Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2022/04/11 12:0 a.m.•25 views

Nextcloud Calendar -- SMTP Command Injection

reports: SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO: SMTP command and begin injecting arbitrary SMTP commands...

9.8CVSS7.4AI score0.32348EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/02/03 12:0 a.m.•25 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Arbitrary POST requests via special HTML attributes in Jupyter Notebooks DNS Rebinding vulnerability in Irker IRC Gateway integration Missing certificate validation for external CI services Blind SSRF Through Project Import Open redirect vulnerability in Jira Integration Issue lin...

9.1CVSS1.2AI score0.0112EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2022/01/20 12:0 a.m.•25 views

Rust -- Race condition enabling symlink following

The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable to a race condition enabling symlink following CWE-363. An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn...

7.3CVSS3.5AI score0.01376EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/10/23 12:0 a.m.•25 views

Teeworlds -- Buffer Overflow

NVD reports: Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate mChannels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service...

7.8CVSS5.3AI score0.01382EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/09/06 12:0 a.m.•25 views

cryptopp -- ElGamal implementation allows plaintext recovery

Crypto++ 8.6 release notes reports: The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the...

5.9CVSS2.5AI score0.01157EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/08/24 12:0 a.m.•25 views

FreeBSD -- Missing error handling in bhyve(8) device models

Problem Description: Certain VirtIO-based device models failed to handle errors when fetching I/O descriptors. Such errors could be triggered by a malicious guest. As a result, the device model code could be tricked into operating on uninitialized I/O vectors, leading to memory corruption. Impact...

7.8CVSS2.7AI score0.00286EPSS
Exploits0
FreeBSD
FreeBSD
•added 2021/05/26 12:0 a.m.•25 views

cyrus-imapd -- multiple-minute daemon hang via input that is mishandled during hash-table interaction

Cyrus IMAP 3.4.2 Release Notes states: Fixed CVE-2021-33582: Certain user inputs are used as hash table keys during processing. A poorly chosen string hashing algorithm meant that the user could control which bucket their data was stored in, allowing a malicious user to direct many inputs to a...

7.5CVSS0.5AI score0.0307EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/05/04 12:0 a.m.•25 views

libpano13 -- arbitrary memory access through format string vulnerability

libpano13 developers reports: Fix crash and security issue caused by malformed filename prefix...

9.8CVSS3.1AI score0.01941EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/03/03 12:0 a.m.•25 views

py-markdown2 -- regular expression denial of service vulnerability

Ben Caller reports: markdown2 =1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time...

7.5CVSS6.7AI score0.02384EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2021/02/02 12:0 a.m.•25 views

oauth2-proxy -- domain whitelist could be used as redirect

The oauth2-proxy Team reports: In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect...

6.1CVSS6.3AI score0.01353EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/01/25 12:0 a.m.•25 views

All versions of Apache OpenOffice through 4.1.9 can open non-http(s) hyperlinks. If the link is specifically crafted this could lead to untrusted code execution.

The Apache Openofffice project reports: The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-https hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code...

8.8CVSS2.9AI score0.04942EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/12/12 12:0 a.m.•25 views

postsrsd -- Denial of service vulnerability

postsrsd developer reports: PostSRSd could be tricked into consuming a lot of CPU time with an SRS address that has an excessively long time stamp tag...

7.5CVSS3.8AI score0.02657EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2020/11/24 12:0 a.m.•25 views

sympa -- Unauthorised full access via SOAP API due to illegal cookie

Sympa community reports: Unauthorised full access via SOAP API due to illegal cookie...

4.3CVSS4.7AI score0.01957EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2020/06/26 12:0 a.m.•25 views

py-beaker -- arbitrary code execution vulnerability

matheusbrat reports: The Beaker library through 1.12.1 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution...

6.8CVSS7AI score0.01116EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/06/25 12:0 a.m.•25 views

glpi -- Multiple SQL Injections Stemming From isNameQuoted()

MITRE Corporation reports: In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like...

8.7CVSS2.7AI score0.01144EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2020/04/14 12:0 a.m.•25 views

zeek -- Remote crash vulnerability

Jon Siwek of Corelight reports: This release fixes the following security issue: An attacker can crash Zeek remotely via crafted packet sequence...

3.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2020/03/21 12:0 a.m.•25 views

phpMyAdmin -- SQL injection

phpMyAdmin Team reports: PMASA-2020-2 SQL injection vulnerability in the user accounts page, particularly when changing a password PMASA-2020-3 SQL injection vulnerability relating to the search feature PMASA-2020-4 SQL injection and XSS having to do with displaying results Removing of the...

1.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2019/09/02 12:0 a.m.•25 views

www/varnish6 -- Denial of Service

The Varnish Team reports: A failure in HTTP/1 parsing can allow a remote attacker to trigger an assertion in varnish, restarting the daemon and clearing the cache...

5.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2019/08/14 12:0 a.m.•25 views

Mozilla -- Stored passwords in 'Saved Logins' can be copied without master password entry

Mozilla Foundation reports: CVE-2019-11733: Stored passwords in 'Saved Logins' can be copied without master password entry When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored...

9.8CVSS1.8AI score0.01411EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/07/24 12:0 a.m.•25 views

FreeBSD -- Bhyve out-of-bounds read in XHCI device

Problem Description: The pcixhcidevicedoorbell function does not validate the 'epid' and 'streamid' provided by the guest, leading to an out-of-bounds read. Impact: A misbehaving bhyve guest could crash the system or access memory that it should not be able to...

9.6CVSS1.9AI score0.03094EPSS
Exploits0
FreeBSD
FreeBSD
•added 2019/06/22 12:0 a.m.•25 views

bro -- Null pointer dereference and Signed integer overflow

Jon Siwek of Corelight reports: This is a security patch release to address potential Denial of Service vulnerabilities: Null pointer dereference in the RPC analysis code. RPC analyzers e.g. MOUNT or NFS are not enabled in the default configuration. Signed integer overflow in BinPAC-generated...

1.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2019/04/10 12:0 a.m.•25 views

libxslt -- security framework bypass

Mitre report: libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded...

9.8CVSS3.3AI score0.05089EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2018/07/13 12:0 a.m.•26 views

rubygem-doorkeeper -- token revocation vulnerability

NVD reports: Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

7.5CVSS3.5AI score0.01611EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2018/03/26 12:0 a.m.•25 views

mozilla -- use-after-free in compositor

The Mozilla Foundation reports: CVE-2018-5148: Use-after-free in compositor A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash...

9.8CVSS9.3AI score0.03013EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/11/16 12:0 a.m.•25 views

procmail -- Heap-based buffer overflow

MITRE reports: A remote attacker could use a flaw to cause formail to crash, resulting in a denial of service or data loss...

10CVSS8.8AI score0.12524EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2017/11/13 12:0 a.m.•25 views

chromium -- out of bounds read

Google Chrome Releases reports: 1 security fix in this release, including: 782145 High CVE-2017-15428: Out of bounds read in V8. Reported by Zhao Qixun of Qihoo 360 Vulcan Team on 2017-11-07...

8.8CVSS8.5AI score0.18118EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/10/13 12:0 a.m.•25 views

rubygem-passenger -- arbitrary file read vulnerability

Phusion reports: The cPanel Security Team discovered a vulnerability in Passenger that allows users to list the contents of arbitrary files on the system. CVE-2017-16355 has been assigned to this issue...

4.7CVSS5.5AI score0.00358EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/08/25 12:0 a.m.•25 views

py-kerberos -- DoS and MitM vulnerabilities

macosforgebot reports: The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service bad response, or have other unspecified impact by performing a man-in-the-middle attack...

8.1CVSS7.7AI score0.02303EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/05/21 12:0 a.m.•25 views

adns -- multiple vulnerabilities

Ian Jackson and the adns project reports: Vulnerable applications: all adns callers. Exploitable by: the local recursive resolver. Likely worst case: Remote code execution. Vulnerable applications: those that make SOA queries. Exploitable by: upstream DNS data sources. Likely worst case: DoS cras...

9.8CVSS3.8AI score0.03603EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2017/04/30 12:0 a.m.•25 views

libmad -- multiple vulnerabilities

National Vulnerability Database: CVE-2017-8372: The madlayerIII function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted audio file. CVE-2017-8373: The madlayerIII function ...

7.8CVSS5.5AI score0.02538EPSS
Exploits3References7
FreeBSD
FreeBSD
•added 2016/12/02 12:0 a.m.•25 views

ipsec-tools -- remotely exploitable computational-complexity attack

Robert Foggia via NetBSD GNATS reports: The ipsec-tools racoon daemon contains a remotely exploitable computational complexity attack when parsing and storing isakmp fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly...

7.8CVSS3.1AI score0.02928EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/11/08 12:0 a.m.•25 views

flash -- multiple vulnerabilities

Adobe reports: These updates resolve type confusion vulnerabilities that could lead to code execution CVE-2016-7860, CVE-2016-7861, CVE-2016-7865. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7862,...

9.3CVSS2.5AI score0.07301EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/09/09 12:0 a.m.•25 views

h2o -- Use-after-free vulnerability

Kazuho Oku reports: A use-after-free vulnerability exists in H2O up to and including version 2.0.4 / 2.1.0-beta3 that can be used by a remote attacker to mount DoS attacks and / or information theft...

3.7AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2016/06/15 12:0 a.m.•25 views

drupal -- multiple vulnerabilities

Drupal Security Team reports: Saving user accounts can sometimes grant the user all roles User module - Drupal 7 - Moderately Critical Views can allow unauthorized users to see Statistics information Views module - Drupal 8 - Less Critical...

8.8CVSS3.4AI score0.02531EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2016/04/24 12:0 a.m.•25 views

quassel -- remote denial of service

Mitre reports: The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service NULL pointer dereference and crash via invalid handshake data...

7.5CVSS5.4AI score0.02934EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2016/04/02 12:0 a.m.•25 views

ansible -- use of predictable paths in lxc_container

Ansible developers report: CVE-2016-3096: do not use predictable paths in lxccontainer do not use a predictable filename for the LXC attach script don't use predictable filenames for LXC attach script logging don't set a predictable archivepath this should prevent symlink attacks which could resu...

7.8CVSS2.1AI score0.00468EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2016/02/05 12:0 a.m.•25 views

py-imaging, py-pillow -- Buffer overflow in FLI decoding code

The Pillow maintainers report: In all versions of Pillow, dating back at least to the last PIL 1.1.7 release, FliDecode.c has a buffer overflow error. There is a memcpy error where x is added to a target buffer address. X is used in several internal temporary variable roles, but can take a value ...

6.5CVSS6.9AI score0.02689EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/01/22 12:0 a.m.•25 views

dhcpcd -- remote code execution/denial of service

MITRE reports: The printoption function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of...

6.8CVSS7.9AI score0.01841EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2016/01/19 12:0 a.m.•25 views

asterisk -- Long Contact URIs in REGISTER requests can crash Asterisk

The Asterisk project reports: Asterisk may crash when processing an incoming REGISTER request if that REGISTER contains a Contact header with a lengthy URI. This crash will only happen for requests that pass authentication. Unauthenticated REGISTER requests will not result in a crash occurring...

0.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/11/24 12:0 a.m.•25 views

django -- information leak vulnerability

Tim Graham reports: If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, e.g. lastupdated|date:userdateformat , then a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a dat...

5CVSS6.3AI score0.04284EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/11/04 12:0 a.m.•25 views

OpenOffice 4.1.1 -- multiple vulnerabilities

The Apache OpenOffice Project reports: A vulnerability in OpenOffice settings of OpenDocument Format files and templates allows silent access to files that are readable from an user account, over-riding the user's default configuration settings. Once these files are imported into a...

6.8CVSS7.8AI score0.13826EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2015/09/29 12:0 a.m.•25 views

FreeBSD -- rpcbind(8) remote denial of service [REVISED]

Problem Description: In rpcbind8, netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash...

7.5CVSS7.5AI score0.06408EPSS
Exploits0
FreeBSD
FreeBSD
•added 2015/09/17 12:0 a.m.•25 views

otrs -- Scheduler Process ID File Access

The OTRS project reports: An attacker with valid LOCAL credentials could access and manipulate the process ID file for bin/otrs.schduler.pl from the CLI. The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an...

6.3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/09/14 12:0 a.m.•25 views

h2o -- directory traversal vulnerability

Yakuzo reports: H2O up to version 1.4.4 / 1.5.0-beta1 contains a flaw in its URL normalization logic. When file.dir directive is used, this flaw allows a remote attacker to retrieve arbitrary files that exist outside the directory specified by the directive. H2O version 1.4.5 and version...

4.3CVSS6.6AI score0.01655EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/06/29 12:0 a.m.•25 views

ntp -- control message remote Denial of Service vulnerability

ntp.org reports: Under limited and specific circumstances an attacker can send a crafted packet to cause a vulnerable ntpd instance to crash. This requires each of the following to be true: ntpd set up to allow for remote configuration not allowed by default, and knowledge of the configuration...

3.7AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2015/06/12 12:0 a.m.•25 views

p5-Dancer -- possible to abuse session cookie values

Russell Jenkins reports: It was possible to abuse session cookie values so that file-based session stores such as Dancer::Session::YAML or Dancer2::Session::YAML would attempt to read/write from any file on the filesystem with the same extension the file-based store uses, such as '.yml' for the...

1.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2015/06/03 12:0 a.m.•25 views

polkit -- multiple vulnerabilities

Colin Walters reports: Integer overflow in the authenticationagentnewcookie function in PolicyKit aka polkit before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. The authenticationagentnew function i...

4.6CVSS6.1AI score0.00353EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2015/05/24 12:0 a.m.•25 views

zenphoto -- multiple vulnerabilities

zenphoto reports: Fixes several SQL Injection, XSS and path traversal security issues...

7.2CVSS6.6AI score0.02238EPSS
Exploits5References3
FreeBSD
FreeBSD
•added 2015/05/11 12:0 a.m.•25 views

proxychains-ng -- current path as the first directory for the library search path

Mamoru TASAKA reports: proxychains4 sets LDPRELOAD to dlopen libproxychains4.so and execvp the arbitrary command user has specified. proxychains4 sets the current directory as the first path to search libproxychains4.so...

7.8CVSS7.7AI score0.00494EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2015/04/21 12:0 a.m.•25 views

wordpress -- multiple vulnerabilities

Gary Pendergast reports: WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could...

1.3AI score
Exploits0References1
Total number of security vulnerabilities5000