Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
added 2023/01/16 12:0 a.m.24 views

Spotipy -- Path traversal vulnerability

Stéphane Bruckert If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended...

4.3CVSS5.2AI score0.00653EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2023/01/04 12:0 a.m.24 views

devel/viewvc-devel is vulnerable to cross-site scripting

C. Michael Pilato reports: security fix: escape revision view copy paths 311 CVE-2023-22464 security fix: escape revision view changed paths 311 CVE-2023-22456...

6.1CVSS6.1AI score0.00694EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2022/12/23 12:0 a.m.24 views

py27-setuptools44 -- denial of service vulnerability

SCH227 reports: Python Packaging Authority PyPA's setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page du...

5.9CVSS6.2AI score0.02617EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2022/11/21 12:0 a.m.24 views

py-tensorflow -- denial of service vulnerability

Kang Hong Jin, Neophytos Christou, 刘力源 and Pattarakrit Rattankul report: Another instance of CVE-2022-35935, where SobolSample is vulnerable to a denial of service via assumed scalar inputs, was found and fixed. Pattarakrit Rattankul reports: Another instance of CVE-2022-35991, where...

7.5CVSS7.4AI score0.00441EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2022/11/02 12:0 a.m.24 views

pixman -- heap overflow

Pixman reports: for release 0.42.2 Avoid integer overflow leading to out-of-bounds write...

8.8CVSS2.4AI score0.0144EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2022/08/15 12:0 a.m.24 views

dendrite -- Incorrect parsing of the event default power level in event auth

Dendrite team reports: The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default power level to zero in all cases. In rooms where the "eventsdefault" power level had been changed, this could result i...

8.8CVSS3.2AI score0.0065EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/04/28 12:0 a.m.24 views

py-httpx -- input validation vulnerability

lebr0nli reports: Encode OSS httpx =1.0.0.beta0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...

9.1CVSS7.3AI score0.02026EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2022/04/21 12:0 a.m.24 views

zeek -- potential DoS vulnerabilty

Tim Wojtulewicz of Corelight reports: Fix potential unbounded state growth in the FTP analyzer when receiving a specially-crafted stream of commands. This may lead to a buffer overflow and cause Zeek to crash. Due to the possibility of this happening with packets received from the network, this i...

1.4AI score
Exploits0References1
FreeBSD
FreeBSD
added 2022/04/06 12:0 a.m.24 views

FreeBSD -- Bhyve e82545 device emulation out-of-bounds write

Problem Description: The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload "TSO". The e1000 device model uses an...

8.8CVSS1.5AI score0.00209EPSS
Exploits0
FreeBSD
FreeBSD
added 2022/01/23 12:0 a.m.24 views

xrdp -- privilege escalation

xrdp project reports: An integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is accessible to a sesman server listens by default on localhost when installing xrdp, but can be remote if configured otherwise to execute code as root...

7.8CVSS3.9AI score0.00485EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/10/12 12:0 a.m.24 views

minio -- policy restriction issue

minio developers report: Looks like policy restriction was not working properly for normal users when they are not svc or STS accounts. svc accounts are now properly fixed to get right permissions when its inherited, so we do not have to set 'owner = true' sts accounts have always been using righ...

8.8CVSS2.4AI score0.01244EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/08/24 12:0 a.m.24 views

FreeBSD -- Remote code execution in ggatec(8)

Problem Description: The ggatec8 daemon does not validate the size of a response before writing it to a fixed-sized buffer. This allows to overwrite the stack of ggatec8. Impact: A malicious ggated8 or an attacker in a priviledged network position can overwrite the stack with crafted content and...

8.1CVSS5.1AI score0.01578EPSS
Exploits0
FreeBSD
FreeBSD
added 2021/05/05 12:0 a.m.24 views

cyrus-imapd -- Remote authenticated users could bypass intended access restrictions on certain server annotations.

Cyrus IMAP 3.4.1 Release Notes states: Fixed CVE-2021-32056: Remote authenticated users could bypass intended access restrictions on certain server annotations. Additionally, a long-standing bug in replication did not allow server annotations to be replicated. Combining these two bugs, a remote...

4.3CVSS4.3AI score0.017EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/04/07 12:0 a.m.24 views

opengrok -- Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok.

Bobby Rauch of Accenture reports: I ended up finding OpenGrok, and after careful testing, discovered that OpenGrok insecurely deserializes XML input, which can lead to Remote Code Execution. This vulnerability was found in all versions of OpenGrok 1.6.8 and was reported to Oracle. The vulnerabili...

8.8CVSS7.1AI score0.01427EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2021/03/20 12:0 a.m.24 views

gitea -- quoting in markdown text

The Gitea Team reports for release 1.13.5: Update to goldmark 1.3.3...

1.8AI score
Exploits0References1
FreeBSD
FreeBSD
added 2021/03/17 12:0 a.m.24 views

Gitlab -- Multiple vulnerabilities

Gigtlab reports: Remote code execution via unsafe user-controlled markdown rendering options...

4.6AI score
Exploits0References1
FreeBSD
FreeBSD
added 2021/01/04 12:0 a.m.24 views

asterisk -- Remote crash in res_pjsip_diversion

The Asterisk project reports: If a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the "Supported" header. Eventually the number of...

6.5CVSS1.3AI score0.03914EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2020/12/01 12:0 a.m.24 views

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.0: Add Allow-/Block-List for Migrate and Mirrors Prevent git operations for inactive users Disallow urlencoded new lines in git protocol paths if there is a port Mitigate Security vulnerability in the git hook feature Disable DSA ssh keys by default Set TLS...

0.2AI score
Exploits0References1
FreeBSD
FreeBSD
added 2020/11/02 12:0 a.m.24 views

darkhttpd -- DOS vulnerability

Mitre reports: flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability...

7.5CVSS3.8AI score0.01265EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/07/28 12:0 a.m.24 views

Ghostscript -- SAFER Sandbox Breakout

NVD reports: A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32t...

9.8CVSS9.3AI score0.05186EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/06/04 12:0 a.m.24 views

upnp -- denial of service (crash)

CVE mitre reports: Portable UPnP SDK aka libupnp 1.12.1 and earlier allows remote attackers to cause a denial of service crash via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/servicetable/servicetable.c...

7.5CVSS5.2AI score0.03469EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2020/05/12 12:0 a.m.24 views

FreeBSD -- Memory disclosure vulnerability in libalias

Problem Description: The FTP packet handler in libalias incorrectly calculates some packet lengths. This may result in disclosing small amounts of memory from the kernel for the in-kernel NAT implementation or from the process space for natd for the userspace implementation. Impact: A malicious...

5.5CVSS3.2AI score0.00523EPSS
Exploits0
FreeBSD
FreeBSD
added 2020/03/10 12:0 a.m.24 views

puppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API

Puppetlabs reports: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as we...

7.5CVSS7.2AI score0.07884EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/02/18 12:0 a.m.24 views

puppet6 -- Arbitrary Catalog Retrieval

Puppetlabs reports: Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog ca...

6.5CVSS1.5AI score0.00823EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/08/07 12:0 a.m.24 views

KDE Frameworks -- malicious .desktop files execute code

The KDE Community has released a security announcement: The syntax Key$e=$shell command in .desktop files, .directory files, and configuration files typically found in /.config was an intentional feature of KConfig, to allow flexible configuration. This could however be abused by malicious people...

7.8CVSS1.7AI score0.04069EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2019/08/03 12:0 a.m.24 views

doas -- Prevent passing of environment variables

Jesse Smith upstream author of the doas program reported: Previous versions of "doas" transferred most environment variables, such as USER, HOME, and PATH from the original user to the target user. Passing these variables could cause files in the wrong path or home directory to be read or written...

1AI score
Exploits0References2
FreeBSD
FreeBSD
added 2019/07/31 12:0 a.m.24 views

gitea -- multiple vulnerabilities

The Gitea Team reports: This release contains two security fixes, so we highly recommend updating...

1.2AI score
Exploits0References2
FreeBSD
FreeBSD
added 2019/03/21 12:0 a.m.24 views

znc -- Denial of Service

Mitre reports: ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service crash via invalid encoding...

6.5CVSS3AI score0.03133EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/02/25 12:0 a.m.24 views

glpi -- stored XSS

MITRE Corporation reports: inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture...

6.1CVSS2.7AI score0.01327EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2018/12/17 12:0 a.m.24 views

botan2 -- Side channel during ECC key generation

botan2 developers reports: A timing side channel during ECC key generation could leak information about the high bits of the secret scalar. Such information allows an attacker to perform a brute force attack on the key somewhat more efficiently than they would otherwise. Found by Ján Jančár using...

5.9CVSS2AI score0.01525EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2018/12/13 12:0 a.m.24 views

wordpress -- multiple issues

wordpress developers reports: WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0. Karim El Ouerghemmi discovered that authors...

1.7AI score
Exploits0References1
FreeBSD
FreeBSD
added 2018/10/17 12:0 a.m.24 views

OpenEXR -- heap buffer overflow, and out-of-memory bugs

Cary Phillips reports: OpenEXR IlmBase v2.4.0 fixes the following security vulnerabilities: CVE-2018-18444 Issue 351 Out of Memory CVE-2018-18443 Issue 350 heap-buffer-overflow The relevant patches have been backported to the FreeBSD ports...

8.8CVSS1.4AI score0.02615EPSS
Exploits2References3
FreeBSD
FreeBSD
added 2018/08/14 12:0 a.m.24 views

FreeBSD -- Unauthenticated EAPOL-Key Decryption Vulnerability

Problem Description: When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC flag set, the data field was decrypted first without verifying the MIC. When the dta field was encrypted using RC4, for example, when negotiating TKIP as a pairwise cipher, the unauthenticated but...

5.5CVSS0.00383EPSS
Exploits0
FreeBSD
FreeBSD
added 2018/08/13 12:0 a.m.24 views

X11 Session -- SDDM allows unauthorised unlocking

MITRE reports: An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. The default configuration of SDDM on...

7.5CVSS3.3AI score0.01019EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2018/04/04 12:0 a.m.24 views

Gitlab -- multiple vulnerabilities

GitLab reports: Confidential issue comments in Slack, Mattermost, and webhook integrations. Persistent XSS in milestones data-milestone-id. Persistent XSS in filename of merge request...

4AI score
Exploits0References1
FreeBSD
FreeBSD
added 2018/03/14 12:0 a.m.24 views

moodle -- multiple vulnerabilities

moodle reports: Unauthenticated users can trigger custom messages to admin via paypal enrol script. Suspended users with OAuth 2 authentication method can still log in to the site...

8.1CVSS6.8AI score0.02135EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2017/11/25 12:0 a.m.24 views

libXfont -- permission bypass when opening files through symlinks

the freedesktop.org project reports: A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir", "fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue...

5.5CVSS5.8AI score0.0042EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2017/11/15 12:0 a.m.24 views

FreeBSD -- Kernel data leak via ptrace(PT_LWPINFO)

Problem Description: Not all information in the struct ptracelwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of informatio...

3.3CVSS4.9AI score0.00362EPSS
Exploits0
FreeBSD
FreeBSD
added 2017/09/27 12:0 a.m.24 views

node -- access to unintended files

node developers report: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules...

7.5CVSS7.4AI score0.54389EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2017/09/20 12:0 a.m.24 views

libraw -- Out-of-bounds Read

libraw developers report: In LibRaw through 0.18.4, an out of bounds read flaw related to kodak65000loadraw has been reported in dcraw/dcraw.c and internal/dcrawcommon.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash...

9.1CVSS8.8AI score0.02095EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2017/09/09 12:0 a.m.24 views

libbson -- Denial of Service

mongodb developers report: In MongoDB libbson 1.7.0, the bsonitercodewscope function in bson-iter.c miscalculates a bsonutf8validate length argument, which allows remote attackers to cause a denial of service heap-based buffer over-read in the bsonutf8validate function in bson-utf8.c, as...

7.5CVSS7.4AI score0.02797EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2017/04/27 12:0 a.m.24 views

FreeBSD -- ipfilter(4) fragment handling panic

Problem Description: ipfilter4, capable of stateful packet inspection, using the "keep state" or "keep frags" rule options, will not only maintain the state of connections, such as TCP streams or UDP communication, it also maintains the state of fragmented packets. When a packet fragments are...

7.8CVSS7.4AI score0.02666EPSS
Exploits0
FreeBSD
FreeBSD
added 2017/04/12 12:0 a.m.24 views

asterisk -- Buffer Overrun in PJSIP transaction layer

The Asterisk project reports: A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By...

2.1AI score
Exploits0References2
FreeBSD
FreeBSD
added 2017/03/28 12:0 a.m.24 views

phpMyAdmin -- bypass 'no password' restriction

The phpMyAdmin team reports: Summary Bypass $cfg'Servers'$i'AllowNoPassword' Description A vulnerability was discovered where the restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions. This can allow the login of users who have no password set eve...

1.6AI score
Exploits0References1
FreeBSD
FreeBSD
added 2016/12/06 12:0 a.m.24 views

FreeBSD -- Possible login(1) argument injection in telnetd(8)

Problem Description: An unexpected sequence of memory allocation failures combined with insufficient error checking could result in the construction and execution of an argument sequence that was not intended. Impact: An attacker who controls the sequence of memory allocation failures and success...

7.5CVSS2.2AI score0.01875EPSS
Exploits0
FreeBSD
FreeBSD
added 2016/10/15 12:0 a.m.24 views

potrace -- multiple memory failure

potrace reports: CVE-2016-8685: invalid memory access in findnext CVE-2016-8686: memory allocation failure...

7.8CVSS2.7AI score0.01514EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/07/26 12:0 a.m.24 views

collectd -- Network plugin heap overflow

The collectd Project reports: Emilien Gaspar has identified a heap overflow in collectd's network plugin which can be triggered remotely and is potentially exploitable...

9.1CVSS2.5AI score0.05695EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/05/01 12:0 a.m.24 views

jansson -- local denial of service vulnerabilities

QuickFuzz reports: A crash caused by stack exhaustion parsing a JSON was found...

7.5CVSS3.4AI score0.01894EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2016/02/17 12:0 a.m.24 views

libotr -- integer overflow

X41 D-Sec reports: A remote attacker may crash or execute arbitrary code in libotr by sending large OTR messages...

9.8CVSS4.9AI score0.254EPSS
Exploits5References1
FreeBSD
FreeBSD
added 2016/02/15 12:0 a.m.24 views

kamailio -- SEAS Module Heap overflow

Stelios Tsampas reports: A remotely exploitable heap overflow vulnerability was found in Kamailio v4.3.4...

10CVSS2.7AI score0.30518EPSS
Exploits4References3
Total number of security vulnerabilities5000