Lucene search
K
FreebsdMost viewed

6583 matches found

FreeBSD
FreeBSD
•added 2026/05/24 12:0 a.m.•21 views

Roundcube Webmail -- Multiple vulnerabilities

The Roundcube Webmail project reports: See link for details. No CVE numbers available at the moment...

5.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/05/13 12:0 a.m.•21 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-site Scripting issue in Analytics dashboard chart rendering impacts GitLab EE Cross-site Scripting issue in global search impacts GitLab CE/EE Cross-site Scripting issue in Duo Agent output rendering impacts GitLab EE Cross-site Scripting issue in Analytics Dashboard impacts...

8.7CVSS5.9AI score0.00355EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/04/07 12:0 a.m.•21 views

chromium -- security fixes

Chrome Releases reports: This update includes multiple security fixes: Critical: CVE-2026-5858: Heap buffer overflow in WebML. CVE-2026-5859: Integer overflow in WebML. High: CVE-2026-5860: Use after free in WebRTC. CVE-2026-5861: Use after free in V8. CVE-2026-5862: Inappropriate implementation ...

9.8CVSS7.5AI score0.00608EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/10 12:0 a.m.•21 views

mod_http2 -- Multiple vulnerabilities

The modhttp2 project reports: a client can increase memory consumption for a HTTP/2 connection via repeated request header names,leading to denial of service certain proxy configurations whith modproxyhttp2 as the backend, an assertion can be triggered by certain requests, leading to denial of...

7.5CVSS7.2AI score0.04409EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/05/14 12:0 a.m.•21 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 415810136 High CVE-2025-4664: Insufficient policy enforcement in Loader. Source: X post from @slonser on 2025-05-05 412578726 High CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo. Reported by Micky on...

9.6CVSS7.6AI score0.05329EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2025/03/27 12:0 a.m.•21 views

electron{33,34} -- Incorrect handle provided in unspecified circumstances in Mojo

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-2783...

8.3CVSS7.4AI score0.08404EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2025/02/02 12:0 a.m.•21 views

cacti -- Multiple vulnerabilities

Cacti repo reports: security GHSA-c5j8-jxj3-hh36: Authenticated RCE via multi-line SNMP responses security GHSA-f9c7-7rc3-574c: SQL Injection vulnerability when using tree rules through Automation API security GHSA-fh3x-69rr-qqpp: SQL Injection vulnerability when request automation devices securi...

9.1CVSS8.5AI score0.54024EPSS
Exploits15
FreeBSD
FreeBSD
•added 2024/12/03 12:0 a.m.•21 views

gstreamer1-plugins-jpeg -- NULL-pointer dereferences in JPEG decoder

The GStreamer Security Center reports: Insufficient error handling in the JPEG decoder that can lead to NULL-pointer dereferences, and that can cause crashes for certain input files...

7.5CVSS7AI score0.00865EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/12/03 12:0 a.m.•21 views

gstreamer1-plugins -- multiple vulnerabilities

The GStreamer Security Center reports: 3 security bugs. CVE-2024-47542: ID3v2 parser out-of-bounds read and NULL-pointer dereference CVE-2024-47600: Out-of-bounds read in gst-discoverer-1.0 commandline tool CVE-2024-47541: Out-of-bounds write in SSA subtitle parser...

9.1CVSS7AI score0.01324EPSS
Exploits2References3
FreeBSD
FreeBSD
•added 2024/12/03 12:0 a.m.•21 views

gstreamer1-plugins-good -- multiple vulnerabilities

The GStreamer Security Center reports: 20 security bugs. CVE-2024-47537: Integer overflow in MP4/MOV sample table parser leading to out-of-bounds writes CVE-2024-47598: MP4/MOV sample table parser out-of-bounds read CVE-2024-47539: MP4/MOV Closed Caption handling out-of-bounds write CVE-2024-4754...

9.8CVSS7AI score0.01344EPSS
Exploits0References17
FreeBSD
FreeBSD
•added 2024/10/29 12:0 a.m.•21 views

gstreamer1-rtsp-server -- Potential Denial-of-Service (DoS) with specially crafted client requests

Qingpeng Du reports: A series of specially crafted client requests during streaming setup post client authentication, if any can cause the RTSP server library to abort, if it has been compiled with assertions enabled...

7.5CVSS7.2AI score0.00658EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/09/18 12:0 a.m.•21 views

qt5-webengine -- Multiple vulnerabilities

Backports for 15 security bugs in Chromium: CVE-2024-4761: Out of bounds write in V8 CVE-2024-5158: Type confusion in V8 CVE-2024-7532: Out of bounds memory access in ANGLE CVE-2024-7965: Inappropriate implementation in V8 CVE-2024-7967: Heap buffer overflow in Fonts CVE-2024-7971: Type confusion...

9.8CVSS8.4AI score0.19272EPSS
Exploits8References1
FreeBSD
FreeBSD
•added 2024/06/18 12:0 a.m.•21 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 6 security fixes: 344608204 High CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee @0x10n participating in SSD Secure Disclosure's TyphoonPWN 2024 on 2024-06-04 343748812 High CVE-2024-6101: Inappropriate implementation in WebAssembly...

8.8CVSS7.6AI score0.01123EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/06/11 12:0 a.m.•21 views

mozilla firefox -- protocol information guessing

[email protected] reports: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

4.3CVSS7AI score0.00736EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/06/05 12:0 a.m.•21 views

traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses

The traefik authors report: There is a vulnerability in Go managing various Is methods IsPrivate, IsLoopback, etc for IPv4-mapped IPv6 addresses. They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms...

9.8CVSS6.9AI score0.01952EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/05/28 12:0 a.m.•21 views

minio -- unintentional information disclosure

Minio security advisory GHSA-95fr-cm4m-q5p9 reports: when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information...

5.3CVSS7AI score0.00549EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/05/23 12:0 a.m.•21 views

python -- several vulnerabilities

Hugo van Kemenade reports: Python 3.14.2 and 3.13.11 are now available ... and come with some bonus security fixes. gh-142145: Remove quadratic behavior in node ID cache clearing CVE-2025-12084 gh-119451: Fix a potential denial of service in http.client only in 3.13; CVE-2025-13836 gh-119452: Fix...

7.5CVSS6.8AI score0.01525EPSS
Exploits0References6
FreeBSD
FreeBSD
•added 2024/04/30 12:0 a.m.•21 views

cyrus-imapd -- unbounded memory allocation

Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2 allow authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. The IMAP protocol allows for command arguments to be LITERALs of negotiated lengt...

6.5CVSS7.2AI score0.00836EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/03/13 12:0 a.m.•21 views

electron{27,28} -- Out of bounds memory access in V8

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-2173...

8.8CVSS7AI score0.13556EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/10/26 12:0 a.m.•21 views

openexr -- Heap Overflow in Scanline Deep Data Parsing

Austin Hackers Anonymous report: Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. ... it is...

9.1CVSS7.8AI score0.01258EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2023/10/09 12:0 a.m.•21 views

libcue -- out-of-bounds array access

The libcue team reports: There is a vulnerability to out-of-bounds array access...

8.8CVSS6.5AI score0.1657EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/09/27 12:0 a.m.•21 views

Privilege Escalation from technician to super-admin in GLPI

[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to chan...

8.8CVSS7.6AI score0.00731EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/09/27 12:0 a.m.•21 views

Users login enumeration by unauthenticated user in GLPI

[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are...

5.3CVSS7.3AI score0.33874EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/08/01 12:0 a.m.•21 views

FreeBSD -- Network authentication attack via pam_krb5

Problem Description: The problem detailed in FreeBSD-SA-23:04.pamkrb5 persisted following the patch for that advisory. Impact: The impact described in FreeBSD-SA-23:04.pamkrb5 persists...

9.8CVSS7.1AI score0.01098EPSS
Exploits0
FreeBSD
FreeBSD
•added 2023/07/26 12:0 a.m.•21 views

jenkins -- Stored XSS vulnerability

Jenkins Security Advisory: Description High SECURITY-3188 / CVE-2023-39151 Stored XSS vulnerability...

5.4CVSS6.5AI score0.00862EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/07/18 12:0 a.m.•21 views

libsndfile_project -- Integer overflow in dataend calculation

[email protected] reports: Multiple signed integers overflow in function aureadheader in src/au.c and in functions mat4open and mat4readheader in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts...

7.8CVSS7.1AI score0.00351EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/07/18 12:0 a.m.•21 views

virtualbox-ose -- multiple vulnerabilities

[email protected] reports: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure...

5.5CVSS6.2AI score0.0027EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/07/05 12:0 a.m.•21 views

GLPI vulnerable to SQL injection via inventory agent request

[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version...

9.8CVSS8.2AI score0.52381EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/04/27 12:0 a.m.•21 views

h2o -- Malformed HTTP/1.1 causes Out-of-Memory Denial of Service

Elijah Glover reports: Malformed HTTP/1.1 requests can crash worker processes. occasionally locking up child workers and causing denial of service, and an outage dropping any open connections...

8.2CVSS6.9AI score0.00902EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/02/08 12:0 a.m.•21 views

FreeBSD -- GELI silently omits the keyfile if read from stdin

Problem Description: When GELI reads a key file from a standard input, it doesn't store it anywhere. If the user tries to initialize multiple providers at once, for the second and subsequent devices the standard input stream will be already empty. In this case, GELI silently uses a NULL key as th...

6.5CVSS7AI score0.00637EPSS
Exploits0
FreeBSD
FreeBSD
•added 2022/10/24 12:0 a.m.•21 views

Grafana -- Privilege escalation

Grafana Labs reports: Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to si...

8.1CVSS3.5AI score0.0074EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/08/09 12:0 a.m.•21 views

FreeBSD -- AIO credential reference count leak

Problem Description: The aioaqueue function, used by the liolistio system call, fails to release a reference to a credential in an error case. Impact: An attacker may cause the reference count to overflow, leading to a use after free UAF...

7.7CVSS2.3AI score0.00218EPSS
Exploits0
FreeBSD
FreeBSD
•added 2022/04/19 12:0 a.m.•21 views

rainloop -- cross-site-scripting (XSS) vulnerability

Simon Scannell reports: The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client. When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their...

5.4CVSS0.9AI score0.01051EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2022/02/22 12:0 a.m.•21 views

typo3 -- XSS vulnerability in svg-sanitize

The TYPO3 project reports: The SVG sanitizer library enshrined/svg-sanitize before version 0.15.0 did not remove HTML elements wrapped in a CDATA section. As a result, SVG content embedded in HTML fetched as text/html was susceptible to cross-site scripting. Plain SVG files fetched as image/svg+x...

6.2CVSS0.8AI score0.00682EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2022/01/19 12:0 a.m.•21 views

ipython -- Execution with Unnecessary Privileges

IPython project reports: IPython 8.0.1, 7.31.1 and 5.11 are security releases that change some default values in order to prevent potential Execution with Unnecessary Privileges...

8.8CVSS4AI score0.00657EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2022/01/06 12:0 a.m.•21 views

uriparser -- Multiple vulnerabilities

Upstream project reports: Fix a bug affecting both uriNormalizeSyntax and uriMakeOwner functions where the text range in .hostText would not be duped using malloc but remain unchanged and hence "not owned" for URIs with an IPv4 or IPv6 address hostname; depending on how an application uses...

0.7AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2021/09/09 12:0 a.m.•21 views

py39-rencode -- infinite loop that could lead to Denial of Service

NIST reports: The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding such as via ;\x2f\x7f, enabling a remote attack that consumes CPU and memory...

7.5CVSS7.5AI score0.05566EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2021/09/02 12:0 a.m.•21 views

Pillow -- Regular Expression Denial of Service (ReDoS)

GitHub Advisory Database reports: Uncontrolled Resource Consumption in pillow. The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function. References: https://nvd.nist.gov/vuln/detail/CVE-2021-23437...

7.5CVSS1.4AI score0.03154EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/03/17 12:0 a.m.•21 views

minio -- MITM attack

minio developer report: This is a security issue because it enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipp...

1.3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2021/02/11 12:0 a.m.•21 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Improper Certificate Validation for Fortinet OTP Denial of Service Attack on gitlab-shell Resource exhaustion due to pending jobs Confidential issue titles were exposed Improper access control allowed demoted project members to access authored merge requests Improper access contro...

3.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2021/02/05 12:0 a.m.•21 views

asterisk -- Remote crash possible when negotiating T.38

The Asterisk project reports: When re-negotiating for T.38 if the initial remote response was delayed just enough Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream then Asterisk would crash...

7.5CVSS1.3AI score0.02177EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/01/07 12:0 a.m.•21 views

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.2: Prevent panic on fuzzer provided string Add secure/httpOnly attributes to the lang cookie...

2.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2020/10/21 12:0 a.m.•21 views

nomad -- multiple vulnerabilities

The HashiCorp team reports: artifact: Fixed a bug where interpolation can be used in the artifact destination field to write artifact payloads outside the allocation directory. template: Fixed a bug where interpolation can be used in the template source and destination fields to read or write fil...

9.1CVSS0.3AI score0.01473EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2020/03/12 12:0 a.m.•21 views

Okular -- Local binary execution via action links

Albert Astals Cid: Okular can be tricked into executing local binaries via specially crafted PDF files. This binary execution can require almost no user interaction. No parameters can be passed to those local binaries. We have not been able to identify any binary that will cause actual damage, be...

4.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2020/03/11 12:0 a.m.•21 views

Gitlab -- Vulnerability

Gitlab reports: Email Confirmation not Required on Sign-up...

1.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2020/01/28 12:0 a.m.•21 views

FreeBSD -- kernel stack data disclosure

Problem Description: Due to incorrect initialization of a stack data structure, up to 20 bytes of kernel data stored previously stored on the stack will be exposed to a crashing user process. Impact: Sensitive kernel data may be disclosed...

3.3CVSS2AI score0.00289EPSS
Exploits0
FreeBSD
FreeBSD
•added 2020/01/20 12:0 a.m.•21 views

FreeBSD -- Insufficient cryptodev MAC key length check

Problem Description: Requests to create cryptography sessions using a MAC did not validate the user-supplied MAC key length. The cryptodev module allocates a buffer whose size is this user-suppled length. Impact: An unprivileged process can trigger a kernel panic...

7.4CVSS2.5AI score0.00656EPSS
Exploits0
FreeBSD
FreeBSD
•added 2019/10/08 12:0 a.m.•21 views

libntlm -- buffer overflow vulnerability

NVD reports: Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request...

9.8CVSS3.4AI score0.03107EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2019/08/29 12:0 a.m.•21 views

libgcrypt -- ECDSA timing attack

GnuPG reports: Mitigate an ECDSA timing attack...

6.3CVSS1.5AI score0.0051EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2019/08/15 12:0 a.m.•21 views

CUPS -- multiple vulnerabilities

Apple reports: CVE-2019-8696 and CVE-2019-8675: SNMP buffer overflows. IPP buffer overflow. Memory disclosure in the scheduler. DoS issues in the scheduler...

8.8CVSS2.4AI score0.02091EPSS
Exploits0References1
Total number of security vulnerabilities5000