Lucene search
K
FreebsdMost viewed

6578 matches found

FreeBSD
FreeBSD
added 2015/01/27 12:0 a.m.162 views

glibc -- gethostbyname buffer overflow

Robert Krátký reports: GHOST is a 'buffer overflow' bug affecting the gethostbyname and gethostbyname2 function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the...

10CVSS8.2AI score0.94859EPSS
Exploits29References2
FreeBSD
FreeBSD
added 2019/11/14 12:0 a.m.160 views

FreeBSD -- Intel CPU Microcode Update

Starting with version 1.26, the devcpu-data port/package includes updates and mitigations for the following technical and security advisories depending on CPU model. Intel TSX Updates TAA CVE-2019-11135 Voltage Modulation Vulnerability CVE-2019-11139 MDCLEAR Operations CVE-2018-12126 CVE-2018-121...

9.9CVSS0.4AI score0.74041EPSS
Exploits10
FreeBSD
FreeBSD
added 2016/12/20 12:0 a.m.155 views

Apache httpd -- several vulnerabilities

Apache Software Foundation reports: Please reference CVE/URL list for details...

8.1CVSS7.8AI score0.7907EPSS
Exploits8References1
FreeBSD
FreeBSD
added 2019/07/03 12:0 a.m.152 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Ability to Write a Note to a Private Snippet Recent Pipeline Information Disclosed to Unauthorised Users Resource Exhaustion Attack Error Caused by Encoded Characters in Comments Authorization Issues in GraphQL Number of Merge Requests was Accessible Enabling One of the Service...

7.5CVSS2AI score0.01403EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/06/15 12:0 a.m.152 views

GraphicsMagick -- multiple vulnerabilities

GraphicsMagick News: Read "Security Fixes:" section for details...

2.4AI score
Exploits0References1
FreeBSD
FreeBSD
added 2019/03/05 12:0 a.m.152 views

rt -- XSS via jQuery

BestPractical reports: The version of jQuery used in RT 4.2 and 4.4 has a Cross-site Scripting XSS vulnerability when using cross-domain Ajax requests. This vulnerability is assigned CVE-2015-9251. RT does not use this jQuery feature so it is not directly vulnerable. jQuery version 1.12 no longer...

6.1CVSS6.6AI score0.29726EPSS
Exploits2References2
FreeBSD
FreeBSD
added 2017/12/23 12:0 a.m.152 views

MariaDB -- unspecified vulnerability

The MariaDB project reports: Fixes for the following security vulnerabilities: CVE-2017-15365...

8.8CVSS8.6AI score0.03287EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2018/08/21 12:0 a.m.151 views

phpmyadmin -- XSS in the import dialog

The phpMyAdmin development team reports: Description A Cross-Site Scripting vulnerability was found in the file import feature, where an attacker can deliver a payload to a user through importing a specially-crafted file. Severity We consider this attack to be of moderate severity...

6.1CVSS2.2AI score0.01697EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/04/26 12:0 a.m.149 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 9 security fixes, including: 1199345 High CVE-2021-21227: Insufficient data validation in V8. Reported by Gengming Liu of Singular Security Lab on 2021-04-15 1175058 High CVE-2021-21232: Use after free in Dev Tools. Reported by Abdulrahman Alqabandi,...

8.8CVSS0.6AI score0.01601EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/08/17 12:0 a.m.148 views

webmin -- unauthenticated remote code execution

Joe Cooper reports: I've rolled out Webmin version 1.930 and Usermin version 1.780 for all repositories. This release includes several security fixes, including one potentially serious one caused by malicious code inserted into Webmin and Usermin at some point on our build infrastructure. We're...

10CVSS7.7AI score0.99766EPSS
Exploits37References1
FreeBSD
FreeBSD
added 2021/04/20 12:0 a.m.146 views

chromium -- multiple vulnerabilities

Chrome Reelases reports: This release includes 7 security fixes, including: 1194046 High CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30 1195308 High CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 o...

9.6CVSS1.3AI score0.57736EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2021/12/13 12:0 a.m.145 views

serviio -- affected by log4j vulnerability

Serviio reports: Serviio is affectred by the log4j vulnerability...

10CVSS2.5AI score0.99999EPSS
Exploits351
FreeBSD
FreeBSD
added 2021/07/15 12:0 a.m.145 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 8 security fixes, including: 1219082 High CVE-2021-30559: Out of bounds write in ANGLE. Reported by Seong-Hwan Park SeHwa of SecunologyLab on 2021-06-11 1214842 High CVE-2021-30541: Use after free in V8. Reported by Richard Wheeldon on 2021-05-31...

8.8CVSS10AI score0.21623EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2016/06/08 12:0 a.m.143 views

iperf3 -- buffer overflow

ESnet reports: A malicious process can connect to an iperf3 server and, by sending a malformed message on the control channel, corrupt the server process's heap area. This can lead to a crash and a denial of service, or theoretically a remote code execution as the user running the iperf3 server. ...

9.8CVSS3AI score0.06963EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2021/04/15 12:0 a.m.140 views

Consul -- Multiple vulnerabilities

Hashicorp reports: Add content-type headers to raw KV responses to prevent XSS attacks CVE-2020-25864. audit-logging: Parse endpoint URL to prevent requests from bypassing the audit log CVE-2021-28156...

7.5CVSS1.8AI score0.06095EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/11/25 12:0 a.m.139 views

mailman < 2.1.38 -- CSRF vulnerability of list mod or member against list admin page

Mark Sapiro reports: A list moderator or list member can potentially carry out a CSRF attack by getting a list admin to visit a crafted web page...

8.8CVSS7.3AI score0.0073EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2021/12/10 12:0 a.m.134 views

openhab -- log4j remote code injection

Openhab reports: Any openHAB instance that is publicly available or which consumes untrusted content from remote servers is potentially a target of this attack...

10CVSS3.9AI score0.99999EPSS
Exploits351References3
FreeBSD
FreeBSD
added 2017/08/07 12:0 a.m.134 views

payara -- Code execution via crafted PUT requests to JSPs

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...

8.1CVSS2AI score0.99607EPSS
Exploits18References1
FreeBSD
FreeBSD
added 2019/11/28 12:0 a.m.133 views

py-matrix-synapse -- incomplete cleanup of 3rd-party-IDs on user deactivation

Matrix developers report: Clean up local threepids from user on account deactivation...

3.1AI score
Exploits0References2
FreeBSD
FreeBSD
added 2018/08/21 12:0 a.m.132 views

Ghostscript -- arbitrary code execution

CERT reports: Ghostscript contains an optional -dSAFER option, which is supposed to prevent unsafe PostScript operations. Multiple PostScript operations bypass the protections provided by -dSAFER, which can allow an attacker to execute arbitrary commands with arbitrary arguments. This vulnerabili...

7.8CVSS2.2AI score0.03037EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/07/21 12:0 a.m.131 views

OpenSSH -- MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices

It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks...

8.5CVSS6.6AI score0.09302EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2015/05/25 12:0 a.m.131 views

lighttpd -- Log injection vulnerability in mod_auth

MITRE reports: modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...

7.5CVSS7.8AI score0.09978EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2021/12/20 12:0 a.m.130 views

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: moderate: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier CVE-2021-44224 A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for...

9.8CVSS0.8AI score0.97108EPSS
Exploits4References1
FreeBSD
FreeBSD
added 2022/03/25 12:0 a.m.129 views

chromium -- V8 type confusion

Chrome Releases reports: This release contains 1 security fix: 1309225 High CVE-2022-1096: Type Confusion in V8. Reported by anonymous on 2022-03-23 Google is aware that an exploit for CVE-2022-1096 exists in the wild...

8.8CVSS0.6AI score0.24237EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2023/01/20 12:0 a.m.127 views

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 37 new security patches for Oracle MySQL. 8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network withouti requiring user credentials...

9.8CVSS7.7AI score0.43131EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2016/01/28 12:0 a.m.126 views

phpmyadmin -- Full path disclosure vulnerability in SQL parser

The phpMyAdmin development team reports: By calling a particular script that is part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider this vulnerability ...

5.3CVSS2.3AI score0.02033EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/10/07 12:0 a.m.125 views

Apache httpd -- Path Traversal and Remote Code Execution

The Apache http server project reports: critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 incomplete fix of CVE-2021-41773 CVE-2021-42013. It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a...

9.8CVSS1.8AI score0.99992EPSS
Exploits174
FreeBSD
FreeBSD
added 2017/12/23 12:0 a.m.125 views

phpMyAdmin -- XSRF/CSRF vulnerability

The phpMyAdmin team reports: Description By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. Severity We consider this vulnerability to be critical...

0.5AI score
Exploits0References1
FreeBSD
FreeBSD
added 2022/07/19 12:0 a.m.122 views

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 34 new security patches plus additional third party patches noted below for Oracle MySQL. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

10CVSS2.5AI score0.83223EPSS
Exploits7References1
FreeBSD
FreeBSD
added 2017/06/20 12:0 a.m.122 views

Apache httpd -- several vulnerabilities

The Apache httpd project reports: apgetbasicauthpw Authentication Bypass CVE-2017-3167: Use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. modssl Null Pointer Dereference CVE-2017-3169:modssl may dereferen...

9.8CVSS9.3AI score0.57472EPSS
Exploits4References2
FreeBSD
FreeBSD
added 2015/11/04 12:0 a.m.122 views

cyrus-imapd -- integer overflow in the start_octet addition

Cyrus IMAP 2.5.7 Release Note states: CVE-2015-8077, CVE-2015-8078: protect against integer overflow in urlfetch range checks...

7.5CVSS5.1AI score0.03261EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2026/04/17 12:0 a.m.121 views

OpenEXR -- several integer overflow vulnerabilities

Cary Phillips reports: OpenEXR 3.4.10 is a patch release that addresses the following security vulnerabilities: CVE-2026-39886 HTJ2K Signed Integer Overflow in htundoimpl CVE-2026-40244 Integer overflow in DWA setupChannelData planarUncRle pointer arithmetic missed variant of CVE-2026-34589...

8.8CVSS5.8AI score0.0045EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2022/01/16 12:0 a.m.121 views

Grafana -- XSS

Grafana Labs reports: On Jan. 16, an external security researcher, Jasu Viding contacted Grafana to disclose an XSS vulnerability in the way that Grafana handles data sources. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to...

6.5CVSS1AI score0.02359EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2023/03/08 12:0 a.m.120 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-3037 / CVE-2023-27898 XSS vulnerability in plugin manager Medium SECURITY-3030 / CVE-2023-24998 upstream issue, CVE-2023-27900 MultipartFormDataParser, CVE-2023-27901 StaplerRequest DoS vulnerability in bundled Apache Commons FileUpload library...

9.6CVSS6.5AI score0.46836EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2022/06/30 12:0 a.m.119 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Remote Command Execution via Project Imports XSS in ZenTao integration affecting self hosted instances without strict CSP XSS in project settings page Unallowed users can read unprotected CI variables IP allow-list bypass to access Container Registries 2FA status is disclosed to...

9.9CVSS2.2AI score0.76884EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/12/16 12:0 a.m.119 views

OpenSearch -- Log4Shell

OpenSearch reports: CVE-2021-45105 for Log4j was issued after the release of OpenSearch 1.2.2. This CVE advises upgrading to Log4j 2.17.0. While there has been no observed reproduction of the issue described in CVE-2021-45105 in OpenSearch, we have released OpenSearch 1.2.3 which updates Log4j to...

5.9CVSS1.9AI score0.99999EPSS
Exploits20References1
FreeBSD
FreeBSD
added 2019/06/03 12:0 a.m.118 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Remote Command Execution Vulnerability on Repository Download Feature Confidential Issue Titles Revealed to Restricted Users on Unsubscribe Disclosure of Milestone Metadata through the Search API Private Project Discovery via Comment Links Metadata of Confidential Issues Disclosed...

9.8CVSS2.2AI score0.02644EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2010/07/12 12:0 a.m.115 views

codeigniter -- file upload class vulnerability

Derek Jones reports: A fix has been implemented for a security flaw in CodeIgniter 1.7.2. All applications using the File Upload class should install the patch to ensure that their application is not subject to a vulnerability...

1.5AI score
Exploits0References2
FreeBSD
FreeBSD
added 2021/04/04 12:0 a.m.114 views

Apache Maven -- multiple vulnerabilities

The Apache Maven project reports: We received a report from Jonathan Leitschuh about a vulnerability of custom repositories in dependency POMs. We've split this up into three separate issues: Possible Man-In-The-Middle-Attack due to custom repositories using HTTP. More and more repositories use...

9.1CVSS7AI score0.08691EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2019/06/11 12:0 a.m.114 views

Flash Player -- arbitrary code execution

Adobe reports: This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2019-7845...

8.8CVSS3.1AI score0.05504EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/04/19 12:0 a.m.112 views

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 34 new security patches, plus additional third party patches noted below, for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

9.8CVSS8.3AI score0.1593EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2021/04/20 12:0 a.m.112 views

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 49 new security patches for Oracle MySQL. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabiliti...

7.5CVSS1.9AI score0.62906EPSS
Exploits6References2
FreeBSD
FreeBSD
added 2019/02/13 12:0 a.m.112 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-18356: Use-after-free in Skia CVE-2019-5785: Integer overflow in Skia CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext...

8.8CVSS3.6AI score0.0313EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2022/10/18 12:0 a.m.109 views

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 37 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

7.2CVSS7.1AI score0.04425EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/21 12:0 a.m.109 views

redis -- Potential remote code execution vulnerability

The Redis core team reports: Executing a XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument, may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. The problem affects Redis versions 7.0.0 or newer...

9.8CVSS5.7AI score0.02904EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/01/23 12:0 a.m.109 views

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 34 new security patches for Oracle MySQL Server and 4 for MySQL Client. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 6.8...

7.1CVSS1.2AI score0.10093EPSS
Exploits3References39
FreeBSD
FreeBSD
added 2019/08/14 12:0 a.m.109 views

Apache -- Multiple vulnerabilities

The Apache Team reports: SECURITY: CVE-2019-10081 modhttp2: HTTP/2 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data...

9.1CVSS7AI score0.81466EPSS
Exploits6References1
FreeBSD
FreeBSD
added 2014/09/30 12:0 a.m.109 views

rsyslog -- remote syslog PRI vulnerability

The rsyslog project reports: potential abort when a message with PRI 191 was processed if the "pri-text" property was used in active templates, this could be abused to a remote denial of service from permitted senders The original fix for CVE-2014-3634 was not adequate...

7.5CVSS5.9AI score0.07546EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2022/10/24 12:0 a.m.108 views

Grafana -- Username enumeration

Grafana Labs reports: When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message. The CVSS score for this vulnerability is 5.3 Moderate...

8.1CVSS1.4AI score0.0074EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/08/24 12:0 a.m.108 views

OpenSSL -- multiple vulnerabilities

The OpenSSL project reports: SM2 Decryption Buffer Overflow CVE-2021-3711: High Read buffer overruns processing ASN.1 strings CVE-2021-3712: Moderate...

9.8CVSS2.5AI score0.87816EPSS
Exploits1References1
Total number of security vulnerabilities5000