Lucene search
K
FreebsdMost viewed

6583 matches found

FreeBSD
FreeBSD
•added 2022/08/30 12:0 a.m.•68 views

FreeBSD -- zlib heap buffer overflow

Problem Description: zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. Impact: Applications that call inflateGetHeader may be vulnerable to a buffer overflow. Note that inflateGetHeader is not used by anything in...

9.8CVSS2.7AI score0.1593EPSS
Exploits1
FreeBSD
FreeBSD
•added 2020/01/29 12:0 a.m.•68 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-1682 / CVE-2020-2099 Inbound TCP Agent Protocol/3 authentication bypass Medium SECURITY-1641 / CVE-2020-2100 Jenkins vulnerable to UDP amplification reflection attack Medium SECURITY-1659 / CVE-2020-2101 Non-constant time comparison of inbound...

8.6CVSS0.8AI score0.07044EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/02/01 12:0 a.m.•68 views

payara -- multiple vulnerabilities

Payara Releases reports: The following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases: CVE-2018-14721 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct...

10CVSS6.4AI score0.12679EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/10/02 12:0 a.m.•68 views

dnsmasq -- multiple vulnerabilities

Google Project Zero reports: CVE-2017-14491: Heap based overflow 2 bytes. Before 2.76 and this commit overflow was unrestricted. CVE-2017-14492: Heap based overflow. CVE-2017-14493: Stack Based overflow. CVE-2017-14494: Information Leak CVE-2017-14495: Lack of free CVE-2017-14496: Invalid boundar...

9.8CVSS8.4AI score0.93307EPSS
Exploits32References1
FreeBSD
FreeBSD
•added 2017/01/11 12:0 a.m.•68 views

wordpress -- multiple vulnerabilities

Aaron D. Campbell reports: WordPress versions 4.7 and earlier are affected by eight security issues...

8.8CVSS7.2AI score0.87299EPSS
Exploits7References2
FreeBSD
FreeBSD
•added 2014/10/21 12:0 a.m.•68 views

FreeBSD -- routed(8) remote denial of service vulnerability

Problem Description: The input path in routed8 will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network. Impact: Upon receipt of a query from a source which is not on a directl...

5CVSS6.4AI score0.01553EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/11/29 12:0 a.m.•68 views

lighttpd -- remote DoS in HTTP authentication

US-CERT/NIST reports: Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that...

5CVSS8.9AI score0.16246EPSS
Exploits8
FreeBSD
FreeBSD
•added 2023/06/05 12:0 a.m.•67 views

Gitlab -- Vulnerability

Gitlab reports: Stored-XSS with CSP-bypass in Merge requests ReDoS via FrontMatterFilter in any Markdown fields ReDoS via InlineDiffFilter in any Markdown fields ReDoS via DollarMathPostFilter in Markdown fields DoS via malicious test report artifacts Restricted IP addresses can clone repositorie...

8.7CVSS6.7AI score0.96058EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/08/30 12:0 a.m.•67 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Remote Command Execution via GitHub import Stored XSS via labels color Content injection via Incidents Timeline description Lack of length validation in Snippets leads to Denial of Service Group IP allow-list not fully respected by the Package Registry Abusing Gitaly.GetTreeEntrie...

9.9CVSS1.7AI score0.86194EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2021/05/03 12:0 a.m.•67 views

redis -- multiple vulnerabilities

Redis project reports: Vulnerability in the STRALGO LCS command An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. Vulnerability in the COPY command for large intsets An...

3.7AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2020/04/02 12:0 a.m.•67 views

HAproxy -- serious vulnerability affecting the HPACK decoder used for HTTP/2

The HAproxy Project reports: The main driver for this release is that it contains a fix for a serious vulnerability that was responsibly reported last week by Felix Wilhelm from Google Project Zero, affecting the HPACK decoder used for HTTP/2. CVE-2020-11100 was assigned to this issue...

8.8CVSS1.2AI score0.60727EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2019/09/03 12:0 a.m.•67 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2019-11751: Malicious code execution through command line parameters CVE-2019-11746: Use-after-free while manipulating video CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11742: Same-origin policy violation with SVG...

9.8CVSS1.1AI score0.0216EPSS
Exploits2References3
FreeBSD
FreeBSD
•added 2019/04/23 12:0 a.m.•67 views

mediawiki -- multiple vulnerabilities

Mediawiki reports: Security fixes: T197279, CVE-2019-12468: Directly POSTing to Special:ChangeEmail would allow for bypassing reauthentication, allowing for potential account takeover. T204729, CVE-2019-12473: Passing invalid titles to the API could cause a DoS by querying the entire watchlist...

9.8CVSS1.5AI score0.87218EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2019/02/19 12:0 a.m.•67 views

OpenSSL -- Padding oracle vulnerability

The OpenSSL project reports: 0-byte record padding oracle CVE-2019-1559 Moderate If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte...

5.9CVSS1.7AI score0.17139EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/07/06 12:0 a.m.•67 views

BIND,Knot,NSD,PowerDNS -- denial over service via oversized zone transfers

ISC reports: DNS protocols were designed with the assumption that a certain amount of trust could be presumed between the operators of primary and secondary servers for a given zone. However, in current practice some organizations have scenarios which require them to accept zone data from sources...

8.6CVSS3.5AI score0.40536EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2016/05/09 12:0 a.m.•67 views

xen-tools -- QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks

The Xen Project reports: Qemu VGA module allows banked access to video memory using the window at 0xa00000 and it supports different access modes with different address calculations. Qemu VGA module allows guest to edit certain registers in 'vbe' and 'vga' modes. A privileged guest user could use...

8.8CVSS4.4AI score0.00916EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/04/12 12:0 a.m.•67 views

samba -- multiple vulnerabilities

Samba team reports: CVE-2015-5370 Errors in Samba DCE-RPC code can lead to denial of service crashes and high cpu consumption and man in the middle attacks. CVE-2016-2110 The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags,...

7.5CVSS7.1AI score0.3693EPSS
Exploits0References8
FreeBSD
FreeBSD
•added 2016/01/14 12:0 a.m.•67 views

openssh -- information disclosure

OpenSSH reports: OpenSSH clients between versions 5.4 and 7.1 are vulnerable to information disclosure that may allow a malicious server to retrieve information including under some circumstances, user's private keys...

6.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/02/23 12:0 a.m.•67 views

samba -- Unexpected code execution in smbd

Samba development team reports: All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon. A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent...

10CVSS8.8AI score0.87636EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2012/08/14 12:0 a.m.•67 views

inn -- plaintext command injection into encrypted channel

INN developers report: Fixed a possible plaintext command injection during the negotiation of a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer upon a successful negotiation of a TLS layer. It prevents...

6.8CVSS9.5AI score0.16334EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/04/27 12:0 a.m.•66 views

go -- multiple vulnerabilities

The Go project reports: crypto/tls: restrict RSA keys in certificates to = 8192 bits Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to = 8192...

9.8CVSS7.1AI score0.01837EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2020/11/02 12:0 a.m.•66 views

bouncycastle15 -- bcrypt password checking vulnerability

The Bouncy Castle team reports: The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different...

8.1CVSS1.1AI score0.0714EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2020/06/27 12:0 a.m.•66 views

PuTTY -- Release 0.74 fixes two security vulnerabilities

Simon Tatham reports: Release 0.74 fixes the following security issues: New configuration option to disable PuTTY's default policy of changing its host key algorithm preferences to prefer keys it already knows. There is a theoretical information leak in this policy. CVE-2020-14002 In some...

5.9CVSS1.1AI score0.03146EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2020/04/21 12:0 a.m.•66 views

FreeBSD -- ipfw invalid mbuf handling

Problem Description: Incomplete packet data validation may result in accessing out-of-bounds memory CVE-2019-5614 or may access memory after it has been freed CVE-2019-15874. Impact: Access to out of bounds or freed mbuf data can lead to a kernel panic or other unpredictable results...

9.8CVSS2.2AI score0.01321EPSS
Exploits0
FreeBSD
FreeBSD
•added 2020/04/14 12:0 a.m.•66 views

MySQL Server -- Multiple vulerabilities

Oracle reports: This Critical Patch Update contains 45 new security patches for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. MariaDB reports 4 of these vulnerabilities exist i...

9.8CVSS2.6AI score0.17939EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2019/09/02 12:0 a.m.•66 views

Exim -- RCE with root privileges in TLS SNI handler

Exim developers report: If your Exim server accepts TLS connections, it is vulnerable. This does not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected. The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake. The...

10CVSS3.3AI score0.35736EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2018/05/08 12:0 a.m.•66 views

FreeBSD -- Mishandling of x86 debug exceptions

Problem Description: The MOV SS and POP SS instructions inhibit debug exceptions until the instruction boundary following the next instruction. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the...

7.8CVSS1AI score0.18262EPSS
Exploits9
FreeBSD
FreeBSD
•added 2017/12/09 12:0 a.m.•66 views

FreeBSD -- OpenSSL multiple vulnerabilities

Problem Description: Invoking SSLread/SSLwrite while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSLread/SSLwrite being...

5.9CVSS6.8AI score0.78675EPSS
Exploits1
FreeBSD
FreeBSD
•added 2017/10/09 12:0 a.m.•66 views

salt -- multiple vulnerabilities

SaltStack reports: Directory traversal vulnerability in minion id validation in SaltStack. Allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. Credit for discovering the security flaw goes to: Julian Brost [email protected]. NOTE: this vulnerabili...

9.8CVSS8.7AI score0.04629EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2017/04/19 12:0 a.m.•66 views

MySQL -- multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 39 new security fixes for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

7.8CVSS7.2AI score0.89924EPSS
Exploits8References1
FreeBSD
FreeBSD
•added 2017/01/18 12:0 a.m.•66 views

mysql -- multiple vulnerabilities

Oracle reports: No further details have been provided in the Critical Patch Update...

6.8CVSS6.8AI score0.04792EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2016/11/29 12:0 a.m.•66 views

Roundcube -- arbitrary command execution

The Roundcube project reports steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote...

7.5CVSS4.7AI score0.05621EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2016/11/25 12:0 a.m.•66 views

phpMyAdmin -- multiple vulnerabilities

Please reference CVE/URL list for details...

8.1CVSS1.8AI score0.03967EPSS
Exploits0References15
FreeBSD
FreeBSD
•added 2016/06/13 12:0 a.m.•66 views

OCaml -- Multiple Security Vulnerabilities

MITRE reports: OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function...

9.1CVSS9.1AI score0.05267EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/05/12 12:0 a.m.•66 views

tomcat -- multiple vulnerabilities

Apache Software Foundation reports: Low: Denial of Service CVE-2014-0230 When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be...

7.8CVSS7AI score0.20318EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2009/12/17 12:0 a.m.•66 views

php -- multiple vulnerabilities

PHP developers reports: This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.12: Fixed a safemode bypass in...

10CVSS5.5AI score0.12041EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2004/09/27 12:0 a.m.•66 views

linux_base -- vulnerabilities in Red Hat 7.1 libraries

Trevor Johnson reported that the Red Hat Linux RPMs used by linuxbase contained multiple older vulnerabilities, such as a DNS resolver issue and critical bugs in X font handling and XPM image handling...

10CVSS8.4AI score0.24863EPSS
Exploits4References4
FreeBSD
FreeBSD
•added 2022/01/31 12:0 a.m.•65 views

samba -- Multiple Vulnerabilities

The Samba Team reports: CVE-2021-43566: Malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the...

9CVSS3.6AI score0.74042EPSS
Exploits2References4
FreeBSD
FreeBSD
•added 2021/12/10 12:0 a.m.•65 views

bastillion -- log4j vulnerability

FreeBSD port maintainer reports: Bastillion uses log4j...

10CVSS1.2AI score0.99999EPSS
Exploits351
FreeBSD
FreeBSD
•added 2021/06/01 12:0 a.m.•65 views

redis -- integer overflow

Redis development team reports: An integer overflow bug in Redis version 6.0 or newer can be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477...

8.8CVSS5.5AI score0.04028EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/01/01 12:0 a.m.•65 views

samba -- Unauthenticated domain takeover via netlogon

The Samba Team reports: An unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw...

10CVSS4AI score0.99512EPSS
Exploits75References1
FreeBSD
FreeBSD
•added 2019/07/31 12:0 a.m.•65 views

gitea -- multiple vulnerabilities

The Gitea Team reports: This version of Gitea contains security fixes that could not be backported to 1.8. For this reason, we strongly recommend updating...

3.7AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2019/06/03 12:0 a.m.•65 views

Django -- AdminURLFieldWidget XSS

Django security releases issued: The clickable "Current URL" link generated by AdminURLFieldWidget displayed the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickabl...

1.1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2019/02/07 12:0 a.m.•65 views

unit -- heap memory buffer overflow

unit security problems: CVE-2019-7401: a head memory buffer overflow might have been caused in the router process by a specially crafted request, potentially resulting in a segmentation fault or other unspecified behavior...

9.8CVSS2.3AI score0.02854EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/01/22 12:0 a.m.•65 views

Apache -- vulnerability

The Apache httpd Project reports: SECURITY: CVE-2018-17199 modsession: modsessioncookie does not respect expiry time allowing sessions to be reused. SECURITY: CVE-2019-0190 modssl: Fix infinite loop triggered by a client-initiated renegotiation in TLSv1.2 or earlier with OpenSSL 1.1.1 and later. ...

7.5CVSS0.5AI score0.59942EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2018/04/02 12:0 a.m.•65 views

py-gunicorn -- CWE-113 vulnerability

Everardo reports: gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in processheaders function in gunicorn/http/wsgi.py that can result in an attacker causing the server to return arbitrary HTTP headers...

7.5CVSS2.1AI score0.02431EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2018/02/27 12:0 a.m.•65 views

ntp -- multiple vulnerabilities

Network Time Foundation reports: The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11. This release addresses five security issues in ntpd: LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU961909: Sybil vulnerability: ephemeral association attack INFO/MEDIUM: Sec 3412 / CVE-2018-7182 /...

9.8CVSS8.1AI score0.2985EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2016/12/06 12:0 a.m.•65 views

Apache httpd -- denial of service in HTTP/2

modhttp2 reports: The Apache HTTPD web server from 2.4.17-2.4.23 did not apply limitations on request headers correctly when experimental module for the HTTP/2 protocol is used to access a resource. The net result is that a the server allocates too much memory instead of denying the request. This...

7.5CVSS7.7AI score0.7907EPSS
Exploits4References2
FreeBSD
FreeBSD
•added 2011/12/29 12:0 a.m.•65 views

php -- multiple vulnerabilities

php development team reports: Security Enhancements and Fixes in PHP 5.3.9: Added maxinputvars directive to prevent attacks based on hash collisions. CVE-2011-4885 Fixed bug 60150 Integer overflow during the parsing of invalid exif header. CVE-2011-4566...

6.4CVSS6.9AI score0.83911EPSS
Exploits17References1
FreeBSD
FreeBSD
•added 2011/04/01 12:0 a.m.•65 views

pureftpd -- multiple vulnerabilities

Pure-FTPd development team reports: Support for braces expansion in directory listings has been disabled -- Cf. CVE-2011-0418. Fix a STARTTLS flaw similar to Postfix's CVE-2011-0411. If you're using TLS, upgrading is recommended...

6.8CVSS1AI score0.16334EPSS
Exploits6
Total number of security vulnerabilities5000