Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2019/12/10 12:0 a.m.•53 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Path traversal with potential remote code execution Disclosure of private code via Elasticsearch integration Update Git dependency...

9.8CVSS5AI score0.03691EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2019/11/06 12:0 a.m.•53 views

GNU cpio -- multiple vulnerabilities

Sergey Poznyakoff reports: This stable release fixes several potential vulnerabilities CVE-2015-1197: cpio, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2016-2037: The cpiosafernamesuffix function i...

7.3CVSS7.1AI score0.05484EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2019/06/20 12:0 a.m.•53 views

Mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2019-11707: Type confusion in Array.pop A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. CVE-2019-11708...

10CVSS1.4AI score0.55874EPSS
Exploits14References1
FreeBSD
FreeBSD
•added 2019/02/07 12:0 a.m.•53 views

curl -- multiple vulnerabilities

curl security problems: CVE-2018-16890: NTLM type-2 out-of-bounds buffer read libcurl contains a heap buffer out-of-bounds read flaw. The function handling incoming NTLM type-2 messages lib/vauth/ntlm.c:ntlmdecodetype2target does not validate incoming data correctly and is subject to an integer...

9.8CVSS0.9AI score0.12771EPSS
Exploits2References4
FreeBSD
FreeBSD
•added 2018/04/17 12:0 a.m.•53 views

MySQL -- multiple vulnerabilities

Oracle reports: MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Access Data and Gain Elevated Privileges A local user can exploit a flaw in the Replication component to gain elevated privileges CVE-2018-2755. A remot...

7.7CVSS2.1AI score0.0401EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/03/28 12:0 a.m.•53 views

ruby -- multiple vulnerabilities

Ruby news: CVE-2017-17742: HTTP response splitting in WEBrick If a script accepts an external input and outputs it without modification as a part of HTTP responses, an attacker can use newline characters to deceive the clients that the HTTP response header is stopped at there, and can inject fake...

9.1CVSS7.6AI score0.10552EPSS
Exploits0References9
FreeBSD
FreeBSD
•added 2018/02/26 12:0 a.m.•53 views

payara -- Default typing issue in Jackson Databind

FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS4.2AI score0.20135EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/11/14 12:0 a.m.•53 views

Flash Player -- multiple vulnerabilities

Adobe reports: These updates resolve out-of-bounds read vulnerabilities that could lead to remote code execution CVE-2017-3112, CVE-2017-3114, CVE-2017-11213. These updates resolve use after free vulnerabilities that could lead to remote code execution CVE-2017-11215, CVE-2017-11225...

10CVSS9.8AI score0.06518EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/10/26 12:0 a.m.•53 views

PHP -- denial of service attack

The PHP project reports: The PHP development team announces the immediate availability of PHP 5.6.32. This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version. The PHP development team announces the immediate...

9.8CVSS9.2AI score0.07791EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2017/10/18 12:0 a.m.•53 views

MySQL -- multiple vulnerabilities

Oracle reports: Please reference CVE/URL list for details...

7.5CVSS6.7AI score0.04291EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/09/21 12:0 a.m.•53 views

ImageMagick -- denial of service via a crafted font file

MITRE reports: The ReadCAPTIONImage function in coders/caption.c in ImageMagick allows remote attackers to cause a denial of service infinite loop via a crafted font file...

6.5CVSS7.4AI score0.01375EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2017/05/10 12:0 a.m.•53 views

libxml2 -- Multiple Issues

libxml2 developers report: The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service buffer over-read or information disclosure. A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent i...

7.5CVSS7.4AI score0.07347EPSS
Exploits5References6
FreeBSD
FreeBSD
•added 2017/01/21 12:0 a.m.•53 views

icu -- multiple vulnerabilities

NVD reports: International Components for Unicode ICU for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utextsetNativeIndex function. International Components for Unicode ICU for C/C++...

7.5CVSS2.7AI score0.0463EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2016/12/08 12:0 a.m.•53 views

PHP -- multiple vulnerabilities

The PHP project reports: Use After Free Vulnerability in unserialize CVE-2016-9936 Invalid read when wddx decodes empty boolean element CVE-2016-9935...

9.8CVSS1.9AI score0.07031EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2016/09/22 12:0 a.m.•53 views

OpenSSL -- multiple vulnerabilities

OpenSSL reports: High: OCSP Status Request extension unbounded memory growth SSLpeek hang on empty record SWEET32 Mitigation OOB write in MDC2Update Malformed SHA512 ticket DoS OOB write in BNbn2dec OOB read in TSOBJprintbio Pointer arithmetic undefined behaviour Constant time flag not preserved ...

9.8CVSS0.4AI score0.95707EPSS
Exploits9References1
FreeBSD
FreeBSD
•added 2016/08/27 12:0 a.m.•53 views

mupdf -- multiple vulnerabilities

Tobias Kortkamp reports: Heap-based buffer overflow in the pdfloadmeshparams function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service crash or execute arbitrary code via a large decode array. Use-after-free vulnerability in the pdfloadxref function in pdf/pdf-xref...

9.8CVSS7.4AI score0.03772EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2016/05/03 12:0 a.m.•53 views

chromium -- vulnerability

Google Chrome Releases reports: 45 security fixes in this release: 758848 High CVE-2017-11215: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25 758863 High CVE-2017-11225: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25 780919 High...

10CVSS8.4AI score0.60304EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2016/04/19 12:0 a.m.•53 views

MySQL -- multiple vulnerabilities

Oracle reports reports: Critical Patch Update contains 31 new security fixes for Oracle MySQL 5.5.48, 5.6.29, 5.7.11 and earlier...

10CVSS8AI score0.44016EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2012/10/09 12:0 a.m.•53 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-74 Miscellaneous memory safety hazards rv:16.0/ rv:10.0.8 MFSA 2012-75 select element persistance allows for attacks MFSA 2012-76 Continued access to initial origin after setting document.domain MFSA 2012-77 Some DOMWindowUtils methods bypass security checks...

10CVSS10.2AI score0.42609EPSS
Exploits9References17
FreeBSD
FreeBSD
•added 2010/04/22 12:0 a.m.•53 views

tomcat -- information disclosure vulnerability

The Apache software foundation reports: The "WWW-Authenticate" header for BASIC and DIGEST authentication includes a realm name. If a element is specified for the application in web.xml it will be used. However, a is not specified then Tomcat will generate one. In some circumstances this can expo...

2.6CVSS6.2AI score0.52507EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2008/07/03 12:0 a.m.•53 views

mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths

MySQL Team reports: Additional corrections were made for the symlink-related privilege problem originally addressed. The original fix did not correctly handle the data directory pathname if it contained symlinked directories in its path, and the check was made only at table-creation time, not at...

4.6CVSS6.7AI score0.02588EPSS
Exploits2References6
FreeBSD
FreeBSD
•added 2007/11/08 12:0 a.m.•53 views

php -- multiple security vulnerabilities

PHP project reports: Security Enhancements and Fixes in PHP 5.2.5: Fixed dl to only accept filenames. Reported by Laurent Gaffie. Fixed dl to limit argument size to MAXPATHLEN CVE-2007-4887. Reported by Laurent Gaffie. Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences...

4.3CVSS6.6AI score0.01727EPSS
Exploits1
FreeBSD
FreeBSD
•added 2006/03/22 12:0 a.m.•53 views

sendmail -- race condition vulnerability

Problem Description A race condition has been reported to exist in the handling by sendmail of asynchronous signals. Impact A remote attacker may be able to execute arbitrary code with the privileges of the user running sendmail, typically root. Workaround There is no known workaround other than...

7.6CVSS7.4AI score0.28144EPSS
Exploits0
FreeBSD
FreeBSD
•added 2004/09/13 12:0 a.m.•53 views

mozilla -- scripting vulnerabilities

Several scripting vulnerabilities were discovered and corrected in Mozilla: CVE-2004-0905 javascript; links dragged onto another frame or page allows an attacker to steal or modify sensitive information from other sites. The user could be convinced to drag obscurred links in the context of a game...

5.1CVSS6.5AI score0.03049EPSS
Exploits3References3
FreeBSD
FreeBSD
•added 2004/05/25 12:0 a.m.•53 views

libxine -- multiple buffer overflows in RTSP

A xine security announcement states: Multiple vulnerabilities have been found and fixed in the Real-Time Streaming Protocol RTSP client for RealNetworks servers, including a series of potentially remotely exploitable buffer overflows. This is a joint advisory by the MPlayer and xine teams as the...

10CVSS7.6AI score0.05116EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2025/02/21 12:0 a.m.•52 views

exim -- SQL injection

[email protected] reports: Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection...

9.8CVSS8.1AI score0.75782EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2023/05/05 12:0 a.m.•52 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Malicious Runner Attachment via GraphQL...

9.6CVSS7.1AI score0.05042EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/09/29 12:0 a.m.•52 views

Gitlab -- Multiple vulnerabilities

Gitlab reports: Denial of Service via cloning an issue Arbitrary PUT request as victim user through Sentry error list Content injection via External Status Checks Project maintainers can access Datadog API Key from logs Unsafe serialization of Json data could lead to sensitive data leakage Import...

7.5CVSS0.7AI score0.01349EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2022/06/22 12:0 a.m.•52 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-2781 / CVE-2022-34170 SECURITY-2779, CVE-2022-34171 SECURITY-2761, CVE-2022-34172 SECURITY-2776, CVE-2022-34173 SECURITY-2780 Multiple XSS vulnerabilities Medium SECURITY-2566 / CVE-2022-34174 Observable timing discrepancy allows determining...

7.5CVSS1.4AI score0.01361EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/01/18 12:0 a.m.•52 views

Grafana -- CSRF

Grafana Labs reports: On Jan. 18, security researchers @jub0bs and @abrahack contacted Grafana to disclose a CSRF vulnerability which allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example, Editors or...

8.8CVSS3.7AI score0.02236EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/05/27 12:0 a.m.•52 views

FreeBSD-kernel -- SMAP bypass

Problem Description: The FreeBSD kernel enables SMAP during boot when the CPU reports that the SMAP capability is present. Subroutines such as copyin and copyout are responsible for disabling SMAP around the sections of code that perform user memory accesses. Such subroutines must handle page...

7.5CVSS7.4AI score0.01249EPSS
Exploits1
FreeBSD
FreeBSD
•added 2021/04/08 12:0 a.m.•52 views

tomcat -- JNDI Realm Authentication Weakness in multiple versions

ilja.farber reports: Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for users to authenticate...

6.5CVSS3.3AI score0.09886EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/01/26 12:0 a.m.•52 views

sudo -- Multiple vulnerabilities

Todd C. Miller reports: When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. Fixed a potential buffer overflow...

7.8CVSS8.5AI score0.99295EPSS
Exploits81References1
FreeBSD
FreeBSD
•added 2020/09/08 12:0 a.m.•52 views

Node.js -- September 2020 Security Releases

Node.js reports: Updates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues. HTTP Request Smuggling due to CR-to-Hyphen conversion High CVE-2020-8201 Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing...

7.8CVSS1.5AI score0.08794EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/06/20 12:0 a.m.•52 views

Mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2019-11708: sandbox escape using Prompt:Open Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When...

10CVSS2.6AI score0.55874EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2018/07/17 12:0 a.m.•52 views

MySQL -- multiple vulnerabilities

Oracle reports: Multiple vulnerabilities have been disclosed by Oracle without further detail. CVSS scores 7.1 - 2.7...

7.1CVSS1.8AI score0.19295EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/06/30 12:0 a.m.•52 views

Several Security Defects in the Bouncy Castle Crypto APIs

The Legion of the Bouncy Castle reports: Release 1.60 is now available for download. CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API. CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS...

9.8CVSS4.1AI score0.04767EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/03/27 12:0 a.m.•52 views

OpenSSL -- multiple vulnerabilities

The OpenSSL project reports: Constructed ASN.1 types with a recursive definition could exceed the stack CVE-2018-0739 Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could resu...

6.5CVSS7.2AI score0.19295EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/08 12:0 a.m.•52 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: Please reference CVE/URL list for details...

10CVSS2AI score0.13697EPSS
Exploits24References1
FreeBSD
FreeBSD
•added 2017/01/24 12:0 a.m.•52 views

phpMyAdmin -- Multiple vulnerabilities

The phpMyAdmin development team reports: Open redirect php-gettext code execution DOS vulnerability in table editing CSS injection in themes Cookie attribute injection attack SSRF in replication DOS in replication status...

9.8CVSS9.5AI score0.06711EPSS
Exploits1References7
FreeBSD
FreeBSD
•added 2016/09/26 12:0 a.m.•52 views

OpenSSL -- multiple vulnerabilities

OpenSSL reports: Critical vulnerability in OpenSSL 1.1.0a Fix Use After Free for large message sizes CVE-2016-6309 Moderate vulnerability in OpenSSL 1.0.2i Missing CRL sanity check CVE-2016-7052...

10CVSS1.7AI score0.70223EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2016/06/18 12:0 a.m.•52 views

wordpress -- multiple vulnerabilities

Adam Silverstein reports: WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reporte...

7.5CVSS1.7AI score0.04084EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2016/01/22 12:0 a.m.•52 views

openssl -- multiple vulnerabilities

OpenSSL project reports: Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently in version 1.0.2 support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Wher...

5.9CVSS6.6AI score0.83645EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2015/12/21 12:0 a.m.•52 views

qemu -- denial of service vulnerability in MegaRAID SAS HBA emulation

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the SCSI MegaRAID SAS HBA emulation support is vulnerable to a stack buffer overflow issue. It occurs while processing the SCSI controller's CTRLGETINFO command. A privileged guest user could use this flaw to crash...

6.5CVSS7.8AI score0.00411EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2015/11/10 12:0 a.m.•52 views

MySQL - Multiple vulnerabilities

Oracle reports: Critical Patch Update: MySQL Server, versions 5.5.45 and prior, 5.6.26 and prior...

4CVSS7AI score0.30146EPSS
Exploits6References5
FreeBSD
FreeBSD
•added 2014/10/15 12:0 a.m.•52 views

OpenSSL -- multiple vulnerabilities

The OpenSSL Project reports: A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects...

7.1CVSS5.3AI score0.99999EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2014/06/24 12:0 a.m.•52 views

FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3)

Problem Description: A specifically crafted Composite Document File CDF file can trigger an out-of-bounds read or an invalid pointer dereference. CVE-2012-1571 A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. CVE-2013-7345 A...

6.5CVSS7.6AI score0.0507EPSS
Exploits3
FreeBSD
FreeBSD
•added 2014/03/11 12:0 a.m.•52 views

samba -- multiple vulnerabilities

Samba project reports: In Samba's SAMR server we neglect to ensure that attempted password changes will update the bad password count, nor set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available...

5.8CVSS8.3AI score0.10642EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2011/07/12 12:0 a.m.•52 views

libsndfile -- PAF file processing integer overflow

Secunia reports: Hossein Lotfi has discovered a vulnerability in libsndfile, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to an integer overflow error in the "paf24init" function src/paf.c when processing...

6.8CVSS7.1AI score0.04647EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/07/02 12:0 a.m.•52 views

phpmyadmin -- multiple vulnerabilities

The phpMyAdmin development team reports: It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks. An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can...

7.5CVSS6.7AI score0.12879EPSS
Exploits18References4
Total number of security vulnerabilities5000