Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2007/11/15 12:0 a.m.•50 views

samba -- multiple vulnerabilities

The Samba Team reports: Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the "wins support" parameter has been enabled in smb.conf. Samba developers have discovered what is believed to be a non-exploitable...

9.3CVSS7.2AI score0.1125EPSS
Exploits2References3
FreeBSD
FreeBSD
•added 2007/06/21 12:0 a.m.•50 views

gd -- multiple vulnerabilities

gd had been reported vulnerable to several vulnerabilities: CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact. CVE-2007-3473: The gdImageCreateXbm functi...

5CVSS7.3AI score0.13311EPSS
Exploits1References10
FreeBSD
FreeBSD
•added 2006/09/25 12:0 a.m.•50 views

openssh -- multiple vulnerabilities

Problem Description The CRC compensation attack detector in the sshd8 daemon, upon receipt of duplicate blocks, uses CPU time cubic in the number of duplicate blocks received. CVE-2006-4924 A race condition exists in a signal handler used by the sshd8 daemon to handle the LoginGraceTime option,...

9.3CVSS6.5AI score0.44963EPSS
Exploits8References1
FreeBSD
FreeBSD
•added 2004/11/15 12:0 a.m.•50 views

smbd -- buffer-overrun vulnerability

Caused by improper bounds checking of certain trans2 requests, there is a possible buffer overrun in smbd. The attacker needs to be able to create files with very specific Unicode filenames on the share to take advantage of this issue...

10CVSS6.3AI score0.1373EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/05/18 12:0 a.m.•49 views

MariaDB -- Multiple vulnerabilities

The MariaDB project reports: See linked CVE's for details...

9.9CVSS5.8AI score0.00797EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2025/12/04 12:0 a.m.•49 views

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: See changelog or 2.4 vulnerabilities for details...

8.3CVSS7.1AI score0.01527EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/06/26 12:0 a.m.•49 views

Gitlab -- Vulnerabilities

Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's mer...

9.6CVSS6AI score0.32784EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2024/03/12 12:0 a.m.•49 views

quiche -- Multiple Vulnerabilities

Quiche Releases reports: This release includes 2 security fixes: CVE-2024-1410: Unbounded storage of information related to connection ID retirement, in quiche. Reported by Marten Seeman @marten-seeman CVE-2024-1765: Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche. Reported...

7.5CVSS6.9AI score0.01175EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/11/28 12:0 a.m.•49 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 7 security fixes: 1491459 High CVE-2023-6348: Type Confusion in Spellcheck. Reported by Mark Brand of Google Project Zero on 2023-10-10 1494461 High CVE-2023-6347: Use after free in Mojo. Reported by Leecraso and Guang Gong of 360 Vulnerability Resear...

9.6CVSS7.9AI score0.1963EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/09/13 12:0 a.m.•49 views

electron{24,25} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4763. Security: backported fix for CVE-2023-4762. Security: backported fix for CVE-2023-4761. Security: backported fix for CVE-2023-4863...

8.8CVSS7AI score0.99735EPSS
Exploits11References4
FreeBSD
FreeBSD
•added 2023/05/11 12:0 a.m.•49 views

postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes

PostgreSQL Project reports This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users...

7.2CVSS8AI score0.0119EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/02/14 12:0 a.m.•49 views

git -- Local clone-based data exfiltration with non-local transports

git team reports: Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GITDIR/objects directory contains symbolic links c.f., CVE-2022-39253, the objects directory...

5.5CVSS6.9AI score0.0071EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/01/24 12:0 a.m.•49 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 6 security fixes, including: 1376354 High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kimchichoo and Cassidy Kim@cassidy6564 on 2022-10-19 1405256 High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim@cassidy656...

8.8CVSS9.1AI score0.00736EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/10/25 12:0 a.m.•49 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 14 security fixes, including: 1369871 High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30 1354271 High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park SeHwa on 2022-08-19...

8.8CVSS0.6AI score0.23798EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2022/10/20 12:0 a.m.•49 views

go -- multiple vulnerabilities

The Go project reports: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permitted access to Windows device files under that root. For example,...

6.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2022/07/27 12:0 a.m.•49 views

samba -- Multiple vulnerabilities

The Samba Team reports: CVE-2022-2031 The KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password can exploit this to obtain and use tickets to other services. CVE-2022-32744 The KDC...

8.8CVSS2AI score0.01064EPSS
Exploits0References6
FreeBSD
FreeBSD
•added 2022/06/21 12:0 a.m.•49 views

OpenSSL -- Command injection vulnerability

The OpenSSL project reports: Circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review...

10CVSS2.3AI score0.96275EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2022/06/19 12:0 a.m.•49 views

Grafana -- Stored XSS

Grafana Labs reports: An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Note: Grafana Alerting is activated by default in Grafana 9.0...

8.7CVSS3.1AI score0.68603EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/04/13 12:0 a.m.•49 views

Composer -- Command injection vulnerability

Composer developers reports: The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used...

8.8CVSS5.4AI score0.01857EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/05/10 12:0 a.m.•49 views

RabbitMQ -- Denial of Service in AMQP1.0 plugin

Pivotal.io reports: All versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint...

7.5CVSS4.7AI score0.01387EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2021/03/05 12:0 a.m.•49 views

go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open

The Go project reports: The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when operating on a custom xml.TokenReader which returns an EOF in the middle of an open XML element. The Reader.Open API, new in Go 1.16, will panic wh...

6.7AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2021/01/29 12:0 a.m.•49 views

FreeBSD -- Uninitialized kernel stack leaks in several file systems

Problem Description: Several file systems were not properly initializing the doff field of the dirent structures returned by VOPREADDIR. In particular, tmpfs5, smbfs5, autofs5 and mqueuefs5 were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by...

5.3CVSS0.7AI score0.02315EPSS
Exploits2
FreeBSD
FreeBSD
•added 2020/07/14 12:0 a.m.•49 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update contains 38 security fixes, including: 1103195 Critical CVE-2020-6510: Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-08 1074317 High CVE-2020-6511: Side-channel information...

9.6CVSS0.7AI score0.1132EPSS
Exploits13References1
FreeBSD
FreeBSD
•added 2020/06/19 12:0 a.m.•49 views

net/rsync -- multiple zlib issues

rsync developers reports: Various zlib fixes, including security fixes for CVE-2016-9843, CVE-2016-9842, CVE-2016-9841, and CVE-2016-9840...

9.8CVSS2.9AI score0.07489EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/06/09 12:0 a.m.•49 views

Flash Player -- arbitrary code execution

Adobe reports: This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2020-9633...

10CVSS3.1AI score0.0756EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/11/17 12:0 a.m.•49 views

Python -- Regular Expression DoS attack against client

Ben Caller and Matt Schwager reports: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler...

7.1CVSS7.4AI score0.06617EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2019/09/10 12:0 a.m.•49 views

Flash Player -- multiple vulnerabilities

Adobe reports: This update resolves a same origin method execution vulnerability that could lead to arbitrary code execution CVE-2019-8069. This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2019-8070...

10CVSS3AI score0.06054EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/08/29 12:0 a.m.•49 views

webkit2-gtk3 -- Multiple vulnerabilities

The WebKitGTK project reports many vulnerabilities, including several arbitrary code execution vulnerabilities...

9.3CVSS2.8AI score0.12852EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2019/01/16 12:0 a.m.•49 views

mail/dovecot -- Suitable client certificate can be used to login as other user

Aki Tuomi Open-Xchange Oy reports: Normally Dovecot is configured to authenticate imap/pop3/managesieve/submission clients using regular username/password combination. Some installations have also required clients to present a trusted SSL certificate on top of that. It's also possible to configur...

7.7CVSS0.9AI score0.02462EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2018/05/16 12:0 a.m.•49 views

cURL -- multiple vulnerabilities

cURL security problems: CVE-2018-1000300: FTP shutdown response buffer overflow curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies. When doing FTP transfers, curl keeps a spare "closure handle" around internally that will be us...

9.8CVSS0.4AI score0.06003EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2018/03/16 12:0 a.m.•49 views

SQLite -- Corrupt DB can cause a NULL pointer dereference

MITRE reports: SQLite databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c...

7.5CVSS7.6AI score0.08186EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/02/14 12:0 a.m.•49 views

jenkins -- Path traversal vulnerability allows access to files outside plugin resources

Jenkins developers report: Jenkins did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to...

6.5CVSS6.7AI score0.0388EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/11/29 12:0 a.m.•49 views

cURL -- Multiple vulnerabilities

The cURL project reports: NTLM buffer overflow via integer overflow CVE-2017-8816libcurl contains a buffer overrun flaw in the NTLM authentication code. The internal function Curlntlmcoremkntlmv2hash sums up the lengths of the user name + password = SUM and multiplies the sum by two = SIZE to...

9.8CVSS0.8AI score0.11175EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/11/14 12:0 a.m.•49 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2017-7828: Use-after-free of PressShell while restyling layout CVE-2017-7830: Cross-origin URL information leak through Resource Timing API CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects CVE-2017-7832: Domain spoofing throug...

10CVSS7.1AI score0.07439EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/11/14 12:0 a.m.•49 views

palemoon -- multiple vulnerabilities

Pale Moon reports: CVE-2017-7832: Domain spoofing through use of dotless 'i' character followed by accent markers CVE-2017-7835: Mixed content blocking incorrectly applies with redirects CVE-2017-7840: Exported bookmarks do not strip script elements from user-supplied tags...

7.5CVSS4.3AI score0.01522EPSS
Exploits0
FreeBSD
FreeBSD
•added 2017/10/20 12:0 a.m.•49 views

wget -- Stack overflow in HTTP protocol handling

Antti Levomäki, Christian Jalio, Joonas Pihlaja: Wget contains two vulnerabilities, a stack overflow and a heap overflow, in the handling of HTTP chunked encoding. By convincing a user to download a specific link over HTTP, an attacker may be able to execute arbitrary code with the privileges of...

9.3CVSS9.2AI score0.79855EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2016/12/06 12:0 a.m.•49 views

Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report: 20161201 - Core - Elevated Privileges Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments...

7.5CVSS1.7AI score0.14099EPSS
Exploits6References4
FreeBSD
FreeBSD
•added 2016/11/15 12:0 a.m.•49 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: Please reference CVE/URL list for details...

9.8CVSS2AI score0.12416EPSS
Exploits10References2
FreeBSD
FreeBSD
•added 2016/11/14 12:0 a.m.•49 views

moodle -- multiple vulnerabilities

Marina Glancy reports: MSA-16-0023: Question engine allows access to files that should not be available MSA-16-0024: Non-admin site managers may accidentally edit admins via web services MSA-16-0025: Capability to view course notes is checked in the wrong context MSA-16-0026: When debugging is...

4.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2016/10/27 12:0 a.m.•49 views

expat -- multiple vulnerabilities

Mitre reports: An integer overflow during the parsing of XML using the Expat library. XML External Entity vulnerability in libexpat 2.2.0 and earlier Expat XML Parser Library allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD...

9.8CVSS4.4AI score0.09051EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2016/08/11 12:0 a.m.•49 views

Rails 4 -- Unsafe Query Generation Risk in Active Record

Ruby Security team reports: There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability has been assigned the CVE identifier CVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155...

7.5CVSS7.5AI score0.03903EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/05/24 12:0 a.m.•49 views

typo3 -- Missing access check in Extbase

TYPO3 reports: Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must...

8.1CVSS3.1AI score0.02575EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2016/03/08 12:0 a.m.•49 views

NSS -- multiple vulnerabilities

Mozilla Foundation reports: Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services NSS libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash...

2.6AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2016/03/08 12:0 a.m.•49 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2016-16 Miscellaneous memory safety hazards rv:45.0 / rv:38.7 MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages MFSA 2016-19 Linux video...

10CVSS1.5AI score0.30946EPSS
Exploits8References18
FreeBSD
FreeBSD
•added 2016/02/24 12:0 a.m.•49 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description SECURITY-232 / CVE-2016-0788Remote code execution vulnerability in remoting module A vulnerability in the Jenkins remoting module allowed unauthenticated remote attackers to open a JRMP listener on the server hosting the Jenkins master process, which allowed...

10CVSS7.9AI score0.82697EPSS
Exploits25References1
FreeBSD
FreeBSD
•added 2016/02/03 12:0 a.m.•49 views

asterisk -- Multiple vulnerabilities

The Asterisk project reports: AST-2016-001 - BEAST vulnerability in HTTP server AST-2016-002 - File descriptor exhaustion in chansip AST-2016-003 - Remote crash vulnerability when receiving UDPTL FAX data...

7.1CVSS6.6AI score0.73327EPSS
Exploits5References3
FreeBSD
FreeBSD
•added 2016/01/20 12:0 a.m.•49 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: This update includes 37 security fixes, including: 497632 High CVE-2016-1612: Bad cast in V8. 572871 High CVE-2016-1613: Use-after-free in PDFium. 544691 Medium CVE-2016-1614: Information leak in Blink. 468179 Medium CVE-2016-1615: Origin confusion in Omnibox. 5414...

9.3CVSS0.8AI score0.01662EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2015/08/06 12:0 a.m.•49 views

qemu -- buffer overflow vulnerability in virtio-serial message exchanges

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the virtio-serial vmchannel support is vulnerable to a buffer overflow issue. It could occur while exchanging virtio control messages between guest and the host. A malicious guest could use this flaw to corrupt few...

6.5CVSS7.2AI score0.03012EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2015/07/21 12:0 a.m.•49 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 43 security fixes in this release, including: 446032 High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer. 459215 High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft. 461858 High CVE-2015-1274: Settings allowed executable fil...

9.8CVSS8.5AI score0.19069EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2015/06/02 12:0 a.m.•49 views

xen-tools -- Potential unintended writes to host MSI message data field via qemu

The Xen Project reports: Logic is in place to avoid writes to certain host config space fields when the guest must nevertheless be able to access their virtual counterparts. A bug in how this logic deals with accesses spanning multiple fields allows the guest to write to the host MSI message data...

4.9CVSS8.2AI score0.0045EPSS
Exploits0References1
Total number of security vulnerabilities5000