Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
added 2022/09/06 12:0 a.m.32 views

go -- multiple vulnerabilities

The Go project reports: net/http: handle server errors after sending GOAWAY A closing HTTP/2 server connection could hang forever waiting for a clean shutdown that was preempted by a subsequent fatal error. This failure mode could be exploited to cause a denial of service. net/url: JoinPath does...

7.5CVSS7.7AI score0.02607EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/12/06 12:0 a.m.32 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Group members with developer role can escalate their privilege to maintainer on projects that they import When user registration is limited, external users that aren't developers shouldn't have access to the CI Lint API Collision in access memoization leads to potential elevated...

8.8CVSS2.3AI score0.35649EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/08/26 12:0 a.m.32 views

libssh -- possible heap-buffer overflow vulnerability

libssh security advisories: The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept and used as an input to new...

6.5CVSS2.4AI score0.04683EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2021/08/18 12:0 a.m.32 views

go -- archive/zip: overflow in preallocation check can cause OOM panic

The Go project reports: An oversight in the previous fix still allows for an OOM panic when the indicated directory size in the archive header is so large that subtracting it from the archive size overflows a uint64, effectively bypassing the check that the number of files in the archive is...

7.5CVSS2.2AI score0.06934EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/07/30 12:0 a.m.32 views

mod_auth_mellon -- Redirect URL validation bypass

Jakub Hrozek reports: Version 0.17.0 and older of modauthmellon allows the redirect URL validation to be bypassed by specifying an URL formatted as ///fishing-site.example.com/logout.html...

6.1CVSS2.5AI score0.01423EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/04/22 12:0 a.m.32 views

Django -- multiple vulnerabilities

Django Release reports: CVE-2021-31542:Potential directory-traversal via uploaded files. MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via uploaded files with suitably crafted file names...

7.5CVSS4.2AI score0.05291EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/04/06 12:0 a.m.32 views

FreeBSD -- jail escape possible by mounting over jail root

Problem Description: Due to a race condition between lookup of ".." and remounting a filesystem, a process running inside a jail might access filesystem hierarchy outside of jail. Impact: A process with superuser privileges running inside a jail configured with the allow.mount permission not...

7.5CVSS0.7AI score0.0018EPSS
Exploits0
FreeBSD
FreeBSD
added 2021/04/01 12:0 a.m.32 views

mdbook -- XSS in mdBook's search page

Rust Security Response Working Group reports: The search feature of mdBook introduced in version 0.1.4 was affected by a cross site scripting vulnerability that allowed an attacker to execute arbitrary JavaScript code on an user's browser by tricking the user into typing a malicious search query,...

8.2CVSS1.5AI score0.01254EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2021/02/18 12:0 a.m.32 views

asterisk -- Remote attacker could prematurely tear down SRTP calls

The Asterisk project reports: An unauthenticated remote attacker could replay SRTP packets which could cause an Asterisk instance configured without strict RTP validation to tear down calls prematurely...

7.5CVSS2.4AI score0.03587EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/12/24 12:0 a.m.32 views

cacti -- SQL Injection was possible due to incorrect validation order

Cati team reports: Due to a lack of validation, datadebug.php can be the source of a SQL injection...

8.8CVSS1.8AI score0.04599EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2020/09/15 12:0 a.m.32 views

FreeBSD -- bhyve SVM guest escape

Problem Description: A number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped. Impact: From kernel mode a malicious guest can write to arbitrary host memory with some...

7.6CVSS0.8AI score0.00258EPSS
Exploits0
FreeBSD
FreeBSD
added 2020/08/27 12:0 a.m.32 views

ark -- extraction outside of extraction directory

Albert Astals Cid reports: Overview A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction. Proof of concept For testing, an example of malicious archive can be found at dirsymlink.tar Impact Users can unwillingly...

4.3CVSS0.3AI score0.01496EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/08/18 12:0 a.m.32 views

chromium -- heap buffer overflow

Chrome Releases reports: This release contains one security fix: 1115345 High CVE-2020-6556: Heap buffer overflow in SwiftShader. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-08-12...

9.3CVSS1.5AI score0.03291EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/08/17 12:0 a.m.32 views

mail/dovecot -- multiple vulnerabilities

Aki Tuomi reports: When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using specially crafted command. The attacker must have valid credentials to access the mail server. Mail delivery / parsing crashed when th...

7.5CVSS3.4AI score0.05215EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2020/06/29 12:0 a.m.32 views

Python -- multiple vulnerabilities

Python reports: bpo-41162:Audit hooks are now cleared later during finalization to avoid missing events. bpo-29778:Ensure python3.dll is loaded from correct locations when Python is embedded...

7.8CVSS1.1AI score0.00895EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/06/18 12:0 a.m.32 views

Several issues in Lynis

lynis update: This release resolves two security issues CVE-2020-13882 - Discovered by Sander Bos, code submission by Katarina Durechova CVE-2019-13033 - Discovered by Sander Bos...

4.2CVSS2.1AI score0.00365EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/06/16 12:0 a.m.32 views

Machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP

mutt 1.14.4 updates: CVE-2020-14954 - Machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP...

5.9CVSS2AI score0.02288EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/06/10 12:0 a.m.32 views

Anydesk -- Multiple Vulnerabilities

Anydesk reports: AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution...

9.8CVSS2.4AI score0.80551EPSS
Exploits8References1
FreeBSD
FreeBSD
added 2020/06/01 12:0 a.m.32 views

Django -- multiple vulnerabilities

Django security release reports: CVE-2020-13254: Potential data leakage via malformed memcached keys In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability,...

6.1CVSS4.1AI score0.0609EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/04/02 12:0 a.m.32 views

mediawiki -- multiple vulnerabilities

Mediawikwi reports: T285159, CVE-2023-PENDING SECURITY: X-Forwarded-For header allows brute-forcing autoblocked IP addresses. T326946, CVE-2020-36649 SECURITY: Bundled PapaParse copy in VisualEditor has known ReDos. T330086, CVE-2023-PENDING SECURITY: OATHAuth allows replay attacks when MediaWiki...

7.5CVSS7.5AI score0.01388EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2020/03/19 12:0 a.m.32 views

FreeBSD -- Insufficient oce(4) ioctl(2) privilege checking

Problem Description: The driver-specific ioctl2 command handlers in oce4 failed to check whether the caller has sufficient privileges to perform the corresponding operation. Impact: The oce4 handler permits unprivileged users to send passthrough commands to device firmware...

5.5CVSS3.4AI score0.00259EPSS
Exploits0
FreeBSD
FreeBSD
added 2020/02/25 12:0 a.m.32 views

Django -- potential SQL injection vulnerability

MITRE CVE reports: Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was...

8.8CVSS2.9AI score0.22513EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2020/02/22 12:0 a.m.32 views

OpenSMTPd -- LPE and RCE in OpenSMTPD's default install

OpenSMTPD developers reports: An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the smtpq group. An unprivileged local...

10CVSS5AI score0.889EPSS
Exploits14References2
FreeBSD
FreeBSD
added 2020/01/28 12:0 a.m.32 views

pkg -- vulnerability in libfetch

A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch3 buffers...

9.8CVSS5.1AI score0.02497EPSS
Exploits0
FreeBSD
FreeBSD
added 2020/01/28 12:0 a.m.32 views

FreeBSD -- libfetch buffer overflow

Problem Description: A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch3 buffers. Impact: An attacker in control of the URL to be fetched possibly via HTTP redirect may cause a heap buffer overflow, resulting in program...

9.8CVSS3.6AI score0.02497EPSS
Exploits0
FreeBSD
FreeBSD
added 2020/01/25 12:0 a.m.32 views

Client/server denial of service when handling AES-CTR ciphers

The libssh team reports originally reported by Yasheng Yang from Google: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connectio...

5.3CVSS1.7AI score0.03065EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/01/14 12:0 a.m.32 views

dovecot -- multiple vulnerabilities

Aki Tuomi reports: lib-smtp doesn't handle truncated command parameters properly, resulting in infinite loop taking 100% CPU for the process. This happens for LMTP where it doesn't matter so much and also for submission-login where unauthenticated users can trigger it. Aki also reports: Snippet...

6.8AI score
Exploits0References2
FreeBSD
FreeBSD
added 2019/12/08 12:0 a.m.32 views

rack -- information leak / session hijack vulnerability

National Vulnerability Database: There's a possible information leak / session hijack vulnerability in Rack RubyGem rack. This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are...

6.3CVSS2.3AI score0.03687EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2019/10/17 12:0 a.m.32 views

asterisk -- SIP request can change address of a SIP peer

The Asterisk project reports: A SIP request can be sent to Asterisk that can change a SIP peers IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peers name; authentication details such as passwords do not need to be...

6.5CVSS2AI score0.02047EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/08/26 12:0 a.m.32 views

file -- Heap buffer overflow possible

mitre reports cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow 4-byte out-of-bounds write...

7.8CVSS2.2AI score0.0185EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2019/07/23 12:0 a.m.32 views

xymon-server -- multiple vulnerabilities

Japheth Cleaver reports: Several buffer overflows were reported by University of Cambridge Computer Security Incident Response Team...

9.8CVSS3.8AI score0.02425EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2019/06/28 12:0 a.m.32 views

asterisk -- Remote Crash Vulnerability in chan_sip channel driver

The Asterisk project reports: When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an endpoint to switch it to T.38. If the endpoint responds with an improperly formatted SDP answer including both a T.38 UDPTL stream and an audio or video stream containing only codecs not allowed o...

5.3CVSS1.5AI score0.04031EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/06/13 12:0 a.m.32 views

asterisk -- Remote crash vulnerability with MESSAGE messages

The Asterisk project reports: A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash...

6.5CVSS2.6AI score0.04235EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/04/30 12:0 a.m.32 views

Gitlab -- Information Disclosure

Gitlab reports: Information Disclosure with Limited Scope Token...

7.5CVSS0.8AI score0.01163EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2018/11/06 12:0 a.m.32 views

moodle -- Login CSRF vulnerability

moodle reports: The login form is not protected by a token to prevent login cross-site request forgery...

8.8CVSS3AI score0.02326EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2018/07/29 12:0 a.m.32 views

advancecomp -- multiple vulnerabilities

Joonun Jang reports: heap buffer overflow running advzip with "-l poc" option Running 'advzip -l poc' with the attached file raises heap buffer overflow which may allow a remote attacker to cause unspecified impact including denial-of-service attack. I expected the program to terminate without...

7.8CVSS8AI score0.01424EPSS
Exploits2
FreeBSD
FreeBSD
added 2018/04/10 12:0 a.m.32 views

Flash Player -- multiple vulnerabilities

Adobe reports: This update resolves a use-after-free vulnerability that could lead to remote code execution CVE-2018-4932. This update resolves out-of-bounds read vulnerabilities that could lead to information disclosure CVE-2018-4933, CVE-2018-4934. This update resolves out-of-bounds write...

9.3CVSS1.6AI score0.29073EPSS
Exploits8References1
FreeBSD
FreeBSD
added 2018/03/22 12:0 a.m.32 views

rails-html-sanitizer -- possible XSS vulnerability

OSS-Security list: There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is...

6.1CVSS6.3AI score0.01984EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2018/02/15 12:0 a.m.32 views

irssi -- multiple vulnerabilities

Irssi reports: Use after free when server is disconnected during netsplits. Found by Joseph Bisch. Use after free when SASL messages are received in unexpected order. Found by Joseph Bisch. Null pointer dereference when an “empty” nick has been observed by Irssi. Found by Joseph Bisch. When the...

9.8CVSS8.8AI score0.02494EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2018/02/09 12:0 a.m.32 views

LibreOffice -- Remote arbitrary file disclosure vulnerability via WEBSERVICE formula

LibreOffice reports: LibreOffice Calc supports a WEBSERVICE function to obtain data by URL. Vulnerable versions of LibreOffice allow WEBSERVICE to take a local file URL e.g file:// which can be used to inject local files into the spreadsheet without warning the user. Subsequent formulas can opera...

8.4AI score
Exploits4References2
FreeBSD
FreeBSD
added 2018/02/05 12:0 a.m.32 views

mbed TLS (PolarSSL) -- remote code execution

Simon Butcher reports: When the truncated HMAC extension is enabled and CBC is used, sending a malicious application packet can be used to selectively corrupt 6 bytes on the peer's heap, potentially leading to a crash or remote code execution. This can be triggered remotely from either side in bo...

9.7AI score
Exploits0References1
FreeBSD
FreeBSD
added 2018/01/25 12:0 a.m.32 views

w3m - multiple vulnerabilities

Tatsuya Kinoshita reports: CVE-2018-6196 table.c: Prevent negative indent value in feedtableblocktag. CVE-2018-6197 form.c: Prevent invalid columnPos call in formUpdateBuffer. CVE-2018-6198 config.h.dist, config.h.in, configure, configure.ac, main.c, rc.c: Make temporary directory safely when /.w...

7.5CVSS6.2AI score0.04391EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2018/01/22 12:0 a.m.32 views

powerdns-recursor -- insufficient validation of DNSSEC signatures

PowerDNS Security Advisory reports: An issue has been found in the DNSSEC validation component of PowerDNS Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be used to wrongfully prove the non-existence of a RR below the owner name of that record. This would allow an attacker in...

4.3CVSS5AI score0.01287EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2017/12/14 12:0 a.m.32 views

ruby -- Command injection vulnerability in Net::FTP

Etienne Stalmans from the Heroku product security team reports: There is a command injection vulnerability in Net::FTP bundled with Ruby. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the pip...

9.3CVSS9.4AI score0.73927EPSS
Exploits5References1
FreeBSD
FreeBSD
added 2017/09/21 12:0 a.m.32 views

chromium -- multiple vulnerabilities

Google Chrome releases reports: 3 security fixes in this release, including: 765433 High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14 752423 High CVE-2017-5122: Out-of-bounds access in V8...

8.8CVSS8.5AI score0.05288EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2017/09/12 12:0 a.m.32 views

libraw -- buffer overflow

libraw developers report: LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file...

8.8CVSS9AI score0.02124EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2017/09/11 12:0 a.m.32 views

libsndfile -- out-of-bounds reads

Xin-Jiang on Github reports: CVE-2017-14245 Medium: An out of bounds read in the function d2alawarray in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. CVE-2017-14246 Medium: An out of...

8.1CVSS7.3AI score0.02229EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2017/09/11 12:0 a.m.32 views

FFmpeg -- multiple vulnerabilities

FFmpeg security reports: Multiple vulnerabilities have been fixed in FFmpeg 3.3.4. Please refer to the CVE list for details...

8.8CVSS7.4AI score0.02712EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2017/07/21 12:0 a.m.32 views

ansible -- information disclosure flaw

ansible developers report: Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the nolog directive where the information may not be sanitized properly...

2.6AI score
Exploits0References1
FreeBSD
FreeBSD
added 2017/07/05 12:0 a.m.33 views

Cacti -- Cross-site scripting (XSS) vulnerability in link.php

kimiizhang reports: Cross-site scripting XSS vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter...

5.4CVSS5.8AI score0.00637EPSS
Exploits0References2
Total number of security vulnerabilities5000