Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2016/08/17 12:0 a.m.•45 views

phpmyadmin -- multiple vulnerabilities

The phpmyadmin development team reports: Weakness with cookie encryption Multiple XSS vulnerabilities Multiple XSS vulnerabilities PHP code injection Full path disclosure SQL injection attack Local file exposure Local file exposure through symlinks with UploadDir Path traversal with SaveDir and...

2AI score
Exploits0References27
FreeBSD
FreeBSD
•added 2016/07/26 12:0 a.m.•45 views

xen-kernel -- x86: Missing SMAP whitelisting in 32-bit exception / event delivery

The Xen Project reports: Supervisor Mode Access Prevention is a hardware feature designed to make an Operating System more robust, by raising a pagefault rather than accidentally following a pointer into userspace. However, legitimate accesses into userspace require whitelisting, and the exceptio...

6.2CVSS2.5AI score0.00639EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/06/20 12:0 a.m.•45 views

Apache Commons FileUpload -- denial of service (DoS) vulnerability

Mark Thomas reports: CVE-2016-3092 is a denial of service vulnerability that has been corrected in the Apache Commons FileUpload component. It occurred when the length of the multipart boundary was just below the size of the buffer 4096 bytes used to read the uploaded file. This caused the file...

7.8CVSS2AI score0.35927EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2016/01/27 12:0 a.m.•45 views

quagga -- stack based buffer overflow vulnerability

Donald Sharp reports: A malicious BGP peer may execute arbitrary code in particularly configured remote bgpd hosts...

8.1CVSS3.2AI score0.1211EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2016/01/05 12:0 a.m.•45 views

py-rsa -- Bleichenbacher'06 signature forgery vulnerability

Filippo Valsorda reports: python-rsa is vulnerable to a straightforward variant of the Bleichenbacher'06 attack against RSA signature verification with low public exponent...

5.3CVSS3.9AI score0.07054EPSS
Exploits1References5
FreeBSD
FreeBSD
•added 2015/12/20 12:0 a.m.•45 views

ffmpeg -- multiple vulnerabilities

NVD reports: The ffdwtdecode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service out-of-bounds array access or possib...

8.3CVSS8AI score0.01913EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2015/12/19 12:0 a.m.•45 views

mono -- DoS and code execution

NCC Group reports: An attacker who can cause a carefully-chosen string to be converted to a floating-point number can cause a crash and potentially induce arbitrary code execution...

6.8CVSS4.6AI score0.28167EPSS
Exploits43References1
FreeBSD
FreeBSD
•added 2015/12/09 12:0 a.m.•45 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description SECURITY-95 / CVE-2015-7536 Stored XSS vulnerability through workspace files and archived artifacts In certain configurations, low privilege users were able to create e.g. HTML files in workspaces and archived artifacts that could result in XSS when accessed...

8.8CVSS7AI score0.02395EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/12/01 12:0 a.m.•45 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 41 security fixes in this release, including: 558589 Critical CVE-2015-6765: Use-after-free in AppCache. Credit to anonymous. 551044 High CVE-2015-6766: Use-after-free in AppCache. Credit to anonymous. 554908 High CVE-2015-6767: Use-after-free in AppCache. Credit t...

10CVSS9.8AI score0.08115EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2015/11/19 12:0 a.m.•45 views

qemu -- denial of service vulnerability in Q35 chipset emulation

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the Q35 chipset based pc system emulator is vulnerable to a heap based buffer overflow. It occurs during VM guest migration, as more16 bytes data is moved into allocated 8 bytes memory area. A privileged guest user...

7.9CVSS7.1AI score0.00434EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2015/11/03 12:0 a.m.•45 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-133 NSS and NSPR memory corruption issues MFSA 2015-132 Mixed content WebSocket policy bypass through workers MFSA 2015-131 Vulnerabilities found through code inspection MFSA 2015-130 JavaScript garbage collection crash with Java applet MFSA 2015-129 Certain...

9.8CVSS9.4AI score0.10238EPSS
Exploits0References18
FreeBSD
FreeBSD
•added 2015/10/13 12:0 a.m.•45 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 24 security fixes in this release, including: 519558 High CVE-2015-6755: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 507316 High CVE-2015-6756: Use-after-free in PDFium. Credit to anonymous. 529520 High CVE-2015-6757: Use-after-free in ServiceWorker...

7.5CVSS9.6AI score0.06974EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2015/08/11 12:0 a.m.•45 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-79 Miscellaneous memory safety hazards rv:40.0 / rv:38.2 MFSA 2015-80 Out-of-bounds read with malformed MP3 file MFSA 2015-81 Use-after-free in MediaStream playback MFSA 2015-82 Redefinition of non-configurable JavaScript object properties MFSA 2015-83...

10CVSS8.4AI score0.09027EPSS
Exploits1References13
FreeBSD
FreeBSD
•added 2015/06/16 12:0 a.m.•45 views

rubygem-rails -- multiple vulnerabilities

Ruby on Rails blog: Rails 3.2.22, 4.1.11 and 4.2.2 have been released, along with web console and jquery-rails plugins and Rack 1.5.4 and 1.6.2...

5CVSS6.2AI score0.44984EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2015/05/12 12:0 a.m.•45 views

Adobe Flash Player -- critical vulnerabilities

Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the lates...

10CVSS7.7AI score0.87303EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2015/05/04 12:0 a.m.•45 views

hostapd and wpa_supplicant -- multiple vulnerabilities

Jouni Malinen reports: WPS UPnP vulnerability with HTTP chunked transfer encoding. 2015-2 - CVE-2015-4141 Integer underflow in AP mode WMM Action frame processing. 2015-3 - CVE-2015-4142 EAP-pwd missing payload length validation. 2015-4 - CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146...

5CVSS7.1AI score0.04198EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2015/01/29 12:0 a.m.•45 views

apache24 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: modproxyfcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K. modcache: Avoid a crash when Content-Type has an empty value. PR 56924. modlua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Requi...

5CVSS6.6AI score0.60205EPSS
Exploits2
FreeBSD
FreeBSD
•added 2014/12/01 12:0 a.m.•45 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer...

7.5CVSS6.3AI score0.04052EPSS
Exploits4References9
FreeBSD
FreeBSD
•added 2014/10/16 12:0 a.m.•45 views

libxml2 -- Denial of service

RedHat reports: A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption denia...

5CVSS6.3AI score0.03988EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/12/18 12:0 a.m.•45 views

gnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack

Werner Koch reports: CVE-2013-4576 has been assigned to this security bug. The paper describes two attacks. The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption. This is in general not a problem but may be used to reveal the...

2.1CVSS6AI score0.00451EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2013/07/26 12:0 a.m.•45 views

bind -- denial of service vulnerability

ISC reports: A specially crafted query that includes malformed rdata can cause named to terminate with an assertion failure while rejecting the malformed query...

7.8CVSS7.5AI score0.3415EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/06/21 12:0 a.m.•45 views

wordpress -- multiple vulnerabilities

The wordpress development team reports: Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site Disallow contributors from improperly publishing posts An update to the SWFUpload external library to fix cross-site scripting vulnerabilities...

4.3CVSS6.5AI score0.0296EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/03/18 12:0 a.m.•45 views

rubygem-rails -- multiple vulnerabilities

Ruby on Rails team reports: Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible. Four vulnerabilities have been discovered and fixed: CVE-2013-1854 Symbol DoS vulnerability in Active Record CVE-2013-1855 XSS...

5.8CVSS6.3AI score0.03438EPSS
Exploits2References5
FreeBSD
FreeBSD
•added 2013/02/21 12:0 a.m.•45 views

texproc/expat2 -- billion laugh attack

Kurt Seifried reports: So here are the CVE's for the two big ones, libxml2 and expat. Both are affected by the expansion of internal entities which can be used to consume resources and external entities which can cause a denial of service against other services, be used to port scan, etc.. A...

6.8CVSS3.2AI score0.19433EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2012/11/20 12:0 a.m.•45 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-91 Miscellaneous memory safety hazards rv:17.0/ rv:10.0.11 MFSA 2012-92 Buffer overflow while rendering GIF images MFSA 2012-93 evalInSanbox location context incorrectly applied MFSA 2012-94 Crash when combining SVG text on path with CSS MFSA 2012-95...

10CVSS10AI score0.11079EPSS
Exploits17References18
FreeBSD
FreeBSD
•added 2012/06/09 12:0 a.m.•45 views

mantis -- multiple vulnerabilities

Mantis reports: Roland Becker and Damien Regad MantisBT developers found that any user able to report issues via the SOAP interface could also modify any bugnotes comments created by other users. In a default/typical MantisBT installation, SOAP API is enabled and any user can sign up to report ne...

7.5CVSS6.3AI score0.03829EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2012/01/04 12:0 a.m.•45 views

OpenSSL -- multiple vulnerabilities

The OpenSSL Team reports: 6 security flaws have been fixed in OpenSSL 1.0.0f: If X509VFLAGPOLICYCHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. As a...

9.3CVSS7.8AI score0.17687EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2010/12/13 12:0 a.m.•45 views

php-zip -- multiple Denial of Service vulnerabilities

The following DoS conditions in Zip extension were fixed in PHP 5.3.4 and PHP 5.2.15: Fixed crash in zip extract method possible CWE-170. The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service...

4.3CVSS5.7AI score0.13333EPSS
Exploits6References3
FreeBSD
FreeBSD
•added 2010/12/10 12:0 a.m.•45 views

php -- open_basedir bypass

MITRE reports: fopenwrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass openbasedir restrictions via vectors related to the length of a filename...

5CVSS6.2AI score0.0632EPSS
Exploits0
FreeBSD
FreeBSD
•added 2010/11/30 12:0 a.m.•45 views

krb5 -- multiple checksum handling vulnerabilities

The MIT Kerberos team reports: MIT krb incorrectly accepts an unkeyed checksum with DES session keys for version 2 RFC 4121 of the GSS-API krb5 mechanism. An unauthenticated remote attacker can forge GSS tokens that are intended to be integrity-protected but unencrypted, if the targeted...

4.3CVSS6AI score0.02253EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2010/03/30 12:0 a.m.•45 views

mozilla -- multiple vulnerabilities

Mozilla Project reports: MFSA 2010-24 XMLDocument::load doesn't check nsIContentPolicy MFSA 2010-23 Image src redirect to mailto: URL opens email editor MFSA 2010-22 Update NSS to support TLS renegotiation indication MFSA 2010-21 Arbitrary code execution with Firebug XMLHttpRequestSpy MFSA 2010-2...

10CVSS8.6AI score0.87264EPSS
Exploits18References9
FreeBSD
FreeBSD
•added 2008/11/13 12:0 a.m.•45 views

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports: MFSA 2008-58 Parsing error in E4X default namespace MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners same-origin violation MFSA 2008-55 Crash and remote code execution in...

10CVSS10.2AI score0.10187EPSS
Exploits2References12
FreeBSD
FreeBSD
•added 2007/05/14 12:0 a.m.•45 views

samba -- multiple vulnerabilities

The Samba Team reports: A bug in the local SID/Name translation routines may potentially result in a user being able to issue SMB/CIFS protocol operations as root. When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon's internal...

10CVSS6.4AI score0.77806EPSS
Exploits38References3
FreeBSD
FreeBSD
•added 2006/05/02 12:0 a.m.•45 views

mysql50-server -- COM_TABLE_DUMP arbitrary code execution

Stefano Di Paola reports: An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. To take advantage of these flaws an attacker should have direct access to MySQL server communication layer port 3306 or unix socket. But if used in conjuction with so...

6.5CVSS6.9AI score0.35984EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2006/03/21 12:0 a.m.•45 views

freeradius -- EAP-MSCHAPv2 Authentication Bypass

Freeradius Security Contact reports: Insufficient input validation was being done in the EAP-MSCHAPv2 state machine. A malicious attacker could manipulate their EAP-MSCHAPv2 client state machine to potentially convince the server to bypass authentication checks. This bypassing could also result i...

7.5CVSS6.4AI score0.0276EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2005/02/03 12:0 a.m.•45 views

python -- SimpleXMLRPCServer.py allows unrestricted traversal

According to Python Security Advisory PSF-2005-001, The Python development team has discovered a flaw in the SimpleXMLRPCServer library module which can give remote attackers access to internals of the registered object or its module or possibly other modules. The flaw only affects Python XML-RPC...

7.5CVSS7.1AI score0.05219EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/11/29 12:0 a.m.•44 views

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 5 security bugs in Chromium: CVE-2024-11110: Inappropriate implementation in Blink CVE-2024-11112: Use after free in Media CVE-2024-11114: Inappropriate implementation in Views CVE-2024-11116: Inappropriate implementation in Paint CVE-2024-11117...

8.8CVSS7.6AI score0.00343EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/10/16 12:0 a.m.•44 views

OpenSSL -- OOB memory access vulnerability

The OpenSSL project reports: Low-level invalid GF2^m parameters lead to OOB memory access CVE-2024-9143 Low Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes...

4.3CVSS6.9AI score0.05966EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/05/28 12:0 a.m.•44 views

OpenSSL -- Use after free vulnerability

The OpenSSL project reports: Use After Free with SSLfreebuffers low. Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations...

7.5CVSS6.9AI score0.02945EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/07/10 12:0 a.m.•44 views

redis -- Heap overflow in the cjson and cmsgpack libraries

Redis core team reports: A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution...

8.8CVSS8AI score0.41409EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/06/22 12:0 a.m.•44 views

electron22 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3215. Security: backported fix for CVE-2023-3216. Security: backported fix for CVE-2023-0698. Security: backported fix for CVE-2023-0932...

8.8CVSS8.7AI score0.13813EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2023/02/28 12:0 a.m.•44 views

redis -- multiple vulnerabilities

The Redis core team reports: CVE-2023-25155 Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. CVE-2022-36021 String matching commands like SCAN or KEYS with a specially...

6.5CVSS6AI score0.59706EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/11/24 12:0 a.m.•44 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 1 security fix: 1392715 High CVE-2022-4135: Heap buffer overflow in GPU. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-22 Google is aware that an exploit for CVE-2022-4135 exists in the wild...

9.6CVSS1.2AI score0.31864EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2022/11/02 12:0 a.m.•44 views

Gitlab -- Multiple vulnerabilities

Gitlab reports: DAST analyzer sends custom request headers with every request Stored-XSS with CSP-bypass via scoped labels' color Maintainer can leak Datadog API key by changing integration URL Uncontrolled resource consumption when parsing URLs Issue HTTP requests when users view an OpenAPI...

9CVSS0.7AI score0.86326EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2022/08/22 12:0 a.m.•44 views

MariaDB -- Multiple vulnerabilities

The MariaDB project reports: Multiple vulnerabilities, mostly segfaults, in the server component...

7.5CVSS2.8AI score0.52063EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2022/08/02 12:0 a.m.•44 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 27 security fixes, including: 1325699 High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16 1335316 High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang@eternalsakura13 and Guang Gong of 360 Alpha Lab...

8.8CVSS0.2AI score0.00799EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2022/07/01 12:0 a.m.•44 views

OpenSSL -- Heap memory corruption with RSA private key operation

The OpenSSL project reports: The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during t...

10CVSS3.4AI score0.44881EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2022/06/09 12:0 a.m.•44 views

git -- Multiple vulnerabilities

This release contains 2 security fixes: CVE-2022-39253 When relying on the --local clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks or copies of the dereferenced link in the destination repository. This can lead to surprising behavior where...

8.8CVSS8.5AI score0.02938EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2022/05/24 12:0 a.m.•44 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 32 security fixes, including: 1324864 Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12 1320024 High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park SeHwa on 2022-04-27 1228661 High...

9.6CVSS0.1AI score0.0088EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2022/02/10 12:0 a.m.•44 views

MariaDB -- Multiple vulnerabilities

MariaDB reports: MariaDB reports 5 vulnerabilities in supported versions without further detailed information...

7.8CVSS3.1AI score0.00689EPSS
Exploits1References4
Total number of security vulnerabilities5000