Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2004/11/01 12:0 a.m.•22 views

proxytunnel -- format string vulnerability

A Gentoo Linux Security Advisory reports: Florian Schilhabel of the Gentoo Linux Security Audit project found a format string vulnerability in Proxytunnel. When the program is started in daemon mode -a port, it improperly logs invalid proxy answers to syslog. A malicious remote server could send...

10CVSS6.9AI score0.04278EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2004/09/19 12:0 a.m.•22 views

jabberd -- denial-of-service vulnerability

José Antonio Calvo discovered a bug in the Jabber 1.x server. According to Matthias Wimmer: Without this patch, it is possible to remotly crash jabberd14, if there is access to one of the following types of network sockets: Socket accepting client connections Socket accepting connections from oth...

5CVSS3.1AI score0.02441EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2004/09/15 12:0 a.m.•22 views

php -- vulnerability in RFC 1867 file upload processing

Stefano Di Paola discovered an issue with PHP that could allow someone to upload a file to any directory writeable by the httpd process. Any sanitizing performed on the prepended directory path is ignored. This bug can only be triggered if the $FILES element name contains an underscore...

1AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2004/05/13 12:0 a.m.•22 views

multiple vulnerabilities in ethereal

Issues have been discovered in multiple protocol dissectors...

10CVSS6.7AI score0.0764EPSS
Exploits0References6
FreeBSD
FreeBSD
•added 2004/02/22 12:0 a.m.•22 views

hsftp format string vulnerabilities

Ulf Härnhammar discovered a format string bug in hsftp's file listing code may allow a malicious server to cause arbitrary code execution by the client...

2.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2004/02/11 12:0 a.m.•22 views

Buffer overflow in Mutt 1.4

Mutt 1.4 contains a buffer overflow that could be exploited with a specially formed message, causing Mutt to crash or possibly execute arbitrary code...

7.5CVSS7.4AI score0.05427EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2003/04/25 12:0 a.m.•22 views

ChiTeX/ChiLaTeX unsafe set-user-id root

Niels Heinen reports that ChiTeX installs set-user-id root executables that invoked system3 without setting up the environment, trivially allowing local root compromise...

3.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2001/04/12 12:0 a.m.•22 views

nap allows arbitrary file access

According to the author: Fixed security loophole which allowed remote clients to access arbitrary files on our system...

3.4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 1999/07/21 12:0 a.m.•22 views

GNU finger vulnerability

GNU security announcement: GNU Finger unfortunately has not been updated in many years, and has known security vulnerabilities. Please do not use it in production environments...

7.2CVSS6.5AI score0.00464EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/05/24 12:0 a.m.•21 views

Roundcube Webmail -- Multiple vulnerabilities

The Roundcube Webmail project reports: See link for details. No CVE numbers available at the moment...

5.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/05/22 12:0 a.m.•21 views

putty -- multiple security vulnerabilities

Simon Tatham reports: These features are new in PuTTY 0.84: Security issue: fixed a remotely triggerable double-free in RSA key exchange. We don't know of any way it is exploitable to execute code. Minor security issue: fixed a remotely triggerable crash in NIST ECDSA signature verification. An...

5.9AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2026/05/13 12:0 a.m.•21 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-site Scripting issue in Analytics dashboard chart rendering impacts GitLab EE Cross-site Scripting issue in global search impacts GitLab CE/EE Cross-site Scripting issue in Duo Agent output rendering impacts GitLab EE Cross-site Scripting issue in Analytics Dashboard impacts...

8.7CVSS5.9AI score0.00355EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/04/07 12:0 a.m.•21 views

chromium -- security fixes

Chrome Releases reports: This update includes multiple security fixes: Critical: CVE-2026-5858: Heap buffer overflow in WebML. CVE-2026-5859: Integer overflow in WebML. High: CVE-2026-5860: Use after free in WebRTC. CVE-2026-5861: Use after free in V8. CVE-2026-5862: Inappropriate implementation ...

9.8CVSS7.5AI score0.00608EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•21 views

Mozilla -- Incorrect computation of branch address

[email protected] reports: On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address...

9.8CVSS6.6AI score0.00472EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/10 12:0 a.m.•21 views

mod_http2 -- Multiple vulnerabilities

The modhttp2 project reports: a client can increase memory consumption for a HTTP/2 connection via repeated request header names,leading to denial of service certain proxy configurations whith modproxyhttp2 as the backend, an assertion can be triggered by certain requests, leading to denial of...

7.5CVSS7.2AI score0.04409EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/05/14 12:0 a.m.•21 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 415810136 High CVE-2025-4664: Insufficient policy enforcement in Loader. Source: X post from @slonser on 2025-05-05 412578726 High CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo. Reported by Micky on...

9.6CVSS7.6AI score0.05329EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2025/03/27 12:0 a.m.•21 views

electron{33,34} -- Incorrect handle provided in unspecified circumstances in Mojo

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-2783...

8.3CVSS7.4AI score0.08404EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2025/02/02 12:0 a.m.•21 views

cacti -- Multiple vulnerabilities

Cacti repo reports: security GHSA-c5j8-jxj3-hh36: Authenticated RCE via multi-line SNMP responses security GHSA-f9c7-7rc3-574c: SQL Injection vulnerability when using tree rules through Automation API security GHSA-fh3x-69rr-qqpp: SQL Injection vulnerability when request automation devices securi...

9.1CVSS8.5AI score0.54024EPSS
Exploits15
FreeBSD
FreeBSD
•added 2024/12/03 12:0 a.m.•21 views

gstreamer1-plugins-gdkpixbuf -- NULL-pointer dereference

The GStreamer Security Center reports: A NULL-pointer dereference in the gdk-pixbuf decoder that can cause crashes for certain input files...

9.8CVSS7AI score0.00901EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/12/03 12:0 a.m.•21 views

gstreamer1-plugins-good -- multiple vulnerabilities

The GStreamer Security Center reports: 20 security bugs. CVE-2024-47537: Integer overflow in MP4/MOV sample table parser leading to out-of-bounds writes CVE-2024-47598: MP4/MOV sample table parser out-of-bounds read CVE-2024-47539: MP4/MOV Closed Caption handling out-of-bounds write CVE-2024-4754...

9.8CVSS7AI score0.01344EPSS
Exploits0References17
FreeBSD
FreeBSD
•added 2024/12/03 12:0 a.m.•21 views

gstreamer1-plugins -- multiple vulnerabilities

The GStreamer Security Center reports: 3 security bugs. CVE-2024-47542: ID3v2 parser out-of-bounds read and NULL-pointer dereference CVE-2024-47600: Out-of-bounds read in gst-discoverer-1.0 commandline tool CVE-2024-47541: Out-of-bounds write in SSA subtitle parser...

9.1CVSS7AI score0.01324EPSS
Exploits2References3
FreeBSD
FreeBSD
•added 2024/10/29 12:0 a.m.•21 views

gstreamer1-rtsp-server -- Potential Denial-of-Service (DoS) with specially crafted client requests

Qingpeng Du reports: A series of specially crafted client requests during streaming setup post client authentication, if any can cause the RTSP server library to abort, if it has been compiled with assertions enabled...

7.5CVSS7.2AI score0.00658EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/09/18 12:0 a.m.•21 views

qt5-webengine -- Multiple vulnerabilities

Backports for 15 security bugs in Chromium: CVE-2024-4761: Out of bounds write in V8 CVE-2024-5158: Type confusion in V8 CVE-2024-7532: Out of bounds memory access in ANGLE CVE-2024-7965: Inappropriate implementation in V8 CVE-2024-7967: Heap buffer overflow in Fonts CVE-2024-7971: Type confusion...

9.8CVSS8.4AI score0.19272EPSS
Exploits8References1
FreeBSD
FreeBSD
•added 2024/09/03 12:0 a.m.•21 views

forgejo -- multiple vulnerabilities

Problem Description: Replace v-html with v-text in search inputbox Upgrade webpack to v5.94.0 as a precaution to mitigate CVE-2024-43788, although we were not yet able to confirm that this can be exploited in Forgejo...

6.4CVSS6.8AI score0.00904EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/06/18 12:0 a.m.•21 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 6 security fixes: 344608204 High CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee @0x10n participating in SSD Secure Disclosure's TyphoonPWN 2024 on 2024-06-04 343748812 High CVE-2024-6101: Inappropriate implementation in WebAssembly...

8.8CVSS7.6AI score0.01123EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/06/11 12:0 a.m.•21 views

mozilla firefox -- protocol information guessing

[email protected] reports: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

4.3CVSS7AI score0.00736EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/06/05 12:0 a.m.•21 views

traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses

The traefik authors report: There is a vulnerability in Go managing various Is methods IsPrivate, IsLoopback, etc for IPv4-mapped IPv6 addresses. They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms...

9.8CVSS6.9AI score0.01952EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/05/28 12:0 a.m.•21 views

minio -- unintentional information disclosure

Minio security advisory GHSA-95fr-cm4m-q5p9 reports: when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information...

5.3CVSS7AI score0.00549EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/05/23 12:0 a.m.•21 views

python -- several vulnerabilities

Hugo van Kemenade reports: Python 3.14.2 and 3.13.11 are now available ... and come with some bonus security fixes. gh-142145: Remove quadratic behavior in node ID cache clearing CVE-2025-12084 gh-119451: Fix a potential denial of service in http.client only in 3.13; CVE-2025-13836 gh-119452: Fix...

7.5CVSS6.8AI score0.01525EPSS
Exploits0References6
FreeBSD
FreeBSD
•added 2024/04/30 12:0 a.m.•21 views

cyrus-imapd -- unbounded memory allocation

Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2 allow authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. The IMAP protocol allows for command arguments to be LITERALs of negotiated lengt...

6.5CVSS7.2AI score0.00836EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/03/13 12:0 a.m.•21 views

electron{27,28} -- Out of bounds memory access in V8

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-2173...

8.8CVSS7AI score0.13556EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/12/24 12:0 a.m.•21 views

go-git -- DoS vulnerability

The go-git project reports: See link for details...

5.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2023/10/26 12:0 a.m.•21 views

openexr -- Heap Overflow in Scanline Deep Data Parsing

Austin Hackers Anonymous report: Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. ... it is...

9.1CVSS7.8AI score0.01258EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2023/10/09 12:0 a.m.•21 views

libcue -- out-of-bounds array access

The libcue team reports: There is a vulnerability to out-of-bounds array access...

8.8CVSS6.5AI score0.1657EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/09/27 12:0 a.m.•21 views

Users login enumeration by unauthenticated user in GLPI

[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are...

5.3CVSS7.3AI score0.33874EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/09/27 12:0 a.m.•21 views

Privilege Escalation from technician to super-admin in GLPI

[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to chan...

8.8CVSS7.6AI score0.00731EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/08/01 12:0 a.m.•21 views

FreeBSD -- Network authentication attack via pam_krb5

Problem Description: The problem detailed in FreeBSD-SA-23:04.pamkrb5 persisted following the patch for that advisory. Impact: The impact described in FreeBSD-SA-23:04.pamkrb5 persists...

9.8CVSS7.1AI score0.01098EPSS
Exploits0
FreeBSD
FreeBSD
•added 2023/07/26 12:0 a.m.•21 views

jenkins -- Stored XSS vulnerability

Jenkins Security Advisory: Description High SECURITY-3188 / CVE-2023-39151 Stored XSS vulnerability...

5.4CVSS6.5AI score0.00862EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/07/18 12:0 a.m.•21 views

libsndfile_project -- Integer overflow in dataend calculation

[email protected] reports: Multiple signed integers overflow in function aureadheader in src/au.c and in functions mat4open and mat4readheader in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts...

7.8CVSS7.1AI score0.00351EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/07/05 12:0 a.m.•21 views

GLPI vulnerable to SQL injection via inventory agent request

[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version...

9.8CVSS8.2AI score0.52381EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/04/27 12:0 a.m.•21 views

h2o -- Malformed HTTP/1.1 causes Out-of-Memory Denial of Service

Elijah Glover reports: Malformed HTTP/1.1 requests can crash worker processes. occasionally locking up child workers and causing denial of service, and an outage dropping any open connections...

8.2CVSS6.9AI score0.00902EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/02/08 12:0 a.m.•21 views

FreeBSD -- GELI silently omits the keyfile if read from stdin

Problem Description: When GELI reads a key file from a standard input, it doesn't store it anywhere. If the user tries to initialize multiple providers at once, for the second and subsequent devices the standard input stream will be already empty. In this case, GELI silently uses a NULL key as th...

6.5CVSS7AI score0.00637EPSS
Exploits0
FreeBSD
FreeBSD
•added 2022/10/24 12:0 a.m.•21 views

Grafana -- Privilege escalation

Grafana Labs reports: Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to si...

8.1CVSS3.5AI score0.0074EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/08/09 12:0 a.m.•21 views

FreeBSD -- AIO credential reference count leak

Problem Description: The aioaqueue function, used by the liolistio system call, fails to release a reference to a credential in an error case. Impact: An attacker may cause the reference count to overflow, leading to a use after free UAF...

7.7CVSS2.3AI score0.00218EPSS
Exploits0
FreeBSD
FreeBSD
•added 2022/04/19 12:0 a.m.•21 views

rainloop -- cross-site-scripting (XSS) vulnerability

Simon Scannell reports: The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client. When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their...

5.4CVSS0.9AI score0.01051EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2022/02/22 12:0 a.m.•21 views

typo3 -- XSS vulnerability in svg-sanitize

The TYPO3 project reports: The SVG sanitizer library enshrined/svg-sanitize before version 0.15.0 did not remove HTML elements wrapped in a CDATA section. As a result, SVG content embedded in HTML fetched as text/html was susceptible to cross-site scripting. Plain SVG files fetched as image/svg+x...

6.2CVSS0.8AI score0.00682EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2022/02/01 12:0 a.m.•21 views

py-treq -- sensitive information leak vulnerability

Treq's request methods treq.get, treq.post, HTTPClient.request, HTTPClient.get, etc. accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain "supercookies". This can potentially cause sensitive information to leak upon an HTTP redirect...

6.5CVSS6.7AI score0.01083EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2022/01/19 12:0 a.m.•21 views

ipython -- Execution with Unnecessary Privileges

IPython project reports: IPython 8.0.1, 7.31.1 and 5.11 are security releases that change some default values in order to prevent potential Execution with Unnecessary Privileges...

8.8CVSS4AI score0.00657EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2022/01/06 12:0 a.m.•21 views

uriparser -- Multiple vulnerabilities

Upstream project reports: Fix a bug affecting both uriNormalizeSyntax and uriMakeOwner functions where the text range in .hostText would not be duped using malloc but remain unchanged and hence "not owned" for URIs with an IPv4 or IPv6 address hostname; depending on how an application uses...

0.7AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2021/09/09 12:0 a.m.•21 views

py39-rencode -- infinite loop that could lead to Denial of Service

NIST reports: The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding such as via ;\x2f\x7f, enabling a remote attack that consumes CPU and memory...

7.5CVSS7.5AI score0.05566EPSS
Exploits0References2
Total number of security vulnerabilities5000