Lucene search
K
FreebsdRecent

6578 matches found

FreeBSD
FreeBSD
•added 2025/09/16 12:0 a.m.•6 views

Firefox -- Mitigation bypass

https://bugzilla.mozilla.org/showbug.cgi?id=1978453 reports: Mitigation bypass in the Web Compatibility: Tooling component...

5.4CVSS7AI score0.00255EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/16 12:0 a.m.•6 views

Firefox -- Sandbox escape due to undefined behavior

https://bugzilla.mozilla.org/showbug.cgi?id=1986185 reports: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component...

7.3CVSS7AI score0.00329EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/16 12:0 a.m.•6 views

Mozilla -- Information disclosure

[email protected] reports: This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

6.2CVSS6.5AI score0.00154EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/16 12:0 a.m.•4 views

Mozilla -- integer overflow

[email protected] reports: Integer overflow in the SVG component...

8.8CVSS7.3AI score0.00687EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/16 12:0 a.m.•4 views

Mozilla -- Incorrect boundary conditions

[email protected] reports: The vulnerability has been assessed to have moderate impact on affected systems, potentially allowing attackers to exploit incorrect boundary conditions in the JavaScript Garbage Collection component. In Thunderbird specifically, these flaws cannot be exploited throu...

6.5CVSS6.7AI score0.00291EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/14 12:0 a.m.•6 views

unit-java -- security vulnerability

F5 reports: When NGINX Unit with the Java Language Module is in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization...

6.9CVSS5.5AI score0.00552EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/11 12:0 a.m.•9 views

CUPS -- multiple vulnerabilities

OpenPrinting reports: When the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. An unsafe deserialization and validation of printer attributes, causes null dereference in libcups library...

8CVSS7.2AI score0.01063EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2025/09/11 12:0 a.m.•10 views

cups -- security vulnerabilities

OpenPrinting reports: When the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. An unsafe deserialization and validation of printer attributes, causes null dereference in libcups library...

8CVSS6.8AI score0.01063EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2025/09/10 12:0 a.m.•6 views

Gitlab -- Vulnerabilities

Gitlab reports: Denial of Service issue in SAML Responses impacts GitLab CE/EE Server-Side Request Forgery issue in Webhook custom header impacts GitLab CE/EE Denial of Service issue in User-Controllable Fields impacts GitLab CE/EE Denial of Service issue in endpoint file upload impacts GitLab...

8.8CVSS7AI score0.00645EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/09 12:0 a.m.•6 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 440454442 Critical CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang on 2025-08-22 439305148 High CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon on 2025-08-18...

8.8CVSS6.1AI score0.00589EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/05 12:0 a.m.•9 views

mongodb -- MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation

[email protected] reports: MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management...

7.5CVSS6.9AI score0.00305EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/05 12:0 a.m.•8 views

mongodb -- Malformed $group Query May Cause MongoDB Server to Crash

[email protected] reports: An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This...

6.5CVSS6.7AI score0.00289EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/05 12:0 a.m.•7 views

mongodb -- MongoDB Server router will crash when incorrect lsid is set on a sharded query

[email protected] reports: An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument lsid is provided in a case when it is not applicable...

6.5CVSS6.9AI score0.00254EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/03 12:0 a.m.•3 views

Shibboleth Service Provider -- SQL injection vulnerability in ODBC plugin

Internet2 reports: The Shibboleth Service Provider includes a storage API usable for a number of different use cases such as the session cache, replay cache, and relay state management. An ODBC extension plugin is provided with some distributions of the software notably on Windows. A SQL injectio...

7.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/02 12:0 a.m.•6 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 6 security fixes: 434513380 High CVE-2025-9864: Use after free in V8. Reported by Pavel Kuzmin of Yandex Security Team on 2025-07-28 437147699 Medium CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani on 2025-08-07...

8.8CVSS7.2AI score0.00353EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/01 12:0 a.m.•9 views

Django -- multiple vulnerabilities

Django reports: CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases...

8.1CVSS8.1AI score0.15602EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2025/08/29 12:0 a.m.•4 views

exiv2 -- Out-of-bounds read in Exiv2::EpsImage::writeMetadata()

Kevin Backhouse reports: An out-of-bounds read was found in Exiv2 versions v0.28.5 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into ...

5.5CVSS6.6AI score0.00132EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/08/29 12:0 a.m.•5 views

exiv2 -- Denial-of-service

Kevin Backhouse reports: A denial-of-service was found in Exiv2 version v0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata can cause Exiv2 to run for a long time. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying th...

5.5CVSS6.9AI score0.00226EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/08/28 12:0 a.m.•10 views

libudisks -- Udisks: out-of-bounds read in udisks daemon

[email protected] reports: A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it...

8.5CVSS6.8AI score0.0065EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/08/27 12:0 a.m.•4 views

PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS

[email protected] reports: The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the scs:...

9.1CVSS6.7AI score0.00693EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/08/27 12:0 a.m.•7 views

Gitlab -- vulnerabilities

Gitlab reports: Allocation of Resources Without Limits issue in import function impacts GitLab CE/EE Missing authentication issue in GraphQL endpoint impacts GitLab CE/EE Allocation of Resources Without Limits issue in GraphQL impacts GitLab CE/EE Code injection issue in GitLab repositories impac...

7.5CVSS7.2AI score0.00346EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/08/27 12:0 a.m.•4 views

ISC KEA -- kea-dhcp4 aborts if client sends a broadcast request with particular options

Internet Systems Consortium, Inc. reports: We corrected an issue in kea-dhcp4 that caused the server to abort if a client sent a broadcast request with particular options, and Kea failed to find an appropriate subnet for that client. This addresses CVE-2025-40779 4055, 4048...

7.5CVSS6.7AI score0.00495EPSS
Exploits0
FreeBSD
FreeBSD
•added 2025/08/19 12:0 a.m.•7 views

Mozilla -- memory corruption in GMP

[email protected] reports: An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process...

9.8CVSS6.3AI score0.0053EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/08/19 12:0 a.m.•6 views

Mozilla -- Denial-of-service due to out-of-memory

https://bugzilla.mozilla.org/showbug.cgi?id=1975837 reports: Denial-of-service due to out-of-memory in the Graphics: WebRender component...

7.5CVSS7AI score0.00351EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/08/19 12:0 a.m.•9 views

Mozilla -- Same-origin policy bypass

[email protected] reports: 'Same-origin policy bypass in the Graphics: Canvas2D component.'...

8.1CVSS6.3AI score0.00231EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/08/19 12:0 a.m.•6 views

Mozilla -- memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...

8.1CVSS7.3AI score0.0044EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2025/08/19 12:0 a.m.•6 views

Mozilla -- DoS in WebRender

[email protected] reports: 'Denial-of-service due to out-of-memory in the Graphics: WebRender component.'...

7.5CVSS6.2AI score0.00351EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/08/19 12:0 a.m.•6 views

Mozilla -- Uninitialized memory

[email protected] reports: Uninitialized memory in the JavaScript Engine component...

6.5CVSS6.2AI score0.00337EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/08/19 12:0 a.m.•8 views

Mozilla -- Same-origin policy bypass in the Graphics: Canvas2D component

https://bugzilla.mozilla.org/showbug.cgi?id=1979782 reports: Same-origin policy bypass in the Graphics: Canvas2D component...

8.1CVSS7AI score0.00231EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/08/19 12:0 a.m.•7 views

Mozilla -- memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS7.2AI score0.00424EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/08/19 12:0 a.m.•6 views

Firefox -- Spoofing in the Address Bar

[email protected] reports: Spoofing issue in the Address Bar component...

6.5CVSS6.3AI score0.00231EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/08/13 12:0 a.m.•4 views

nginx -- worker process memory disclosure

F5 reports: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This...

6.3CVSS7.6AI score0.00371EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/08/13 12:0 a.m.•10 views

www/varnish7 -- Denial of Service in HTTP/2

Varnish Development Team reports: A denial of service attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker can create a large number of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for th...

7.5CVSS7.2AI score0.04604EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2025/08/13 12:0 a.m.•6 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-site scripting issue in blob viewer impacts GitLab CE/EE Cross-site scripting issue in labels impacts GitLab CE/EE Cross-site scripting issue in Workitem impacts GitLab CE/EE Improper Handling of Permissions issue in project API impacts GitLab CE/EE Incorrect Privilege...

8.7CVSS6.9AI score0.00423EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/08/12 12:0 a.m.•14 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 6 security fixes: 432035817 High CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous on 2025-07-15 433533359 High CVE-2025-8880: Race in V8. Reported by Seunghyun Lee @0x10n on 2025-07-23 435139154 High CVE-2025-8901: Out of bounds...

8.8CVSS8.6AI score0.00289EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/08/11 12:0 a.m.•4 views

p5-Catalyst-Authentication-Credential-HTTP -- Insecure source of randomness

perl-catalyst project reports: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Data::UUID does not use a strong cryptographic source for generating UUIDs. Data::UUID returns v3 UUIDs, which are generated from known...

8.6CVSS6.2AI score0.00388EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/08/11 12:0 a.m.•6 views

PostgreSQL -- vulnerabilities

PostgreSQL project reports: Tighten security checks in planner estimation functions. Prevent pgdump scripts from being used to attack the user running the restore. Convert newlines to spaces in names included in comments in pgdump output...

8.8CVSS7.2AI score0.00709EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/08/08 12:0 a.m.•8 views

FreeBSD -- Integer overflow in libarchive leading to double free

Problem Description: An integer overflow in the archivereadformatrarseekdata function may lead to a double free problem. Impact: Exploiting a double free vulnerability can cause memory corruption. This in turn could enable a threat actor to execute arbitrary code. It might also result in denial o...

7.8CVSS7.1AI score0.00326EPSS
Exploits2
FreeBSD
FreeBSD
•added 2025/08/07 12:0 a.m.•5 views

quiche -- Infinite loop triggered by connection ID retirement

Quiche Releases reports: This update includes 1 security fix: High CVE-2025-7054: Infinite loop triggered by connection ID retirement. Reported by Catena cyber on 2025-08-07...

8.7CVSS7AI score0.0036EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/08/05 12:0 a.m.•5 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 12 security fixes: 414760982 Medium CVE-2025-8576: Use after free in Extensions. Reported by asnine on 2025-04-30 384050903 Medium CVE-2025-8577: Inappropriate implementation in Picture In Picture. Reported by Umar Farooq on 2024-12-14 423387026 Mediu...

8.8CVSS8AI score0.00313EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/31 12:0 a.m.•2 views

Vieb -- Remote Code Execution via Visiting Untrusted URLs

Zhengyu Liu, Jianjia Yu, Jelmer van Arnhem report: We discovered a remote code execution RCE vulnerability in the latest release of the Vieb browser v12.3.0. By luring a user to visit a malicious website, an attacker can achieve arbitrary code execution on the victim’s machine...

8.4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/29 12:0 a.m.•4 views

SQLite -- integer overflow in key info allocation

[email protected] reports: An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory v...

9.1CVSS8.2AI score0.0023EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/24 12:0 a.m.•12 views

gdk-pixbuf2 -- a heap buffer overflow

[email protected] reports: A flaw exists in gdk-pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib’s gbase64encodestep glib/gbase64.c. When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads...

7.5CVSS8.1AI score0.01051EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/23 12:0 a.m.•28 views

Apache httpd -- evaluation always true

The Apache httpd project reports: 'RewriteCond expr' always evaluates to true in 2.4.64...

6.3CVSS6.6AI score0.00691EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/23 12:0 a.m.•7 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE using CDNs Exposure of Sensitive Information to an Unauthorized Actor issue impacts GitLab CE/EE Improper Access Control issue impacts GitLab EE...

8.7CVSS6.6AI score0.00392EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•4 views

viewvc -- Arbitrary server filesystem content

cmpilato reports: The ViewVC standalone web server standalone.py is a script provided in the ViewVC distribution for the purposes of quickly testing a ViewVC configuration. This script can in particular configurations expose the contents of the host server's filesystem though a directory...

7.5CVSS7.2AI score0.00822EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•6 views

Mozilla -- cookie shadowing

[email protected] reports: Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute...

9.1CVSS6.7AI score0.00217EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•7 views

Mozilla -- Insufficient input escaping

[email protected] reports: Insufficient escaping in the Copy as cURL feature could potentially be used to trick a user into executing unexpected code...

8.1CVSS6.6AI score0.00306EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•20 views

Mozilla -- Incorrect computation of branch address

[email protected] reports: On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address...

9.8CVSS6.6AI score0.00472EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•6 views

Mozilla -- Memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...

8.8CVSS7.6AI score0.00375EPSS
Exploits0References1
Total number of security vulnerabilities6578