Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2010/04/01 12:0 a.m.•51 views

firefox -- Re-use of freed object due to scope confusion

Mozilla Project reports: MFSA 2009-25 Re-use of freed object due to scope confusion...

10CVSS9.3AI score0.05773EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/11/05 12:0 a.m.•51 views

libcdaudio -- remote buffer overflow and code execution

securityfocus reports: The 'libcdaudio' library is prone to a remote heap code in the context of an application that uses the library. Failed attacks will cause denial-of-service conditions. A buffer-overflow in Grip occurs when the software processes a response to a CDDB query that has more than...

6.8AI score
Exploits0
FreeBSD
FreeBSD
•added 2007/05/19 12:0 a.m.•51 views

tomcat -- XSS vulnerability in sample applications

The Apache Project reports: The JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the outpu...

4.3CVSS6.5AI score0.58246EPSS
Exploits2
FreeBSD
FreeBSD
•added 2007/04/27 12:0 a.m.•51 views

tomcat -- multiple vulnerabilities

Apache Project reports: The Apache Tomcat team is proud to announce the immediate availability of Tomcat 4.1.36 stable. This build contains numerous library updates, A small number of bug fixes and two important security fixes...

4.3CVSS6.6AI score0.29784EPSS
Exploits4
FreeBSD
FreeBSD
•added 2005/01/25 12:0 a.m.•51 views

bind -- buffer overrun vulnerability

An ISC advisory reports a buffer overrun vulnerability within bind. The vulnerability could result in a Denial of Service. A workaround is available by disabling recursion and glue fetching...

5CVSS6.5AI score0.11448EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2005/01/11 12:0 a.m.•51 views

squid -- buffer overflow vulnerability in gopherToHTML

The squid patches page notes: A malicious gopher server may return a response with very long lines that cause a buffer overflow in Squid. Workaround: Since gopher is very obscure these days, do not allow Squid to any gopher servers. Use an ACL rule like: acl Gopher proto gopher httpaccess deny...

5CVSS6.9AI score0.08635EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2004/01/25 12:0 a.m.•51 views

php -- readfile() DoS vulnerability

A SUSE Security advisory reports: A bug in the readfile function of php4 could be used to to crash the httpd running the php4 code when accessing files with a multiple of the architectures page size leading to a denial of service...

2.1CVSS6.5AI score0.0038EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2003/11/28 12:0 a.m.•51 views

bind8 negative cache poison attack

A programming error in BIND 8 named can result in a DNS message being incorrectly cached as a negative response. As a result, an attacker may arrange for malicious DNS messages to be delivered to a target name server, and cause that name server to cache a negative response for some target domain...

4.3CVSS6.3AI score0.0316EPSS
Exploits0
FreeBSD
FreeBSD
•added 2023/05/01 12:0 a.m.•50 views

Django -- multiple vulnerabilities

Django reports: CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field...

9.8CVSS7AI score0.0138EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/04/19 12:0 a.m.•50 views

Grafana -- Critical vulnerability in golang

Grafana Labs reports: An issue in how go handles backticks with Javascript can lead to an injection of arbitrary code into go templates. While Grafana Labs software contains potentially vulnerable versions of go, we have not identified any exploitable use cases at this time. The CVSS score for th...

9.8CVSS9.8AI score0.02281EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/03/23 12:0 a.m.•50 views

OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints

The OpenSSL project reports: Severity: Low A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious...

7.5CVSS7.3AI score0.03658EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/02/14 12:0 a.m.•50 views

go -- multiple vulnerabilities

The Go project reports: path/filepath: path traversal in filepath.Clean on Windows On Windows, the filepath.Clean function could transform an invalid path such as a/../c:/b into the valid path c:\b. This transformation of a relative if invalid path into an absolute path could enable a directory...

7.5CVSS7.5AI score0.04561EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/05/16 12:0 a.m.•50 views

mediawiki -- multiple vulnerabilities

Mediawiki reports: T308471 Username is not escaped in the "welcomeuser" message. T308473 Username not escaped in the contributions-title message. T309377, CVE-2022-29248 Update "guzzlehttp/guzzle" to version 6.5.6. T311384, CVE-2022-27776 Update "guzzlehttp/guzzle" to 6.5.8/7.4.5...

8.1CVSS2.6AI score0.03425EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/10/04 12:0 a.m.•50 views

redis -- multiple vulnerabilities

The Redis Team reports: CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on so...

9CVSS1.7AI score0.1578EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/07/01 12:0 a.m.•50 views

Node.js -- July 2021 Security Releases

Node.js reports: libuv upgrade - Out of bounds read Medium CVE-2021-22918 Node.js is vulnerable to out-of-bounds read in libuv's uvidnatoascii function which is used to convert strings to ASCII. This is called by Node's dns module's lookup function and can lead to information disclosures or...

7.8CVSS2.8AI score0.23132EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2021/05/10 12:0 a.m.•50 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 19 security fixes, including: 1180126 High CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 on 2021-02-19 1178202 High CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman, Microsoft...

8.8CVSS0.9AI score0.02517EPSS
Exploits14References1
FreeBSD
FreeBSD
•added 2021/02/23 12:0 a.m.•50 views

Node.js -- February 2021 Security Releases

Node.js reports: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Critical CVE-2021-22883 Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file...

7.8CVSS8AI score0.77385EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/01/07 12:0 a.m.•50 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Ability to steal a user's API access token through GitLab Pages Prometheus denial of service via HTTP request with custom method Unauthorized user is able to access private repository information under specific conditions Regular expression denial of service in NuGet API Regular...

7.8CVSS1.5AI score0.01529EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/01/04 12:0 a.m.•50 views

Security Vulnerability found in ExifTool

Debian Security Advisory reports: A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed...

7.8CVSS8AI score0.99981EPSS
Exploits39References1
FreeBSD
FreeBSD
•added 2021/01/04 12:0 a.m.•50 views

Node.js -- January 2021 Security Releases

Node.js reports: use-after-free in TLSWrap High CVE-2020-8265 Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first...

8.1CVSS6.9AI score0.16296EPSS
Exploits6References2
FreeBSD
FreeBSD
•added 2020/12/28 12:0 a.m.•50 views

nexus2-oss -- Apache ActiveMQ JMX vulnerability

Sonatype reports: CVE-2020-13920: Apache ActiveMQ JMX is vulnerable to a MITM attack...

5.9CVSS2.2AI score0.04561EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/08/06 12:0 a.m.•50 views

go -- encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs

The Go project reports: Certain invalid inputs to ReadUvarint or ReadVarint could cause those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This could lead to processing more input than expected when the caller is reading directly from the...

7.5CVSS1.4AI score0.0473EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/06/17 12:0 a.m.•50 views

Python -- multiple vulnerabilities

Python reports: bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This...

7.8CVSS0.3AI score0.12826EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2020/06/02 12:0 a.m.•50 views

Node.js -- June 2020 Security Releases

Node.js reports: Updates are now available for all supported Node.js release lines for the following issues. TLS session reuse can lead to host certificate verification bypass High CVE-2020-8172 The 'session' event could be emitted before the 'secureConnect' event. It should not be, because the...

9.3CVSS8.9AI score0.07646EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2020/01/05 12:0 a.m.•50 views

phpMyAdmin -- SQL injection

The phpMyAdmin development team reports: A SQL injection flaw has been discovered in the user accounts page...

8.8CVSS2.4AI score0.38778EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2019/11/12 12:0 a.m.•50 views

drm graphics drivers -- Local privilege escalation and denial of service

Intel reports: As part of IPU 2019.2, INTEL-SA-00242 advises that insufficient access control may allow an authenticated user to potentially enable escalation of privilege via local access. INTEL-SA-00260 advises that insufficient access control may allow an authenticated user to potentially enab...

4.8AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2019/03/13 12:0 a.m.•50 views

python 3.6 -- multiple vulnerabilities

Python changelog: bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and localfile:// URL schemes in URLopener.open and URLopener.retrieve of urllib.request. bpo-36742: Fixes mishandling of pre-normalization characters in urlsplit. bpo-30458: Address CVE-2019-9740 by...

9.1CVSS8.5AI score0.11844EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2018/11/27 12:0 a.m.•50 views

Rails -- Active Job vulnerability

Ruby on Rails blog: Rails 4.2.11, 5.0.7.1, 5.1.6.1 and 5.2.1.1 have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible CVE-2018-16476 Broken Access Control vulnerability in Active Job: Carefully crafted user input can...

7.5CVSS5.2AI score0.02559EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2018/07/26 12:0 a.m.•50 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Markdown DoS Information Disclosure Prometheus Metrics CSRF in System Hooks Persistent XSS Pipeline Tooltip Persistent XSS in Branch Name via Web IDE Persistent XSS in Branch Name via Web IDE...

8.8CVSS2.6AI score0.01795EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2018/01/03 12:0 a.m.•50 views

awstats -- remote code execution

Mitre reports: Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

9.8CVSS7.9AI score0.04352EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/10/23 12:0 a.m.•50 views

cURL -- out of bounds read

The cURL project reports: libcurl contains a buffer overrun flaw in the IMAP handler. An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that non-existing data with a pointer and the size...

9.1CVSS9.1AI score0.06224EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/19 12:0 a.m.•50 views

MySQL -- multiple vulnerabilities

Oracle reports: Please reference CVE/URL list for details...

6.5CVSS6.4AI score0.03198EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/07/04 12:0 a.m.•50 views

GraphicsMagick -- multiple vulnerabilities

GraphicsMagick reports: Multiple vulnerabilities have been found in GraphicsMagick 1.3.26 or earlier. Please refer to the CVE list for details...

9.8CVSS2.1AI score0.03905EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/02/03 12:0 a.m.•50 views

FreeRADIUS -- TLS resumption authentication bypass

Stefan Winter reports: The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PEAP or TTLS...

9.8CVSS5.6AI score0.03914EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2016/03/08 12:0 a.m.•50 views

proftpd -- vulnerability in mod_tls

MITRE reports: The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...

7.5CVSS4.9AI score0.06979EPSS
Exploits0
FreeBSD
FreeBSD
•added 2015/05/13 12:0 a.m.•50 views

phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities

The phpMyAdmin development team reports: XSRF/CSRF vulnerability in phpMyAdmin setup. By deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup. This vulnerability only affects the configuration file generation process and...

6.1AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2015/02/03 12:0 a.m.•50 views

krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092

MIT krb5 Security Advisory 2015-001 reports: CVE-2014-5352: In the MIT krb5 libgssapikrb5 library, after gssprocesscontexttoken is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will resu...

9CVSS7.9AI score0.06213EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/07/18 12:0 a.m.•50 views

phpMyAdmin -- multiple XSS vulnerabilities, missing validation

The phpMyAdmin development team reports: Self-XSS due to unescaped HTML output in database structure page. With a crafted table comment, it is possible to trigger an XSS in database structure page. Self-XSS due to unescaped HTML output in database triggers page. When navigating into the database...

3.5CVSS5.7AI score0.0145EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2013/04/04 12:0 a.m.•50 views

PostgreSQL -- anonymous remote access data corruption vulnerability

PostgreSQL project reports: The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. Al...

8.5CVSS9.2AI score0.54312EPSS
Exploits4
FreeBSD
FreeBSD
•added 2012/06/26 12:0 a.m.•50 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 118633 Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google. 120222 High CVE-2012-2817: Use-after-free in table section handling. Credit to miaubiz. 120944 High CVE-2012-2818: Use-after-free in counter layout. Credit to miaubiz. 120977...

9.3CVSS1.1AI score0.01648EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/03/28 12:0 a.m.•50 views

phpMyAdmin -- Path disclosure due to missing verification of file presence

The phpMyAdmin development team reports: The showconfigerrors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to possible further attacks. For the error messages to be displayed, php.ini's errorreporting must be se...

4.3CVSS6.4AI score0.02143EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/03/02 12:0 a.m.•50 views

Apache -- Insecure LD_LIBRARY_PATH handling

Apache reports: Insecure handling of LDLIBRARYPATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory...

6.9CVSS6.5AI score0.00946EPSS
Exploits4References2
FreeBSD
FreeBSD
•added 2012/01/31 12:0 a.m.•50 views

libtremor -- memory corruption

The Mozilla Project reports: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution...

10CVSS8.8AI score0.07936EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2011/02/21 12:0 a.m.•50 views

avahi -- denial of service

Avahi developers reports: A vulnerability has been reported in Avahi, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an error when processing certain UDP packets, which can be exploited to trigger an infinite loop by e.g. sending an...

8.1AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2010/07/16 12:0 a.m.•50 views

webkit-gtk2 -- Multiple vulnerabilities

Gustavo Noronha reports: Debian's Michael Gilbert has done a great job going through all CVEs released about WebKit, and including patches in the Debian package. 1.2.3 includes all of the commits from trunk to fix those, too...

10CVSS8.7AI score0.15733EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2008/06/11 12:0 a.m.•50 views

xorg -- multiple vulnerabilities

Matthieu Herrb of X.Org reports: Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can cause data corruption. Exploiting these overflows will crash the X server or, under certain circumstances all...

10CVSS7AI score0.03566EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2008/02/07 12:0 a.m.•50 views

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. Web forgery overwrite with div overlay URL token stealing via stylesheet redire...

9.3CVSS7.8AI score0.08633EPSS
Exploits5References12
FreeBSD
FreeBSD
•added 2007/11/15 12:0 a.m.•50 views

samba -- multiple vulnerabilities

The Samba Team reports: Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the "wins support" parameter has been enabled in smb.conf. Samba developers have discovered what is believed to be a non-exploitable...

9.3CVSS7.2AI score0.1125EPSS
Exploits2References3
FreeBSD
FreeBSD
•added 2007/06/21 12:0 a.m.•50 views

gd -- multiple vulnerabilities

gd had been reported vulnerable to several vulnerabilities: CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact. CVE-2007-3473: The gdImageCreateXbm functi...

5CVSS7.3AI score0.13311EPSS
Exploits1References10
FreeBSD
FreeBSD
•added 2006/09/25 12:0 a.m.•50 views

openssh -- multiple vulnerabilities

Problem Description The CRC compensation attack detector in the sshd8 daemon, upon receipt of duplicate blocks, uses CPU time cubic in the number of duplicate blocks received. CVE-2006-4924 A race condition exists in a signal handler used by the sshd8 daemon to handle the LoginGraceTime option,...

9.3CVSS6.5AI score0.44963EPSS
Exploits8References1
Total number of security vulnerabilities5000