Lucene search
K
FreebsdRecent

6578 matches found

FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•8 views

Mozilla -- HTTP Basic Authentication credentials leak

[email protected] reports: The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials...

9.8CVSS6.8AI score0.00431EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•5 views

Mozilla -- Ignored paths while checking navigations

[email protected] reports: Thunderbird ignored paths when checking the validity of navigations in a frame...

9.8CVSS6.7AI score0.00225EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•7 views

Mozilla -- nullptr dereference

[email protected] reports: The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref...

6.5CVSS6.6AI score0.00351EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•6 views

Mozilla -- XSLT document CSP bypass

[email protected] reports: XSLT document loading did not correctly propagate the source document which bypassed its CSP...

8.1CVSS6.7AI score0.00305EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•7 views

Mozilla -- 'javascript:' URLs execution

[email protected] reports: Thunderbird executed javascript: URLs when used in object and embed tags...

8.1CVSS6.8AI score0.00306EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•5 views

Mozilla -- Memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.8CVSS7.7AI score0.00302EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•5 views

Mozilla -- Persisted search terms in the URL bar

[email protected] reports: In some cases search terms persisted in the URL bar even after navigating away from the search page...

8.1CVSS6.7AI score0.00277EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•5 views

Mozilla -- CORS circumvention

[email protected] reports: Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding...

8.1CVSS6.7AI score0.00417EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•6 views

Mozilla -- IonMonkey-JIT bad stack write

[email protected] reports: On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits...

6.5CVSS6.7AI score0.00351EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•5 views

Mozilla -- Multiple vulnerabilities

[email protected] reports: Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Focus incorrectly truncated URLs towards the...

9.8CVSS7.7AI score0.00435EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2025/07/22 12:0 a.m.•8 views

Mozilla -- Memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could hav...

8.8CVSS7.7AI score0.00326EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/21 12:0 a.m.•6 views

powerdns-recursor -- cache pollution

PowerDNS Team reports: An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and...

7.5CVSS7.2AI score0.00229EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/18 12:0 a.m.•6 views

libwasmtime -- host panic with fd_renumber WASIp1 function

WasmTime development team reports: A bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder...

3.5CVSS7.2AI score0.00299EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/17 12:0 a.m.•9 views

7-Zip -- Multi-byte write heap buffer overflow in NCompress::NRar5::CDecoder

[email protected] reports: 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue...

7.5CVSS7.4AI score0.00635EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/07/17 12:0 a.m.•4 views

goldendict -- dangerous method exposed

[email protected] reports: GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary...

9.6CVSS6.9AI score0.00427EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/07/16 12:0 a.m.•3 views

p5-Authen-SASL -- Insecure source of randomness

p5-Authen-SASL project reports: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and...

6.5CVSS7.3AI score0.00394EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/16 12:0 a.m.•5 views

unbound -- Cache poisoning via the ECS-enabled Rebirthday Attack

[email protected] reports: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information...

8.7CVSS6.4AI score0.00188EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/15 12:0 a.m.•4 views

SQLite < 3.50.3 -- CWE-190 Integer Overflow or Wraparound in FTS5 module

https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g reports: An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to...

6.9CVSS5.9AI score0.00322EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/15 12:0 a.m.•5 views

sqlite -- Integer Truncation on SQLite

[email protected] reports: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue...

7.7CVSS7.7AI score0.73495EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2025/07/11 12:0 a.m.•3 views

qt6-base -- DoS in QColorTransferGenericFunction

Andy Shaw reports: When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile...

2.3CVSS6.3AI score0.00278EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/10 12:0 a.m.•4 views

liboqs -- Secret-dependent branching in HQC

The OpenQuantumSafe project reports: Secret-dependent branching in HQC reference implementation when compiled with Clang 17-20 for optimizations above -O0...

5.9CVSS6.6AI score0.002EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/10 12:0 a.m.•72 views

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: moderate: Apache HTTP Server: HTTP response splitting CVE-2024-42516 low: Apache HTTP Server: SSRF with modheaders setting Content-Type header CVE-2024-43204 moderate: Apache HTTP Server: SSRF on Windows due to UNC paths CVE-2024-43394 low: Apache HTTP Server:...

9.1CVSS7.3AI score0.04409EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2025/07/10 12:0 a.m.•4 views

Apache Tomcat -- Multiple Vulnerabilities

[email protected] reports: A race condition on connection close could trigger a JVM crash when using the APR/Native connector leading to a DoS. This was particularly noticeable with client initiated closes of HTTP/2 connections. An uncontrolled resource consumption vulnerability if an HTTP/2...

7.5CVSS7.1AI score0.0196EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2025/07/10 12:0 a.m.•20 views

mod_http2 -- Multiple vulnerabilities

The modhttp2 project reports: a client can increase memory consumption for a HTTP/2 connection via repeated request header names,leading to denial of service certain proxy configurations whith modproxyhttp2 as the backend, an assertion can be triggered by certain requests, leading to denial of...

7.5CVSS7.2AI score0.04409EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/07/09 12:0 a.m.•5 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-site scripting issue impacts GitLab CE/EE Improper authorization issue impacts GitLab CE/EE Improper authorization issue impacts GitLab EE Improper authorization issue impacts GitLab EE...

8.7CVSS6.8AI score0.00492EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/09 12:0 a.m.•10 views

GnuTLS -- multiple vulnerabilities

Daiki Ueno reports: libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps Spotted by oss-fuzz and reported by OpenAI Security Research Team, and fix developed by Andrew Hamilton. GNUTLS-SA-2025-07-07-1, CVSS: medium CVE-2025-32989 libgnutls: Fix double-free upon error when...

8.2CVSS6.6AI score0.01185EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/08 12:0 a.m.•6 views

rubygem-resolv -- Possible denial of service

Manu reports: The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process...

7.5CVSS6.1AI score0.00539EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/07 12:0 a.m.•4 views

mongodb -- Certain Queries May Cause MongoDB Server to Crash

[email protected] reports: An authorized user can issue queries with duplicate id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version...

6.5CVSS6.9AI score0.00276EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/07 12:0 a.m.•6 views

MongoDB -- Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections

[email protected] reports: MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. Required Configuration: This affects MongoDB sharded clusters when configured with...

7.5CVSS6.6AI score0.00307EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/07 12:0 a.m.•6 views

MongoDB -- may be susceptible to privilege escalation due to $mergeCursors stage

[email protected] reports: An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation...

7.7CVSS6.4AI score0.00336EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/07 12:0 a.m.•6 views

MongoDB -- Incomplete Redaction of Sensitive Information in MongoDB Server Logs

[email protected] reports: An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered...

4.9CVSS6.5AI score0.00239EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/07 12:0 a.m.•5 views

MongoDB -- may be susceptible to DoS due to Accumulated Memory Allocation

[email protected] reports: MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer...

6.5CVSS6.5AI score0.00276EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/06 12:0 a.m.•7 views

redis,valkey -- DoS Vulnerability due to bad connection error handling

@julienperriercornet reports: An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service...

7.5CVSS7.3AI score0.00733EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/07/06 12:0 a.m.•6 views

redis,valkey -- Out of bounds write in hyperloglog commands leads to RCE

Seunghyun Lee reports: An authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution...

7.8CVSS7.8AI score0.03877EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2025/07/02 12:0 a.m.•8 views

FreeBSD -- Use-after-free in multi-threaded xz decoder

Problem Description: A worker thread could free its input buffer after decoding, while the main thread might still be writing to it. This leads to an use-after-free condition on heap memory. Impact: An attacker may use specifically crafted .xz file to cause multi-threaded xz decoder to crash, or...

8.7CVSS7.5AI score0.00647EPSS
Exploits0
FreeBSD
FreeBSD
•added 2025/07/02 12:0 a.m.•6 views

ModSecurity -- empty XML tag causes segmentation fault

[email protected] reports: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the reques...

6.5CVSS7.1AI score0.00346EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/30 12:0 a.m.•9 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 1 security fix: 427663123 High CVE-2025-6554: Type Confusion in V8...

8.1CVSS7.4AI score0.06564EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2025/06/30 12:0 a.m.•10 views

podman -- TLS connection used to pull VM images was not validated

RedHat, Inc. reports: A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

8.3CVSS6.2AI score0.00397EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/26 12:0 a.m.•7 views

MongoDB -- Race condition in privilege cache invalidation cycle

NVD reports: Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator...

5.4CVSS7.4AI score0.00143EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/26 12:0 a.m.•6 views

MongoDB -- Running certain aggregation operations with the SBE engine may lead to unexpected behavior

[email protected] reports: An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework...

8.8CVSS7.1AI score0.00214EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/26 12:0 a.m.•5 views

MongoDB -- Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB

[email protected] reports: MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. Such inputs can lead to a stack overflow that causes the...

7.5CVSS7.5AI score0.00307EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/26 12:0 a.m.•4 views

gstreamer1-plugins-bad -- stack buffer overflow in H.266 video parser

GStreamer Security Center reports: It is possible for a malicious third party to trigger a buffer overflow that can result in a crash of the application and possibly also allow code execution through stack manipulation...

7.8CVSS7.7AI score0.00325EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/26 12:0 a.m.•5 views

MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication

NVD reports: The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and serv...

7.5CVSS7.2AI score0.00466EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/26 12:0 a.m.•7 views

kanboard -- Password Reset Poisoning via Host Header Injection

GitHub Security Advisories reports: Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the applicationurl configuration is unset default behavior. This allows an attacker to craft a malicious password reset link that leaks the token to an...

8.8CVSS7.3AI score0.00454EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/06/25 12:0 a.m.•4 views

Gitlab -- Vulnerabilities

Gitlab reports: Denial of Service impacts GitLab CE/EE Missing Authentication issue impacts GitLab CE/EE Improper access control issue impacts GitLab CE/EE Elevation of Privilege impacts GitLab CE/EE Improper access control issue impacts GitLab EE...

8.8CVSS7.3AI score0.00304EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/24 12:0 a.m.•4 views

Mozilla -- exploitable crash

[email protected] reports: A use-after-free in FontFaceSet resulted in a potentially exploitable crash...

9.8CVSS7.4AI score0.03057EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/24 12:0 a.m.•9 views

firefox -- multiple vulnerabilities

[email protected] reports: An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. When Multi-Account Containers was enabled, DNS requests could have bypass...

9.8CVSS7AI score0.02855EPSS
Exploits0References6
FreeBSD
FreeBSD
•added 2025/06/24 12:0 a.m.•7 views

Mozilla -- persistent UUID that identifies browser

[email protected] reports: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox 140, Firefox E...

4.3CVSS5.9AI score0.00249EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/24 12:0 a.m.•7 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 11 security fixes: 407328533 Medium CVE-2025-6555: Use after free in Animation. Reported by Lyra Rebane rebane2001 on 2025-03-30 40062462 Low CVE-2025-6556: Insufficient policy enforcement in Loader. Reported by Shaheen Fazim on 2023-01-02 406631048 L...

5.4CVSS8AI score0.00177EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/24 12:0 a.m.•6 views

firefox -- multiple vulnerabilities

[email protected] reports: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. When a file download is...

6.5CVSS6.5AI score0.00285EPSS
Exploits0References2
Total number of security vulnerabilities6578