Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
added 2023/07/18 12:0 a.m.22 views

virtualbox-ose -- multiple vulnerabilities

[email protected] reports: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure...

5.5CVSS6.2AI score0.0027EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/07/05 12:0 a.m.22 views

GLPI vulnerable to unauthorized access to KnowbaseItem data

[email protected] reports: GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version...

6.5CVSS7.3AI score0.0057EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/02/08 12:0 a.m.22 views

FreeBSD -- GELI silently omits the keyfile if read from stdin

Problem Description: When GELI reads a key file from a standard input, it doesn't store it anywhere. If the user tries to initialize multiple providers at once, for the second and subsequent devices the standard input stream will be already empty. In this case, GELI silently uses a NULL key as th...

6.5CVSS7AI score0.00637EPSS
Exploits0
FreeBSD
FreeBSD
added 2022/12/15 12:0 a.m.22 views

py-django-photologue -- XSS vulnerability

domiee13 reports: A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photodetail.html of the component Default Template Handler. The manipulation of the argumen...

6.1CVSS6.8AI score0.0051EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/12/08 12:0 a.m.22 views

traefik -- multiple vulnerabilities

The Traefik project reports: This update is recommended for all traefik users and provides following important security fixes: CVE-2022-23469: Authorization header displayed in the debug logs CVE-2022-46153: Routes exposed with an empty TLSOption in traefik...

8.1CVSS2.3AI score0.00977EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2022/11/30 12:0 a.m.22 views

netdata -- multiple vulnerabilities with streaming

Netdata reports: GHSA-xg38-3vmw-2978: Netdata Streaming Alert Command Injection GHSA-jx85-39cw-66f2: Netdata Streaming Authentication Bypass...

2.6AI score
Exploits0References2
FreeBSD
FreeBSD
added 2022/10/24 12:0 a.m.22 views

Grafana -- Privilege escalation

Grafana Labs reports: Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to si...

8.1CVSS3.5AI score0.0074EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/08/29 12:0 a.m.22 views

advancecomp -- Multiple vulnerabilities

GitHub advisories reports: Multiple vulnerabilities found in advancecomp including: Three segmentation faults. Heap buffer overflow via leuint32read at /lib/endianrw.h. Three more heap buffer overflows...

5.5CVSS3.4AI score0.00448EPSS
Exploits7References7
FreeBSD
FreeBSD
added 2022/03/06 12:0 a.m.22 views

gitea -- Improper/incorrect authorization

Youssef Rebahi-Gilbert reports: When Gitea is built and configured for PAM authentication it skips checking authorization completely. Therefore expired accounts and accounts with expired passwords can still login...

7.1CVSS2.4AI score0.00833EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2022/02/01 12:0 a.m.22 views

py-treq -- sensitive information leak vulnerability

Treq's request methods treq.get, treq.post, HTTPClient.request, HTTPClient.get, etc. accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain "supercookies". This can potentially cause sensitive information to leak upon an HTTP redirect...

6.5CVSS6.7AI score0.01083EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/07/26 12:0 a.m.22 views

powerdns -- remotely triggered crash

powerdns reports: PowerDNS Security Advisory 2021-01: Specific query crashes Authoritative Server...

7.5CVSS2.8AI score0.64857EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/05/24 12:0 a.m.22 views

dragonfly -- argument injection

NVD reports: An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process...

9.8CVSS5.9AI score0.72249EPSS
Exploits4References4
FreeBSD
FreeBSD
added 2021/01/31 12:0 a.m.22 views

h2o -- uninitialised memory access in HTTP3

Emil Lerner reports: When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. When h2o is used as a reverse proxy, an attacker can abuse this vulnerability to send internal state ...

7.4CVSS2.1AI score0.02667EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2020/09/07 12:0 a.m.22 views

libzmq4 -- Denial of Service

Google's oss-fuzz project reports: Denial-of-Service on CURVE/ZAP-protected servers by unauthenticated clients. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete...

7.5CVSS7.7AI score0.03408EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2020/07/01 12:0 a.m.22 views

powerdns-recursor -- access restriction bypass

PowerDNS Team reports: CVE-2020-14196: An issue has been found in PowerDNS Recursor where the ACL applied to the internal web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send HTTP queries to the internal web server, bypassing the restriction. In the...

5.3CVSS3.2AI score0.01688EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/06/08 12:0 a.m.22 views

libadplug -- Various vulnerabilities

Malvineous on Github reports: This release fixes the following security issues: buffer overflow in .bmf buffer overflow in .dtm buffer overflow in .mkj buffer overflow in .a2m buffer overflow in .rad buffer overflow in .mtk double free and OOB reads in .u6m...

9.8CVSS2.6AI score0.02131EPSS
Exploits7References1
FreeBSD
FreeBSD
added 2019/09/05 12:0 a.m.22 views

wordpress -- multiple issues

wordpress developers reports: Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting XSS vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments. Props to Tim Coen f...

5.8AI score
Exploits0References1
FreeBSD
FreeBSD
added 2019/07/24 12:0 a.m.22 views

FreeBSD -- Reference count overflow in mqueue filesystem

Problem Description: System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. Impact: A local user can use this flaw to obtain access...

7.8CVSS1.9AI score0.00623EPSS
Exploits0
FreeBSD
FreeBSD
added 2019/07/01 12:0 a.m.22 views

ettercap -- out-of-bound read vulnerability

Ettercap GitHub issue: Etterfilter results in an invalid read of 8 bytes when parsing a crafted file...

5.5CVSS2.7AI score0.01972EPSS
Exploits2References2
FreeBSD
FreeBSD
added 2019/04/21 12:0 a.m.22 views

gitea -- multiple vulnerabilities

Gitea Team reports: This release contains two new security fixes which cannot be backported to the 1.7.0 branch, so it is recommended to update to this version...

3.6AI score
Exploits0References1
FreeBSD
FreeBSD
added 2019/01/23 12:0 a.m.22 views

www/mod_dav_svn -- Malicious SVN clients can crash mod_dav_svn.

Subversion project reports: Malicious SVN clients can trigger a crash in moddavsvn by omitting the root path from a recursive directory listing request...

7.5CVSS2.9AI score0.57822EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/01/09 12:0 a.m.22 views

irssi -- Use after free

Irssi reports: Use after free when hidden lines were expired from the scroll buffer. It may affect the stability of Irssi. CWE-417, CWE-825...

9.8CVSS1AI score0.02543EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/01/02 12:0 a.m.22 views

uriparser -- Out-of-bounds read

Upstream project reports: Out-of-bounds read in uriParseEx for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. "//::44.1"; mitigated if passed parameter afterLast points to readable memory containing a '\0' byte...

2.6AI score
Exploits0References1
FreeBSD
FreeBSD
added 2018/12/04 12:0 a.m.22 views

FreeBSD -- Insufficient bounds checking in bhyve(8) device model

Problem Description: Insufficient bounds checking in one of the device models provided by bhyve8 can permit a guest operating system to overwrite memory in the bhyve8 processing possibly permitting arbitary code execution. Impact: A guest OS using a firmware image can cause the bhyve process to...

6.1CVSS2.6AI score0.01325EPSS
Exploits0
FreeBSD
FreeBSD
added 2018/07/15 12:0 a.m.22 views

Memory leak in different components

MITRE reports: bsixel 1.8.1 has a memory leak in sixeldecoderdecode in decoder.c, imagebufferresize in fromsixel.c, sixeldecoderaw in fromsixel.c and sixelallocatornew in allocator.c...

7.5CVSS1.9AI score0.01452EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2018/05/30 12:0 a.m.22 views

slurm -- insecure handling of user_name and gid fields

SchedMD reports: Insecure handling of username and gid fields CVE-2018-10995 While fixes are only available for the supported 17.02 and 17.11 releases, it is believed that similar vulnerabilities do affect past versions as well. The only resolution is to upgrade Slurm to a fixed release...

5.3CVSS2AI score0.01739EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2018/03/07 12:0 a.m.22 views

py-asyncssh -- Allows bypass of authentication

mitre.org Reports: The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests A customized SSH client can simply skip the authentication step...

9.8CVSS3.4AI score0.0178EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2018/01/17 12:0 a.m.22 views

consul -- vulnerability in embedded DNS library

Consul developers report: A flaw was found in the embedded DNS library used in consul which may allow a denial of service attack. Consul was updated to include the fixed version...

7.5CVSS7.2AI score0.01852EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2017/10/10 12:0 a.m.22 views

cacti -- Cross Site Scripting issue

cacti developers report: The file include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

6.1CVSS6AI score0.0107EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2017/09/07 12:0 a.m.22 views

cyrus-imapd -- broken "other users" behaviour

Cyrus IMAP 3.0.4 Release Notes states: Fixed Issue 2132: Broken "Other Users" behaviour...

9.1CVSS9AI score0.02177EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2017/08/31 12:0 a.m.22 views

asterisk -- Remote Crash Vulerability in res_pjsip

The Asterisk project reports: A carefully crafted URI in a From, To or Contact header could cause Asterisk to crash...

7.5CVSS7.5AI score0.50053EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2017/08/29 12:0 a.m.22 views

rubygems -- multiple vulnerabilities

Official blog of RubyGems reports: The following vulnerabilities have been reported: a DNS request hijacking vulnerability, an ANSI escape sequence vulnerability, a DoS vulnerability in the query command, and a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary...

1.2AI score
Exploits0References1
FreeBSD
FreeBSD
added 2017/06/21 12:0 a.m.22 views

pear-Horde_Image -- remote code execution vulnerability

Michael J Rubinsky reports: The fist vulnerability CVE-2017-9774 is a Remote Code Execution vulnerability and is exploitable by a logged in user sending a maliciously crafted GET request to the Horde server...

8.8CVSS2AI score0.02385EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2017/06/14 12:0 a.m.22 views

cURL -- URL file scheme drive letter buffer overflow

cURL security advisory: When libcurl is given either 1. a file: URL that doesn't use two slashes following the colon, or 2. is told that file is the default scheme to use for URLs without scheme ... and the given path starts with a drive letter and libcurl is built for Windows or DOS, then libcur...

5.3CVSS1.6AI score0.03287EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2017/05/16 12:0 a.m.22 views

Wordpress -- multiple vulnerabilities

WordPress versions 4.7.4 and earlier are affected by six security issues Insufficient redirect validation in the HTTP class. Improper handling of post meta data values in the XML-RPC API. Lack of capability checks for post meta data in the XML-RPC API. A Cross Site Request Forgery CRSF...

1.6AI score
Exploits0References1
FreeBSD
FreeBSD
added 2017/05/08 12:0 a.m.22 views

gitlab -- Various security issues

GitLab reports: Please reference CVE/URL list for details...

1AI score
Exploits0References1
FreeBSD
FreeBSD
added 2017/03/14 12:0 a.m.22 views

id Tech 3 -- remote code execution vulnerability

The content auto-download of id Tech 3 can be used to deliver maliciously crafted content, that triggers downloading of further content and loading and executing it as native code with user credentials. This affects ioquake3, ioUrbanTerror, OpenArena, the original Quake 3 Arena and other forks...

9.3CVSS6.9AI score0.01291EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2017/02/18 12:0 a.m.22 views

MPD -- buffer overflows in http output

The MPD project reports: httpd: fix two buffer overflows in IcyMetaData length calculation...

1.1AI score
Exploits0References1
FreeBSD
FreeBSD
added 2017/01/24 12:0 a.m.22 views

nfsen -- remote command execution

Peter Haag reports: A remote attacker with access to the web interface to execute arbitrary commands on the host operating system...

4AI score
Exploits0References1
FreeBSD
FreeBSD
added 2016/11/11 12:0 a.m.22 views

asterisk -- Crash on SDP offer or answer from endpoint using Opus

The Asterisk project reports: If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the...

1.4AI score
Exploits0References1
FreeBSD
FreeBSD
added 2016/10/10 12:0 a.m.22 views

FreeBSD -- Multiple portsnap vulnerabilities

Problem Description: Flaws in portsnap's verification of downloaded tar files allows additional files to be included without causing the verification to fail. Portsnap may then use or execute these files. Impact: An attacker who can conduct man in the middle attack on the network at the time when...

2.3AI score
Exploits0
FreeBSD
FreeBSD
added 2016/06/09 12:0 a.m.22 views

h2o -- fix DoS attack vector

Frederik Deweerdt reported a denial-of-service attack vector due to an unhandled error condition during socket connection...

7.5CVSS1.9AI score0.01802EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/06/03 12:0 a.m.22 views

libtorrent-rasterbar -- denial of service

Brandon Perry reports: The parsechunkheader function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service crash via a crafted 1 HTTP response or possibly a 2 UPnP broadcast...

7.5CVSS4.2AI score0.01948EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/05/11 12:0 a.m.22 views

p7zip -- out-of-bounds read vulnerability

Cisco Talos reports: An out-of-bounds read vulnerability exists in the way 7-Zip handles Universal Disk Format UDF files. Central to 7-Zip’s processing of UDF files is the CInArchive::ReadFileItem method. Because volumes can have more than one partition map, their objects are kept in an object...

8.8CVSS0.8AI score0.09795EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2016/05/01 12:0 a.m.22 views

libarchive -- RCE vulnerability

The libarchive project reports: Heap-based buffer overflow in the zipreadmacmetadata function in archivereadsupportformatzip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive...

8.8CVSS8AI score0.10284EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2016/02/16 12:0 a.m.22 views

squid -- SSL/TLS processing remote DoS

Squid security advisory 2016:1 reports: Due to incorrectly handling server errors Squid is vulnerable to a denial of service attack when connecting to TLS or SSL servers. This problem allows any trusted client to perform a denial of service attack on the Squid service regardless of whether TLS or...

5.9CVSS3.2AI score0.2555EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/02/01 12:0 a.m.22 views

django -- regression in permissions model

Tim Graham reports: User with "change" but not "add" permission can create objects for ModelAdmin’s with saveas=True...

6CVSS1.7AI score0.01522EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/11/16 12:0 a.m.22 views

a2ps -- format string vulnerability

Jong-Gwon Kim reports: When user runs a2ps with malicious crafted proa2ps prologue file, an attacker can execute arbitrary code...

7.8CVSS7.9AI score0.0286EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/11/09 12:0 a.m.22 views

moodle -- multiple vulnerabilities

Moodle Release Notes report: MSA-15-0037 Possible to send a message to a user who blocked messages from non contacts MSA-15-0038 DDoS possibility in Atto MSA-15-0039 CSRF in site registration form MSA-15-0040 Student XSS in survey MSA-15-0041 XSS in flash video player MSA-15-0042 CSRF in lesson...

0.9AI score
Exploits0References3
FreeBSD
FreeBSD
added 2015/09/21 12:0 a.m.22 views

owncloudclient -- Improper validation of certificates when using self-signed certificates

owncloud.org reports: The ownCloud Desktop Client was vulnerable against MITM attacks until version 2.0.0 in combination with self-signed certificates...

5.1CVSS6.5AI score0.00668EPSS
Exploits0References1
Total number of security vulnerabilities5000