Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2007/12/18 12:0 a.m.•48 views

linux-flashplugin -- multiple vulnerabilities

Adobe Security bulletin: Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to...

10CVSS6.9AI score0.30065EPSS
Exploits4References2
FreeBSD
FreeBSD
•added 2007/10/12 12:0 a.m.•48 views

rubygem-rails -- JSON XSS vulnerability

Rails core team reports: All users of Rails 1.2.4 or earlier are advised to upgrade to 1.2.5, though it isn't strictly necessary if you aren't working with JSON. For more information the JSON vulnerability, see CVE-2007-3227...

4.3CVSS6.3AI score0.03683EPSS
Exploits1
FreeBSD
FreeBSD
•added 2007/07/20 12:0 a.m.•48 views

lighttpd -- multiple vulnerabilities

Secunia Advisory reports: Some vulnerabilities have been reported in lighttpd, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS Denial of Service...

8.3CVSS6.7AI score0.08072EPSS
Exploits2References4
FreeBSD
FreeBSD
•added 2006/08/21 12:0 a.m.•48 views

tikiwiki -- multiple vulnerabilities

Secunia reports: Thomas Pollet has discovered a vulnerability in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "highlight" parameter in tiki-searchindex.php is not properly sanitised before being returned to the user. This can be...

6.4AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2005/02/08 12:0 a.m.•48 views

xli -- integer overflows in image size calculations

Tavis Ormandy discovered several integer overflows in xli's image size handling. A maliciously crafted image may be able to cause a heap buffer overflow and execute arbitrary code...

7.5CVSS7.4AI score0.0282EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2005/01/02 12:0 a.m.•48 views

mailman -- directory traversal vulnerability

A directory traversal vulnerability in mailman allow remote attackers to read arbitrary files due to inadequate input sanitizing. This could, among other things, lead remote attackers to gaining access to the mailman configuration database which contains subscriber email addresses and passwords o...

5CVSS6.5AI score0.02856EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/12/06 12:0 a.m.•48 views

imlib -- xpm heap buffer overflows and integer overflows

Pavel Kankovsky reports: Imlib affected by a variant of CAN-2004-0782 too. I've discovered more vulnerabilities in Imlib 1.9.13. In particular, it appears to be affected by a variant of Chris Evans' libXpm flaw 1 CAN-2004-0782, see http://scary.beasts.org/security/CESA-2004-003.txt. Look at the...

7.5CVSS6.4AI score0.09184EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2004/05/20 12:0 a.m.•48 views

cvs -- numerous vulnerabilities

A number of vulnerabilities were discovered in CVS by Stefan Esser, Sebastian Krahmer, and Derek Price. Insufficient input validation while processing "Entry" lines. CVE-2004-0414 A double-free resulting from erroneous state handling while processing "Argumentx" commands. CVE-2004-0416 Integer...

10CVSS7.2AI score0.13206EPSS
Exploits0References12
FreeBSD
FreeBSD
•added 2024/03/07 12:0 a.m.•47 views

databases/mongodb* -- Improper Certificate Validation

MongoDB, Inc. reports: A security vulnerability was found where a server process running MongoDB 3.2.6 or later will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled net.tls.mode set to allowTLS, preferTLS, or requireTLS and without...

9.8CVSS7.3AI score0.005EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/09/13 12:0 a.m.•47 views

electron22 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4572. Security: backported fix for CVE-2023-4762. Security: backported fix for CVE-2023-4863...

8.8CVSS7AI score0.99735EPSS
Exploits11References3
FreeBSD
FreeBSD
•added 2021/04/01 12:0 a.m.•47 views

Pillow -- multiple vulnerabilities

python-pillow reports: This release fixes several vulnerabilities found with OSS-Fuzz. CVE-2021-25288: Fix OOB read in Jpeg2KDecode. This dates to Pillow 2.4.0. CVE-2021-28675: Fix DOS in PsdImagePlugin. This dates to the PIL fork. CVE-2021-28676: Fix FLI DOS. This dates to the PIL fork...

9.1CVSS1.5AI score0.02453EPSS
Exploits0
FreeBSD
FreeBSD
•added 2020/07/28 12:0 a.m.•47 views

jasper -- multiple vulnerabilities

JasPer NEWS: - Fix CVE-2018-9154 - Fix CVE-2018-19541 - Fix CVE-2016-9399, CVE-2017-13751 - Fix CVE-2018-19540 - Fix CVE-2018-9055 - Fix CVE-2017-13748 - Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505 - Fix CVE-2018-9252 - Fix CVE-2018-19139 - Fix CVE-2018-19543, CVE-2017-9782 - Fix CVE-2018-205...

8.8CVSS1.3AI score0.05981EPSS
Exploits17References1
FreeBSD
FreeBSD
•added 2019/09/14 12:0 a.m.•47 views

python 3.7 -- multiple vulnerabilities

Python changelog: bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903. bpo-37764: Fixes email.headervalueparser.getunstructured going into an infini...

7.5CVSS0.6AI score0.06643EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2019/06/29 12:0 a.m.•47 views

irssi -- Use after free when sending SASL login to the server

Irssi reports: Use after free when sending SASL login to the server found by ilbelkyr. CWE-416, CWE-825...

8.1CVSS2.1AI score0.03333EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/03/28 12:0 a.m.•47 views

Kubectl -- Potential directory traversal

Kubernetes.io reports: A security issue was discovered with the Kubernetes kubectl cp command that could enable a directory traversal replacing or deleting files on a user’s workstation...

6.4CVSS2.7AI score0.13164EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2018/12/04 12:0 a.m.•47 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 43 security fixes in this release, including: High CVE-2018-17480: Out of bounds write in V8 High CVE-2018-17481: Use after free in PDFium High CVE-2018-18335: Heap buffer overflow in Skia High CVE-2018-18336: Use after free in PDFium High CVE-2018-18337: Use after...

8.8CVSS1.9AI score0.34292EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2018/05/29 12:0 a.m.•47 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 34 security fixes in this release, including: 835639 High CVE-2018-6123: Use after free in Blink. Reported by Looben Yang on 2018-04-22 840320 High CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-07 818592 High...

9.6CVSS8.3AI score0.07666EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2018/02/13 12:0 a.m.•47 views

bitmessage -- remote code execution vulnerability

Bitmessage developers report: A remote code execution vulnerability has been spotted in use against some users running PyBitmessage v0.6.2. The cause was identified and a fix has been added and released as 0.6.3.2. Will be updated if/when CVE will be available...

7.9AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2018/01/23 12:0 a.m.•47 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-5091: Use-after-free with DTMF timers CVE-2018-5092: Use-after-free in Web Workers CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory...

10CVSS9AI score0.20024EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/08/26 12:0 a.m.•47 views

Python 2.7 -- multiple vulnerabilities

Python reports: Multiple vulnerabilities have been fixed in Python 2.7.14. Please refer to the CVE list for details...

9.8CVSS8.9AI score0.13335EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2017/07/24 12:0 a.m.•47 views

Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests

mnaberez reports: supervisord can be configured to run an HTTP server on a TCP socket and/or a Unix domain socket. The HTTP server is how supervisorctl communicates with supervisord. If an HTTP server has been enabled, it will always serve both HTML pages and an XML-RPC interface. A vulnerability...

9CVSS8.8AI score0.87544EPSS
Exploits10References2
FreeBSD
FreeBSD
•added 2017/07/22 12:0 a.m.•47 views

tcpdump -- multiple vulnerabilities

tcpdump developers report: Too many issues to detail, see CVE references for details...

9.8CVSS9.3AI score0.06196EPSS
Exploits3
FreeBSD
FreeBSD
•added 2017/05/11 12:0 a.m.•47 views

Joomla3 -- SQL Injection

JSST reports: Inadequate filtering of request data leads to a SQL Injection vulnerability...

9.8CVSS1.9AI score0.99826EPSS
Exploits21References1
FreeBSD
FreeBSD
•added 2016/11/22 12:0 a.m.•47 views

vim -- arbitrary command execution

Mitre reports: vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened...

7.8CVSS8.1AI score0.25314EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2016/11/02 12:0 a.m.•47 views

cURL -- multiple vulnerabilities

The cURL project reports cookie injection for other servers case insensitive password comparison OOB write via unchecked multiplication double-free in curlmaprintf double-free in krb5 code glob parser write/read out of bounds curlgetdate read out of bounds URL unescape heap overflow via integer...

9.8CVSS3.4AI score0.05915EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/06/28 12:0 a.m.•47 views

tiff -- buffer overflow

Mathias Svensson reports: potential buffer write overrun in PixarLogDecode on corrupted/unexpected images...

8.8CVSS3.9AI score0.04653EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2015/12/17 12:0 a.m.•47 views

xen-kernel -- information leak in legacy x86 FPU/XMM initialization

The Xen Project reports: When XSAVE/XRSTOR are not in use by Xen to manage guest extended register state, the initial values in the FPU stack and XMM registers seen by the guest upon first use are those left there by the previous user of those registers. A malicious domain may be able to leverage...

8.6CVSS7.8AI score0.02254EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/09/15 12:0 a.m.•47 views

wordpress -- multiple vulnerabilities

Samuel Sidler reports: WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags...

6.1CVSS5.6AI score0.06389EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2015/07/21 12:0 a.m.•47 views

FreeBSD -- Resource exhaustion due to sessions stuck in LAST_ACK state

Problem Description: TCP connections transitioning to the LASTACK state can become permanently stuck due to mishandling of protocol state in certain situations, which in turn can lead to accumulated consumption and eventual exhaustion of system resources, such as mbufs and sockets. Impact: An...

7.1CVSS5.8AI score0.02624EPSS
Exploits0
FreeBSD
FreeBSD
•added 2015/06/24 12:0 a.m.•47 views

php-phar -- multiple vulnerabilities

reports: Segfault in Phar::convertToData on invalid file. Buffer overflow and stack smashing error in pharfixfilepath...

10CVSS8.7AI score0.06303EPSS
Exploits1References5
FreeBSD
FreeBSD
•added 2015/04/11 12:0 a.m.•47 views

net-snmp -- snmp_pdu_parse() function incomplete initialization

Qinghao Tang reports: Incompletely initialized vulnerability exists in the function ‘snmppduparse’ of ‘snmpapi.c', and remote attackers can cause memory leak, DOS and possible command executions by sending malicious packets...

7.5CVSS8.1AI score0.40002EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2014/09/23 12:0 a.m.•47 views

krfb -- Multiple security issues in bundled libvncserver

Martin Sandsmark reports: krfb 4.14 and earlier embeds libvncserver which has had several security issues. Several remotely exploitable security issues have been uncovered in libvncserver, some of which might allow a remote authenticated user code execution or application crashes...

6.5CVSS8.9AI score0.0783EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/09/16 12:0 a.m.•47 views

nginx -- inject commands into SSL session vulnerability

The nginx project reports: Security: it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple "server" blocks CVE-2014-3616...

4.3CVSS6.4AI score0.05654EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/05/02 12:0 a.m.•47 views

OpenSSL -- NULL pointer dereference / DoS

OpenBSD and David Ramos reports: Applications that use SSLMODERELEASEBUFFERS, such as nginx/apache, are prone to a race condition which may allow a remote attacker to crash the current service...

4.3CVSS7.8AI score0.43828EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2013/02/05 12:0 a.m.•47 views

OpenSSL -- TLS 1.1, 1.2 denial of service

OpenSSL security team reports: A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack...

5CVSS6.9AI score0.39593EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2012/12/06 12:0 a.m.•47 views

Axis2 -- Security vulnerabilities on dependency Apache HttpClient

Apache Axis2 reports: Apache Axis2 1.7.4 is a maintenance release that includes fixes for several issues, including the following security issues: Session fixation AXIS2-4739 and XSS AXIS2-5683 vulnerabilities affecting the admin console. A dependency on an Apache HttpClient version affected by...

5.8CVSS6.5AI score0.09149EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2012/11/17 12:0 a.m.•47 views

lighttpd -- remote DoS in header parsing

Lighttpd security advisory reports: Certain Connection header values will trigger an endless loop, for example: "Connection: TE,,Keep-Alive" On receiving such value, lighttpd will enter an endless loop, detecting an empty token but not incrementing the current string position, and keep reading th...

5CVSS9AI score0.12038EPSS
Exploits7
FreeBSD
FreeBSD
•added 2011/12/28 12:0 a.m.•47 views

Multiple implementations -- DoS via hash algorithm collision

oCERT reports: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particula...

7.8CVSS8.6AI score0.0436EPSS
Exploits3References2
FreeBSD
FreeBSD
•added 2010/11/02 12:0 a.m.•47 views

proftpd -- remote code execution vulnerability

Tippingpoint reports: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ProFTPD. Authentication is not required to exploit this vulnerability. The flaw exists within the proftpd server component which listens by default on TCP port 21. When readin...

10CVSS9.7AI score0.91303EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2009/09/10 12:0 a.m.•47 views

mozilla firefox -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2009-51 Chrome privilege escalation with FeedWriter MFSA 2009-50 Location bar spoofing via tall line-height Unicode characters MFSA 2009-49 TreeColumns dangling pointer vulnerability MFSA 2009-48 Insufficient warning for PKCS11 module installation and removal MFSA...

10CVSS9.6AI score0.06724EPSS
Exploits4References6
FreeBSD
FreeBSD
•added 2008/05/05 12:0 a.m.•47 views

mysql -- MyISAM table privileges security bypass vulnerability

SecurityFocus reports: MySQL is prone to a security-bypass vulnerability. An attacker can exploit this issue to overwrite existing table files in the MySQL data directory, bypassing certain security restrictions...

4.6CVSS6.4AI score0.02588EPSS
Exploits2
FreeBSD
FreeBSD
•added 2007/10/08 12:0 a.m.•47 views

png -- multiple vulnerabilities

A Secunia Advisory reports: Some vulnerabilities have been reported in libpng, which can be exploited by malicious people to cause a DoS Denial of Service. Certain errors within libpng, including a logical NOT instead of a bitwise NOT in pngtrtran.c, an error in the 16bit cheap transparency...

5CVSS7.4AI score0.04769EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2005/06/29 12:0 a.m.•47 views

drupal -- PHP code execution vulnerabilities

Kuba Zygmunt discovered a flaw in the input validation routines of Drupal's filter mechanism. An attacker could execute arbitrary PHP code on a target site when public comments or postings are allowed...

7.5CVSS6.7AI score0.79071EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2004/12/21 12:0 a.m.•47 views

ImageMagick -- PSD handler heap overflow vulnerability

An iDEFENSE Security Advisory reports: Remote exploitation of a buffer overflow vulnerability in The ImageMagick's Project's ImageMagick PSD image-decoding module could allow an attacker to execute arbitrary code. Exploitation may allow attackers to run arbitrary code on a victim's computer if th...

7.5CVSS7.3AI score0.04378EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2004/02/18 12:0 a.m.•47 views

many out-of-sequence TCP packets denial-of-service

FreeBSD does not limit the number of TCP segments that may be held in a reassembly queue. A remote attacker may conduct a low-bandwidth denial-of-service attack against a machine providing services based on TCP there are many such services, including HTTP, SMTP, and FTP. By sending many...

5CVSS6.4AI score0.03169EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2003/06/21 12:0 a.m.•47 views

GNATS local privilege elevation

GNATS 3.113.1 contains multiple buffer overflows, through which a local attacker could gain elevated privileges on the system...

5.6AI score
Exploits0References9
FreeBSD
FreeBSD
•added 2025/02/21 12:0 a.m.•46 views

FreeBSD -- Multiple vulnerabilities in OpenSSH

Problem Description: OpenSSH client host verification error CVE-2025-26465 ssh1 contains a logic error that allows an on-path attacker to impersonate any server during certain conditions when the VerifyHostKeyDNS option is enabled. OpenSSH server denial of service CVE-2025-26466 The OpenSSH clien...

6.8CVSS7.1AI score0.38474EPSS
Exploits5References2
FreeBSD
FreeBSD
•added 2024/02/07 12:0 a.m.•46 views

clamav -- Multiple vulnerabilities

The ClamAV project reports: CVE-2024-20290 A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during...

7.5CVSS8.1AI score0.84841EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/30 12:0 a.m.•46 views

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 3 security bugs in Chromium: 1505080 High CVE-2024-0807: Use after free in WebAudio 1504936 Critical CVE-2024-0808: Integer underflow in WebUI 1496250 Medium CVE-2024-0810: Insufficient policy enforcement in DevTools...

9.8CVSS7.7AI score0.00548EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/08/29 12:0 a.m.•46 views

openvpn -- 2.6.0...2.6.6 --fragment option division by zero crash, and TLS data leak

The OpenVPN community project team reports: CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore "--fragment" configuration in some circumstances, leading to a division by zero when "--fragment" is used. On platforms where division by zero is fatal, this will cause an OpenV...

9.8CVSS6.7AI score0.01982EPSS
Exploits0References1
Total number of security vulnerabilities5000