Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2004/10/13 12:0 a.m.•43 views

tiff -- RLE decoder heap overflows

Chris Evans discovered several heap buffer overflows in libtiff's RLE decoder. These overflows could be triggered by a specially-crafted TIFF image file, resulting in an application crash and possibly arbitrary code execution...

7.5CVSS7.1AI score0.08268EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/07/22 12:0 a.m.•43 views

mozilla -- POP client heap overflow

zen-parse discovered a heap buffer overflow in Mozilla's POP client implementation. A malicious POP server could exploit this vulnerability to cause Mozilla to execute arbitrary code...

10CVSS7AI score0.05346EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2003/12/31 12:0 a.m.•43 views

mailman XSS in admin script

Dirk Mueller reports: I've found a cross-site scripting vulnerability in the admin interface of mailman 2.1.3 that allows, under certain circumstances, for anyone to retrieve the valid session cookie...

6.8CVSS6.2AI score0.01997EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2026/05/04 12:0 a.m.•42 views

www/apache24 -- Multiple vulnerabilities

The Apache httpd project reports: modproxyajp: CVE-2026-34059, CVE-2026-34032, CVE-2026-33857, CVE-2026-28780 multiple modules: CVE-2026-33523 modauthnsocache: CVE-2026-33007 modauthdigest: CVE-2026-33006 moddavlock: moddavlock modmd: CVE-2026-29168 modrewrite: CVE-2026-24072 modhttp2:...

9.8CVSS5.8AI score0.4581EPSS
Exploits18References1
FreeBSD
FreeBSD
•added 2025/02/11 12:0 a.m.•42 views

vscode -- multiple vulnerabilities

VSCode developers report: The update addresses these issues, including a fix for a security vulnerability. Scope nodemodule binary resolution in js-debug Elevation of Privilege Vulnerability with VS Code server for web UI...

7.3CVSS7.2AI score0.00735EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2024/03/05 12:0 a.m.•42 views

go -- multiple vulnerabilities

The Go project reports reports: crypto/x509: Verify panics on certificates with an unknown public key algorithm Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. net/http: memory exhaustion in...

7.5CVSS6.7AI score0.01165EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/09/05 12:0 a.m.•42 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 4 security fixes: 1476403 High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28 1473247 High CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI on 2023-08-16 1469928 High CVE-2023-4763: Use after...

8.8CVSS7.4AI score0.37987EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2023/08/29 12:0 a.m.•42 views

chromium -- use after free in MediaStream

Chrome Releases reports: This update includes 1 security fix: 1472492 High CVE-2023-4572: Use after free in MediaStream. Reported by fwnfwn@fwnfwn on 2023-08-12...

9.8CVSS7.4AI score0.0088EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/07/18 12:0 a.m.•42 views

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 24 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

7.5CVSS7.6AI score0.01594EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/06/29 12:0 a.m.•42 views

Gitlab -- Vulnerabilities

Gitlab reports: ReDoS via EpicReferenceFilter in any Markdown fields New commits to private projects visible in forks created while project was public New commits to private projects visible in forks created while project was public Maintainer can leak masked webhook secrets by manipulating URL...

7.5CVSS7.1AI score0.00905EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/03/30 12:0 a.m.•42 views

rubygem-time -- ReDoS vulnerability

oooooooq reports: The Time parser mishandles invalid strings that have specific characters. It causes an increase in execution time for parsing strings to Time objects...

5.3CVSS7.6AI score0.02452EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/03/10 12:0 a.m.•42 views

traefik -- Use of vulnerable Go modules net/http, net/textproto

The Go project reports: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially...

7.5CVSS8.4AI score0.01888EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2023/03/02 12:0 a.m.•42 views

strongSwan -- certificate verification vulnerability

strongSwan reports: A vulnerability related to certificate verification in TLS-based EAP methods was discovered in strongSwan that results in a denial of service but possibly even remote code execution. Versions 5.9.8 and 5.9.9 may be affected...

9.8CVSS9.4AI score0.02264EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/02/15 12:0 a.m.•42 views

curl -- multiple vulnerabilities

Harry Sintonen and Patrick Monnerat report: CVE-2023-23914 A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead...

9.1CVSS6.8AI score0.01703EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2022/11/12 12:0 a.m.•42 views

ffmpeg -- multiple vulnerabilities

NVD reports: An issue was discovered in the FFmpeg package, where vp3decodeframe in libavcodec/vp3.c lacks check of the return value of avmalloc and will cause a null pointer dereference, impacting availability. A null pointer dereference issue was discovered in 'FFmpeg' in decodemainheader...

8.1CVSS6.5AI score0.0347EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2022/10/26 12:0 a.m.•42 views

curl -- multiple vulnerabilities

Daniel Stenberg reports: CVE-2022-32221: POST following PUT confusion When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT...

9.8CVSS8.7AI score0.04325EPSS
Exploits2References4
FreeBSD
FreeBSD
•added 2022/10/11 12:0 a.m.•42 views

OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher

The OpenSSL project reports: Using a Custom Cipher with NIDundef may lead to NULL encryption low...

7.5CVSS7.6AI score0.02846EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/09/29 12:0 a.m.•42 views

mediawiki -- multiple vulnerabilities

Mediawiki reports: T316304, CVE-2022-41767 SECURITY: reassignEdits doesn't update results in an IP range check on Special:Contributions.. T309894, CVE-2022-41765 SECURITY: HTMLUserTextField exposes existence of hidden users. T307278, CVE-2022-41766 SECURITY: On action=rollback the message...

5.3CVSS1.4AI score0.00641EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2022/08/09 12:0 a.m.•42 views

Grafana -- Privilege escalation

Grafana Labs reports: On August 9 an internal security review identified a vulnerability in the Grafana which allows an escalation from Admin privileges to Server Admin when Auth proxy authentication is used. Auth proxy allows to authenticate a user by only providing the username or email in a...

6.6CVSS6.4AI score0.01302EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/04/02 12:0 a.m.•42 views

Django -- multiple vulnerabilities

Django Release reports: CVE-2022-28346: Potential SQL injection in QuerySet.annotate, aggregate, and extra. CVE-2022-28347: Potential SQL injection via QuerySet.explainoptions on PostgreSQL...

9.8CVSS3.3AI score0.18516EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2021/05/12 12:0 a.m.•42 views

Prosody -- multiple vulnerabilities

The Prosody security advisory 2021-05-12 reports: This advisory details 5 new security vulnerabilities discovered in the Prosody.im XMPP server software. All issues are fixed in the 0.11.9 release default configuration. CVE-2021-32918: DoS via insufficient memory consumption controls...

7.8CVSS3AI score0.02261EPSS
Exploits0
FreeBSD
FreeBSD
•added 2021/01/11 12:0 a.m.•42 views

sudo -- Potential information leak in sudoedit

Todd C. Miller reports: A potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before...

2.5CVSS1.1AI score0.01029EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2020/12/17 12:0 a.m.•42 views

ImageMagick6 -- multiple vulnerabilities

CVE reports: Several vulnerabilities have been discovered in ImageMagick: CVE-2021-20309: A flaw was found in ImageMagick in versions before 6.9.12, where a division by zero in WaveImage of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an...

7.8CVSS2.4AI score0.07508EPSS
Exploits1
FreeBSD
FreeBSD
•added 2020/10/20 12:0 a.m.•42 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release includes 5 security fixes: 1125337 High CVE-2020-16000: Inappropriate implementation in Blink. Reported by amaebijp on 2020-09-06 1135018 High CVE-2020-16001: Use after free in media. Reported by Khalil Zhani on 2020-10-05 1137630 High CVE-2020-16002: Use aft...

9.6CVSS0.8AI score0.5063EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2020/09/09 12:0 a.m.•42 views

Rails -- Potential XSS vulnerability

Ruby on Rails blog: Rails 5.2.4.4 and 6.0.3.3 have been released! These releases contain an important security fix, so please upgrade when you can. Both releases contain the following fix: CVE-2020-15169 Potential XSS vulnerability in Action View...

6.1CVSS2.4AI score0.02372EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2020/07/14 12:0 a.m.•42 views

VirtualBox -- Multiple vulnerabilities

Oracle reports: Vulnerabilities in VirtualBox core can allow users with logon access to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of these vulnerabilities can result in unauthorized access to critical data, access to all Oracle V...

8.2CVSS2.1AI score0.00565EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/06/03 12:0 a.m.•42 views

FreeBSD -- USB HID descriptor parsing error

Problem Description: If the push/pop level of the USB HID state is not restored within the processing of the same HID item, an invalid memory location may be used for subsequent HID item processing. Impact: An attacker with physical access to a USB port may be able to use a specially crafted USB...

7.2CVSS2AI score0.0056EPSS
Exploits0
FreeBSD
FreeBSD
•added 2020/03/19 12:0 a.m.•42 views

FreeBSD -- TCP IPv6 SYN cache kernel information disclosure

Problem Description: When a TCP server transmits or retransmits a TCP SYN-ACK segment over IPv6, the Traffic Class field is not initialized. This also applies to challenge ACK segments, which are sent in response to received RST segments during the TCP connection setup phase. Impact: For each TCP...

5.3CVSS1.8AI score0.0114EPSS
Exploits0
FreeBSD
FreeBSD
•added 2019/05/09 12:0 a.m.•42 views

sqlite3 -- use after free

MITRE reports: An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigg...

8.1CVSS4.3AI score0.06683EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2019/04/04 12:0 a.m.•42 views

PHP -- Multiple vulnerabilities in EXIF module

The PHP project reports: Heap-buffer-overflow in phpifdget32s CVE-2019-11034 Heap-buffer-overflow in exifiifaddvalue CVE-2019-11035...

9.1CVSS1.9AI score0.04409EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2019/03/05 12:0 a.m.•42 views

RubyGems -- multiple vulnerabilities

RubyGems Security Advisories: CVE-2019-8320: Delete directory using symlink when decompressing tar CVE-2019-8321: Escape sequence injection vulnerability in 'verbose' CVE-2019-8322: Escape sequence injection vulnerability in 'gem owner' CVE-2019-8323: Escape sequence injection vulnerability in AP...

8.8CVSS1.6AI score0.04212EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2019/02/28 12:0 a.m.•42 views

Node.js -- multiple vulnerabilities

Node.js reports: Updates are now available for all active Node.js release lines. In addition to fixes for security flaws in Node.js, they also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2r which contains a fix for a moderate severity security vulnerability. For these releases, we have...

5.9CVSS2.1AI score0.17139EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/12/11 12:0 a.m.•42 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Use-after-free with select element CVE-2018-18493: Buffer overflow in...

9.8CVSS1.9AI score0.09646EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2018/08/14 12:0 a.m.•42 views

Flash Player -- multiple vulnerabilities

Adobe reports: This update resolves out-of-bounds read vulnerabilities that could lead to information disclosure CVE-2018-12824, CVE-2018-12826, CVE-2018-12827. This update resolves a security bypass vulnerability that could lead to security mitigation bypass CVE-2018-12825. This update resolves ...

9.8CVSS2AI score0.32032EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2018/08/08 12:0 a.m.•42 views

wpa_supplicant -- unauthenticated encrypted EAPOL-Key data

SO-AND-SO reports: A vulnerability was found in how wpasupplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpasupplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being...

6.5CVSS0.2AI score0.01476EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/07/24 12:0 a.m.•42 views

mbed TLS -- plaintext recovery vulnerabilities

Simon Butcher reports: When using a CBC based ciphersuite, a remote attacker can partially recover the plaintext. When using a CBC based ciphersuite, an attacker with the ability to execute arbitrary code on the machine under attack can partially recover the plaintext by use of cache based...

6.1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2018/07/13 12:0 a.m.•42 views

mantis -- multiple vulnerabilities

mantis reports: Teun Beijers reported a cross-site scripting XSS vulnerability in the Edit Filter page which allows execution of arbitrary code if CSP settings permit it when displaying a filter with a crafted name. Prevent the attack by sanitizing the filter name before display. Ömer Cıtak,...

3.6AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2018/07/10 12:0 a.m.•42 views

Flash Player -- multiple vulnerabilities

Adobe reports: This update resolves an out-of-bounds read vulnerability that could lead to information disclosure CVE-2018-5008. This update resolves a type confusion vulnerability that could lead to arbitrary code execution CVE-2018-5007...

8.8CVSS2.4AI score0.18002EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2018/05/09 12:0 a.m.•42 views

wavpack -- multiple vulnerabilities

Sebastian Ramacher reports: A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. The...

7.8CVSS4AI score0.09905EPSS
Exploits9References2
FreeBSD
FreeBSD
•added 2017/12/01 12:0 a.m.•42 views

tor -- Use-after-free in onion service v2

The Torproject.org reports: TROVE-2017-009: Replay-cache ineffective for v2 onion services TROVE-2017-010: Remote DoS attack against directory authorities TROVE-2017-011: An attacker can make Tor ask for a password TROVE-2017-012: Relays can pick themselves in a circuit path TROVE-2017-013:...

7.5CVSS3.1AI score0.01426EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/11/15 12:0 a.m.•42 views

varnish -- information disclosure vulnerability

Varnish reports: A wrong if statement in the varnishd source code means that synthetic objects in stevedores which over-allocate, may leak up to page size of data from a malloc3 memory allocation...

9.1CVSS1AI score0.04084EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/10 12:0 a.m.•42 views

PostgreSQL vulnerabilities

The PostgreSQL project reports: CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pgusermappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: loput function ignores ACLs...

9.8CVSS4.1AI score0.61566EPSS
Exploits0
FreeBSD
FreeBSD
•added 2017/07/20 12:0 a.m.•42 views

GitLab -- Various security issues

GitLab reports: Please reference CVE/URL list for details...

6.5CVSS6.5AI score0.00619EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/04/19 12:0 a.m.•42 views

cURL -- TLS session resumption client cert bypass (again)

cURL security advisory: libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the...

7.5CVSS0.2AI score0.15063EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/04/12 12:0 a.m.•42 views

libsndfile -- multiple vulnerabilities

Agostino Sarubbo, Gentoo reports: CVE-2017-8361 Medium: The flacbuffercopy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file. CVE-2017-8362 Medium: T...

9.8CVSS8.5AI score0.03978EPSS
Exploits0References15
FreeBSD
FreeBSD
•added 2017/04/10 12:0 a.m.•42 views

chromium -- vulnerability

Google Chrome Releases reports: 62 security fixes in this release: 826626 Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28 827492 Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30 813876 High CVE-2018-6087:...

8.8CVSS0.4AI score0.09186EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2017/04/04 12:0 a.m.•42 views

django -- multiple vulnerabilities

Django team reports: These release addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible. Open redirect and possible XSS attack via user-supplied numeric redirect URLs Open redirect vulnerability in django.views.static.serve...

6.1CVSS3.1AI score0.02384EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2017/01/25 12:0 a.m.•42 views

ffmpeg -- heap overflow in lavf/mov.c

FFmpeg security reports: FFmpeg 3.2.4 fixes the following vulnerabilities: CVE-2017-5024, CVE-2017-5025...

5.5CVSS7.3AI score0.01119EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2016/12/23 12:0 a.m.•42 views

cURL -- uninitialized random vulnerability

Project curl Security Advisory: libcurl's new internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into the buffer the pointer pointed to. This random value is used to generate nonces for Digest and NTLM...

8.1CVSS0.8AI score0.02674EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/11/19 12:0 a.m.•42 views

tiff -- multiple vulnerabilities

libtiff project reports: Multiple flaws have been discovered in libtiff library and utilities...

9.8CVSS8.7AI score0.04767EPSS
Exploits3References1
Total number of security vulnerabilities5000