Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2022/04/11 12:0 a.m.•53 views

Chromium -- mulitple vulnerabilities

Chrome Releases reports: This release contains 11 security fixes, including: 1285234 High CVE-2022-1305: Use after free in storage. Reported by Anonymous on 2022-01-07 1299287 High CVE-2022-1306: Inappropriate implementation in compositing. Reported by Sven Dysthe on 2022-02-21 1301873 High...

9.6CVSS0.3AI score0.00898EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2021/08/31 12:0 a.m.•53 views

Node.js -- August 2021 Security Releases (2)

Node.js reports: npm 6 update - node-tar, arborist, npm cli modules These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal...

8.6CVSS2.7AI score0.15014EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/01/26 12:0 a.m.•53 views

sudo -- Multiple vulnerabilities

Todd C. Miller reports: When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. Fixed a potential buffer overflow...

7.8CVSS8.5AI score0.99295EPSS
Exploits81References1
FreeBSD
FreeBSD
•added 2020/10/29 12:0 a.m.•53 views

samba -- Multiple Vulnerabilities

The Samba Team reports: CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify CVE-2020-14323: Unprivileged user can crash winbind CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records...

6.5CVSS1.3AI score0.0218EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2019/12/10 12:0 a.m.•53 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Path traversal with potential remote code execution Disclosure of private code via Elasticsearch integration Update Git dependency...

9.8CVSS5AI score0.03691EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2019/11/06 12:0 a.m.•53 views

GNU cpio -- multiple vulnerabilities

Sergey Poznyakoff reports: This stable release fixes several potential vulnerabilities CVE-2015-1197: cpio, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2016-2037: The cpiosafernamesuffix function i...

7.3CVSS7.1AI score0.05484EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2019/06/20 12:0 a.m.•53 views

Mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2019-11707: Type confusion in Array.pop A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. CVE-2019-11708...

10CVSS1.4AI score0.55874EPSS
Exploits14References1
FreeBSD
FreeBSD
•added 2019/02/07 12:0 a.m.•53 views

curl -- multiple vulnerabilities

curl security problems: CVE-2018-16890: NTLM type-2 out-of-bounds buffer read libcurl contains a heap buffer out-of-bounds read flaw. The function handling incoming NTLM type-2 messages lib/vauth/ntlm.c:ntlmdecodetype2target does not validate incoming data correctly and is subject to an integer...

9.8CVSS0.9AI score0.12771EPSS
Exploits2References4
FreeBSD
FreeBSD
•added 2018/04/17 12:0 a.m.•53 views

MySQL -- multiple vulnerabilities

Oracle reports: MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Access Data and Gain Elevated Privileges A local user can exploit a flaw in the Replication component to gain elevated privileges CVE-2018-2755. A remot...

7.7CVSS2.1AI score0.0401EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/03/28 12:0 a.m.•53 views

ruby -- multiple vulnerabilities

Ruby news: CVE-2017-17742: HTTP response splitting in WEBrick If a script accepts an external input and outputs it without modification as a part of HTTP responses, an attacker can use newline characters to deceive the clients that the HTTP response header is stopped at there, and can inject fake...

9.1CVSS7.6AI score0.10552EPSS
Exploits0References9
FreeBSD
FreeBSD
•added 2018/02/26 12:0 a.m.•53 views

payara -- Default typing issue in Jackson Databind

FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS4.2AI score0.20135EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/11/14 12:0 a.m.•53 views

Flash Player -- multiple vulnerabilities

Adobe reports: These updates resolve out-of-bounds read vulnerabilities that could lead to remote code execution CVE-2017-3112, CVE-2017-3114, CVE-2017-11213. These updates resolve use after free vulnerabilities that could lead to remote code execution CVE-2017-11215, CVE-2017-11225...

10CVSS9.8AI score0.06518EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/10/26 12:0 a.m.•53 views

PHP -- denial of service attack

The PHP project reports: The PHP development team announces the immediate availability of PHP 5.6.32. This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version. The PHP development team announces the immediate...

9.8CVSS9.2AI score0.07791EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2017/10/18 12:0 a.m.•53 views

MySQL -- multiple vulnerabilities

Oracle reports: Please reference CVE/URL list for details...

7.5CVSS6.7AI score0.04291EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/05/10 12:0 a.m.•53 views

libxml2 -- Multiple Issues

libxml2 developers report: The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service buffer over-read or information disclosure. A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent i...

7.5CVSS7.4AI score0.07347EPSS
Exploits5References6
FreeBSD
FreeBSD
•added 2017/01/24 12:0 a.m.•53 views

phpMyAdmin -- Multiple vulnerabilities

The phpMyAdmin development team reports: Open redirect php-gettext code execution DOS vulnerability in table editing CSS injection in themes Cookie attribute injection attack SSRF in replication DOS in replication status...

9.8CVSS9.5AI score0.06711EPSS
Exploits1References7
FreeBSD
FreeBSD
•added 2017/01/21 12:0 a.m.•53 views

icu -- multiple vulnerabilities

NVD reports: International Components for Unicode ICU for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utextsetNativeIndex function. International Components for Unicode ICU for C/C++...

7.5CVSS2.7AI score0.0463EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2016/12/08 12:0 a.m.•53 views

PHP -- multiple vulnerabilities

The PHP project reports: Use After Free Vulnerability in unserialize CVE-2016-9936 Invalid read when wddx decodes empty boolean element CVE-2016-9935...

9.8CVSS1.9AI score0.07031EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2016/11/30 12:0 a.m.•53 views

Mozilla -- SVG Animation Remote Code Execution

The Mozilla Foundation reports: A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows...

7.5CVSS4.3AI score0.87598EPSS
Exploits13References1
FreeBSD
FreeBSD
•added 2016/09/22 12:0 a.m.•53 views

OpenSSL -- multiple vulnerabilities

OpenSSL reports: High: OCSP Status Request extension unbounded memory growth SSLpeek hang on empty record SWEET32 Mitigation OOB write in MDC2Update Malformed SHA512 ticket DoS OOB write in BNbn2dec OOB read in TSOBJprintbio Pointer arithmetic undefined behaviour Constant time flag not preserved ...

9.8CVSS0.4AI score0.95707EPSS
Exploits9References1
FreeBSD
FreeBSD
•added 2016/08/27 12:0 a.m.•53 views

mupdf -- multiple vulnerabilities

Tobias Kortkamp reports: Heap-based buffer overflow in the pdfloadmeshparams function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service crash or execute arbitrary code via a large decode array. Use-after-free vulnerability in the pdfloadxref function in pdf/pdf-xref...

9.8CVSS7.4AI score0.03772EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2016/06/18 12:0 a.m.•53 views

wordpress -- multiple vulnerabilities

Adam Silverstein reports: WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reporte...

7.5CVSS1.7AI score0.04084EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2014/03/11 12:0 a.m.•53 views

samba -- multiple vulnerabilities

Samba project reports: In Samba's SAMR server we neglect to ensure that attempted password changes will update the bad password count, nor set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available...

5.8CVSS8.3AI score0.10642EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2012/10/09 12:0 a.m.•53 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-74 Miscellaneous memory safety hazards rv:16.0/ rv:10.0.8 MFSA 2012-75 select element persistance allows for attacks MFSA 2012-76 Continued access to initial origin after setting document.domain MFSA 2012-77 Some DOMWindowUtils methods bypass security checks...

10CVSS10.2AI score0.42609EPSS
Exploits9References17
FreeBSD
FreeBSD
•added 2011/01/26 12:0 a.m.•53 views

isc-dhcp-server -- DHCPv6 crash

ISC reports: When the DHCPv6 server code processes a message for an address that was previously declined and internally tagged as abandoned it can trigger an assert failure resulting in the server crashing. This could be used to crash DHCPv6 servers remotely. This issue only affects DHCPv6 server...

7.8CVSS2AI score0.32751EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2010/04/22 12:0 a.m.•53 views

tomcat -- information disclosure vulnerability

The Apache software foundation reports: The "WWW-Authenticate" header for BASIC and DIGEST authentication includes a realm name. If a element is specified for the application in web.xml it will be used. However, a is not specified then Tomcat will generate one. In some circumstances this can expo...

2.6CVSS6.2AI score0.52507EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2008/07/03 12:0 a.m.•53 views

mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths

MySQL Team reports: Additional corrections were made for the symlink-related privilege problem originally addressed. The original fix did not correctly handle the data directory pathname if it contained symlinked directories in its path, and the check was made only at table-creation time, not at...

4.6CVSS6.7AI score0.02588EPSS
Exploits2References6
FreeBSD
FreeBSD
•added 2007/11/08 12:0 a.m.•53 views

php -- multiple security vulnerabilities

PHP project reports: Security Enhancements and Fixes in PHP 5.2.5: Fixed dl to only accept filenames. Reported by Laurent Gaffie. Fixed dl to limit argument size to MAXPATHLEN CVE-2007-4887. Reported by Laurent Gaffie. Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences...

4.3CVSS6.6AI score0.01727EPSS
Exploits1
FreeBSD
FreeBSD
•added 2006/03/22 12:0 a.m.•53 views

sendmail -- race condition vulnerability

Problem Description A race condition has been reported to exist in the handling by sendmail of asynchronous signals. Impact A remote attacker may be able to execute arbitrary code with the privileges of the user running sendmail, typically root. Workaround There is no known workaround other than...

7.6CVSS7.4AI score0.28144EPSS
Exploits0
FreeBSD
FreeBSD
•added 2004/09/13 12:0 a.m.•53 views

mozilla -- scripting vulnerabilities

Several scripting vulnerabilities were discovered and corrected in Mozilla: CVE-2004-0905 javascript; links dragged onto another frame or page allows an attacker to steal or modify sensitive information from other sites. The user could be convinced to drag obscurred links in the context of a game...

5.1CVSS6.5AI score0.03049EPSS
Exploits3References3
FreeBSD
FreeBSD
•added 2004/05/25 12:0 a.m.•53 views

libxine -- multiple buffer overflows in RTSP

A xine security announcement states: Multiple vulnerabilities have been found and fixed in the Real-Time Streaming Protocol RTSP client for RealNetworks servers, including a series of potentially remotely exploitable buffer overflows. This is a joint advisory by the MPlayer and xine teams as the...

10CVSS7.6AI score0.05116EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2025/02/21 12:0 a.m.•52 views

exim -- SQL injection

[email protected] reports: Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection...

9.8CVSS8.1AI score0.75782EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2024/03/14 12:0 a.m.•52 views

amavisd-new -- multipart boundary confusion

The Amavis project reports: Emails which consist of multiple parts Content-Type: multipart/ incorporate boundary information stating at which point one part ends and the next part begins. A boundary is announced by an Content-Type header's boundary parameter. To our current knowledge, RFC2046 and...

7.4CVSS6.9AI score0.00826EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/27 12:0 a.m.•52 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 324596281 High CVE-2024-1938: Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-11 323694592 High CVE-2024-1939: Type Confusion in V8. Reported by Bohan Liu @P4nda20371774 of Tencent Security Xuanwu Lab on...

8.8CVSS7.1AI score0.02578EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2023/05/05 12:0 a.m.•52 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Malicious Runner Attachment via GraphQL...

9.6CVSS7.1AI score0.05042EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/02/07 12:0 a.m.•52 views

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 High: There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for...

7.5CVSS7.2AI score0.59501EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/09/29 12:0 a.m.•52 views

Gitlab -- Multiple vulnerabilities

Gitlab reports: Denial of Service via cloning an issue Arbitrary PUT request as victim user through Sentry error list Content injection via External Status Checks Project maintainers can access Datadog API Key from logs Unsafe serialization of Json data could lead to sensitive data leakage Import...

7.5CVSS0.7AI score0.01349EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2022/06/22 12:0 a.m.•52 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-2781 / CVE-2022-34170 SECURITY-2779, CVE-2022-34171 SECURITY-2761, CVE-2022-34172 SECURITY-2776, CVE-2022-34173 SECURITY-2780 Multiple XSS vulnerabilities Medium SECURITY-2566 / CVE-2022-34174 Observable timing discrepancy allows determining...

7.5CVSS1.4AI score0.01361EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/03/03 12:0 a.m.•52 views

asterisk -- multiple vulnerabilities

The Asterisk project reports: AST-2022-004 - The header length on incoming STUN messages that contain an ERROR-CODE attribute is not properly checked. This can result in an integer underflow. Note, this requires ICE or WebRTC support to be in use with a malicious remote party. AST-2022-005 - When...

0.1AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2022/01/18 12:0 a.m.•52 views

Grafana -- CSRF

Grafana Labs reports: On Jan. 18, security researchers @jub0bs and @abrahack contacted Grafana to disclose a CSRF vulnerability which allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example, Editors or...

8.8CVSS3.7AI score0.02236EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/05/27 12:0 a.m.•52 views

FreeBSD-kernel -- SMAP bypass

Problem Description: The FreeBSD kernel enables SMAP during boot when the CPU reports that the SMAP capability is present. Subroutines such as copyin and copyout are responsible for disabling SMAP around the sections of code that perform user memory accesses. Such subroutines must handle page...

7.5CVSS7.4AI score0.01249EPSS
Exploits1
FreeBSD
FreeBSD
•added 2021/05/01 12:0 a.m.•52 views

go -- multiple vulnerabilities

The Go project reports: The SetString and UnmarshalText methods of math/big.Rat may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents. ReverseProxy in net/http/httputil could be made to forward certain hop-by-hop headers, including Connection. In case the...

0.1AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2021/04/08 12:0 a.m.•52 views

tomcat -- JNDI Realm Authentication Weakness in multiple versions

ilja.farber reports: Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for users to authenticate...

6.5CVSS3.3AI score0.09886EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/09/08 12:0 a.m.•52 views

Node.js -- September 2020 Security Releases

Node.js reports: Updates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues. HTTP Request Smuggling due to CR-to-Hyphen conversion High CVE-2020-8201 Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing...

7.8CVSS1.5AI score0.08794EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/06/20 12:0 a.m.•52 views

Mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2019-11708: sandbox escape using Prompt:Open Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When...

10CVSS2.6AI score0.55874EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2018/07/17 12:0 a.m.•52 views

MySQL -- multiple vulnerabilities

Oracle reports: Multiple vulnerabilities have been disclosed by Oracle without further detail. CVSS scores 7.1 - 2.7...

7.1CVSS1.8AI score0.19295EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/06/30 12:0 a.m.•52 views

Several Security Defects in the Bouncy Castle Crypto APIs

The Legion of the Bouncy Castle reports: Release 1.60 is now available for download. CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API. CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS...

9.8CVSS4.1AI score0.04767EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/06/26 12:0 a.m.•52 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overflo...

9.8CVSS1AI score0.04831EPSS
Exploits3References3
FreeBSD
FreeBSD
•added 2018/03/27 12:0 a.m.•52 views

OpenSSL -- multiple vulnerabilities

The OpenSSL project reports: Constructed ASN.1 types with a recursive definition could exceed the stack CVE-2018-0739 Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could resu...

6.5CVSS7.2AI score0.19295EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/08 12:0 a.m.•52 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: Please reference CVE/URL list for details...

10CVSS2AI score0.13697EPSS
Exploits24References1
Total number of security vulnerabilities5000