Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
added 2023/05/01 12:0 a.m.50 views

Django -- multiple vulnerabilities

Django reports: CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field...

9.8CVSS7AI score0.0138EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/04/19 12:0 a.m.50 views

Grafana -- Critical vulnerability in golang

Grafana Labs reports: An issue in how go handles backticks with Javascript can lead to an injection of arbitrary code into go templates. While Grafana Labs software contains potentially vulnerable versions of go, we have not identified any exploitable use cases at this time. The CVSS score for th...

9.8CVSS9.8AI score0.02281EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/03/23 12:0 a.m.50 views

OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints

The OpenSSL project reports: Severity: Low A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious...

7.5CVSS7.3AI score0.03658EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/02/14 12:0 a.m.50 views

go -- multiple vulnerabilities

The Go project reports: path/filepath: path traversal in filepath.Clean on Windows On Windows, the filepath.Clean function could transform an invalid path such as a/../c:/b into the valid path c:\b. This transformation of a relative if invalid path into an absolute path could enable a directory...

7.5CVSS7.5AI score0.04561EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/05/16 12:0 a.m.50 views

mediawiki -- multiple vulnerabilities

Mediawiki reports: T308471 Username is not escaped in the "welcomeuser" message. T308473 Username not escaped in the contributions-title message. T309377, CVE-2022-29248 Update "guzzlehttp/guzzle" to version 6.5.6. T311384, CVE-2022-27776 Update "guzzlehttp/guzzle" to 6.5.8/7.4.5...

8.1CVSS2.6AI score0.03425EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2022/03/23 12:0 a.m.50 views

gitea -- Open Redirect on login

Andrew Thornton reports: When a location containing backslashes is presented, the existing protections against open redirect are bypassed, because browsers will convert adjacent forward and backslashes within the location to double forward slashes...

7.2CVSS3.3AI score0.53177EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2021/10/04 12:0 a.m.50 views

redis -- multiple vulnerabilities

The Redis Team reports: CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on so...

9CVSS1.7AI score0.1578EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/05/10 12:0 a.m.50 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 19 security fixes, including: 1180126 High CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 on 2021-02-19 1178202 High CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman, Microsoft...

8.8CVSS0.9AI score0.02517EPSS
Exploits14References1
FreeBSD
FreeBSD
added 2021/02/23 12:0 a.m.50 views

Node.js -- February 2021 Security Releases

Node.js reports: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Critical CVE-2021-22883 Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file...

7.8CVSS8AI score0.77385EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2021/01/07 12:0 a.m.50 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Ability to steal a user's API access token through GitLab Pages Prometheus denial of service via HTTP request with custom method Unauthorized user is able to access private repository information under specific conditions Regular expression denial of service in NuGet API Regular...

7.8CVSS1.5AI score0.01529EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/01/04 12:0 a.m.50 views

Security Vulnerability found in ExifTool

Debian Security Advisory reports: A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed...

7.8CVSS8AI score0.99981EPSS
Exploits39References1
FreeBSD
FreeBSD
added 2021/01/04 12:0 a.m.50 views

Node.js -- January 2021 Security Releases

Node.js reports: use-after-free in TLSWrap High CVE-2020-8265 Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first...

8.1CVSS6.9AI score0.16296EPSS
Exploits6References2
FreeBSD
FreeBSD
added 2020/08/06 12:0 a.m.50 views

go -- encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs

The Go project reports: Certain invalid inputs to ReadUvarint or ReadVarint could cause those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This could lead to processing more input than expected when the caller is reading directly from the...

7.5CVSS1.4AI score0.0473EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/06/17 12:0 a.m.50 views

Python -- multiple vulnerabilities

Python reports: bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This...

7.8CVSS0.3AI score0.12826EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2020/06/02 12:0 a.m.50 views

Node.js -- June 2020 Security Releases

Node.js reports: Updates are now available for all supported Node.js release lines for the following issues. TLS session reuse can lead to host certificate verification bypass High CVE-2020-8172 The 'session' event could be emitted before the 'secureConnect' event. It should not be, because the...

9.3CVSS8.9AI score0.07646EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2020/01/05 12:0 a.m.50 views

phpMyAdmin -- SQL injection

The phpMyAdmin development team reports: A SQL injection flaw has been discovered in the user accounts page...

8.8CVSS2.4AI score0.38778EPSS
Exploits4References1
FreeBSD
FreeBSD
added 2019/11/12 12:0 a.m.50 views

drm graphics drivers -- Local privilege escalation and denial of service

Intel reports: As part of IPU 2019.2, INTEL-SA-00242 advises that insufficient access control may allow an authenticated user to potentially enable escalation of privilege via local access. INTEL-SA-00260 advises that insufficient access control may allow an authenticated user to potentially enab...

4.8AI score
Exploits0References3
FreeBSD
FreeBSD
added 2019/08/21 12:0 a.m.50 views

clamav -- multiple vulnerabilities

Micah Snyder reports: An out of bounds write was possible within ClamAV&s NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library CVE-2019-12900. The issue has been resolved by respecting that limit. The zip bomb...

9.8CVSS6.7AI score0.08042EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/05/21 12:0 a.m.50 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9818: Use-after-free in crash generation server...

9.8CVSS0.09393EPSS
Exploits6References3
FreeBSD
FreeBSD
added 2019/03/13 12:0 a.m.50 views

python 3.6 -- multiple vulnerabilities

Python changelog: bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and localfile:// URL schemes in URLopener.open and URLopener.retrieve of urllib.request. bpo-36742: Fixes mishandling of pre-normalization characters in urlsplit. bpo-30458: Address CVE-2019-9740 by...

9.1CVSS8.5AI score0.11844EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2018/11/27 12:0 a.m.50 views

Rails -- Active Job vulnerability

Ruby on Rails blog: Rails 4.2.11, 5.0.7.1, 5.1.6.1 and 5.2.1.1 have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible CVE-2018-16476 Broken Access Control vulnerability in Active Job: Carefully crafted user input can...

7.5CVSS5.2AI score0.02559EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2018/07/26 12:0 a.m.50 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Markdown DoS Information Disclosure Prometheus Metrics CSRF in System Hooks Persistent XSS Pipeline Tooltip Persistent XSS in Branch Name via Web IDE Persistent XSS in Branch Name via Web IDE...

8.8CVSS2.6AI score0.01795EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2018/01/03 12:0 a.m.50 views

awstats -- remote code execution

Mitre reports: Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

9.8CVSS7.9AI score0.04352EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2017/10/23 12:0 a.m.50 views

cURL -- out of bounds read

The cURL project reports: libcurl contains a buffer overrun flaw in the IMAP handler. An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that non-existing data with a pointer and the size...

9.1CVSS9.1AI score0.06224EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2017/07/04 12:0 a.m.50 views

GraphicsMagick -- multiple vulnerabilities

GraphicsMagick reports: Multiple vulnerabilities have been found in GraphicsMagick 1.3.26 or earlier. Please refer to the CVE list for details...

9.8CVSS2.1AI score0.03905EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/03/08 12:0 a.m.50 views

proftpd -- vulnerability in mod_tls

MITRE reports: The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...

7.5CVSS4.9AI score0.06979EPSS
Exploits0
FreeBSD
FreeBSD
added 2015/05/13 12:0 a.m.50 views

phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities

The phpMyAdmin development team reports: XSRF/CSRF vulnerability in phpMyAdmin setup. By deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup. This vulnerability only affects the configuration file generation process and...

6.1AI score
Exploits0References2
FreeBSD
FreeBSD
added 2015/02/03 12:0 a.m.50 views

krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092

MIT krb5 Security Advisory 2015-001 reports: CVE-2014-5352: In the MIT krb5 libgssapikrb5 library, after gssprocesscontexttoken is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will resu...

9CVSS7.9AI score0.06213EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2014/07/18 12:0 a.m.50 views

phpMyAdmin -- multiple XSS vulnerabilities, missing validation

The phpMyAdmin development team reports: Self-XSS due to unescaped HTML output in database structure page. With a crafted table comment, it is possible to trigger an XSS in database structure page. Self-XSS due to unescaped HTML output in database triggers page. When navigating into the database...

3.5CVSS5.7AI score0.0145EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2013/04/04 12:0 a.m.50 views

PostgreSQL -- anonymous remote access data corruption vulnerability

PostgreSQL project reports: The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. Al...

8.5CVSS9.2AI score0.54312EPSS
Exploits4
FreeBSD
FreeBSD
added 2012/06/26 12:0 a.m.50 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 118633 Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google. 120222 High CVE-2012-2817: Use-after-free in table section handling. Credit to miaubiz. 120944 High CVE-2012-2818: Use-after-free in counter layout. Credit to miaubiz. 120977...

9.3CVSS1.1AI score0.01648EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2012/05/03 12:0 a.m.50 views

php -- vulnerability in certain CGI-based setups

php development team reports: Security Enhancements and Fixes in PHP 5.3.12: Initial fix for cgi-bin ?-s cmdarg parse issue CVE-2012-1823...

9.8CVSS9.5AI score0.99998EPSS
Exploits42
FreeBSD
FreeBSD
added 2012/04/24 12:0 a.m.50 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-20 Miscellaneous memory safety hazards rv:12.0/ rv:10.0.4 MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9 MFSA 2012-22 use-after-free in IDBKeyRange MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface MFSA 2012-24 Potential XSS...

10CVSS9.8AI score0.10098EPSS
Exploits3References14
FreeBSD
FreeBSD
added 2012/03/28 12:0 a.m.50 views

phpMyAdmin -- Path disclosure due to missing verification of file presence

The phpMyAdmin development team reports: The showconfigerrors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to possible further attacks. For the error messages to be displayed, php.ini's errorreporting must be se...

4.3CVSS6.4AI score0.02143EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2012/03/02 12:0 a.m.50 views

Apache -- Insecure LD_LIBRARY_PATH handling

Apache reports: Insecure handling of LDLIBRARYPATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory...

6.9CVSS6.5AI score0.00946EPSS
Exploits4References2
FreeBSD
FreeBSD
added 2012/01/31 12:0 a.m.50 views

libtremor -- memory corruption

The Mozilla Project reports: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution...

10CVSS8.8AI score0.07936EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2011/02/21 12:0 a.m.50 views

avahi -- denial of service

Avahi developers reports: A vulnerability has been reported in Avahi, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an error when processing certain UDP packets, which can be exploited to trigger an infinite loop by e.g. sending an...

8.1AI score
Exploits0References2
FreeBSD
FreeBSD
added 2008/06/11 12:0 a.m.50 views

xorg -- multiple vulnerabilities

Matthieu Herrb of X.Org reports: Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can cause data corruption. Exploiting these overflows will crash the X server or, under certain circumstances all...

10CVSS7AI score0.03566EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2008/02/07 12:0 a.m.50 views

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. Web forgery overwrite with div overlay URL token stealing via stylesheet redire...

9.3CVSS7.8AI score0.08633EPSS
Exploits5References12
FreeBSD
FreeBSD
added 2007/11/15 12:0 a.m.50 views

samba -- multiple vulnerabilities

The Samba Team reports: Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the "wins support" parameter has been enabled in smb.conf. Samba developers have discovered what is believed to be a non-exploitable...

9.3CVSS7.2AI score0.1125EPSS
Exploits2References3
FreeBSD
FreeBSD
added 2007/06/21 12:0 a.m.50 views

gd -- multiple vulnerabilities

gd had been reported vulnerable to several vulnerabilities: CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact. CVE-2007-3473: The gdImageCreateXbm functi...

5CVSS7.3AI score0.13311EPSS
Exploits1References10
FreeBSD
FreeBSD
added 2006/09/25 12:0 a.m.50 views

openssh -- multiple vulnerabilities

Problem Description The CRC compensation attack detector in the sshd8 daemon, upon receipt of duplicate blocks, uses CPU time cubic in the number of duplicate blocks received. CVE-2006-4924 A race condition exists in a signal handler used by the sshd8 daemon to handle the LoginGraceTime option,...

9.3CVSS6.5AI score0.44963EPSS
Exploits8References1
FreeBSD
FreeBSD
added 2004/11/15 12:0 a.m.50 views

smbd -- buffer-overrun vulnerability

Caused by improper bounds checking of certain trans2 requests, there is a possible buffer overrun in smbd. The attacker needs to be able to create files with very specific Unicode filenames on the share to take advantage of this issue...

10CVSS6.3AI score0.1373EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/05/18 12:0 a.m.49 views

MariaDB -- Multiple vulnerabilities

The MariaDB project reports: See linked CVE's for details...

9.9CVSS5.8AI score0.00797EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2024/06/26 12:0 a.m.49 views

Gitlab -- Vulnerabilities

Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's mer...

9.6CVSS6AI score0.32784EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2024/03/12 12:0 a.m.49 views

quiche -- Multiple Vulnerabilities

Quiche Releases reports: This release includes 2 security fixes: CVE-2024-1410: Unbounded storage of information related to connection ID retirement, in quiche. Reported by Marten Seeman @marten-seeman CVE-2024-1765: Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche. Reported...

7.5CVSS6.9AI score0.01175EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/11/28 12:0 a.m.49 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 7 security fixes: 1491459 High CVE-2023-6348: Type Confusion in Spellcheck. Reported by Mark Brand of Google Project Zero on 2023-10-10 1494461 High CVE-2023-6347: Use after free in Mojo. Reported by Leecraso and Guang Gong of 360 Vulnerability Resear...

9.6CVSS7.9AI score0.1963EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/09/13 12:0 a.m.49 views

electron{24,25} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4763. Security: backported fix for CVE-2023-4762. Security: backported fix for CVE-2023-4761. Security: backported fix for CVE-2023-4863...

8.8CVSS7AI score0.99735EPSS
Exploits11References4
FreeBSD
FreeBSD
added 2023/05/11 12:0 a.m.49 views

postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes

PostgreSQL Project reports This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users...

7.2CVSS8AI score0.0119EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/01/24 12:0 a.m.49 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 6 security fixes, including: 1376354 High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kimchichoo and Cassidy Kim@cassidy6564 on 2022-10-19 1405256 High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim@cassidy656...

8.8CVSS9.1AI score0.00736EPSS
Exploits0References1
Total number of security vulnerabilities5000