Lucene search
K
FreebsdMost viewed

6583 matches found

FreeBSD
FreeBSD
•added 2015/10/13 12:0 a.m.•45 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 24 security fixes in this release, including: 519558 High CVE-2015-6755: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 507316 High CVE-2015-6756: Use-after-free in PDFium. Credit to anonymous. 529520 High CVE-2015-6757: Use-after-free in ServiceWorker...

7.5CVSS9.6AI score0.06974EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2015/08/11 12:0 a.m.•45 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-79 Miscellaneous memory safety hazards rv:40.0 / rv:38.2 MFSA 2015-80 Out-of-bounds read with malformed MP3 file MFSA 2015-81 Use-after-free in MediaStream playback MFSA 2015-82 Redefinition of non-configurable JavaScript object properties MFSA 2015-83...

10CVSS8.4AI score0.09027EPSS
Exploits1References13
FreeBSD
FreeBSD
•added 2015/06/16 12:0 a.m.•45 views

rubygem-rails -- multiple vulnerabilities

Ruby on Rails blog: Rails 3.2.22, 4.1.11 and 4.2.2 have been released, along with web console and jquery-rails plugins and Rack 1.5.4 and 1.6.2...

5CVSS6.2AI score0.44984EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2015/05/12 12:0 a.m.•45 views

Adobe Flash Player -- critical vulnerabilities

Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the lates...

10CVSS7.7AI score0.87303EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2015/05/04 12:0 a.m.•45 views

hostapd and wpa_supplicant -- multiple vulnerabilities

Jouni Malinen reports: WPS UPnP vulnerability with HTTP chunked transfer encoding. 2015-2 - CVE-2015-4141 Integer underflow in AP mode WMM Action frame processing. 2015-3 - CVE-2015-4142 EAP-pwd missing payload length validation. 2015-4 - CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146...

5CVSS7.1AI score0.04198EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2015/01/29 12:0 a.m.•45 views

apache24 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: modproxyfcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K. modcache: Avoid a crash when Content-Type has an empty value. PR 56924. modlua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Requi...

5CVSS6.6AI score0.60205EPSS
Exploits2
FreeBSD
FreeBSD
•added 2014/12/01 12:0 a.m.•45 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer...

7.5CVSS6.3AI score0.04052EPSS
Exploits4References9
FreeBSD
FreeBSD
•added 2014/10/16 12:0 a.m.•45 views

libxml2 -- Denial of service

RedHat reports: A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption denia...

5CVSS6.3AI score0.03988EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/12/18 12:0 a.m.•45 views

gnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack

Werner Koch reports: CVE-2013-4576 has been assigned to this security bug. The paper describes two attacks. The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption. This is in general not a problem but may be used to reveal the...

2.1CVSS6AI score0.00451EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/07/26 12:0 a.m.•45 views

bind -- denial of service vulnerability

ISC reports: A specially crafted query that includes malformed rdata can cause named to terminate with an assertion failure while rejecting the malformed query...

7.8CVSS7.5AI score0.3415EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/03/18 12:0 a.m.•45 views

rubygem-rails -- multiple vulnerabilities

Ruby on Rails team reports: Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible. Four vulnerabilities have been discovered and fixed: CVE-2013-1854 Symbol DoS vulnerability in Active Record CVE-2013-1855 XSS...

5.8CVSS6.3AI score0.03438EPSS
Exploits2References5
FreeBSD
FreeBSD
•added 2013/02/21 12:0 a.m.•45 views

texproc/expat2 -- billion laugh attack

Kurt Seifried reports: So here are the CVE's for the two big ones, libxml2 and expat. Both are affected by the expansion of internal entities which can be used to consume resources and external entities which can cause a denial of service against other services, be used to port scan, etc.. A...

6.8CVSS3.2AI score0.19433EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2012/11/20 12:0 a.m.•45 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-91 Miscellaneous memory safety hazards rv:17.0/ rv:10.0.11 MFSA 2012-92 Buffer overflow while rendering GIF images MFSA 2012-93 evalInSanbox location context incorrectly applied MFSA 2012-94 Crash when combining SVG text on path with CSS MFSA 2012-95...

10CVSS10AI score0.11079EPSS
Exploits17References18
FreeBSD
FreeBSD
•added 2012/06/09 12:0 a.m.•45 views

mantis -- multiple vulnerabilities

Mantis reports: Roland Becker and Damien Regad MantisBT developers found that any user able to report issues via the SOAP interface could also modify any bugnotes comments created by other users. In a default/typical MantisBT installation, SOAP API is enabled and any user can sign up to report ne...

7.5CVSS6.3AI score0.03829EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2010/12/13 12:0 a.m.•45 views

php-zip -- multiple Denial of Service vulnerabilities

The following DoS conditions in Zip extension were fixed in PHP 5.3.4 and PHP 5.2.15: Fixed crash in zip extract method possible CWE-170. The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service...

4.3CVSS5.7AI score0.13333EPSS
Exploits6References3
FreeBSD
FreeBSD
•added 2010/12/10 12:0 a.m.•45 views

php -- open_basedir bypass

MITRE reports: fopenwrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass openbasedir restrictions via vectors related to the length of a filename...

5CVSS6.2AI score0.0632EPSS
Exploits0
FreeBSD
FreeBSD
•added 2010/11/30 12:0 a.m.•45 views

krb5 -- multiple checksum handling vulnerabilities

The MIT Kerberos team reports: MIT krb incorrectly accepts an unkeyed checksum with DES session keys for version 2 RFC 4121 of the GSS-API krb5 mechanism. An unauthenticated remote attacker can forge GSS tokens that are intended to be integrity-protected but unencrypted, if the targeted...

4.3CVSS6AI score0.02253EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2010/03/30 12:0 a.m.•45 views

mozilla -- multiple vulnerabilities

Mozilla Project reports: MFSA 2010-24 XMLDocument::load doesn't check nsIContentPolicy MFSA 2010-23 Image src redirect to mailto: URL opens email editor MFSA 2010-22 Update NSS to support TLS renegotiation indication MFSA 2010-21 Arbitrary code execution with Firebug XMLHttpRequestSpy MFSA 2010-2...

10CVSS8.6AI score0.87264EPSS
Exploits18References9
FreeBSD
FreeBSD
•added 2008/11/13 12:0 a.m.•45 views

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports: MFSA 2008-58 Parsing error in E4X default namespace MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners same-origin violation MFSA 2008-55 Crash and remote code execution in...

10CVSS10.2AI score0.10187EPSS
Exploits2References12
FreeBSD
FreeBSD
•added 2008/09/08 12:0 a.m.•45 views

wordpress -- remote privilege escalation

The Wordpress development team reports: With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another users password to a randomly generated password. The randomly generated password is not disclosed to the...

5.1CVSS6.4AI score0.03013EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/09/18 12:0 a.m.•45 views

mozilla -- code execution via Quicktime media-link files

The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browse...

5CVSS6.5AI score0.12383EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2006/05/02 12:0 a.m.•45 views

mysql50-server -- COM_TABLE_DUMP arbitrary code execution

Stefano Di Paola reports: An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. To take advantage of these flaws an attacker should have direct access to MySQL server communication layer port 3306 or unix socket. But if used in conjuction with so...

6.5CVSS6.9AI score0.35984EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2005/02/03 12:0 a.m.•45 views

python -- SimpleXMLRPCServer.py allows unrestricted traversal

According to Python Security Advisory PSF-2005-001, The Python development team has discovered a flaw in the SimpleXMLRPCServer library module which can give remote attackers access to internals of the registered object or its module or possibly other modules. The flaw only affects Python XML-RPC...

7.5CVSS7.1AI score0.05219EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/08/11 12:0 a.m.•45 views

qt -- image loader vulnerabilities

Qt contains several vulnerabilities related to image loading, including possible crashes when loading corrupt GIF, BMP, or JPEG images. Most seriously, Chris Evans reports that the BMP crash is actually due to a heap buffer overflow. It is believed that an attacker may be able to construct a BMP...

7.5AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2024/11/29 12:0 a.m.•44 views

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 5 security bugs in Chromium: CVE-2024-11110: Inappropriate implementation in Blink CVE-2024-11112: Use after free in Media CVE-2024-11114: Inappropriate implementation in Views CVE-2024-11116: Inappropriate implementation in Paint CVE-2024-11117...

8.8CVSS7.6AI score0.00343EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/05/28 12:0 a.m.•44 views

OpenSSL -- Use after free vulnerability

The OpenSSL project reports: Use After Free with SSLfreebuffers low. Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations...

7.5CVSS6.9AI score0.02945EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/08/31 12:0 a.m.•44 views

Gitlab -- Vulnerabilities

Gitlab reports: Privilege escalation of "external user" to internal access through group service account Maintainer can leak sentry token by changing the configured URL fix bypass Google Cloud Logging private key showed in plain text in GitLab UI leaking to other group owners Information disclosu...

7.5CVSS6.3AI score0.00703EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/08/01 12:0 a.m.•44 views

FreeBSD -- Remote denial of service in IPv6 fragment reassembly

Problem Description: Each fragment of an IPv6 packet contains a fragment header which specifies the offset of the fragment relative to the original packet, and each fragment specifies its length in the IPv6 header. When reassembling the packet, the kernel calculates the complete IPv6 payload...

7.5CVSS7AI score0.0054EPSS
Exploits0
FreeBSD
FreeBSD
•added 2023/07/10 12:0 a.m.•44 views

redis -- Heap overflow in the cjson and cmsgpack libraries

Redis core team reports: A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution...

8.8CVSS8AI score0.4292EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/03/20 12:0 a.m.•44 views

curl -- multiple vulnerabilities

Harry Sintonen reports: CVE-2023-27533 curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the documented functionality, curl...

9.8CVSS7.2AI score0.02195EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2023/02/28 12:0 a.m.•44 views

redis -- multiple vulnerabilities

The Redis core team reports: CVE-2023-25155 Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. CVE-2022-36021 String matching commands like SCAN or KEYS with a specially...

6.5CVSS6AI score0.59706EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/11/02 12:0 a.m.•44 views

Gitlab -- Multiple vulnerabilities

Gitlab reports: DAST analyzer sends custom request headers with every request Stored-XSS with CSP-bypass via scoped labels' color Maintainer can leak Datadog API key by changing integration URL Uncontrolled resource consumption when parsing URLs Issue HTTP requests when users view an OpenAPI...

9CVSS0.7AI score0.86326EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2022/09/07 12:0 a.m.•44 views

Grafana -- Improper authentication

Grafana Labs reports: On September 7, as a result of an internal security audit, we discovered a security vulnerability in Grafana’s basic authentication related to the usage of username and email address. n Grafana, a user’s username and email address are unique fields, which means no other user...

7.8CVSS6.5AI score0.01228EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/08/22 12:0 a.m.•44 views

MariaDB -- Multiple vulnerabilities

The MariaDB project reports: Multiple vulnerabilities, mostly segfaults, in the server component...

7.5CVSS2.8AI score0.51733EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2022/08/02 12:0 a.m.•44 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 27 security fixes, including: 1325699 High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16 1335316 High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang@eternalsakura13 and Guang Gong of 360 Alpha Lab...

8.8CVSS0.2AI score0.00799EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2022/07/01 12:0 a.m.•44 views

OpenSSL -- Heap memory corruption with RSA private key operation

The OpenSSL project reports: The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during t...

10CVSS3.4AI score0.44881EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2022/06/09 12:0 a.m.•44 views

git -- Multiple vulnerabilities

This release contains 2 security fixes: CVE-2022-39253 When relying on the --local clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks or copies of the dereferenced link in the destination repository. This can lead to surprising behavior where...

8.8CVSS8.5AI score0.02938EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2022/05/24 12:0 a.m.•44 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 32 security fixes, including: 1324864 Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12 1320024 High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park SeHwa on 2022-04-27 1228661 High...

9.6CVSS0.1AI score0.0088EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2022/02/10 12:0 a.m.•44 views

MariaDB -- Multiple vulnerabilities

MariaDB reports: MariaDB reports 5 vulnerabilities in supported versions without further detailed information...

7.8CVSS3.1AI score0.00645EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2022/01/19 12:0 a.m.•44 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 26 security fixes, including: 1284367 Critical CVE-2022-0289: Use after free in Safe browsing. Reported by Sergei Glazunov of Google Project Zero on 2022-01-05 12601341260007 High CVE-2022-0290: Use after free in Site isolation. Reported by Brendon...

9.6CVSS0.2AI score0.85352EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/12/14 12:0 a.m.•44 views

Mbed TLS -- Potential double-free after an out of memory error

Manuel Pégourié-Gonnard reports: If mbedtlssslsetsession or mbedtlssslgetsession were to fail with MBEDTLSERRSSLALLOCFAILED in an out of memory condition, then calling mbedtlssslsessionfree and mbedtlssslfree in the usual manner would cause an internal session buffer to be freed twice, due to two...

9.8CVSS2.7AI score0.02569EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/12/13 12:0 a.m.•44 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 5 security fixes, including: 1263457 Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26 1270658 High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of...

8.8CVSS0.6AI score0.07836EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/10/28 12:0 a.m.•44 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Stored XSS via ipynb files Pipeline schedules on imported projects can be set to automatically active after import Potential Denial of service via Workhorse Improper Access Control allows Merge Request creator to bypass locked status Projects API discloses ID and name of private...

8.7CVSS2.8AI score0.60729EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/04/25 12:0 a.m.•44 views

Exiv2 -- Multiple vulnerabilities

Exiv2 teams reports: Multiple vulnerabilities covering buffer overflows, out-of-bounds, read of uninitialized memory and denial of serivce. The heap overflow is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to ga...

7.8CVSS2.3AI score0.02295EPSS
Exploits2References9
FreeBSD
FreeBSD
•added 2021/03/22 12:0 a.m.•44 views

dovecot -- multiple vulnerabilities

Dovecot team reports: CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk. CVE-2021-33515: On-path attacker...

7.5CVSS1.8AI score0.02837EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2021/02/12 12:0 a.m.•44 views

openexr, ilmbase -- security fixes related to reading corrupted input files

Cary Phillips reports: Patch release with various bug/sanitizer/security fixes, primarily related to reading corrupted input files...

5.5CVSS1.5AI score0.01848EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2021/01/19 12:0 a.m.•44 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 36 security fixes, including: 1137179 Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara on 2020-10-10 1161357 High CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler Nighswander...

9.6CVSS0.3AI score0.23406EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2020/12/07 12:0 a.m.•44 views

Gitlab -- Multiple vulnerabilities

Gitlab reports: XSS in Zoom Meeting URL Limited Information Disclosure in Private Profile User email exposed via GraphQL endpoint Group and project membership potentially exposed via GraphQL Search terms logged in search parameter in rails logs Un-authorised access to feature flag user list A...

6.5CVSS1.6AI score0.01244EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/10/07 12:0 a.m.•44 views

MariaDB -- Undisclosed vulnerability

The MariaDB project reports: Details of this vulnerability have not yet been disclosed...

9CVSS2AI score0.05539EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2020/07/10 12:0 a.m.•44 views

webkit2-gtk3 -- multible vulnerabilities

The WebKitGTK project reports vulnerabilities: CVE-2020-9802: Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9803: Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9805: Processing maliciously crafted web content...

10CVSS2.5AI score0.77246EPSS
Exploits5References1
Total number of security vulnerabilities5000