Lucene search
K
FreebsdMost viewed

6583 matches found

FreeBSD
FreeBSD
•added 2005/02/24 12:0 a.m.•40 views

mozilla -- arbitrary code execution vulnerability

A Mozilla Foundation Security Advisory reports: Plugins such as flash can be used to load privileged content into a frame. Once loaded various spoofs can be applied to get the user to interact with the privileged content. Michael Krax's "Fireflashing" example demonstrates that an attacker can ope...

5.1CVSS6.5AI score0.07322EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2005/02/14 12:0 a.m.•40 views

cyrus-imapd -- multiple buffer overflow vulnerabilities

The Cyrus IMAP Server ChangeLog states: Fix possible single byte overflow in mailbox handling code. Fix possible single byte overflows in the imapd annotate extension. Fix stack buffer overflows in fetchnews exploitable by peer news server, backend exploitable by admin, and in imapd exploitable b...

7.5CVSS7.3AI score0.04244EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/01/07 12:0 a.m.•40 views

squid -- denial of service with forged WCCP messages

The squid patches page notes: WCCPISEEYOU messages contain a 'number of caches' field which should be between 1 and 32. Values outside that range may crash Squid if WCCP is enabled, and if an attacker can spoof UDP packets with the WCCP router's IP address...

5CVSS6.3AI score0.68776EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2004/11/06 12:0 a.m.•40 views

Cyrus IMAPd -- IMAPMAGICPLUS preauthentification overflow

When the option imapmagicplus is activated on a server the PROXY and LOGIN commands suffer a standard stack overflow, because the username is not checked against a maximum length when it is copied into a temporary stack buffer. This bug is especially dangerous because it can be triggered before a...

10CVSS6.5AI score0.05843EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/09/15 12:0 a.m.•40 views

gnu-radius -- SNMP-related denial-of-service

An iDEFENSE security advisory reports: Remote exploitation of an input validation error in version 1.2 of GNU radiusd could allow a denial of service. The vulnerability specifically exists within the asndecodestring function defined in snmplib/asn1.c. When a very large unsigned number is supplied...

5CVSS6.5AI score0.01574EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/09/13 12:0 a.m.•40 views

mozilla -- vCard stack buffer overflow

Georgi Guninski discovered a stack buffer overflow which may be triggered when viewing email messages with vCard attachments...

10CVSS6.9AI score0.09748EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/08/26 12:0 a.m.•40 views

gaim -- multiple buffer overflows

Sean infamous42md reports several situations in gaim that may result in exploitable buffer overflows: Rich Text Format RTF messages in Novell GroupWise protocol Unsafe use of gethostbyname in zephyr protocol URLs which are over 2048 bytes long once decoded...

7.5CVSS6.6AI score0.05427EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2004/07/07 12:0 a.m.•40 views

apache2 -- SSL remote DoS

The Apache HTTP Server 2.0.51 release notes report that the following issues have been fixed: A segfault in modssl which can be triggered by a malicious remote server, if proxying to SSL servers has been configured. CAN-2004-0751 A potential infinite loop in modssl which could be triggered given...

5CVSS6.4AI score0.69653EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2004/05/02 12:0 a.m.•40 views

cvs pserver remote heap buffer overflow

Due to a programming error in code used to parse data received from the client, malformed data can cause a heap buffer to overflow, allowing the client to overwrite arbitrary portions of the server's memory. A malicious CVS client can exploit this to run arbitrary code on the server at the...

7.5CVSS6.8AI score0.67525EPSS
Exploits1
FreeBSD
FreeBSD
•added 2004/04/14 12:0 a.m.•40 views

CVS path validation errors

Two programming errors were discovered in which path names handled by CVS were not properly validated. In one case, the CVS client accepts absolute path names from the server when determining which files to update. In another case, the CVS server accepts relative path names from the client when...

2.6CVSS6.7AI score0.01832EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2004/02/12 12:0 a.m.•40 views

mozilla -- hostname spoofing bug

When processing URIs that contain an unqualified host name-- specifically, a domain name of only one component-- Mozilla will perform matching against the first component of the domain name in SSL certificates. In other words, in some situations, a certificate issued to "www.example.com" will be...

7.5CVSS6.4AI score0.01035EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/04/23 12:0 a.m.•39 views

ruby -- Arbitrary memory address read vulnerability with Regex search

sp2ip reports: If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings...

6.6CVSS7.3AI score0.00629EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/04/03 12:0 a.m.•39 views

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.15 Changelog SECURITY - high Authenticated SQL injection from map search CVE-2024-31456 SECURITY - high Account takeover via SQL Injection in saved searches feature CVE-2024-29889...

8.1CVSS9AI score0.6296EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/30 12:0 a.m.•39 views

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: Excessive time spent checking invalid RSA public keys CVE-2023-6237 PKCS12 Decoding crashes CVE-2024-0727...

5.9CVSS6.9AI score0.03174EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2024/01/09 12:0 a.m.•39 views

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 1513379 High CVE-2024-0333: Insufficient data validation in Extensions. Reported by Malcolm Stagg @malcolmst of SODIUM-24, LLC on 2023-12-20...

5.3CVSS7.5AI score0.00429EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/11/09 12:0 a.m.•39 views

postgresql-server -- Memory disclosure in aggregate function calls

PostgreSQL Project reports: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have...

4.3CVSS7AI score0.02775EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/02/10 12:0 a.m.•39 views

GnuTLS -- timing sidechannel in RSA decryption

The GnuTLS project reports: A vulnerability was found that the response times to malformed RSA ciphertexts in ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Only TLS ciphertext processing is affected...

7.4CVSS7.6AI score0.01403EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2022/06/01 12:0 a.m.•39 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Account take over via SCIM email change Stored XSS in Jira integration Quick action commands susceptible to XSS IP allowlist bypass when using Trigger tokens IP allowlist bypass when using Project Deploy Tokens Improper authorization in the Interactive Web Terminal Subgroup member...

9.9CVSS1.7AI score0.15471EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2022/04/17 12:0 a.m.•39 views

squid -- Exposure of sensitive information in cache manager

Mikhail Evdokimov aka konata reports: Due to inconsistent handling of internal URIs Squid is vulnerable to Exposure of Sensitive Information about clients using the proxy. This problem allows a trusted client to directly access cache manager information bypassing the manager ACL protection. The...

6.5CVSS0.6AI score0.0169EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/04/14 12:0 a.m.•39 views

Asterisk -- multiple vulnerabilities

The Asterisk project reports: AST-2022-001 - When using STIR/SHAKEN, its possible to download files that are not certificates. These files could be much larger than what you would expect to download. AST-2022-002 - When using STIR/SHAKEN, its possible to send arbitrary requests like GET to...

1.6AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2022/03/07 12:0 a.m.•39 views

py-httpie -- exposure of sensitive information vulnerabilities

Glyph reports: HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn't distinguish between...

6.9AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2021/12/06 12:0 a.m.•39 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 22 security fixes, including: 1267661 High CVE-2021-4052: Use after free in web apps. Reported by Wei Yuan of MoyunSec VLab on 2021-11-07 1267791 High CVE-2021-4053: Use after free in UI. Reported by Rox on 2021-11-08 1265806 High CVE-2021-4079: Out ...

8.8CVSS9.1AI score0.02073EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/10/12 12:0 a.m.•39 views

Node.js -- October 2021 Security Releases

Node.js reports: HTTP Request Smuggling due to spaced in headers MediumCVE-2021-22959 The http parser accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS. HTTP Request Smuggling when parsing the body MediumCVE-2021-22960 The...

6.5CVSS0.4AI score0.02936EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2021/10/06 12:0 a.m.•39 views

go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data

The Go project reports: When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments. If using wasmexec.js to execute WASM modules, users will need to replace their copy aft...

9.8CVSS4AI score0.10299EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/09/21 12:0 a.m.•39 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update contains 19 security fixes, including: 1243117 High CVE-2021-37956: Use after free in Offline use. Reported by Huyna at Viettel Cyber Security on 2021-08-24 1242269 High CVE-2021-37957: Use after free in WebGPU. Reported by Looben Yang on 2021-08-23 1223290 Hi...

8.8CVSS0.9AI score0.01662EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2021/08/31 12:0 a.m.•39 views

Gitlab -- Vulnerabilities

Gitlab reports: Stored XSS in DataDog Integration Invited group members continue to have project access even after invited group is deleted Specially crafted requests to apollouploadserver middleware leads to denial of service Privilege escalation of an external user through project token Missing...

5.3CVSS5.1AI score0.00908EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/08/27 12:0 a.m.•39 views

consul -- rpc: authorize raft requests

Hashicorp reports: HashiCorp Consul Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation...

8.8CVSS2.7AI score0.01149EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/08/23 12:0 a.m.•39 views

Matrix clients -- several vulnerabilities

Matrix developers report: Today we are disclosing a critical security issue affecting multiple Matrix clients and libraries including Element Web/Desktop/Android, FluffyChat, Nheko, Cinny, and SchildiChat. Specifically, in certain circumstances it may be possible to trick vulnerable clients into...

5.9CVSS0.7AI score0.00662EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/08/02 12:0 a.m.•39 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 10 security fixes, including: 1227777 High CVE-2021-30590: Heap buffer overflow in Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-09 1229298 High CVE-2021-30591: Use after free in File System API. Reported by SorryMybad...

8.8CVSS0.0282EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2021/07/07 12:0 a.m.•39 views

fetchmail -- 6.4.19 and older denial of service or information disclosure

Matthias Andree reports: When a log message exceeds c. 2 kByte in size, for instance, with very long header contents, and depending on verbosity option, fetchmail can crash or misreport each first log message that requires a buffer reallocation...

7.5CVSS1.7AI score0.0256EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/05/05 12:0 a.m.•39 views

Rails -- multiple vulnerabilities

Ruby on Rails blog: Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These releases contain important security fixes. Here is a list of the issues fixed: CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack CVE-2021-22902: Possible Denial of...

7.5CVSS2.3AI score0.04808EPSS
Exploits3References5
FreeBSD
FreeBSD
•added 2021/01/14 12:0 a.m.•39 views

Gitlab -- vulnerability

The GitLab Team reports: Ability to steal a user's API access token through GitLab Pages...

7AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2020/11/16 12:0 a.m.•39 views

Node.js -- November 2020 Security Releases

Node.js reports: Updates are now available for v12.x, v14.x and v15.x Node.js release lines for the following issues. Denial of Service through DNS request CVE-2020-8277 A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of...

7.5CVSS2.4AI score0.54164EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/11/06 12:0 a.m.•39 views

salt -- multiple vulnerabilities

SaltStack reports multiple security vulnerabilities in Salt 3002: CVE-2020-16846: Prevent shell injections in netapi ssh client. CVE-2020-17490: Prevent creating world readable private keys with the tls execution module. CVE-2020-25592: Properly validate eauth credentials and tokens along with...

9.8CVSS2.3AI score0.99585EPSS
Exploits5References4
FreeBSD
FreeBSD
•added 2020/09/01 12:0 a.m.•39 views

Django -- multiple vulnerabilities

Django Release notes: CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+ On Python 3.7+, FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files and to intermediate-level collected static...

7.5CVSS1.5AI score0.03969EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2020/08/19 12:0 a.m.•39 views

Icinga Web 2 -- directory traversal vulnerability

Icinga development team reports: CVE-2020-24368 Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4,...

7.5CVSS5.5AI score0.0328EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2020/08/10 12:0 a.m.•39 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 15 security fixes, including: 1107433 High CVE-2020-6542: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2020-07-20 1104046 High CVE-2020-6543: Use after free in task scheduling. Reported by Looben Yang on 2020-07-10 1108497 High...

9.3CVSS0.5AI score0.29292EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2020/07/09 12:0 a.m.•39 views

FreeBSD -- IPv6 socket option race condition and use after free

Problem Description: The IPV62292PKTOPTIONS set handler was missing synchronization, so racing accesses could modify freed memory. Impact: A malicious user application could trigger memory corruption, leading to privilege escalation...

8.1CVSS2.1AI score0.32978EPSS
Exploits4
FreeBSD
FreeBSD
•added 2020/06/25 12:0 a.m.•39 views

glpi -- SQL Injection in Search API

MITRE Corporation reports: In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or databa...

5CVSS1.7AI score0.01036EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2020/05/27 12:0 a.m.•39 views

ceph14 -- HTTP header injection via CORS ExposeHeader tag

Red Hat bugzilla reports: A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection ...

6.5CVSS1.4AI score0.01627EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/04/23 12:0 a.m.•39 views

mail/dovecot -- multiple vulnerabilities

Aki Tuomi reports: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory.. Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash...

7.5CVSS1.2AI score0.08153EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2020/03/02 12:0 a.m.•39 views

py-yaml -- FullLoader (still) exploitable for arbitrary command execution

Riccardo Schirone https://github.com/ret2libc reports: In FullLoader python/object/new constructor, implemented by constructpythonobjectapply, has support for setting the state of a deserialized instance through the setpythoninstancestate method. After setting the state, some operations are...

10CVSS1.5AI score0.05299EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2020/02/26 12:0 a.m.•39 views

librsvg2 -- multiple vulnerabilities

Librsvg2 developers reports: Backport the following fixes from 2.46.x: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. This is to mitigate malicious SVGs which try to consume all memory, and those which try to consume an...

6.5CVSS6.9AI score0.02125EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/02/04 12:0 a.m.•39 views

cacti -- multiple vulnerabilities

The Cacti developers reports: When guest users have access to realtime graphs, remote code could be executed CVE-2020-8813. Lack of escaping on some pages can lead to XSS exposure CVE-2020-7106. Remote Code Execution due to input validation failure in Performance Boost Debug Log CVE-2020-7237...

9.3CVSS3.4AI score0.73779EPSS
Exploits26References4
FreeBSD
FreeBSD
•added 2019/04/10 12:0 a.m.•39 views

FreeBSD -- EAP-pwd side-channel attack

Problem Description: Potential side channel attacks in the SAE implementations used by both hostapd and wpasupplicant see CVE-2019-9494 and VU871675. EAP-pwd uses a similar design for deriving PWE from the password and while a specific attack against EAP-pwd is not yet known to be tested, there i...

5.9CVSS6.8AI score0.03739EPSS
Exploits0
FreeBSD
FreeBSD
•added 2019/04/10 12:0 a.m.•39 views

Gitlab -- Group Runner Registration Token Exposure

Gitlab reports: Group Runner Registration Token Exposure...

6.5CVSS1.6AI score0.01821EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/03/29 12:0 a.m.•39 views

clamav -- multiple vulnerabilities

Clamav reports: An out-of-bounds heap read condition may occur when scanning PDF documents An out-of-bounds heap read condition may occur when scanning PE files An out-of-bounds heap write condition may occur when scanning OLE2 files An out-of-bounds heap read condition may occur when scanning...

9.8CVSS0.2AI score0.01839EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2019/03/04 12:0 a.m.•39 views

Gitlab -- Multiple vulnerabilities

Gitlab reports: Arbitrary file read via MergeRequestDiff CSRF add Kubernetes cluster integration Blind SSRF in prometheus integration Merge request information disclosure IDOR milestone name information disclosure Burndown chart information disclosure Private merge request titles in public projec...

10CVSS2.5AI score0.02776EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2018/12/01 12:0 a.m.•39 views

joomla3 -- vulnerabilitiesw

JSST reports: Inadequate escaping in modbanners leads to a stored XSS vulnerability. Inadequate escaping in comcontact leads to a stored XSS vulnerability Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS. Inadequate checks at the Global Configuration helpurl...

6.1CVSS0.7AI score0.035EPSS
Exploits5References4
FreeBSD
FreeBSD
•added 2018/08/06 12:0 a.m.•39 views

FreeBSD -- Resource exhaustion in TCP reassembly

Problem Description: One of the data structures that holds TCP segments uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. Impact: An attacker who has the ability to send...

5.3CVSS0.6AI score0.03226EPSS
Exploits0
Total number of security vulnerabilities5000