Lucene search
K
FreebsdMost viewed

6580 matches found

FreeBSD
FreeBSD
•added 2017/10/15 12:0 a.m.•73 views

asterisk -- Memory/File Descriptor/RTP leak in pjsip session resource

The Asterisk project reports: A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. This then leads to file descriptors and RTP ports being leaked...

5.9CVSS7.3AI score0.04678EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/09/12 12:0 a.m.•73 views

mysql -- Remote Root Code Execution

Dawid Golunski reports: An independent research has revealed multiple severe MySQL vulnerabilities. This advisory focuses on a critical vulnerability with a CVEID of CVE-2016-6662 which can allow attackers to remotely inject malicious settings into MySQL configuration files my.cnf leading to...

10CVSS5.6AI score0.6773EPSS
Exploits16References5
FreeBSD
FreeBSD
•added 2016/06/07 12:0 a.m.•73 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2016-49 Miscellaneous memory safety hazards rv:47.0 / rv:45.2 MFSA 2016-50 Buffer overflow parsing HTML5 fragments MFSA 2016-51 Use-after-free deleting tables from a contenteditable document MFSA 2016-52 Addressbar spoofing though the SELECT element MFSA 2016-54...

8.8CVSS1.6AI score0.24039EPSS
Exploits7References10
FreeBSD
FreeBSD
•added 2015/09/03 12:0 a.m.•73 views

pgbouncer -- failed auth_query lookup leads to connection as auth_user

PgBouncer reports: New authuser functionality introduced in 1.6 allows login as authuser when client presents unknown username. It's quite likely authuser is superuser. Affects only setups that have enabled authuser in their config...

8.1CVSS8AI score0.02163EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2014/09/30 12:0 a.m.•73 views

Joomla! -- Core - Remote File Execution/Denial of Service vulnerabilities

The JSST and the Joomla! Security Center report: 20140903 - Core - Remote File Inclusion Inadequate checking allowed the potential for remote files to be executed. 20140904 - Core - Denial of Service Inadequate checking allowed the potential for a denial of service attack...

7.5CVSS6.4AI score0.55126EPSS
Exploits6References4
FreeBSD
FreeBSD
•added 2006/07/27 12:0 a.m.•73 views

apache -- mod_rewrite buffer overflow vulnerability

The Apache Software Foundation and The Apache HTTP Server Project reports: An off-by-one flaw exists in the Rewrite module, modrewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0. Depending on the manner in which Apache HTTP Server was compiled, this software...

7.6CVSS6.8AI score0.96436EPSS
Exploits20References1
FreeBSD
FreeBSD
•added 2025/07/10 12:0 a.m.•72 views

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: moderate: Apache HTTP Server: HTTP response splitting CVE-2024-42516 low: Apache HTTP Server: SSRF with modheaders setting Content-Type header CVE-2024-43204 moderate: Apache HTTP Server: SSRF on Windows due to UNC paths CVE-2024-43394 low: Apache HTTP Server:...

9.1CVSS7.3AI score0.04409EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2024/07/01 12:0 a.m.•72 views

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: DoS by Null pointer in websocket over HTTP/2 CVE-2024-36387 Low. Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. Proxy encoding problem...

9.8CVSS7.2AI score0.99957EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2021/02/19 12:0 a.m.•72 views

jenkins -- Privilege escalation vulnerability in bundled Spring Security library

Jenkins Security Advisory: Description high SECURITY-2195 / CVE-2021-22112 Privilege escalation vulnerability in bundled Spring Security library...

9CVSS2.3AI score0.03197EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/08/19 12:0 a.m.•72 views

Python -- multiple vulnerabilities

Python reports: bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest…. bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and...

7.8CVSS7.6AI score0.12826EPSS
Exploits1
FreeBSD
FreeBSD
•added 2018/11/28 12:0 a.m.•72 views

Gitlab -- Multiple vulnerabilities

Gitlab reports: View Names of Private Groups Persistent XSS in Environments SSRF in Prometheus integration Unauthorized Promotion of Milestones Exposure of Confidential Issue Title Persisent XSS in Markdown Fields via Mermaid Script Persistent XSS in Markdown Fields via Unrecognized HTML Tags...

8.8CVSS1AI score0.27983EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2017/01/26 12:0 a.m.•72 views

OpenSSL -- multiple vulnerabilities

The OpenSSL project reports: Truncated packet could crash via OOB read CVE-2017-3731 Bad ECDHE parameters cause a client crash CVE-2017-3730 BNmodexp may produce incorrect results on x8664 CVE-2017-3732 Montgomery multiplication may produce incorrect results CVE-2016-7055...

7.5CVSS7.3AI score0.57595EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2017/01/17 12:0 a.m.•72 views

moodle -- multiple vulnerabilities

Marina Glancy reports: MSA-17-0001: System file inclusion when adding own preset file in Boost theme MSA-17-0002: Incorrect sanitation of attributes in forums MSA-17-0003: PHPMailer vulnerability in no-reply address MSA-17-0004: XSS in assignment submission page...

5.3CVSS7.4AI score0.01015EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/11/10 12:0 a.m.•72 views

openssl -- multiple vulnerabilities

OpenSSL reports: ChaCha20/Poly1305 heap-buffer-overflow CVE-2016-7054 Severity: High TLS connections using -CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a Do...

7.5CVSS0.6AI score0.32389EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2016/06/14 12:0 a.m.•72 views

Python -- smtplib StartTLS stripping vulnerability

Red Hat reports: A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end smtp server is capable of negotiating starttls but fails to respond with 220 ok to an explicit call of SMTP.starttls. This may...

6.5CVSS7.1AI score0.14524EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2016/03/10 12:0 a.m.•73 views

FreeBSD -- Multiple OpenSSL vulnerabilities

Problem Description: A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided...

10CVSS8.3AI score0.82112EPSS
Exploits2
FreeBSD
FreeBSD
•added 2008/09/24 12:0 a.m.•72 views

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports: MFSA 2008-37UTF-8 URL stack buffer overflow MFSA 2008-38nsXMLDocument::OnChannelRedirect same-origin violation MFSA 2008-39Privilege escalation using feed preview page and XSS flaw MFSA 2008-40Forced mouse drag MFSA 2008-41Privilege escalation via XPCnativeWrapper...

10CVSS9.5AI score0.43921EPSS
Exploits14References9
FreeBSD
FreeBSD
•added 2005/08/26 12:0 a.m.•72 views

WebCalendar -- remote file inclusion vulnerability

WebCalendar is proven vulnerable to a remote file inclusion vulnerability. The sendreminders.php does not properly verify the "includedir" parameter, giving remote attackers the possibility to include local and remote files. These files can be used by the attacker to gain access to the system...

7.5CVSS6.5AI score0.02021EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/06/08 12:0 a.m.•71 views

Python -- multiple vulnerabilities

Python reports: gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t gh-101727. gh-102153:...

7.5CVSS6.7AI score0.73461EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2021/10/07 12:0 a.m.•71 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 4 security fixes, including: 1252878 High CVE-2021-37977: Use after free in Garbage Collection. Reported by Anonymous on 2021-09-24 1236318 High CVE-2021-37978: Heap buffer overflow in Blink. Reported by Yangkang @dnpushme of 360 ATA on 2021-08-04...

8.8CVSS1.3AI score0.01711EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/08/16 12:0 a.m.•71 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 9 security fixes, including: 1234764 High CVE-2021-30598: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30 1234770 High CVE-2021-30599: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30 1231134 High CVE-2021-30600: Use after fr...

8.8CVSS8.9AI score0.07003EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2019/04/10 12:0 a.m.•71 views

FreeBSD -- SAE side-channel attacks

Problem Description: Side channel attacks in the SAE implementations used by both hostapd AP and wpasupplicant infrastructure BSS station/mesh station. SAE Simultaneous Authentication of Equals is also known as WPA3-Personal. The discovered side channel attacks may be able to leak information abo...

5.9CVSS0.6AI score0.03739EPSS
Exploits0
FreeBSD
FreeBSD
•added 2019/01/16 12:0 a.m.•71 views

Gitlab -- Arbitrary repo read in Gitlab project import

Gitlab reports: Arbitrary repo read in Gitlab project import...

7.5CVSS1.8AI score0.02173EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/10/18 12:0 a.m.•71 views

webkit2-gtk3 -- multiple vulnerabilities

The WebKit team reports many vulnerabilities. Please reference the CVE/URL list for details...

8.8CVSS7.7AI score0.93838EPSS
Exploits67References5
FreeBSD
FreeBSD
•added 2016/12/27 12:0 a.m.•71 views

PHP -- multiple vulnerabilities

Check Point reports: ... discovered 3 fresh and previously unknown vulnerabilities CVE-2016-7479, CVE-2016-7480, CVE-2016-7478 in the PHP 7 unserialize mechanism. The first two vulnerabilities allow attackers to take full control over servers, allowing them to do anything they want with the...

9.8CVSS2.5AI score0.42401EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2015/09/03 12:0 a.m.•71 views

php -- multiple vulnerabilities

PHP reports: Core: Fixed bug 70172 Use After Free Vulnerability in unserialize. Fixed bug 70219 Use after free vulnerability in session deserializer. EXIF: Fixed bug 70385 Buffer over-read in exifreaddata with TIFF IFD tag byte value of 32 bytes. hash: Fixed bug 70312 HAVAL gives wrong hashes in...

9.8CVSS9AI score0.46801EPSS
Exploits7References3
FreeBSD
FreeBSD
•added 2015/08/11 12:0 a.m.•71 views

OpenSSH -- PAM vulnerabilities

OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable. Local attackers may be able to write arbitrary messages to logged-in users, including terminal escape sequences. Reported by Nikolay Edigaryev. Fixed a privilege separation weakness related to PAM support. Attackers who could...

7.2CVSS7.8AI score0.02605EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2015/02/18 12:0 a.m.•71 views

php5 -- multiple vulnerabilities

The PHP Project reports: Use after free vulnerability in unserialize with DateTimeZone. Mitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer overflow...

10CVSS8AI score0.94859EPSS
Exploits38References3
FreeBSD
FreeBSD
•added 2014/10/27 12:0 a.m.•71 views

davmail -- fix potential CVE-2014-3566 vulnerability (POODLE)

Mickaël Guessant reports: DavMail 4.6.0 released Enhancements: Fix potential CVE-2014-3566 vulnerability...

4.3CVSS6AI score0.99999EPSS
Exploits7References2
FreeBSD
FreeBSD
•added 2024/01/24 12:0 a.m.•70 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Critical SECURITY-3314 / CVE-2024-23897 Arbitrary file read vulnerability through the CLI can lead to RCE Description High SECURITY-3315 / CVE-2024-23898 Cross-site WebSocket hijacking vulnerability in the CLI...

9.8CVSS7.1AI score0.99999EPSS
Exploits47References1
FreeBSD
FreeBSD
•added 2018/08/14 12:0 a.m.•70 views

FreeBSD -- L1 Terminal Fault (L1TF) Kernel Information Disclosure

Problem Description: On certain Intel 64-bit x86 systems there is a period of time during terminal fault handling where the CPU may use speculative execution to try to load data. The CPU may speculatively access the level 1 data cache L1D. Data which would otherwise be protected may then be...

1.3AI score
Exploits0
FreeBSD
FreeBSD
•added 2017/01/26 12:0 a.m.•70 views

wordpress -- multiple vulnerabilities

Aaron D. Campbell reports: WordPress versions 4.7.1 and earlier are affected by three security issues: The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. WPQuery is vulnerable to a SQL injection SQLi when passing unsafe data...

5.3CVSS8.2AI score0.05061EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2016/02/04 12:0 a.m.•70 views

php -- multiple vulnerabilities

PHP reports: Core: Fixed bug 71039 exec functions ignore length but look for NULL termination. Fixed bug 71323 Output of streamgetmetadata can be falsified by its input. Fixed bug 71459 Integer overflow in iptcembed. PCRE: Upgraded bundled PCRE library to 8.38.CVE-2015-8383, CVE-2015-8386,...

10CVSS8.3AI score0.10997EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2006/08/24 12:0 a.m.•70 views

openoffice.org -- multiple vulnerabilities

OpenOffice.org Security Team reports: Fixed in OpenOffice.org 3.2 CVE-2006-4339: Potential vulnerability from 3rd party libxml2 libraries CVE-2009-0217: Potential vulnerability from 3rd party libxmlsec libraries CVE-2009-2493: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC...

9.3CVSS8AI score0.43389EPSS
Exploits2References7
FreeBSD
FreeBSD
•added 2023/09/20 12:0 a.m.•69 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-3261 / CVE-2023-43494 Builds can be filtered by values of sensitive build variables High SECURITY-3245 / CVE-2023-43495 Stored XSS vulnerability High SECURITY-3072 / CVE-2023-43496 Temporary plugin file created with insecure permissions Low...

8.8CVSS6.4AI score0.03388EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/09/13 12:0 a.m.•69 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release includes 11 security fixes, including: 1237533 High CVE-2021-30625: Use after free in Selection API. Reported by Marcin Towalski of Cisco Talos on 2021-08-06 1241036 High CVE-2021-30626: Out of bounds memory access in ANGLE. Reported by Jeonghoon Shin of Theo...

9.6CVSS0.64546EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2020/07/15 12:0 a.m.•69 views

Cacti -- multiple vulnerabilities

Cacti developers reports: Multiple fixes for bundled jQuery to prevent code exec CVE-2020-11022, CVE-2020-11023. PHPMail contains a escaping bug CVE-2020-13625. SQL Injection via color.php in Cacti CVE-2020-14295...

7.5CVSS4AI score0.99019EPSS
Exploits21References5
FreeBSD
FreeBSD
•added 2020/07/05 12:0 a.m.•69 views

Apache Tomcat -- Multiple Vulnerabilities

The Apache Software Foundation reports: An h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. The payload length in a WebSocket frame was n...

7.5CVSS1.3AI score0.87553EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2020/05/19 12:0 a.m.•69 views

powerdns-recursor -- multiple vulnerabilities

PowerDNS Team reports: CVE-2020-10995: An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between...

8.8CVSS3.4AI score0.23889EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/01/14 12:0 a.m.•69 views

drm graphics drivers -- potential information disclusure via local access

Intel reports: .A potential security vulnerability in IntelR Processor Graphics may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Description: Insufficient control flow in certain data structures for some IntelR Processors with IntelR...

5.5CVSS2.5AI score0.01447EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/11/27 12:0 a.m.•69 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Path traversal with potential remote code execution Private objects exposed through project import Disclosure of notes via Elasticsearch integration Disclosure of comments via Elasticsearch integration DNS Rebind SSRF in various chat notifications Disclosure of vulnerability statu...

9.8CVSS3.1AI score0.01656EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/11/14 12:0 a.m.•69 views

FreeBSD -- Machine Check Exception on Page Size Change

Intel discovered a previously published erratum on some Intel platforms can be exploited by malicious software to potentially cause a denial of service by triggering a machine check that will crash or hang the system. Malicious guest operating systems may be able to crash the host...

6.5CVSS1AI score0.00915EPSS
Exploits0
FreeBSD
FreeBSD
•added 2019/08/28 12:0 a.m.•69 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-1453 / CVE-2019-10383 Stored XSS vulnerability in update center High SECURITY-1491 / CVE-2019-10384 CSRF protection tokens for anonymous users did not expire in some circumstances...

8.8CVSS1.6AI score0.01578EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/05/03 12:0 a.m.•69 views

OpenSSL -- multiple vulnerabilities

OpenSSL reports: Memory corruption in the ASN.1 encoder Padding oracle in AES-NI CBC MAC check EVPEncodeUpdate overflow EVPEncryptUpdate overflow ASN.1 BIO excessive memory allocation EBCDIC overread OpenSSL only...

10CVSS2.9AI score0.89058EPSS
Exploits7References2
FreeBSD
FreeBSD
•added 2016/04/26 12:0 a.m.•69 views

ntp -- multiple vulnerabilities

Network Time Foundation reports: NTF's NTP Project has been notified of the following low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p7, released on Tuesday, 26 April 2016: Bug 3020 / CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering. Reported by Matt...

7.5CVSS6.8AI score0.15081EPSS
Exploits9References1
FreeBSD
FreeBSD
•added 2013/02/21 12:0 a.m.•69 views

libxml2 -- cpu consumption Dos

Kurt Seifried reports: libxml2 is affected by the expansion of internal entities which can be used to consume resources and external entities which can cause a denial of service against other services, be used to port scan, etc...

6.8CVSS8.5AI score0.03609EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2012/05/30 12:0 a.m.•69 views

FreeBSD -- Incorrect crypt() hashing

Problem description: There is a programming error in the DES implementation used in crypt when handling input which contains characters that cannot be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set 0x80, that character and all characters...

4.3CVSS6.6AI score0.05734EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/05/10 12:0 a.m.•69 views

Apache APR -- DoS vulnerabilities

The Apache Portable Runtime Project reports: Note especially a security fix to APR 1.4.4, excessive CPU consumption was possible due to an unconstrained, recursive invocation of aprfnmatch, as aprfnmatch processed '' wildcards. Reimplement aprfnmatch from scratch using a non-recursive algorithm n...

4.3CVSS3.8AI score0.30406EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2007/08/30 12:0 a.m.•69 views

php -- multiple vulnerabilities

The PHP development team reports: Security Enhancements and Fixes in PHP 5.2.4: Fixed a floating point exception inside wordwrap Reported by Mattias Bengtsson Fixed several integer overflows inside the GD extension Reported by Mattias Bengtsson Fixed size calculation in chunksplit Reported by...

7.5CVSS7.1AI score0.13818EPSS
Exploits12References3
FreeBSD
FreeBSD
•added 2004/12/13 12:0 a.m.•69 views

phpmyadmin -- command execution vulnerability

A phpMyAdmin security announcement reports: Command execution: since phpMyAdmin 2.6.0-pl2, on a system where external MIME-based transformations are activated, an attacker can put into MySQL data an offensive value that starts a shell command when browsed. Enabling PHP safe mode on the server can...

10CVSS3.3AI score0.11592EPSS
Exploits0References2
Total number of security vulnerabilities5000