Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2023/09/27 12:0 a.m.•27 views

Account takeover via SQL Injection in UI layout preferences in GLPI

[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL...

9.8CVSS8.1AI score0.31871EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/09/13 12:0 a.m.•27 views

routinator -- Possible path traversal when storing RRDP responses

[email protected] reports: NLnet Labs Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these store...

9.3CVSS6.8AI score0.00549EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/09/06 12:0 a.m.•27 views

redis -- Possible bypassing ACL configuration

yangbodong22011 reports: Redis does not correctly identify keys accessed by SORTRO and, as a result, may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration...

3.3CVSS6.9AI score0.0034EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/08/15 12:0 a.m.•27 views

clamav -- Possible denial of service vulnerability in the HFS+ file parser

Steve Smith reports: There is a possible denial of service vulnerability in the HFS+ file parser...

7.5CVSS6.8AI score0.00883EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/08/01 12:0 a.m.•27 views

Gitlab -- Vulnerabilities

Gitlab reports: ReDoS via ProjectReferenceFilter in any Markdown fields ReDoS via AutolinkFilter in any Markdown fields Regex DoS in Harbor Registry search Arbitrary read of files owned by the "git" user via malicious tar.gz file upload using GitLab export functionality Stored XSS in Web IDE Beta...

9.8CVSS6.5AI score0.63765EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2023/03/26 12:0 a.m.•27 views

py39-redis -- can send response data to the client of an unrelated request

drago-balto reports: redis-py through 4.5.3 and 4.4.3 leaves a connection open after canceling an async Redis command at an inopportune time in the case of a non-pipeline operation, and can send response data to the client of an unrelated request. NOTE: this issue exists because of an incomplete...

3.7CVSS6.1AI score0.01018EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/08/01 12:0 a.m.•27 views

drupal9 -- multiple vulnerabilities

Drupal reports: CVE-2022-31175: Cross-site scripting XSS caused by the editor instance destroying process...

5.8CVSS1.3AI score0.006EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/04/06 12:0 a.m.•27 views

FreeBSD -- 802.11 heap buffer overflow

Problem Description: The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. Impact: While a FreeBSD Wi-Fi client is in scanning mode i.e., not associated with a SSID a malicious beacon frame may overwrite kernel...

9.8CVSS2.7AI score0.0362EPSS
Exploits0
FreeBSD
FreeBSD
•added 2022/03/02 12:0 a.m.•27 views

py-Scrapy -- exposure of sensitive information vulnerability

ranjit-git reports: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1...

8.8CVSS7.1AI score0.01243EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2022/01/25 12:0 a.m.•27 views

varnish -- Request Smuggling Vulnerability

Varnish Cache Project reports: A request smuggling attack can be performed on HTTP/1 connections on Varnish Cache servers. The smuggled request would be treated as an additional request by the Varnish server, go through normal VCL processing, and injected as a spurious response on the client...

9.1CVSS2.9AI score0.01973EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2021/11/24 12:0 a.m.•27 views

rubygem-cgi -- buffer overrun in CGI.escape_html

chamal reports: A security vulnerability that causes buffer overflow when you pass a very large string 700 MB to CGI.escapehtml on a platform where long type takes 4 bytes, typically, Windows...

9.8CVSS7.1AI score0.04766EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/10/04 12:0 a.m.•27 views

strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache

Strongswan Release Notes reports: Fixed a denial-of-service vulnerability in the gmp plugin that was caused by an integer overflow when processing RSASSA-PSS signatures with very large salt lengths. This vulnerability has been registered as CVE-2021-41990. Fixed a denial-of-service vulnerability ...

7.5CVSS2.4AI score0.06438EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2021/06/01 12:0 a.m.•27 views

pglogical -- shell command injection in pglogical.create_subscription()

2ndQuadrant reports: Fix pgdump/pgrestore execution CVE-2021-3515 Correctly escape the connection string for both pgdump and pgrestore so that exotic database and user names are handled correctly. Reported by Pedro Gallegos...

7.2CVSS1.4AI score0.0046EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2021/05/19 12:0 a.m.•27 views

py-numpy -- Missing return-value validation of the function PyArray_DescrNew

Numpy reports: At most call-sites for PyArrayDescrNew, there are no validations of its return, but an invalid address may be returned...

5.3CVSS1.7AI score0.01154EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/05/11 12:0 a.m.•27 views

libX11 -- Arbitrary code execution

The X.org project reports: XLookupColor and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application for instance a color name that can be emitted via a terminal control sequence it can lead to the...

9.8CVSS6.4AI score0.10634EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2021/02/10 12:0 a.m.•27 views

Rails -- multiple vulnerabilities

Ruby on Rails blog: Rails version 5.2.4.5, 6.0.3.5 and 6.1.2.1 have been released! Those version are security releases and addresses two issues: CVE-2021-22880: Possible DoS Vulnerability in Active Record PostgreSQL adapter. CVE-2021-22881: Possible Open Redirect in Host Authorization Middleware...

7.5CVSS1.9AI score0.87301EPSS
Exploits2References3
FreeBSD
FreeBSD
•added 2020/12/29 12:0 a.m.•27 views

wavpack -- integer overflow in pack_utils.c

The wavpack project reports: src/packutils.c - issue 91: fix integer overflows resulting in buffer overruns CVE-2020-35738 - sanitize configuration parameters better improves clarity and aids debugging...

6.1CVSS5.5AI score0.01196EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2020/12/16 12:0 a.m.•27 views

vault -- User Enumeration via LDAP auth

Vault developers report: Vault allowed enumeration of users via the LDAP auth method. This vulnerability, was fixed in Vault 1.6.1 and 1.5.6. An external party reported that they were able to enumerate LDAP users via error messages returned by Vault’s LDAP auth method...

5.3CVSS5.1AI score0.01289EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/10/13 12:0 a.m.•27 views

powerdns-recursor -- cache pollution

PowerDNS Team reports: CVE-2020-25829: An issue has been found in PowerDNS Recursor where a remote attacker can cause the cached records for a given name to be updated to the ‘Bogus’ DNSSEC validation state, instead of their actual DNSSEC ‘Secure’ state, via a DNS ANY query. This results in a...

7.5CVSS4.1AI score0.06465EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/07/28 12:0 a.m.•27 views

typo3 -- multiple vulnerabilities

Typo3 Team reports: In case an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This...

1.5AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2020/07/09 12:0 a.m.•27 views

FreeBSD -- posix_spawnp(3) buffer overflow

Problem Description: posixspawnp spawns a new thread with a limited stack allocated on the heap before delegating to execvp for the final execution within that thread. execvp would previously make unbounded allocations on the stack, directly proportional to the length of the user-controlled PATH...

9.8CVSS2.1AI score0.0192EPSS
Exploits0
FreeBSD
FreeBSD
•added 2020/06/30 12:0 a.m.•27 views

coturn -- information leakage

Felix Dörre reports: The issue is that STUN/TURN response buffer is not initialized properly. CWE 665 This is a leak of information between different client connections. One client an attacker could use their connection to intelligently query coturn to get interesting bytes in the padding bytes...

7.5CVSS2.4AI score0.01847EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/06/25 12:0 a.m.•27 views

glpi -- Unauthenticated Stored XSS

MITRE Corporation reports: In GLPI before version 9.5.2, the install/install.php endpoint insecurely stores user input into the database as urlbase and urlbaseapi. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure...

8CVSS1.3AI score0.0077EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2020/06/14 12:0 a.m.•27 views

IMAP fcc/postpone machine-in-the-middle attack

mutt 1.14.3 updates: CVE-2020-14093 - IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response...

5.9CVSS3.6AI score0.0214EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/06/04 12:0 a.m.•27 views

Nextcloud -- Password share by mail not hashed

The Nextcloud project reports: NC-SA-2020-026 low: Password of share by mail is not hashed when given on the create share call A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call...

7.5CVSS1.2AI score0.01889EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2020/04/28 12:0 a.m.•27 views

Apache OpenOffice -- Unrestricted actions leads to arbitrary code execution in crafted documents

The Apache Openofffice project reports: CVE-2020-13958 Unrestricted actions leads to arbitrary code execution in crafted documents Description A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the...

9.3CVSS3.2AI score0.02687EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/03/25 12:0 a.m.•27 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-1774 / CVE-2020-2160 CSRF protection for any URL could be bypassed Medium SECURITY-1781 / CVE-2020-2161 Stored XSS vulnerability in label expression validation Medium SECURITY-1793 / CVE-2020-2162 Stored XSS vulnerability in file parameters...

8.8CVSS1.2AI score0.01993EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/02/11 12:0 a.m.•27 views

Python -- multiple vulnerabilities

Python reports: bpo-41304: Fixes python3x.pth being ignored on Windows, caused by the fix for bpo-29778 CVE-2020-15801. bpo-39603: Prevent http header injection by rejecting control characters in http.client.putreques...

9.8CVSS2AI score0.03104EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/12/19 12:0 a.m.•27 views

cyrus-sasl -- Fix off by one error

Cyrus SASL 2.1.x Release Notes New in 2.1.28 reports: Fix off by one error...

7.5CVSS1.3AI score0.08036EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2019/11/12 12:0 a.m.•27 views

py-psutil -- double free vulnerability

ret2libc reports: psutil aka python-psutil through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object...

7.5CVSS7.7AI score0.03522EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2019/09/23 12:0 a.m.•27 views

cacti -- Authenticated users may bypass authorization checks

The cacti developers reports: In Cacti through 1.2.6, authenticated users may bypass authorization checks for viewing a graph via a direct graphjson.php request with a modified localgraphid parameter...

4.3CVSS5.6AI score0.01468EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/09/19 12:0 a.m.•27 views

nexus2-oss -- Multiple vulerabilities

Sonatype reports: Several RCE vulnerabilities have been found and corrected in 2.14.15: CVE-2019-16530: An attacker with elevated privileges can upload a specially crafted file. That file can contain commands that will be executed on the system, with the same privileges as the user running the...

9CVSS4.9AI score0.18396EPSS
Exploits5
FreeBSD
FreeBSD
•added 2019/09/08 12:0 a.m.•27 views

FLAC -- out-of-bounds read

Oss-Fuzz reports: There is a possible out of bounds read due to a heap buffer overflow in FLACbitreaderreadricesignedblock of bitreader.c...

4.3CVSS6AI score0.03964EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/08/20 12:0 a.m.•27 views

FreeBSD -- IPv6 remote Denial-of-Service

Problem Description: Due do a missing check in the code of mpulldown9 data returned may not be contiguous as requested by the caller. Impact: Extra checks in the IPv6 code catch the error condition and trigger a kernel panic leading to a remote DoS denial-of-service attack with certain Ethernet...

7.8CVSS2.4AI score0.04417EPSS
Exploits1
FreeBSD
FreeBSD
•added 2019/07/02 12:0 a.m.•27 views

FreeBSD -- Privilege escalation in cd(4) driver

Problem Description: To implement one particular ioctl, the Linux emulation code used a special interface present in the cd4 driver which allows it to copy subchannel information directly to a kernel address. This interface was erroneously made accessible to userland, allowing users with read...

9CVSS4.2AI score0.0409EPSS
Exploits0
FreeBSD
FreeBSD
•added 2019/07/02 12:0 a.m.•27 views

FreeBSD -- Kernel stack disclosure in UFS/FFS

Problem Description: A bug causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding. This data can be viewed by any user with read access to the directory. Additionally, a malicious user with write access to a directory can cause up to 254 byt...

6.5CVSS1.9AI score0.01567EPSS
Exploits0
FreeBSD
FreeBSD
•added 2019/04/19 12:0 a.m.•27 views

www/varnish7 -- Denial of Service

The Varnish Development Team reports: A denial of service attack can be performed on Varnish Cacher servers that have the HTTP/2 protocol turned on. An attacker can let the servers HTTP/2 connection control flow window run out of credits indefinitely and prevent progress in the processing of...

7.5CVSS6.8AI score0.70595EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/03/29 12:0 a.m.•27 views

Istio -- Security vulnerabilities

Istio reports: Two security vulnerabilities have recently been identified in the Envoy proxy. The vulnerabilities are centered on the fact that Envoy did not normalize HTTP URI paths and did not fully validate HTTP/1.1 header values. These vulnerabilities impact Istio features that rely on Envoy ...

10CVSS1.2AI score0.03732EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2019/02/05 12:0 a.m.•27 views

FreeBSD -- System call kernel data register leak

Problem Description: The callee-save registers are used by kernel and for some of them %r8, %r10, and for non-PTI configurations, %r9 the content is not sanitized before return from syscalls, potentially leaking sensitive information. Impact: Typically an address of some kernel data structure use...

5.5CVSS3.1AI score0.00348EPSS
Exploits0
FreeBSD
FreeBSD
•added 2019/02/04 12:0 a.m.•27 views

slixmpp -- improper access control

NVD reports: slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin Persistent Storage of Private Data via PubSub options profile, used for the configuration of default access model that can result in all of the...

7.5CVSS3.4AI score0.02323EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2018/11/28 12:0 a.m.•27 views

Mbed TLS -- Local timing attack on RSA decryption

Janos Follath reports: An attacker who can run code on the same machine that is performing an RSA decryption can potentially recover the plaintext through a Bleichenbacher-like oracle...

4.7CVSS3.9AI score0.00336EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/11/26 12:0 a.m.•27 views

powerdns-recursor -- Crafted query can cause a denial of service

powerdns Team reports: CVE-2018-16855: An issue has been found in PowerDNS Recursor where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash. When the PowerDNS Recursor is run...

7.5CVSS4AI score0.59469EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/07/09 12:0 a.m.•27 views

mailman -- content spoofing with invalid list names in web UI

Mark Sapiro reports: A URL with a very long text listname such as http://www.example.com/mailman/listinfo/Thisisalongstringwithsomephishingtext will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site...

6.5CVSS6.5AI score0.02541EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2018/06/25 12:0 a.m.•27 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Wiki XSS Sanitize gem updates XSS in urlforparams Content injection via username Activity feed publicly displaying internal project names Persistent XSS in charts...

7.5CVSS3.2AI score0.0152EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2017/12/11 12:0 a.m.•27 views

global -- gozilla vulnerability

MITRE reports: gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS8.4AI score0.01228EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/11/30 12:0 a.m.•27 views

wireshark -- multiple security issues

wireshark developers reports: wnpa-sec-2017-47: The IWARPMPA dissector could crash. CVE-2017-17084 wnpa-sec-2017-48: The NetBIOS dissector could crash. Discovered by Kamil Frankowicz. CVE-2017-17083 wnpa-sec-2017-49: The CIP Safety dissector could crash. CVE-2017-17085...

7.5CVSS7.7AI score0.16786EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2017/11/01 12:0 a.m.•27 views

cacti -- multiple vulnerabilities

cacti reports: Changelog issue1057: CVE-2017-16641 - Potential vulnerability in RRDtool functions issue1066: CVE-2017-16660 in remoteagent.php logging function issue1066: CVE-2017-16661 in view log file issue1071: CVE-2017-16785 in globalsession.php Reflection XSS...

9CVSS6.1AI score0.04246EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2017/10/20 12:0 a.m.•27 views

wget -- Heap overflow in HTTP protocol handling

Antti Levomäki, Christian Jalio, Joonas Pihlaja: Wget contains two vulnerabilities, a stack overflow and a heap overflow, in the handling of HTTP chunked encoding. By convincing a user to download a specific link over HTTP, an attacker may be able to execute arbitrary code with the privileges of...

9.3CVSS9.2AI score0.36563EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/10/17 12:0 a.m.•27 views

GitLab -- multiple vulnerabilities

GitLab reports: Cross-Site Scripting XSS vulnerability in the Markdown sanitization filter Yasin Soliman via HackerOne reported a Cross-Site Scripting XSS vulnerability in the GitLab markdown sanitization filter. The sanitization filter was not properly stripping invalid characters from URL schem...

5.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2017/10/17 12:0 a.m.•27 views

Node.js -- remote DOS security vulnerability

Node.js reports: Node.js was susceptible to a remote DoS attack due to a change that came in as part of zlib v1.2.9. In zlib v1.2.9 8 became an invalid value for the windowBits parameter and Node's zlib module will crash or throw an exception depending on the version...

7.5CVSS7.6AI score0.08144EPSS
Exploits0References1
Total number of security vulnerabilities5000