuth Account Takeover

Grafana Labs reports: It is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under some conditions...

7.5CVSS3.9AI score0.02039EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/04/27 12:0 a.m.•53 views

cURL -- Multiple vulnerabilities

The cURL project reports: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 Credential leak on redirect CVE-2022-27774 Bad local IPv6 connection reuse CVE-2022-27775 Auth/cookie leak on redirect CVE-2022-27776...

8.1CVSS1.6AI score0.03425EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2022/04/11 12:0 a.m.•53 views

Chromium -- mulitple vulnerabilities

Chrome Releases reports: This release contains 11 security fixes, including: 1285234 High CVE-2022-1305: Use after free in storage. Reported by Anonymous on 2022-01-07 1299287 High CVE-2022-1306: Inappropriate implementation in compositing. Reported by Sven Dysthe on 2022-02-21 1301873 High...

9.6CVSS0.3AI score0.00898EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2021/08/31 12:0 a.m.•53 views

Node.js -- August 2021 Security Releases (2)

Node.js reports: npm 6 update - node-tar, arborist, npm cli modules These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal...

8.6CVSS2.7AI score0.15014EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/04/14 12:0 a.m.•53 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 37 security fixes, including: 1025683 High CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu, Jianyu Chen at Tencent Keen Security Lab on 2019-11-18 1188889 High CVE-2021-21202: Use after free in extensions. Reported by David...

9.6CVSS1.1AI score0.34466EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/10/29 12:0 a.m.•53 views

samba -- Multiple Vulnerabilities

The Samba Team reports: CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify CVE-2020-14323: Unprivileged user can crash winbind CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records...

6.5CVSS1.3AI score0.0218EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2019/12/10 12:0 a.m.•53 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Path traversal with potential remote code execution Disclosure of private code via Elasticsearch integration Update Git dependency...

9.8CVSS5AI score0.03691EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2019/06/20 12:0 a.m.•53 views

Mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2019-11707: Type confusion in Array.pop A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. CVE-2019-11708...

10CVSS1.4AI score0.55874EPSS
Exploits14References1
FreeBSD
FreeBSD
•added 2019/02/07 12:0 a.m.•53 views

curl -- multiple vulnerabilities

curl security problems: CVE-2018-16890: NTLM type-2 out-of-bounds buffer read libcurl contains a heap buffer out-of-bounds read flaw. The function handling incoming NTLM type-2 messages lib/vauth/ntlm.c:ntlmdecodetype2target does not validate incoming data correctly and is subject to an integer...

9.8CVSS0.9AI score0.12771EPSS
Exploits2References4
FreeBSD
FreeBSD
•added 2018/04/17 12:0 a.m.•53 views

MySQL -- multiple vulnerabilities

Oracle reports: MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Access Data and Gain Elevated Privileges A local user can exploit a flaw in the Replication component to gain elevated privileges CVE-2018-2755. A remot...

7.7CVSS2.1AI score0.0401EPSS
Exploits0References1
Total number of security vulnerabilities5000