Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2013/02/05 12:0 a.m.•48 views

OpenSSL -- TLS 1.1, 1.2 denial of service

OpenSSL security team reports: A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack...

5CVSS6.9AI score0.39593EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2012/11/17 12:0 a.m.•48 views

lighttpd -- remote DoS in header parsing

Lighttpd security advisory reports: Certain Connection header values will trigger an endless loop, for example: "Connection: TE,,Keep-Alive" On receiving such value, lighttpd will enter an endless loop, detecting an empty token but not incrementing the current string position, and keep reading th...

5CVSS9AI score0.12038EPSS
Exploits7
FreeBSD
FreeBSD
•added 2012/06/05 12:0 a.m.•48 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-34 Miscellaneous memory safety hazards rv:13.0/ rv:10.0.5 MFSA 2012-36 Content Security Policy inline-script bypass MFSA 2012-37 Information disclosure though Windows file shares and shortcut files MFSA 2012-38 Use-after-free while replacing/inserting a node...

10CVSS9.9AI score0.04899EPSS
Exploits1References7
FreeBSD
FreeBSD
•added 2011/10/21 12:0 a.m.•48 views

tomcat -- Denial of Service

The Tomcat security team reports: Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause larg...

5CVSS6.1AI score0.1086EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2010/09/07 12:0 a.m.•48 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2010-49 Miscellaneous memory safety hazards rv:1.9.2.9/ 1.9.1.12 MFSA 2010-50 Frameset integer overflow vulnerability MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array MFSA 2010-52 Windows XP DLL loading vulnerability MFSA 2010-53 Heap buffer...

9.3CVSS10.2AI score0.22109EPSS
Exploits1References15
FreeBSD
FreeBSD
•added 2010/08/16 12:0 a.m.•48 views

ruby -- UTF-7 encoding XSS vulnerability in WEBrick

The official ruby site reports: WEBrick have had a cross-site scripting vulnerability that allows an attacker to inject arbitrary script or HTML via a crafted URI. This does not affect user agents that strictly implement HTTP/1.1, however, some user agents do not...

4.3CVSS6.9AI score0.02814EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/12/18 12:0 a.m.•48 views

linux-flashplugin -- multiple vulnerabilities

Adobe Security bulletin: Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to...

10CVSS6.9AI score0.30065EPSS
Exploits4References2
FreeBSD
FreeBSD
•added 2007/07/20 12:0 a.m.•48 views

lighttpd -- multiple vulnerabilities

Secunia Advisory reports: Some vulnerabilities have been reported in lighttpd, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS Denial of Service...

8.3CVSS6.7AI score0.08072EPSS
Exploits2References4
FreeBSD
FreeBSD
•added 2006/08/21 12:0 a.m.•48 views

tikiwiki -- multiple vulnerabilities

Secunia reports: Thomas Pollet has discovered a vulnerability in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "highlight" parameter in tiki-searchindex.php is not properly sanitised before being returned to the user. This can be...

6.4AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2005/02/08 12:0 a.m.•48 views

xli -- integer overflows in image size calculations

Tavis Ormandy discovered several integer overflows in xli's image size handling. A maliciously crafted image may be able to cause a heap buffer overflow and execute arbitrary code...

7.5CVSS7.4AI score0.0282EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2005/01/02 12:0 a.m.•48 views

mailman -- directory traversal vulnerability

A directory traversal vulnerability in mailman allow remote attackers to read arbitrary files due to inadequate input sanitizing. This could, among other things, lead remote attackers to gaining access to the mailman configuration database which contains subscriber email addresses and passwords o...

5CVSS6.5AI score0.02856EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/12/06 12:0 a.m.•48 views

imlib -- xpm heap buffer overflows and integer overflows

Pavel Kankovsky reports: Imlib affected by a variant of CAN-2004-0782 too. I've discovered more vulnerabilities in Imlib 1.9.13. In particular, it appears to be affected by a variant of Chris Evans' libXpm flaw 1 CAN-2004-0782, see http://scary.beasts.org/security/CESA-2004-003.txt. Look at the...

7.5CVSS6.4AI score0.09184EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2004/05/20 12:0 a.m.•48 views

cvs -- numerous vulnerabilities

A number of vulnerabilities were discovered in CVS by Stefan Esser, Sebastian Krahmer, and Derek Price. Insufficient input validation while processing "Entry" lines. CVE-2004-0414 A double-free resulting from erroneous state handling while processing "Argumentx" commands. CVE-2004-0416 Integer...

10CVSS7.2AI score0.13206EPSS
Exploits0References12
FreeBSD
FreeBSD
•added 2003/06/21 12:0 a.m.•48 views

GNATS local privilege elevation

GNATS 3.113.1 contains multiple buffer overflows, through which a local attacker could gain elevated privileges on the system...

5.6AI score
Exploits0References9
FreeBSD
FreeBSD
•added 2024/03/07 12:0 a.m.•47 views

databases/mongodb* -- Improper Certificate Validation

MongoDB, Inc. reports: A security vulnerability was found where a server process running MongoDB 3.2.6 or later will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled net.tls.mode set to allowTLS, preferTLS, or requireTLS and without...

9.8CVSS7.3AI score0.005EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/07 12:0 a.m.•47 views

clamav -- Multiple vulnerabilities

The ClamAV project reports: CVE-2024-20290 A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during...

7.5CVSS8.1AI score0.84841EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/30 12:0 a.m.•47 views

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 3 security bugs in Chromium: 1505080 High CVE-2024-0807: Use after free in WebAudio 1504936 Critical CVE-2024-0808: Integer underflow in WebUI 1496250 Medium CVE-2024-0810: Insufficient policy enforcement in DevTools...

9.8CVSS7.7AI score0.00548EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/09/13 12:0 a.m.•47 views

electron22 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4572. Security: backported fix for CVE-2023-4762. Security: backported fix for CVE-2023-4863...

8.8CVSS7AI score0.99735EPSS
Exploits11References3
FreeBSD
FreeBSD
•added 2023/08/01 12:0 a.m.•47 views

FreeBSD -- Remote denial of service in IPv6 fragment reassembly

Problem Description: Each fragment of an IPv6 packet contains a fragment header which specifies the offset of the fragment relative to the original packet, and each fragment specifies its length in the IPv6 header. When reassembling the packet, the kernel calculates the complete IPv6 payload...

7.5CVSS7AI score0.0054EPSS
Exploits0
FreeBSD
FreeBSD
•added 2023/01/09 12:0 a.m.•47 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Race condition on gitlab.com enables verified email forgery and third-party account hijacking DOS and high resource consumption of Prometheus server through abuse of Grafana integration proxy endpoint Maintainer can leak sentry token by changing the configured URL Maintainer can...

8.5CVSS5.4AI score0.00974EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/05/20 12:0 a.m.•47 views

MariaDB -- Multiple vulnerabilities

The MariaDB project reports: MariaDB fixed 23 vulnerabilities across all supported versions...

7.5CVSS4.4AI score0.02458EPSS
Exploits23References1
FreeBSD
FreeBSD
•added 2021/04/01 12:0 a.m.•47 views

Pillow -- multiple vulnerabilities

python-pillow reports: This release fixes several vulnerabilities found with OSS-Fuzz. CVE-2021-25288: Fix OOB read in Jpeg2KDecode. This dates to Pillow 2.4.0. CVE-2021-28675: Fix DOS in PsdImagePlugin. This dates to the PIL fork. CVE-2021-28676: Fix FLI DOS. This dates to the PIL fork...

9.1CVSS1.5AI score0.02453EPSS
Exploits0
FreeBSD
FreeBSD
•added 2021/02/02 12:0 a.m.•47 views

www/chromium -- multiple vulnerabilities

Chrome Releases reports: This update include 6 security fixes: 1169317 Critical CVE-2021-21142: Use after free in Payments. Reported by Khalil Zhani on 2021-01-21 1163504 High CVE-2021-21143: Heap buffer overflow in Extensions. Reported by Allen Parker and Alex Morgan of MU on 2021-01-06 1163845...

9.6CVSS1.5AI score0.01116EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/07/28 12:0 a.m.•47 views

jasper -- multiple vulnerabilities

JasPer NEWS: - Fix CVE-2018-9154 - Fix CVE-2018-19541 - Fix CVE-2016-9399, CVE-2017-13751 - Fix CVE-2018-19540 - Fix CVE-2018-9055 - Fix CVE-2017-13748 - Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505 - Fix CVE-2018-9252 - Fix CVE-2018-19139 - Fix CVE-2018-19543, CVE-2017-9782 - Fix CVE-2018-205...

8.8CVSS1.3AI score0.05981EPSS
Exploits17References1
FreeBSD
FreeBSD
•added 2019/09/14 12:0 a.m.•47 views

python 3.7 -- multiple vulnerabilities

Python changelog: bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903. bpo-37764: Fixes email.headervalueparser.getunstructured going into an infini...

7.5CVSS0.6AI score0.06643EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2019/06/29 12:0 a.m.•47 views

irssi -- Use after free when sending SASL login to the server

Irssi reports: Use after free when sending SASL login to the server found by ilbelkyr. CWE-416, CWE-825...

8.1CVSS2.1AI score0.03333EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/03/28 12:0 a.m.•47 views

Kubectl -- Potential directory traversal

Kubernetes.io reports: A security issue was discovered with the Kubernetes kubectl cp command that could enable a directory traversal replacing or deleting files on a user’s workstation...

6.4CVSS2.7AI score0.13164EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2018/05/29 12:0 a.m.•47 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 34 security fixes in this release, including: 835639 High CVE-2018-6123: Use after free in Blink. Reported by Looben Yang on 2018-04-22 840320 High CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-07 818592 High...

9.6CVSS8.3AI score0.07666EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2018/02/13 12:0 a.m.•47 views

bitmessage -- remote code execution vulnerability

Bitmessage developers report: A remote code execution vulnerability has been spotted in use against some users running PyBitmessage v0.6.2. The cause was identified and a fix has been added and released as 0.6.3.2. Will be updated if/when CVE will be available...

7.9AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2018/01/23 12:0 a.m.•47 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-5091: Use-after-free with DTMF timers CVE-2018-5092: Use-after-free in Web Workers CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory...

10CVSS9AI score0.20024EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/08/26 12:0 a.m.•47 views

Python 2.7 -- multiple vulnerabilities

Python reports: Multiple vulnerabilities have been fixed in Python 2.7.14. Please refer to the CVE list for details...

9.8CVSS8.9AI score0.13802EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2017/07/24 12:0 a.m.•47 views

Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests

mnaberez reports: supervisord can be configured to run an HTTP server on a TCP socket and/or a Unix domain socket. The HTTP server is how supervisorctl communicates with supervisord. If an HTTP server has been enabled, it will always serve both HTML pages and an XML-RPC interface. A vulnerability...

9CVSS8.8AI score0.87544EPSS
Exploits10References2
FreeBSD
FreeBSD
•added 2017/07/22 12:0 a.m.•47 views

tcpdump -- multiple vulnerabilities

tcpdump developers report: Too many issues to detail, see CVE references for details...

9.8CVSS9.3AI score0.06196EPSS
Exploits3
FreeBSD
FreeBSD
•added 2017/05/11 12:0 a.m.•47 views

Joomla3 -- SQL Injection

JSST reports: Inadequate filtering of request data leads to a SQL Injection vulnerability...

9.8CVSS1.9AI score0.99826EPSS
Exploits21References1
FreeBSD
FreeBSD
•added 2016/11/22 12:0 a.m.•47 views

vim -- arbitrary command execution

Mitre reports: vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened...

7.8CVSS8.1AI score0.25314EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2016/11/02 12:0 a.m.•47 views

cURL -- multiple vulnerabilities

The cURL project reports cookie injection for other servers case insensitive password comparison OOB write via unchecked multiplication double-free in curlmaprintf double-free in krb5 code glob parser write/read out of bounds curlgetdate read out of bounds URL unescape heap overflow via integer...

9.8CVSS3.4AI score0.05915EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/06/28 12:0 a.m.•47 views

tiff -- buffer overflow

Mathias Svensson reports: potential buffer write overrun in PixarLogDecode on corrupted/unexpected images...

8.8CVSS3.9AI score0.04653EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2016/02/22 12:0 a.m.•47 views

tomcat -- multiple vulnerabilities

Mark Thomas reports: CVE-2015-5346 Apache Tomcat Session fixation CVE-2015-5351 Apache Tomcat CSRF token leak CVE-2016-0763 Apache Tomcat Security Manager Bypass...

8.8CVSS7.9AI score0.11297EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2015/12/17 12:0 a.m.•47 views

xen-kernel -- information leak in legacy x86 FPU/XMM initialization

The Xen Project reports: When XSAVE/XRSTOR are not in use by Xen to manage guest extended register state, the initial values in the FPU stack and XMM registers seen by the guest upon first use are those left there by the previous user of those registers. A malicious domain may be able to leverage...

8.6CVSS7.8AI score0.02254EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/09/15 12:0 a.m.•47 views

wordpress -- multiple vulnerabilities

Samuel Sidler reports: WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags...

6.1CVSS5.6AI score0.06389EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2015/06/24 12:0 a.m.•47 views

php-phar -- multiple vulnerabilities

reports: Segfault in Phar::convertToData on invalid file. Buffer overflow and stack smashing error in pharfixfilepath...

10CVSS8.7AI score0.06303EPSS
Exploits1References5
FreeBSD
FreeBSD
•added 2015/04/11 12:0 a.m.•47 views

net-snmp -- snmp_pdu_parse() function incomplete initialization

Qinghao Tang reports: Incompletely initialized vulnerability exists in the function ‘snmppduparse’ of ‘snmpapi.c', and remote attackers can cause memory leak, DOS and possible command executions by sending malicious packets...

7.5CVSS8.1AI score0.40002EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2014/09/23 12:0 a.m.•47 views

krfb -- Multiple security issues in bundled libvncserver

Martin Sandsmark reports: krfb 4.14 and earlier embeds libvncserver which has had several security issues. Several remotely exploitable security issues have been uncovered in libvncserver, some of which might allow a remote authenticated user code execution or application crashes...

6.5CVSS8.9AI score0.0783EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/09/16 12:0 a.m.•47 views

nginx -- inject commands into SSL session vulnerability

The nginx project reports: Security: it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple "server" blocks CVE-2014-3616...

4.3CVSS6.4AI score0.05654EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/08/06 12:0 a.m.•47 views

serf -- SSL Certificate Null Byte Poisoning

serf Development list reports: Serf provides APIs to retrieve information about a certificate. These APIs return the information as NUL terminated strings commonly called C strings. X.509 uses counted length strings which may include a NUL byte. This means that a library user will interpret any...

4CVSS7.3AI score0.0315EPSS
Exploits0
FreeBSD
FreeBSD
•added 2014/05/02 12:0 a.m.•47 views

OpenSSL -- NULL pointer dereference / DoS

OpenBSD and David Ramos reports: Applications that use SSLMODERELEASEBUFFERS, such as nginx/apache, are prone to a race condition which may allow a remote attacker to crash the current service...

4.3CVSS7.8AI score0.43828EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2013/02/19 12:0 a.m.•47 views

FreeBSD -- glob(3) related resource exhaustion

Problem description: GLOBLIMIT is supposed to limit the number of paths to prevent against memory or CPU attacks. The implementation however is insufficient...

7.8CVSS6.5AI score0.35013EPSS
Exploits10
FreeBSD
FreeBSD
•added 2012/12/06 12:0 a.m.•47 views

Axis2 -- Security vulnerabilities on dependency Apache HttpClient

Apache Axis2 reports: Apache Axis2 1.7.4 is a maintenance release that includes fixes for several issues, including the following security issues: Session fixation AXIS2-4739 and XSS AXIS2-5683 vulnerabilities affecting the admin console. A dependency on an Apache HttpClient version affected by...

5.8CVSS6.5AI score0.09149EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2012/01/30 12:0 a.m.•47 views

sudo -- format string vulnerability

Todd Miller reports: Sudo 1.8.0 introduced simple debugging support that was primarily intended for use when developing policy or I/O logging plugins. The sudodebug function contains a flaw where the program name is used as part of the format string passed to the fprintf function. The program nam...

7.2CVSS7.5AI score0.02992EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2011/12/28 12:0 a.m.•47 views

Multiple implementations -- DoS via hash algorithm collision

oCERT reports: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particula...

7.8CVSS8.6AI score0.0436EPSS
Exploits3References2
Total number of security vulnerabilities5000