Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2019/01/10 12:0 a.m.•28 views

py-matrix-synapse -- undisclosed vulnerability

Matrix developers report: The matrix team announces the availablility of synapse security releases 0.34.0.1 and 0.34.1.1, fixing CVE-2019-5885...

7.5CVSS2.4AI score0.02418EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/01/08 12:0 a.m.•28 views

libzmq4 -- Remote Code Execution Vulnerability

A vulnerability has been found that would allow attackers to direct a peer to jump to and execute from an address indicated by the attacker. This issue has been present since v4.2.0. Older releases are not affected. NOTE: The attacker needs to know in advance valid addresses in the peer's memory ...

9CVSS5.9AI score0.09444EPSS
Exploits2References4
FreeBSD
FreeBSD
•added 2018/12/20 12:0 a.m.•28 views

Gitlab -- Arbitrary File read in Gitlab project import

Gitlab reports: Arbitrary File read in Gitlab project import...

7.5CVSS2.3AI score0.01734EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/12/13 12:0 a.m.•28 views

Gitlab -- Arbitrary File read in GitLab project import with Git LFS

Gitlab reports: Arbitrary File read in GitLab project import with Git LFS...

7.5CVSS2AI score0.02206EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2018/12/11 12:0 a.m.•28 views

phpMyAdmin -- multiple vulnerabilities

The phpMyAdmin development team reports: Summary Local file inclusion through transformation feature Description A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration Storage tables,...

0.2AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2018/10/27 12:0 a.m.•28 views

uriparser -- Multiple vulnerabilities

The upstream project reports: Fixed: Out-of-bounds write in uriComposeQuery and uriComposeQueryEx Commit 864f5d4c127def386dd5cc926ad96934b297f04e Thanks to Google Autofuzz team for the report! Fixed: Detect integer overflow in uriComposeQuery and uriComposeQueryEx Commit...

3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2018/08/14 12:0 a.m.•28 views

FreeBSD -- Resource exhaustion in IP fragment reassembly

Problem Description: A researcher has notified us of a DoS attack applicable to another operating system. While FreeBSD may not be vulnerable to that exact attack, we have identified several places where inadequate DoS protection could allow an attacker to consume system resources. It is not...

7.8CVSS4AI score0.04006EPSS
Exploits0
FreeBSD
FreeBSD
•added 2018/06/12 12:0 a.m.•28 views

node.js -- multiple vulnerabilities

Node.js reports: Denial of Service Vulnerability in HTTP/2 CVE-2018-7161 All versions of 8.x and later are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with t...

7.8CVSS0.7AI score0.10782EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2018/01/28 12:0 a.m.•28 views

mpv -- arbitrary code execution via crafted website

mpv developers report: mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an...

8.8CVSS8.6AI score0.02593EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2018/01/26 12:0 a.m.•28 views

chromium -- vulnerability

Google Chrome Releases reports: 1 security fix in this release: 806388 High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26...

8.8CVSS8.5AI score0.08793EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/01/25 12:0 a.m.•28 views

clamav -- multiple vulnerabilities

ClamAV project reports: Join us as we welcome ClamAV 0.99.3 to the family!. This release is a security release and is recommended for all ClamAV users. CVE-2017-12374 ClamAV UAF use-after-free Vulnerabilities CVE-2017-12375 ClamAV Buffer Overflow Vulnerability CVE-2017-12376 ClamAV Buffer Overflo...

10CVSS7.7AI score0.12548EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2018/01/23 12:0 a.m.•28 views

p7zip -- heap-based buffer overflow

MITRE reports: Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service out-of-bounds write or potentially execute arbitrary code via a crafted ZIP archive...

7.8CVSS8.1AI score0.05032EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2017/12/21 12:0 a.m.•28 views

GIMP - Heap Buffer Overflow Vulnerability

GNOME reports: CVE-2017-17786 Out of bounds read / heap overflow in tga importer / function bgr2rgb.part.1...

7.8CVSS2AI score0.01337EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/10/28 12:0 a.m.•28 views

bchunk -- access violation near NULL on destination operand and crash

Mitre reports: bchunk 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE .cue file...

5.5CVSS5.7AI score0.00909EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/27 12:0 a.m.•28 views

libgcrypt -- side-channel attack vulnerability

GnuPG reports: Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth Be With You"...

7.5CVSS7.5AI score0.0351EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/05/02 12:0 a.m.•28 views

chromium -- race condition vulnerability

Google Chrome Releases reports: 1 security fix in this release: 679306 High CVE-2017-5068: Race condition in WebRTC. Credit to Philipp Hancke...

7.5CVSS8.2AI score0.01019EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/04/27 12:0 a.m.•28 views

LibreSSL -- TLS verification vulnerability

Jakub Jirutka reports: LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSLgetverifyresult is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx...

5.3CVSS1.9AI score0.01021EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/01/09 12:0 a.m.•28 views

Intel(R) NVMUpdate -- Intel(R) Ethernet Controller X710/XL710 NVM Security Vulnerability

Intel Corporation reports: A security vulnerability in the IntelR Ethernet Controller X710 and IntelR Ethernet Controller XL710 family of products Fortville has been found in the Non-Volatile Flash Memory NVM image...

5.9CVSS2.2AI score0.05129EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/11/03 12:0 a.m.•28 views

w3m -- multiple vulnerabilities

Multiple remote code execution and denial of service conditions present...

8.8CVSS4AI score0.03784EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2016/08/21 12:0 a.m.•28 views

eog -- out-of-bounds write

Felix Riemann reports: CVE-2016-6855 out-of-bounds write in eog 3.10.2...

7.5CVSS1.5AI score0.18862EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2016/08/11 12:0 a.m.•28 views

Rails 4 -- Possible XSS Vulnerability in Action View

Ruby Security team reports: There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. This vulnerability has been assigned the CVE identifier CVE-2016-6316...

6.1CVSS1.4AI score0.03438EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/07/19 12:0 a.m.•28 views

moodle -- multiple vulnerabilities

Marina Glancy reports: MSA-16-0019: Glossary search displays entries without checking user permissions to view them MSA-16-0020: Text injection in email headers MSA-16-0021: Unenrolled user still receives event monitor notifications even though they can no longer access course...

2.1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2016/07/10 12:0 a.m.•28 views

xtrlock -- xtrlock does not block multitouch events

Debian reports: xtrlock did not block multitouch events so an attacker could still input and thus control various programs such as Chromium, etc. via so-called "multitouch" events including pan scrolling, "pinch and zoom" or even being able to provide regular mouse clicks by depressing the touchp...

4.6CVSS2.2AI score0.00364EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/04/11 12:0 a.m.•28 views

libtasn1 -- denial of service parsing malicious DER certificates

GNU Libtasn1 NEWS reports: Fixes to avoid an infinite recursion when decoding without the ASN1DECODEFLAGSTRICTDER flag. Reported by Pascal Cuoq...

5.9CVSS3.7AI score0.29572EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2016/03/10 12:0 a.m.•28 views

activemq -- Web Console Cross-Site Scripting

Vladimir Ivanov Positive Technologies reports: Several instances of cross-site scripting vulnerabilities were identified to be present in the web based administration console as well as the ability to trigger a Java memory dump into an arbitrary folder. The root cause of these issues are improper...

5.4CVSS6.3AI score0.06068EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/03/09 12:0 a.m.•28 views

bind -- denial of service vulnerability

ISC reports: A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure...

6.8CVSS2.9AI score0.2262EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/03/08 12:0 a.m.•28 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 589838 High CVE-2016-1643: Type confusion in Blink. 590620 High CVE-2016-1644: Use-after-free in Blink. 587227 High CVE-2016-1645: Out-of-bounds write in PDFium...

9.3CVSS1.1AI score0.02749EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/03/01 12:0 a.m.•28 views

PostgreSQL -- minor security problems.

PostgreSQL project reports: Security Fixes for RLS, BRIN This release closes security hole CVE-2016-2193 https://access.redhat.com/security/cve/CVE-2016-2193, where a query plan might get reused for more than one ROLE in the same session. This could cause the wrong set of Row Level Security RLS...

9.1CVSS0.1AI score0.03347EPSS
Exploits0
FreeBSD
FreeBSD
•added 2016/01/28 12:0 a.m.•28 views

phpmyadmin -- Multiple full path disclosure vulnerabilities

The phpMyAdmin development team reports: By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to ...

5.3CVSS1.4AI score0.02383EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/01/25 12:0 a.m.•28 views

salt -- code execution

SaltStack reports: Improper handling of clear messages on the minion, which could result in executing commands not sent by the master...

8.1CVSS2AI score0.01516EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/10/13 12:0 a.m.•28 views

flash -- multiple vulnerabilities

Adobe reports: These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure CVE-2015-7628. These updates include a defense-in-depth feature in the Flash broker API CVE-2015-5569. These updates resolve use-after-free...

10CVSS7.7AI score0.08245EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/10/02 12:0 a.m.•28 views

OpenSMTPD -- multiple vulnerabilities

OpenSMTPD developers report: an oversight in the portable version of fgetln that allows attackers to read and write out-of-bounds memory multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD a stack-based buffer overflow that allows local users to crash...

9.8CVSS9.8AI score0.04094EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2015/09/16 12:0 a.m.•28 views

optipng -- use-after-free vulnerability

Gustavo Grieco reports: We found a use-after-free causing an invalid/double free in optipng 0.6.4...

9.3CVSS8.7AI score0.05383EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2015/08/11 12:0 a.m.•28 views

Adobe Flash Player -- critical vulnerabilities

Adobe reports: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve type confusion vulnerabilities that could lead to code execution...

10CVSS7.9AI score0.65956EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2015/06/23 12:0 a.m.•28 views

Adobe Flash Player -- critical vulnerabilities

Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a critical vulnerability CVE-2015-3113 that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2015-3113 is...

10CVSS6.3AI score0.9994EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2015/06/15 12:0 a.m.•28 views

chicken -- Potential buffer overrun in string-translate*

chicken developer Peter Bex reports: Using gcc's Address Sanitizer, it was discovered that the string-translate procedure from the data-structures unit can scan beyond the input string's length up to the length of the source strings in the map that's passed to string-translate. This issue was fix...

7.5CVSS7.6AI score0.02057EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2015/05/13 12:0 a.m.•28 views

Pligg CMS -- XSS Vulnerability

Netsparker reports: Proof of Concept URL for XSS in Pligg CMS: Page: groups.php Parameter Name: keyword Parameter Type: GET Attack Pattern: http://example.com/pligg-cms-2.0.2/groups.php?view=search&keyword='+alert0x000D82+' For more information on cross-site scripting vulnerabilities read the...

5.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/04/29 12:0 a.m.•28 views

qemu, xen and VirtualBox OSE -- possible VM escape and code execution ("VENOM")

Jason Geffner, CrowdStrike Senior Security Researcher reports: VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine VM...

7.7CVSS7AI score0.15275EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2015/04/23 12:0 a.m.•28 views

powerdns -- Label decompression bug can cause crashes or CPU spikes

The PowerDNS project reports: A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to cause crashes. On all platforms, this bug can be abused to cause...

7.8CVSS6.4AI score0.81834EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/04/04 12:0 a.m.•28 views

pidgin-otr -- use after free

Hanno Bock reports: The pidgin-otr plugin version 4.0.2 fixes a heap use after free error. The bug is triggered when a user tries to authenticate a buddy and happens in the function createsmpdialog...

10CVSS9.2AI score0.07032EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2015/02/27 12:0 a.m.•28 views

cryptopp -- multiple vulnerabilities

Multiple sources report: CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack...

7.5CVSS6.5AI score0.02879EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2015/02/10 12:0 a.m.•28 views

xorg-server -- Information leak in the XkbSetGeometry request of X servers.

Peter Hutterer reports: Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request. The issue stems from the server trusting the client to send valid string lengths in the request data. A malicious client with string...

6.4CVSS4.8AI score0.04502EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/02/06 12:0 a.m.•28 views

librsvg2 -- denial of service vulnerability

Adam Maris, Red Hat Product Security, reports: CVE-2015-7557: Out-of-bounds heap read in librsvg2 was found when parsing SVG file...

7.5CVSS7.4AI score0.02084EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2014/12/01 12:0 a.m.•28 views

OpenVPN -- denial of service security vulnerability

The OpenVPN project reports: In late November 2014 Dragana Damjanovic notified OpenVPN developers of a critical denial of service security vulnerability CVE-2014-8104. The vulnerability allows an tls-authenticated client to crash the server by sending a too-short control channel packet to the...

6.8CVSS6.4AI score0.03478EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/09/09 12:0 a.m.•28 views

Flash player -- Multiple security vulnerabilities in www/linux-*-flashplugin11

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS8.1AI score0.84178EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2014/08/12 12:0 a.m.•28 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 12 security fixes in this release, including 390174 High CVE-2014-3165: Use-after-free in web sockets. Credit to Collin Payne. 398925 High CVE-2014-3166: Information disclosure in SPDY. Credit to Antoine Delignat-Lavaud. 400950 CVE-2014-3167: Various fixes from...

7.5CVSS1.3AI score0.01648EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2014/06/24 12:0 a.m.•28 views

mplayer -- potential buffer overrun when processing malicious lzo compressed input

Michael Niedermayer and Luca Barbato report in upstream ffmpeg: avutil/lzo: Fix integer overflow...

8.8CVSS8.6AI score0.04468EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2014/04/30 12:0 a.m.•28 views

FreeBSD -- devfs rules not applied by default for jails

Problem Description: The default devfs rulesets are not loaded on boot, even when jails are used. Device nodes will be created in the jail with their normal default access permissions, while most of them should be hidden and inaccessible. Impact: Jailed processes can get access to restricted...

5.8CVSS6.5AI score0.0102EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/06/27 12:0 a.m.•28 views

apache-xml-security-c -- heap overflow during XPointer evaluation

The Apache Software Foundation reports: The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code...

7.5CVSS6.7AI score0.06018EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2013/06/18 12:0 a.m.•28 views

apache-xml-security-c -- heap overflow

The Apache Software Foundation reports: A heap overflow exists in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitary code execution. If verification of the signature occurs prior to actual evaluation of a signin...

7.5CVSS6.9AI score0.08402EPSS
Exploits0References1
Total number of security vulnerabilities5000