Lucene search
+L
FreebsdMost viewed

6591 matches found

FreeBSD
FreeBSD
added 2004/05/25 12:0 a.m.53 views

libxine -- multiple buffer overflows in RTSP

A xine security announcement states: Multiple vulnerabilities have been found and fixed in the Real-Time Streaming Protocol RTSP client for RealNetworks servers, including a series of potentially remotely exploitable buffer overflows. This is a joint advisory by the MPlayer and xine teams as the...

10CVSS7.6AI score0.05116EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2025/12/04 12:0 a.m.52 views

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: See changelog or 2.4 vulnerabilities for details...

8.3CVSS7.1AI score0.01527EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/09/28 12:0 a.m.52 views

Gitlab -- vulnerabilities

Attacker can add other projects policy bot as member to their own project and use that bot to trigger pipelines in victims project Group import allows impersonation of users in CI pipelines Developers can bypass code owners approval by changing a MR's base branch Leaking source code of restricted...

8.8CVSS6.8AI score0.01094EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/05/05 12:0 a.m.52 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Malicious Runner Attachment via GraphQL...

9.6CVSS7.1AI score0.05042EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/03/23 12:0 a.m.52 views

OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints

The OpenSSL project reports: Severity: Low A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious...

7.5CVSS7.3AI score0.03658EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/03/08 12:0 a.m.52 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 40 security fixes: 1411210 High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong@n3sk of Theori on 2023-01-30 1412487 High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03 1417176...

8.8CVSS8.3AI score0.01163EPSS
Exploits7References1
FreeBSD
FreeBSD
added 2023/02/14 12:0 a.m.52 views

go -- multiple vulnerabilities

The Go project reports: path/filepath: path traversal in filepath.Clean on Windows On Windows, the filepath.Clean function could transform an invalid path such as a/../c:/b into the valid path c:\b. This transformation of a relative if invalid path into an absolute path could enable a directory...

7.5CVSS7.5AI score0.04561EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/02/07 12:0 a.m.52 views

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 High: There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for...

7.5CVSS7.2AI score0.59501EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/02 12:0 a.m.52 views

chromium -- insufficient data validation in Mojo

Chrome Releases reports: This release contains 1 security fix: 1358134 High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30 Google is aware that an exploit of CVE-2022-3075 exists in the wild...

9.6CVSS1.9AI score0.0568EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/01/18 12:0 a.m.52 views

Grafana -- CSRF

Grafana Labs reports: On Jan. 18, security researchers @jub0bs and @abrahack contacted Grafana to disclose a CSRF vulnerability which allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example, Editors or...

8.8CVSS3.7AI score0.02236EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/11/15 12:0 a.m.52 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 25 security fixes, including: 1263620 High CVE-2021-38008: Use after free in media. Reported by Marcin Towalski of Cisco Talos on 2021-10-26 1260649 High CVE-2021-38009: Inappropriate implementation in cache. Reported by Luan Herrera @lbherrera on...

9.6CVSS8.3AI score0.01362EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2021/10/04 12:0 a.m.52 views

redis -- multiple vulnerabilities

The Redis Team reports: CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on so...

9CVSS1.7AI score0.1578EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/05/27 12:0 a.m.52 views

FreeBSD-kernel -- SMAP bypass

Problem Description: The FreeBSD kernel enables SMAP during boot when the CPU reports that the SMAP capability is present. Subroutines such as copyin and copyout are responsible for disabling SMAP around the sections of code that perform user memory accesses. Such subroutines must handle page...

7.5CVSS7.4AI score0.01249EPSS
Exploits1
FreeBSD
FreeBSD
added 2021/04/08 12:0 a.m.52 views

tomcat -- JNDI Realm Authentication Weakness in multiple versions

ilja.farber reports: Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for users to authenticate...

6.5CVSS3.3AI score0.09886EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/09/08 12:0 a.m.52 views

Node.js -- September 2020 Security Releases

Node.js reports: Updates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues. HTTP Request Smuggling due to CR-to-Hyphen conversion High CVE-2020-8201 Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing...

7.8CVSS1.5AI score0.08794EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/06/20 12:0 a.m.52 views

Mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2019-11708: sandbox escape using Prompt:Open Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When...

10CVSS2.6AI score0.55874EPSS
Exploits10References1
FreeBSD
FreeBSD
added 2019/03/01 12:0 a.m.52 views

py-twisted -- multiple vulnerabilities

Twisted developers reports: All HTTP clients in twisted.web.client now raise a ValueError when called with a method and/or URL that contain invalid characters. This mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this vulnerability. The HTTP/2 server implementation now enforces T...

9.8CVSS0.2AI score0.87806EPSS
Exploits4References1
FreeBSD
FreeBSD
added 2018/06/30 12:0 a.m.52 views

Several Security Defects in the Bouncy Castle Crypto APIs

The Legion of the Bouncy Castle reports: Release 1.60 is now available for download. CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API. CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS...

9.8CVSS4.1AI score0.04767EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2018/06/26 12:0 a.m.52 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overflo...

9.8CVSS1AI score0.04831EPSS
Exploits3References3
FreeBSD
FreeBSD
added 2017/03/06 12:0 a.m.52 views

proftpd -- user chroot escape vulnerability

NVD reports: ProFTPD ... controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks...

5.5CVSS1.2AI score0.00419EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/10/27 12:0 a.m.52 views

tomcat -- multiple vulnerabilities

The Apache Software Foundation reports: Low: Unrestricted Access to Global Resources CVE-2016-6797 Low: Security Manager Bypass CVE-2016-6796 Low: System Property Disclosure CVE-2016-6794 Low: Security Manager Bypass CVE-2016-5018 Low: Timing Attack CVE-2016-0762...

9.1CVSS7.9AI score0.10303EPSS
Exploits5References3
FreeBSD
FreeBSD
added 2016/09/26 12:0 a.m.52 views

OpenSSL -- multiple vulnerabilities

OpenSSL reports: Critical vulnerability in OpenSSL 1.1.0a Fix Use After Free for large message sizes CVE-2016-6309 Moderate vulnerability in OpenSSL 1.0.2i Missing CRL sanity check CVE-2016-7052...

10CVSS1.7AI score0.70223EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2016/01/22 12:0 a.m.52 views

openssl -- multiple vulnerabilities

OpenSSL project reports: Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently in version 1.0.2 support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Wher...

5.9CVSS6.6AI score0.83645EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2013/07/11 12:0 a.m.52 views

apache24 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: moddav: Sending a MERGE request against a URI handled by moddavsvn with the source href sent as part of the request body as XML pointing to a URI that is not configured for DAV will trigger a segfault. modsessiondbd: Make sure that dirty flag is respected when...

7.2AI score
Exploits0References1
FreeBSD
FreeBSD
added 2012/06/12 12:0 a.m.52 views

FreeBSD -- Privilege escalation when returning from kernel

Problem description: FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel...

7.2CVSS6.6AI score0.37212EPSS
Exploits6
FreeBSD
FreeBSD
added 2012/05/03 12:0 a.m.52 views

php -- vulnerability in certain CGI-based setups

php development team reports: Security Enhancements and Fixes in PHP 5.3.12: Initial fix for cgi-bin ?-s cmdarg parse issue CVE-2012-1823...

9.8CVSS9.5AI score0.99998EPSS
Exploits42
FreeBSD
FreeBSD
added 2011/12/16 12:0 a.m.52 views

typo3 -- Remote Code Execution

The typo3 security team reports: A crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation. This is caused by a PHP file, which is part of the workspaces system extension, that does not validate...

6.8CVSS6.8AI score0.0563EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2011/07/12 12:0 a.m.52 views

libsndfile -- PAF file processing integer overflow

Secunia reports: Hossein Lotfi has discovered a vulnerability in libsndfile, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to an integer overflow error in the "paf24init" function src/paf.c when processing...

6.8CVSS7.1AI score0.04647EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2010/10/02 12:0 a.m.52 views

apr -- multiple vunerabilities

Secunia reports: Multiple vulnerabilities have been reported in APR-util, which can be exploited by malicious people to cause a DoS Denial of Service. Two XML parsing vulnerabilities exist in the bundled version of expat. An error within the "aprbrigadesplitline" function in buckets/aprbrigade.c...

5CVSS8AI score0.27924EPSS
Exploits3References2
FreeBSD
FreeBSD
added 2010/04/01 12:0 a.m.52 views

firefox -- Re-use of freed object due to scope confusion

Mozilla Project reports: MFSA 2009-25 Re-use of freed object due to scope confusion...

10CVSS9.3AI score0.05773EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2009/11/23 12:0 a.m.52 views

opera -- multiple vulnerabilities

Opera Team reports: Fixed a heap buffer overflow in string to number conversion Fixed an issue where error messages could leak onto unrelated sites Fixed a moderately severe issue, as reported by Chris Evans of the Google Security Team; details will be disclosed at a later date...

6.6AI score
Exploits0References2
FreeBSD
FreeBSD
added 2009/10/27 12:0 a.m.52 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2009-64 Crashes with evidence of memory corruption rv:1.9.1.4/ 1.9.0.15 MFSA 2009-63 Upgrade media libraries to fix memory safety bugs MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-61 Cross-origin data theft through document.getSelection MFSA...

10CVSS10.4AI score0.15519EPSS
Exploits32References11
FreeBSD
FreeBSD
added 2007/04/27 12:0 a.m.52 views

tomcat -- multiple vulnerabilities

Apache Project reports: The Apache Tomcat team is proud to announce the immediate availability of Tomcat 4.1.36 stable. This build contains numerous library updates, A small number of bug fixes and two important security fixes...

4.3CVSS6.6AI score0.29784EPSS
Exploits4
FreeBSD
FreeBSD
added 2004/01/13 12:0 a.m.52 views

Vulnerabilities in H.323 implementations

The NISCC and the OUSPG developed a test suite for the H.323 protocol. This test suite has uncovered vulnerabilities in several H.323 implementations with impacts ranging from denial-of-service to arbitrary code execution. In the FreeBSD Ports Collection, pwlib' is directly affected. Other...

10CVSS7AI score0.10309EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2026/05/27 12:0 a.m.51 views

Erlang/OTP -- TLS hostname verification bypass via Subject CommonName fallback and name constraints

https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447 reports: Erlang/OTP's TLS hostname verification implements a legacy RFC 6125 fallback that checks the Subject CommonName when the Subject Alternative Name SAN extension is absent, rather than following RFC 9525 which requires...

8.1CVSS5.8AI score0.00338EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/06/26 12:0 a.m.51 views

Gitlab -- Vulnerabilities

Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's mer...

9.6CVSS6AI score0.32784EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2024/01/09 12:0 a.m.51 views

Django -- multiple vulnerabilities

Django reports: CVE-2024-24680:Potential denial-of-service in intcomma template filter...

7.5CVSS7.3AI score0.01606EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/11/13 12:0 a.m.51 views

MariaDB -- Denial-of-Service vulnerability

The MariaDB project reports: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete...

4.9CVSS6.4AI score0.01782EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2023/03/29 12:0 a.m.51 views

samba -- multiple vulnerabilities

The Samba Team reports: An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset...

7.7CVSS6.1AI score0.00719EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2022/08/02 12:0 a.m.51 views

samba -- buffer overflow in Heimdal unwrap_des3()

The Samba Team reports: The DES for Samba 4.11 and earlier and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a maliciously small packet...

6.5CVSS2.6AI score0.0369EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/04/04 12:0 a.m.51 views

chromium -- Type confusion in V8

Chrome Releases reports: This release includes one security fix: 1311641 High CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2022-03-30...

8.8CVSS0.7AI score0.16488EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2022/03/23 12:0 a.m.51 views

gitea -- Open Redirect on login

Andrew Thornton reports: When a location containing backslashes is presented, the existing protections against open redirect are bypassed, because browsers will convert adjacent forward and backslashes within the location to double forward slashes...

7.2CVSS3.3AI score0.53177EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2022/01/11 12:0 a.m.51 views

moonlight-embedded -- multiple vulnerabilities

The moonlight-embedded project reports: Moonlight Embedded v2.6.1 fixed CVE-2023-42799, CVE-2023-42800, and CVE-2023-42801...

8.8CVSS7.1AI score0.01657EPSS
Exploits3References3
FreeBSD
FreeBSD
added 2021/05/10 12:0 a.m.51 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 19 security fixes, including: 1180126 High CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 on 2021-02-19 1178202 High CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman, Microsoft...

8.8CVSS0.9AI score0.02517EPSS
Exploits14References1
FreeBSD
FreeBSD
added 2021/03/25 12:0 a.m.51 views

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: High: CA certificate check bypass with X509VFLAGX509STRICT CVE-2021-3450The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. High: NULL pointer deref in signaturealgorithms...

7.4CVSS1.6AI score0.62906EPSS
Exploits4References1
FreeBSD
FreeBSD
added 2020/06/17 12:0 a.m.51 views

Python -- multiple vulnerabilities

Python reports: bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This...

7.8CVSS0.3AI score0.12826EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2020/05/15 12:0 a.m.51 views

Rails -- remote code execution vulnerability

Ruby on Rails blog: Due to an unfortunate oversight, Rails 4.2.11.2 has a missing constant error. To address this Rails 4.2.11.3 has been released. The original announcement for CVE-2020-8163 has a follow-up message with an updated patch if you’re unable to use the gems...

8.8CVSS3.6AI score0.83085EPSS
Exploits10References2
FreeBSD
FreeBSD
added 2020/05/06 12:0 a.m.51 views

zeek -- Various vulnerabilities

Jon Siwek of Corelight reports: This release fixes the following security issues: Fix buffer over-read in Ident analyzer Fix SSL scripting error leading to uninitialized field access and memory leak Fix POP3 analyzer global buffer over-read Fix potential stack overflows due to use of...

1.7AI score
Exploits0References1
FreeBSD
FreeBSD
added 2020/04/14 12:0 a.m.51 views

MySQL Client -- Multiple vulerabilities

Oracle reports: This Critical Patch Update contains 45 new security patches for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

5.3CVSS2.8AI score0.032EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/08/21 12:0 a.m.51 views

clamav -- multiple vulnerabilities

Micah Snyder reports: An out of bounds write was possible within ClamAV&s NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library CVE-2019-12900. The issue has been resolved by respecting that limit. The zip bomb...

9.8CVSS6.7AI score0.0812EPSS
Exploits0References1
Total number of security vulnerabilities5000