Lucene search
K
FreebsdMost viewed

6583 matches found

FreeBSD
FreeBSD
•added 2023/10/11 12:0 a.m.•34 views

electron25 -- Use after free in extensions vulnerability

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5187...

8.8CVSS8.7AI score0.00833EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/08/22 12:0 a.m.•34 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 5 security fixes: 1469542 High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim@cassidy6564 on 2023-08-02 1469754 High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03 1470477 High CVE-2023-4428: Out of boun...

8.8CVSS7.3AI score0.3398EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/08/10 12:0 a.m.•34 views

postgresql-server -- Extension script @substitutions@ within quoting allow SQL injection

PostgreSQL Project reports An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence,...

8.8CVSS7.4AI score0.01572EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/05/16 12:0 a.m.•34 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 12 security fixes: 1444360 Critical CVE-2023-2721: Use after free in Navigation. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2023-05-10 1400905 High CVE-2023-2722: Use after free in Autofill UI. Reported by Rong Jian of VRI on 2022-12-14 1435166...

8.8CVSS7.4AI score0.29136EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/05/09 12:0 a.m.•34 views

vscode -- Visual Studio Code Information Disclosure Vulnerability

[email protected] reports: Visual Studio Code Information Disclosure Vulnerability A information disclosure vulnerability exists in VS Code 1.78.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of...

6.6CVSS6.3AI score0.00878EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2023/03/13 12:0 a.m.•34 views

rack -- possible denial of service vulnerability in header parsing

oooooooq reports: Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack virtually all Rails applications are impacted...

5.3CVSS7.3AI score0.01063EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/02/14 12:0 a.m.•34 views

git -- "git apply" overwriting paths outside the working tree

git team reports: By feeding a crafted input to "git apply", a path outside the working tree can be overwritten as the user who is running "git apply"...

7.5CVSS7.5AI score0.01144EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2023/02/07 12:0 a.m.•34 views

py-cryptography -- allows programmers to misuse an API

alex reports: Previously, Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to be mutated, thus violating fundamental rules of Python. This is a soundness bug -- it allows...

6.5CVSS6.8AI score0.01301EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2022/11/28 12:0 a.m.•34 views

prometheus2 -- basic authentication bypass

Prometheus team reports: Prometheus and its exporters can be secured by a web.yml file that specifies usernames and hashed passwords for basic authentication. Passwords are hashed with bcrypt, which means that even if you have access to the hash, it is very hard to find the original password back...

8.8CVSS8.5AI score0.01166EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2022/10/17 12:0 a.m.•34 views

go -- syscall, os/exec: unsanitized NUL in environment variables

The Go project reports: syscall, os/exec: unsanitized NUL in environment variables On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for invalid environment variable values. A malicious environment variable value could exploit this behavior to set a value for a different...

7.5CVSS2.4AI score0.00778EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/07/12 12:0 a.m.•34 views

go -- multiple vulnerabilities

The Go project reports: net/http: improper sanitization of Transfer-Encoding header The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating a "chunked" encoding. This could potentially allow for request smuggling, but only if combined with an intermediate server that also...

7.5CVSS0.6AI score0.01875EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2021/12/12 12:0 a.m.•34 views

mediawiki -- multiple vulnerabilities

Mediawiki reports: T297543, CVE-2022-28202 Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete. T297571, CVE-2022-28201 Title::newMainPage goes into an infinite recursion loop if it points to a local interwiki. T297731, CVE-2022-28203 Requestin...

7.5CVSS1.4AI score0.01152EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2021/11/01 12:0 a.m.•34 views

mailman -- 2.1.37 fixes XSS via user options, and moderator offline brute-force vuln against list admin password

Mark Sapiro reports: A potential XSS attack via the user options page has been reported by Harsh Jaiswal. This is fixed. CVE-2021-43331 LP: 1949401. A potential for for a list moderator to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas...

6.5CVSS6.5AI score0.01284EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2021/07/23 12:0 a.m.•34 views

pjsip -- Race condition in SSL socket server

pjsip reports: There are a couple of issues found in the SSL socket: A race condition between callback and destroy, due to the accepted socket having no group lock. SSL socket parent/listener may get destroyed during handshake...

5.9CVSS0.7AI score0.02082EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/07/16 12:0 a.m.•34 views

fail2ban -- possible RCE vulnerability in mailing action using mailutils

Jakub Żoczek reports: Command mail from mailutils package used in mail actions like mail-whois can execute command if unescaped sequences \n are available in "foreign" input for instance in whois output...

8.1CVSS2AI score0.03621EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/07/11 12:0 a.m.•34 views

Bacula-Web -- Multiple Vulnerabilities

Bacula-Web reports: Address Smarty CVE...

9.8CVSS1.8AI score0.82316EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2021/06/21 12:0 a.m.•34 views

go -- net/http: panic due to racy read of persistConn after handler panic

The Go project reports: A net/http/httputil ReverseProxy can panic due to a race condition if its Handler aborts with ErrAbortHandler, for example due to an error in copying the response body. An attacker might be able to force the conditions leading to the race condition...

5.9CVSS2AI score0.03128EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/05/18 12:0 a.m.•34 views

libxml2 -- Possible denial of service

Daniel Veillard reports: A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service...

6.5CVSS2.7AI score0.01861EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2021/04/07 12:0 a.m.•34 views

clamav -- Multiple vulnerabilites

Micah Snyder reports: CVE-2021-1252 Excel XLM parser infinite loop CVE-2021-1404 PDF parser buffer over-read; possible crash. CVE-2021-1405 Mail parser NULL-dereference crash...

7.8CVSS2.4AI score0.03155EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/03/02 12:0 a.m.•34 views

openvpn -- deferred authentication can be bypassed in specific circumstances

Gert Döring reports: OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks...

7.5CVSS5.6AI score0.05107EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2020/12/01 12:0 a.m.•34 views

Unbound/NSD -- Denial of service vulnerability

NLNetLabs reports: Unbound and NSD when writing the PID file would not check if an existing file was a symlink. This could allow for a local symlink \ attack if an attacker has access to the user Unbound/NSD runs as...

5.5CVSS3AI score0.00484EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/11/02 12:0 a.m.•34 views

consul -- Fix Consul Connect CA private key configuration

Hashicorp reports: Increase the permissions to read from the /connect/ca/configuration endpoint to operator:write. Previously Connect CA configuration, including the private key, set via this endpoint could be read back by an operator with operator:read privileges...

6.5CVSS2.7AI score0.01379EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/10/22 12:0 a.m.•34 views

glpi -- Insecure Direct Object Reference on ajax/getDropdownValue.php

MITRE Corporation reports: In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any itemType e.g., Ticket, Users, etc...

4.3CVSS4.3AI score0.00858EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/08/25 12:0 a.m.•34 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 20 security fixes, including: 1109120 High CVE-2020-6558: Insufficient policy enforcement in iOS. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-24 1116706 High CVE-2020-6559: Use after free in presentation API. Report...

9.3CVSS0.9AI score0.02296EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2020/06/24 12:0 a.m.•34 views

trafficserver -- resource consumption

Bryan Call reports: ATS is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread...

7.5CVSS2.7AI score0.03909EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/06/17 12:0 a.m.•34 views

BIND -- Remote Denial of Service vulnerability

ISC reports: The asterisk character "" is allowed in DNS zone files, where it is most commonly present as a wildcard at a terminal node of the Domain Name System graph. However, the RFCs do not require and BIND does not enforce that an asterisk character be present only at a terminal node. A...

4.9CVSS0.7AI score0.02088EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/05/14 12:0 a.m.•34 views

Apache Ant leaks sensitive information via the java.io.tmpdir

Apache reports: Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back...

6.3CVSS2.2AI score0.01793EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/05/02 12:0 a.m.•34 views

json-c -- integer overflow and out-of-bounds write via a large JSON file

Tobias Stöckmann reports: I have discovered a way to trigger an out of boundary write while parsing a huge json file through a malicious input source. It can be triggered if an attacker has control over the input stream or if a huge load during filesystem operations can be triggered...

7.8CVSS7.9AI score0.01888EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2020/04/15 12:0 a.m.•34 views

Zabbix -- Remote code execution

Zabbix reports: Fixed security vulnerability cve-2020-11800 remote code execution. ZBX-17600...

9.8CVSS2.3AI score0.09191EPSS
Exploits16References2
FreeBSD
FreeBSD
•added 2020/04/02 12:0 a.m.•34 views

Dovecot -- Multiple vulnerabilities

Aki Tuomi reports: Vulnerability Details: Sending malformed NOOP command causes crash in submission, submission-login or lmtp service. Risk: Remote attacker can keep submission-login service down, causing denial of service attack. For lmtp the risk is neglible, as lmtp is usually behind a trusted...

6.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2020/03/30 12:0 a.m.•34 views

glpi -- weak csrf tokens

MITRE Corporation reports: In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6...

9.3CVSS3.7AI score0.00782EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2020/03/20 12:0 a.m.•34 views

Python -- multiple vulnerabilities

Python reports: gh-95778: Converting between int and str in bases other than 2 binary, 4, 8 octal, 16 hexadecimal, or 32 such as base 10 decimal now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic...

7.5CVSS0.4AI score0.03213EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/02/12 12:0 a.m.•34 views

ansible - subversion password leak from PID

Borja Tarraso reports: A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading...

3.9CVSS1.8AI score0.00358EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2020/01/02 12:0 a.m.•34 views

glpi -- Public GLPIKEY can be used to decrypt any data

MITRE Corporation reports: GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on...

7.2CVSS1.2AI score0.01426EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2020/01/02 12:0 a.m.•34 views

Gitlab -- Multiple Vulnerabilities

The GitLab Team reports: Group Maintainers Can Update/Delete Group Runners Using API GraphQL Queries Can Hang the Application Unauthorized Users Have Access to Milestones of Releases Private Group Name Revealed Through Protected Tags API Users Can Publish Reviews on Locked Merge Requests DoS in t...

5.3CVSS4.9AI score0.01107EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/12/19 12:0 a.m.•34 views

Pillow -- Multiple vulnerabilities

Pillow developers report: This release addresses several security problems, as well as addressing CVE-2019-19911. CVE-2019-19911 is regarding FPX images. If an image reports that it has a large number of bands, a large amount of resources will be used when trying to process the image. This is fix...

9.8CVSS1.9AI score0.04212EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/12/06 12:0 a.m.•34 views

OpenSSL -- Overflow vulnerability

The OpenSSL project reports: rsaz512sqr overflow bug on x8664 CVE-2019-1551 Low There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, a...

5.3CVSS2.3AI score0.14298EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/08/29 12:0 a.m.•34 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Kubernetes Integration Server-Side Request Forgery Server-Side Request Forgery in Jira Integration Improved Protection Against Credential Stuffing Attacks Markdown Clientside Resource Exhaustion Pipeline Status Disclosure Group Runner Authorization Issue CI Metrics Disclosure User...

9.8CVSS1AI score0.03073EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2019/08/06 12:0 a.m.•34 views

FreeBSD -- ICMPv6 / MLDv2 out-of-bounds memory access

Problem Description: The ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. Impact: A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page a...

9.8CVSS1.9AI score0.02128EPSS
Exploits0
FreeBSD
FreeBSD
•added 2019/06/19 12:0 a.m.•34 views

FreeBSD -- Resource exhaustion in non-default RACK TCP stack

Problem Description: While processing acknowledgements, the RACK code uses several linked lists to maintain state entries. A malicious attacker can cause the lists to grow unbounded. This can cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a...

7.8CVSS3.9AI score0.05226EPSS
Exploits1
FreeBSD
FreeBSD
•added 2019/04/10 12:0 a.m.•34 views

FreeBSD -- EAP-pwd missing commit validation

Problem Description: EAP-pwd implementation in hostapd EAP server and wpasupplicant EAP peer does not to validate the received scalar and element values in EAP-pwd-Commit messages properly. This could result in attacks that would be able to complete EAP-pwd authentication exchange without the...

0.5AI score
Exploits0
FreeBSD
FreeBSD
•added 2019/04/09 12:0 a.m.•34 views

Flash Player -- multiple vulnerabilities

Adobe reports: This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2019-7096. This update resolves an out-of-bounds read vulnerability that could lead to information disclosure CVE-2019-7108...

10CVSS2.5AI score0.06376EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/03/11 12:0 a.m.•34 views

Dovecot -- Multiple vulnerabilities

Aki Tuomi reports: Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting. This can lead to denial-of-service attack by persistent attackers. Aki Tuomi reports: Submission-login crashes when authentication is started over TLS secured...

7.5CVSS3AI score0.02433EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2019/01/02 12:0 a.m.•34 views

rdesktop - critical - Remote Code Execution

Fix memory corruption in processbitmapdata - CVE-2018-8794 Fix remote code execution in processbitmapdata - CVE-2018-8795 Fix remote code execution in processplane - CVE-2018-8797 Fix Denial of Service in mcsrecvconnectresponse - CVE-2018-20175 Fix Denial of Service in mcsparsedomainparams -...

9.8CVSS2.9AI score0.08214EPSS
Exploits9References1
FreeBSD
FreeBSD
•added 2018/12/12 12:0 a.m.•34 views

chromium -- Use after free in PDFium

Google Chrome Releases reports: 1 security fix contributed by external researches: High CVE-2018-17481: Use after free in PDFium...

8.8CVSS0.7AI score0.01606EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/08/14 12:0 a.m.•34 views

samba -- multiple vulnerabilities

The samba project reports: All versions of Samba from 4.0.0 onwards are vulnerable to infinite query recursion caused by CNAME loops. Any dns record can be added via ldap by an unprivileged user using the ldbadd tool, so this is a security issue. When configured to accept smart-card authenticatio...

7.5CVSS0.9AI score0.05192EPSS
Exploits1References6
FreeBSD
FreeBSD
•added 2018/05/28 12:0 a.m.•34 views

taglib -- heap-based buffer over-read via a crafted audio file

Webin security lab - dbapp security Ltd reports: The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure heap-based buffer over-read via a crafted audio file...

6.5CVSS5.1AI score0.02847EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2018/05/02 12:0 a.m.•34 views

p7zip -- usage of uninitialized memory

NVD reports: Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service segmentation fault or execute arbitrary code via a crafted RAR archive...

7.8CVSS7.3AI score0.04666EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2018/04/11 12:0 a.m.•34 views

roundcube -- IMAP command injection vulnerability

Upstream reports: This update primarily fixes a recently discovered IMAP-cmd-injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under CVE-2018-9846...

8.8CVSS2.2AI score0.02289EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/04/04 12:0 a.m.•34 views

FreeBSD -- ipsec crash or denial of service

Problem Description: The length field of the option header does not count the size of the option header itself. This causes a problem when the length is zero, the count is then incremented by zero, which causes an infinite loop. In addition there are pointer/offset mistakes in the handling of IPv...

7.8CVSS7.6AI score0.04377EPSS
Exploits0
Total number of security vulnerabilities5000