Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2004/08/16 12:0 a.m.•38 views

Ruby insecure file permissions in the CGI session management

According to a Debian Security Advisory: Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore and presumably PStore ... implementations store session information insecurely. They simply create files, ignoring...

2.1CVSS5.9AI score0.00364EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2004/08/11 12:0 a.m.•38 views

kdelibs insecure temporary file handling

According to a KDE Security Advisory, KDE may sometimes create temporary files without properly checking the ownership and type of the target path. This could allow a local attacker to cause KDE applications to overwrite arbitrary files...

7.1CVSS6.3AI score0.00518EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2004/04/08 12:0 a.m.•38 views

mozilla -- security icon spoofing

Under certain situations it is possible for the security icon which Mozilla displays when connected to a site using SSL to be spoofed. This could be used to make so-called "phishing attacks" more difficult to detect...

5CVSS6.3AI score0.01572EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2003/12/03 12:0 a.m.•40 views

racoon remote denial of service vulnerability (IKE Generic Payload Header)

When racoon receives an IKE message with an incorrectly constructed Generic Payload Header, it may behave erratically, going into a tight loop and dropping connections...

5CVSS6.5AI score0.02492EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/06/02 12:0 a.m.•37 views

Apache httpd -- DoS exploit in HTTP/2

Calif security reports: Remote DoS in modhttp2...

7.5CVSS5.8AI score0.11471EPSS
Exploits8References1
FreeBSD
FreeBSD
•added 2026/04/12 12:0 a.m.•37 views

Vaultwarden -- Multiple vulnerabilities

The Vaultwarden project reports: GHSA-937x-3j8m-7w7p Unconfirmed Owner Can Purge Entire Organization Vault. GHSA-569v-845w-g82p Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another Organization GHSA-6j4w-g4jh-xjfx Refresh tokens not invalidated on security stamp rotatio...

5.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2024/08/07 12:0 a.m.•37 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Critical SECURITY-3430 / CVE-2024-43044 Arbitrary file read vulnerability through agent connections can lead to RCE Description Medium SECURITY-3349 / CVE-2024-43045 Missing permission check allows accessing other users' "My Views"...

8.8CVSS6.7AI score0.28782EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2024/04/01 12:0 a.m.•37 views

PuTTY and embedders (f.i., filezilla) -- biased RNG with NIST P521/ecdsa-sha2-nistp521 signatures permits recovering private key

Simon Tatham reports: ECDSA signatures using 521-bit keys the NIST P521 curve, otherwise known as ecdsa-sha2-nistp521 were generated with biased random numbers. This permits an attacker in possession of a few dozen signatures to RECOVER THE PRIVATE KEY. Any 521-bit ECDSA private key that PuTTY or...

5.9CVSS6.7AI score0.05773EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2024/01/16 12:0 a.m.•37 views

xorg server -- Multiple vulnerabilities

The X.Org project reports: CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255 but the X.Org Server was only...

9.8CVSS7.9AI score0.02106EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/09 12:0 a.m.•37 views

OpenSSL -- Vector register corruption on PowerPC

The OpenSSL Team reports: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions...

6.5CVSS7.6AI score0.02323EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/04 12:0 a.m.•37 views

electron26 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6704. Security: backported fix for CVE-2023-6705. Security: backported fix for CVE-2023-6703. Security: backported fix for CVE-2023-6702...

8.8CVSS7.4AI score0.4351EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2023/12/13 12:0 a.m.•37 views

xorg-server -- Multiple vulnerabilities

The X.Org project reports: CVE-2023-6377/ZDI-CAN-22412/ZDI-CAN-22413: X.Org server: Out-of-bounds memory write in XKB button actions A device has XKB button actions for each button on the device. When a logical device switch happens e.g. moving from a touchpad to a mouse, the server re-calculates...

7.8CVSS7.3AI score0.01631EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/12/01 12:0 a.m.•37 views

electron25 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6345. Security: backported fix for CVE-2023-6346. Security: backported fix for CVE-2023-6347...

9.6CVSS7.4AI score0.1963EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2023/10/31 12:0 a.m.•37 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 15 security fixes: 1492698 High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin Slonser of Solidlab on 2023-10-14 1492381 High CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy on 2023-10-13...

8.8CVSS6.9AI score0.07094EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/06/26 12:0 a.m.•37 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 4 security fixes: 1452137 High CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-06-07 1447568 High CVE-2023-3421: Use after free in Media. Reported by Piotr Bania of Cisco Talos on 2023-05-22 1450397 High...

8.8CVSS7.5AI score0.56192EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/05/30 12:0 a.m.•37 views

OpenSSL -- Possible DoS translating ASN.1 identifiers

The OpenSSL project reports: Severity: Moderate. Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow...

6.5CVSS7.1AI score0.73461EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/03/12 12:0 a.m.•37 views

Intel CPUs -- multiple vulnerabilities

Intel reports: 2024.1 IPU - Intel Processor Bus Lock Advisory A potential security vulnerability in the bus lock regulator mechanism for some Intel Processors may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. 2024.1 IPU - Intel Processor...

6.5CVSS7.2AI score0.0075EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/12/05 12:0 a.m.•37 views

net-mgmt/cacti is vulnerable to remote command injection

cacti team reports: A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device...

9.8CVSS3.9AI score0.99826EPSS
Exploits48References1
FreeBSD
FreeBSD
•added 2022/11/21 12:0 a.m.•37 views

py-tflite -- buffer overflow vulnerability

Thibaut Goetghebuer-Planchon reports: The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if the number of input channels is differe...

8.1CVSS7.4AI score0.00523EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2022/08/22 12:0 a.m.•37 views

Gitlab -- Remote Code Execution

Gitlab reports: Remote Command Execution via Github import...

9.9CVSS4.1AI score0.75718EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2022/08/22 12:0 a.m.•37 views

rpm4 -- Multiple Vulnerabilities

rpm project reports: Fix intermediate symlinks not verified CVE-2021-35939. Fix subkey binding signatures not checked on PGP public keys CVE-2021-3521. Refactor file and directory operations to use fd-based APIs throughout CVE-2021-35938...

6.7CVSS1.9AI score0.00491EPSS
Exploits2
FreeBSD
FreeBSD
•added 2022/07/11 12:0 a.m.•37 views

wolfssl -- multiple issues

wolfSSL blog reports: In release 5.4.0 there were 3 vulnerabilities listed as fixed in wolfSSL. Two relatively new reports, one dealing with a DTLS 1.0/1.2 denial of service attack and the other a ciphertext attack on ECC/DH operations. The last vulnerability listed was a public disclosure of a...

7.5CVSS3.1AI score0.01185EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2022/04/26 12:0 a.m.•37 views

Rails -- XSS vulnerabilities

Ruby on Rails blog: This is an announcement to let you know that Rails 7.0.2.4, 6.1.5.1, 6.0.4.8, and 5.2.7.1 have been released! These are security releases so please update as soon as you can. Once again we've made these releases based on the last release tag, so hopefully upgrading will go...

6.1CVSS0.5AI score0.01594EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/12/11 12:0 a.m.•37 views

Rundeck3 -- Log4J RCE vulnerability

The Rundeck project reports: This release updates both Community and Enterprise with the latest Log4J to address CVE-2021-44832 by updating it to 2.17.1...

8.5CVSS2AI score0.97906EPSS
Exploits9References1
FreeBSD
FreeBSD
•added 2021/11/09 12:0 a.m.•37 views

puppet -- Unsafe HTTP Redirect

Puppet reports: A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...

9.8CVSS8.2AI score0.01328EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/09/30 12:0 a.m.•37 views

chromium -- multiple vulnerabilities

Chrome Releases/Stable updates reports: This release contains 4 security fixes, including: 1245578 High CVE-2021-37974: Use after free in Safe Browsing. Reported by Weipeng Jiang @Krace from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-01 1252918 High CVE-2021-37975: Use after free in...

8.8CVSS0.1AI score0.34887EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/08/11 12:0 a.m.•37 views

Node.js -- August 2021 Security Releases

Node.js reports: cares upgrade - Improper handling of untypical characters in domain names High CVE-2021-22931 Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of host names returned by Domain Name Servers in the Node.js DNS library which c...

9.8CVSS0.7AI score0.21952EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2021/06/30 12:0 a.m.•37 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-2278 / CVE-2021-21670 Improper permission checks allow canceling queue items and aborting builds High SECURITY-2371 / CVE-2021-21671 Session fixation vulnerability...

7.5CVSS1.2AI score0.01982EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/06/24 12:0 a.m.•37 views

PuppetDB -- SQL Injection

Puppet reports: Fixed an issue where someone with the ability to query PuppetDB could arbitrarily write, update, or delete data CVE-2021-27021 PDB-5138...

8.8CVSS2.5AI score0.01262EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2021/02/07 12:0 a.m.•37 views

jasper -- multiple vulnerabilities

JasPer Releases: - Fix memory-related bugs in the JPEG-2000 codec resulting from attempting to decode invalid code streams. 264, 265 This fix is associated with CVE-2021-26926 and CVE-2021-26927. - Fix wrong return value under some compilers 260 - Fix CVE-2021-3272 heap buffer overflow in jp2deco...

7.1CVSS3.3AI score0.01197EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2020/10/02 12:0 a.m.•37 views

kdeconnect -- packet manipulation can be exploited in a Denial of Service attack

Albert Astals Cid reports: KDE Project Security Advisory Title KDE Connect: packet manipulation can be exploited in a Denial of Service attack Risk Rating Important CVE CVE-2020-26164 Versions kdeconnect Date 2 October 2020 Overview An attacker on your local network could send maliciously crafted...

5.5CVSS6.1AI score0.00551EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/09/15 12:0 a.m.•37 views

FreeBSD -- ftpd privilege escalation via ftpchroot feature

Problem Description: A ftpd8 bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot5. Moreover, the bug allows a malicious client to gain root privileges...

9CVSS2.6AI score0.0135EPSS
Exploits0
FreeBSD
FreeBSD
•added 2020/08/19 12:0 a.m.•37 views

curl -- expired pointer dereference vulnerability

curl security problems: CVE-2020-8231: wrong connect-only connection An application that performs multiple requests with libcurl's multi API and sets the CURLOPTCONNECTONLY option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pi...

7.5CVSS0.2AI score0.03721EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2020/07/30 12:0 a.m.•37 views

ark -- directory traversal

KDE Project Security Advisory reports: KDE Project Security Advisory Title: Ark: maliciously crafted archive can install files outside the extraction directory. Risk Rating: Important CVE: CVE-2020-16116 Versions: ark Date: 30 July 2020 Overview A maliciously crafted archive with "../" in the fil...

4.3CVSS5.8AI score0.01706EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/06/25 12:0 a.m.•37 views

glpi -- Unauthenticated File Deletion

MITRE Corporation reports: In GLPI before version 9.5.2, the pluginimage.send.php endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folde...

9.1CVSS2.9AI score0.71352EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2020/06/17 12:0 a.m.•37 views

Rails -- permission vulnerability

Ruby on Rails blog: Rails 6.0.3.2 has been released! This version of Rails contains an important security patch, and you should upgrade! The release contains only one patch that addresses CVE-2020-8185...

6.5CVSS2.5AI score0.02181EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2020/05/20 12:0 a.m.•37 views

security/trousers -- several vulnerabilities

the TrouSerS project reports reports: If the tcsd daemon is started with root privileges, it fails to drop the root gid after it is no longer needed. If the tcsd daemon is started with root privileges, the tss user has read and write access to the /etc/tcsd.conf file. If the tcsd daemon is starte...

7.8CVSS4.4AI score0.00553EPSS
Exploits3References2
FreeBSD
FreeBSD
•added 2020/05/19 12:0 a.m.•37 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: This release includes 38 security fixes, including CVEs CVE-2020-6465 through CVE-2020-6491...

9.6CVSS2.1AI score0.06414EPSS
Exploits13References1
FreeBSD
FreeBSD
•added 2020/05/02 12:0 a.m.•37 views

qutebrowser -- Reloading page with certificate errors shows a green URL

Qutebrowser developers report: After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green colors.statusbar.url.successhttps...

4.3CVSS1.9AI score0.01282EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2020/04/07 12:0 a.m.•37 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: This updates includes 32 security fixes, including: 1019161 High CVE-2020-6454: Use after free in extensions. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2019-10-29 1043446 High CVE-2020-6423: Use after free in audio. Reported by Anonymous on...

8.8CVSS1AI score0.01977EPSS
Exploits8References1
FreeBSD
FreeBSD
•added 2020/01/28 12:0 a.m.•37 views

spamassassin -- Nefarious rule configuration files can run system commands

The Apache SpamAssassin project reports: A nefarious rule configuration .cf files can be configured to run system commands. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug...

1.6AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2019/12/30 12:0 a.m.•37 views

Solr -- multiple vulnerabilities

Community reports: 8.1.1 and 8.2.0 users check ENABLEREMOTEJMXOPTS setting Apache Solr RCE vulnerability due to bad config default Apache Solr RCE through VelocityResponseWriter...

7.5CVSS2.9AI score0.98567EPSS
Exploits12References1
FreeBSD
FreeBSD
•added 2019/09/10 12:0 a.m.•37 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Project Template Functionality Could Be Used to Access Restricted Project Data Security Enhancements in GitLab Pages...

7.1CVSS1.6AI score0.00956EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/08/05 12:0 a.m.•37 views

asterisk -- Crash when negotiating for T.38 with a declined stream

The Asterisk project reports: When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint responds with a declined media stream a crash will then occur in Asterisk...

6.5CVSS2.4AI score0.0348EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/04/01 12:0 a.m.•37 views

Gitlab -- Multiple vulnerabilities

Gitlab reports: DoS potential for regex in CI/CD refs Related branches visible in issues for guests Persistent XSS at merge request resolve conflicts Improper authorization control "move issue" Guest users of private projects have access to releases DoS potential on project languages page Recurit...

8.8CVSS1.2AI score0.10576EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2019/01/29 12:0 a.m.•37 views

buildbot -- CRLF injection in Buildbot login and logout redirect code

A CRLF can be injected in Location header of /auth/login and /auth/logout This is due to lack of input validation in the buildbot redirection code. It was not found a way to impact Buildbot product own security through this vulnerability, but it could be used to compromise other sites hosted on t...

6.1CVSS0.4AI score0.0087EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2019/01/21 12:0 a.m.•37 views

powerdns-recursor -- multiple vulnerabilities

PowerDNS Team reports: CVE-2019-3806: An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. When the recursor is configured to run with...

9.8CVSS2.5AI score0.0146EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/11/10 12:0 a.m.•37 views

netatalk3 -- remote code execution vulnerability

NIST reports: Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsiopensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution...

10CVSS3.7AI score0.86539EPSS
Exploits10References2
FreeBSD
FreeBSD
•added 2018/07/17 12:0 a.m.•37 views

Gitlab -- Remote Code Execution Vulnerability in GitLab Projects Import

Gitlab reports: Remote Code Execution Vulnerability in GitLab Projects Import...

9.8CVSS3.1AI score0.50075EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2018/05/18 12:0 a.m.•37 views

BIND -- multiple vulnerabilities

ISC reports: An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. A problem with the implementation of the new serve-stale feature in BIND 9.12 can lea...

2AI score
Exploits0References2
Total number of security vulnerabilities5000