Lucene search
K
FreebsdMost viewed

6587 matches found

FreeBSD
FreeBSD
•added 2008/08/08 12:0 a.m.•43 views

ruby -- DNS spoofing vulnerability

The official ruby site reports: resolv.rb allow remote attackers to spoof DNS answers. This risk can be reduced by randomness of DNS transaction IDs and source ports...

6.8CVSS7AI score0.95182EPSS
Exploits21References1
FreeBSD
FreeBSD
•added 2008/02/20 12:0 a.m.•43 views

opera -- multiple vulnerabilities

Opera Software ASA reports about multiple security fixes: Fixed an issue where simulated text inputs could trick users into uploading arbitrary files, as reported by Mozilla. Image properties can no longer be used to execute scripts, as reported by Max Leonov. Fixed an issue where the...

6.5AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2007/11/14 12:0 a.m.•43 views

mysql -- privilege escalation and overwrite of the system table information

MySQL reports: Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points...

7.1CVSS6.3AI score0.1426EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2007/11/11 12:0 a.m.•43 views

phpmyadmin -- cross-site scripting vulnerability

The DigiTrust Group reports: When creating a new database, a malicious user can use a client-side Web proxy to place malicious code in the db parameter of the POST request. Since dbcreate.php does not properly sanitize user-supplied input, an administrator could face a persistent XSS attack when...

6.4AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2007/10/17 12:0 a.m.•43 views

phpmyadmin -- cross-site scripting vulnerability

The DigiTrust Group discovered serious XSS vulnerability in the phpMyAdmin serverstatus.php script. According to their report vulnerability can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...

4.3CVSS6.4AI score0.03326EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2007/09/27 12:0 a.m.•43 views

tcl/tk -- buffer overflow in ReadImage function

A Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl/Tk, allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first...

6.8CVSS7.7AI score0.04855EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2007/07/30 12:0 a.m.•43 views

xpdf -- stack based buffer overflow

The KDE Team reports: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor. Remotely supplied pdf files can be used to disrupt the kpdf viewe...

6.8CVSS7.6AI score0.08565EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/05/15 12:0 a.m.•43 views

png -- DoS crash vulnerability

A Libpng Security Advisory reports: A grayscale PNG image with a malformed bad CRC tRNS chunk will crash some libpng applications. This vulnerability could be used to crash a browser when a user tries to view such a malformed PNG file. It is not known whether the vulnerability could be exploited...

5CVSS9AI score0.05115EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2007/02/23 12:0 a.m.•43 views

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2007-08 onUnload + document.write memory corruption MFSA 2007-07 Embedded...

9.3CVSS6.7AI score0.5036EPSS
Exploits10References10
FreeBSD
FreeBSD
•added 2006/12/06 12:0 a.m.•43 views

FreeBSD -- Kernel memory disclosure in firewire(4)

Problem Description: In the FWGCROM ioctl, a signed integer comparison is used instead of an unsigned integer comparison when computing the length of a buffer to be copied from the kernel into the calling application. Impact: A user in the "operator" group can read the contents of kernel memory...

2.1CVSS6.3AI score0.00398EPSS
Exploits0
FreeBSD
FreeBSD
•added 2006/09/19 12:0 a.m.•43 views

gzip -- multiple vulnerabilities

Problem Description Multiple programming errors have been found in gzip which can be triggered when gzip is decompressing files. These errors include insufficient bounds checks in buffer use, a NULL pointer dereference, and a potential infinite loop. Impact The insufficient bounds checks in buffe...

7.5CVSS6.9AI score0.05641EPSS
Exploits1
FreeBSD
FreeBSD
•added 2006/09/08 12:0 a.m.•43 views

win32-codecs -- multiple vulnerabilities

The Apple Security Team reports that there are multiple vulnerabilities within QuickTime one of the plugins for win32-codecs. A remote attacker capable of creating a malicious SGI image, FlashPix, FLC movie, or a QuickTime movie can possibly lead to execution of arbitrary code or cause a Denial o...

5.1CVSS7.7AI score0.15248EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2006/03/14 12:0 a.m.•43 views

linux-flashplugin -- arbitrary code execution vulnerability

Adobe reports: Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these...

5.1CVSS7.1AI score0.06602EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/10/13 12:0 a.m.•43 views

tiff -- RLE decoder heap overflows

Chris Evans discovered several heap buffer overflows in libtiff's RLE decoder. These overflows could be triggered by a specially-crafted TIFF image file, resulting in an application crash and possibly arbitrary code execution...

7.5CVSS7.1AI score0.08268EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/07/22 12:0 a.m.•43 views

mozilla -- POP client heap overflow

zen-parse discovered a heap buffer overflow in Mozilla's POP client implementation. A malicious POP server could exploit this vulnerability to cause Mozilla to execute arbitrary code...

10CVSS7AI score0.05346EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2003/12/31 12:0 a.m.•43 views

mailman XSS in admin script

Dirk Mueller reports: I've found a cross-site scripting vulnerability in the admin interface of mailman 2.1.3 that allows, under certain circumstances, for anyone to retrieve the valid session cookie...

6.8CVSS6.2AI score0.01997EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2026/06/02 12:0 a.m.•42 views

Apache httpd -- DoS exploit in HTTP/2

Calif security reports: Remote DoS in modhttp2...

7.5CVSS5.8AI score0.11471EPSS
Exploits8References1
FreeBSD
FreeBSD
•added 2026/05/04 12:0 a.m.•42 views

www/apache24 -- Multiple vulnerabilities

The Apache httpd project reports: modproxyajp: CVE-2026-34059, CVE-2026-34032, CVE-2026-33857, CVE-2026-28780 multiple modules: CVE-2026-33523 modauthnsocache: CVE-2026-33007 modauthdigest: CVE-2026-33006 moddavlock: moddavlock modmd: CVE-2026-29168 modrewrite: CVE-2026-24072 modhttp2:...

9.8CVSS5.8AI score0.4581EPSS
Exploits18References1
FreeBSD
FreeBSD
•added 2025/02/11 12:0 a.m.•42 views

vscode -- multiple vulnerabilities

VSCode developers report: The update addresses these issues, including a fix for a security vulnerability. Scope nodemodule binary resolution in js-debug Elevation of Privilege Vulnerability with VS Code server for web UI...

7.3CVSS7.2AI score0.00735EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2024/03/05 12:0 a.m.•42 views

go -- multiple vulnerabilities

The Go project reports reports: crypto/x509: Verify panics on certificates with an unknown public key algorithm Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. net/http: memory exhaustion in...

7.5CVSS6.7AI score0.01165EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/09/05 12:0 a.m.•42 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 4 security fixes: 1476403 High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28 1473247 High CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI on 2023-08-16 1469928 High CVE-2023-4763: Use after...

8.8CVSS7.4AI score0.37987EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2023/08/29 12:0 a.m.•42 views

chromium -- use after free in MediaStream

Chrome Releases reports: This update includes 1 security fix: 1472492 High CVE-2023-4572: Use after free in MediaStream. Reported by fwnfwn@fwnfwn on 2023-08-12...

9.8CVSS7.4AI score0.0088EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/07/18 12:0 a.m.•42 views

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 24 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

7.5CVSS7.6AI score0.01594EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/06/29 12:0 a.m.•42 views

Gitlab -- Vulnerabilities

Gitlab reports: ReDoS via EpicReferenceFilter in any Markdown fields New commits to private projects visible in forks created while project was public New commits to private projects visible in forks created while project was public Maintainer can leak masked webhook secrets by manipulating URL...

7.5CVSS7.1AI score0.00905EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/03/30 12:0 a.m.•42 views

rubygem-time -- ReDoS vulnerability

oooooooq reports: The Time parser mishandles invalid strings that have specific characters. It causes an increase in execution time for parsing strings to Time objects...

5.3CVSS7.6AI score0.02452EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/03/10 12:0 a.m.•42 views

traefik -- Use of vulnerable Go modules net/http, net/textproto

The Go project reports: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially...

7.5CVSS8.4AI score0.01888EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2023/02/15 12:0 a.m.•42 views

curl -- multiple vulnerabilities

Harry Sintonen and Patrick Monnerat report: CVE-2023-23914 A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead...

9.1CVSS6.8AI score0.01703EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2022/11/12 12:0 a.m.•42 views

ffmpeg -- multiple vulnerabilities

NVD reports: An issue was discovered in the FFmpeg package, where vp3decodeframe in libavcodec/vp3.c lacks check of the return value of avmalloc and will cause a null pointer dereference, impacting availability. A null pointer dereference issue was discovered in 'FFmpeg' in decodemainheader...

8.1CVSS6.5AI score0.0347EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2022/10/26 12:0 a.m.•42 views

curl -- multiple vulnerabilities

Daniel Stenberg reports: CVE-2022-32221: POST following PUT confusion When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT...

9.8CVSS8.7AI score0.04325EPSS
Exploits2References4
FreeBSD
FreeBSD
•added 2022/10/11 12:0 a.m.•42 views

OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher

The OpenSSL project reports: Using a Custom Cipher with NIDundef may lead to NULL encryption low...

7.5CVSS7.6AI score0.02846EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/09/29 12:0 a.m.•42 views

mediawiki -- multiple vulnerabilities

Mediawiki reports: T316304, CVE-2022-41767 SECURITY: reassignEdits doesn't update results in an IP range check on Special:Contributions.. T309894, CVE-2022-41765 SECURITY: HTMLUserTextField exposes existence of hidden users. T307278, CVE-2022-41766 SECURITY: On action=rollback the message...

5.3CVSS1.4AI score0.00641EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2022/08/09 12:0 a.m.•42 views

Grafana -- Privilege escalation

Grafana Labs reports: On August 9 an internal security review identified a vulnerability in the Grafana which allows an escalation from Admin privileges to Server Admin when Auth proxy authentication is used. Auth proxy allows to authenticate a user by only providing the username or email in a...

6.6CVSS6.4AI score0.01302EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/04/02 12:0 a.m.•42 views

Django -- multiple vulnerabilities

Django Release reports: CVE-2022-28346: Potential SQL injection in QuerySet.annotate, aggregate, and extra. CVE-2022-28347: Potential SQL injection via QuerySet.explainoptions on PostgreSQL...

9.8CVSS3.3AI score0.18516EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2021/11/04 12:0 a.m.•42 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Critical SECURITY-2455 / CVE-2021-21685, CVE-2021-21686, CVE-2021-21687, CVE-2021-21688, CVE-2021-21689, CVE-2021-21690, CVE-2021-21691, CVE-2021-21692, CVE-2021-21693, CVE-2021-21694, CVE-2021-21695 Multiple vulnerabilities allow bypassing path filtering of...

9.8CVSS9.1AI score0.02451EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/05/12 12:0 a.m.•42 views

Prosody -- multiple vulnerabilities

The Prosody security advisory 2021-05-12 reports: This advisory details 5 new security vulnerabilities discovered in the Prosody.im XMPP server software. All issues are fixed in the 0.11.9 release default configuration. CVE-2021-32918: DoS via insufficient memory consumption controls...

7.8CVSS3AI score0.02261EPSS
Exploits0
FreeBSD
FreeBSD
•added 2020/12/17 12:0 a.m.•42 views

ImageMagick6 -- multiple vulnerabilities

CVE reports: Several vulnerabilities have been discovered in ImageMagick: CVE-2021-20309: A flaw was found in ImageMagick in versions before 6.9.12, where a division by zero in WaveImage of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an...

7.8CVSS2.4AI score0.07508EPSS
Exploits1
FreeBSD
FreeBSD
•added 2020/10/20 12:0 a.m.•42 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release includes 5 security fixes: 1125337 High CVE-2020-16000: Inappropriate implementation in Blink. Reported by amaebijp on 2020-09-06 1135018 High CVE-2020-16001: Use after free in media. Reported by Khalil Zhani on 2020-10-05 1137630 High CVE-2020-16002: Use aft...

9.6CVSS0.8AI score0.5063EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2020/07/14 12:0 a.m.•42 views

VirtualBox -- Multiple vulnerabilities

Oracle reports: Vulnerabilities in VirtualBox core can allow users with logon access to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of these vulnerabilities can result in unauthorized access to critical data, access to all Oracle V...

8.2CVSS2.1AI score0.00565EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/06/03 12:0 a.m.•42 views

FreeBSD -- USB HID descriptor parsing error

Problem Description: If the push/pop level of the USB HID state is not restored within the processing of the same HID item, an invalid memory location may be used for subsequent HID item processing. Impact: An attacker with physical access to a USB port may be able to use a specially crafted USB...

7.2CVSS2AI score0.0056EPSS
Exploits0
FreeBSD
FreeBSD
•added 2020/04/23 12:0 a.m.•42 views

mail/dovecot -- multiple vulnerabilities

Aki Tuomi reports: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory.. Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash...

7.5CVSS1.2AI score0.08153EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2020/03/19 12:0 a.m.•42 views

FreeBSD -- TCP IPv6 SYN cache kernel information disclosure

Problem Description: When a TCP server transmits or retransmits a TCP SYN-ACK segment over IPv6, the Traffic Class field is not initialized. This also applies to challenge ACK segments, which are sent in response to received RST segments during the TCP connection setup phase. Impact: For each TCP...

5.3CVSS1.8AI score0.0114EPSS
Exploits0
FreeBSD
FreeBSD
•added 2019/09/25 12:0 a.m.•42 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-1498 / CVE-2019-10401 Stored XSS vulnerability in expandable textbox form control Medium SECURITY-1525 / CVE-2019-10402 XSS vulnerability in combobox form control Medium SECURITY-1537 1 / CVE-2019-10403 Stored XSS vulnerability in SCM tag...

5.4CVSS5.2AI score0.65753EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/09/11 12:0 a.m.•42 views

curl -- multiple vulnerabilities

curl security problems: CVE-2019-5481: FTP-KRB double-free libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPTKRBLEVEL option. During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit size of each block first and then that amoun...

9.8CVSS1.4AI score0.17939EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2019/05/09 12:0 a.m.•42 views

sqlite3 -- use after free

MITRE reports: An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigg...

8.1CVSS4.3AI score0.06683EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2019/04/04 12:0 a.m.•42 views

PHP -- Multiple vulnerabilities in EXIF module

The PHP project reports: Heap-buffer-overflow in phpifdget32s CVE-2019-11034 Heap-buffer-overflow in exifiifaddvalue CVE-2019-11035...

9.1CVSS1.9AI score0.04409EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2019/03/05 12:0 a.m.•42 views

RubyGems -- multiple vulnerabilities

RubyGems Security Advisories: CVE-2019-8320: Delete directory using symlink when decompressing tar CVE-2019-8321: Escape sequence injection vulnerability in 'verbose' CVE-2019-8322: Escape sequence injection vulnerability in 'gem owner' CVE-2019-8323: Escape sequence injection vulnerability in AP...

8.8CVSS1.6AI score0.04212EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2019/02/28 12:0 a.m.•42 views

Node.js -- multiple vulnerabilities

Node.js reports: Updates are now available for all active Node.js release lines. In addition to fixes for security flaws in Node.js, they also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2r which contains a fix for a moderate severity security vulnerability. For these releases, we have...

5.9CVSS2.1AI score0.17139EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/12/11 12:0 a.m.•42 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Use-after-free with select element CVE-2018-18493: Buffer overflow in...

9.8CVSS1.9AI score0.09646EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2018/08/14 12:0 a.m.•42 views

Flash Player -- multiple vulnerabilities

Adobe reports: This update resolves out-of-bounds read vulnerabilities that could lead to information disclosure CVE-2018-12824, CVE-2018-12826, CVE-2018-12827. This update resolves a security bypass vulnerability that could lead to security mitigation bypass CVE-2018-12825. This update resolves ...

9.8CVSS2AI score0.32032EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2018/08/08 12:0 a.m.•42 views

wpa_supplicant -- unauthenticated encrypted EAPOL-Key data

SO-AND-SO reports: A vulnerability was found in how wpasupplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpasupplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being...

6.5CVSS0.2AI score0.01476EPSS
Exploits0References1
Total number of security vulnerabilities5000