Lucene search
K
FreebsdRecent

6578 matches found

FreeBSD
FreeBSD
•added 2025/06/18 12:0 a.m.•5 views

quiche -- Multiple vulnerabilities

Quiche Releases reports: This update includes 2 security fixes: Medium CVE-2025-4820: Incorrect congestion window growth by optimistic ACK. Reported by Louis Navarre on 2025-06-18. High CVE-2025-4821: Incorrect congestion window growth by invalid ACK ranges. Reported by Louis Navarre on 2025-06-1...

7.5CVSS7.1AI score0.00723EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/18 12:0 a.m.•11 views

clamav -- ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Cisco reports: A vulnerability in Universal Disk Format UDF processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit thi...

7.5CVSS7.3AI score0.00663EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/18 12:0 a.m.•4 views

clamav -- ClamAV PDF Scanning Buffer Overflow Vulnerability

Cisco reports: A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service DoS condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers a...

9.8CVSS9.4AI score0.01535EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/17 12:0 a.m.•6 views

xorg server -- Multiple vulnerabilities

The X.Org project reports: CVE-2025-49175: Out-of-bounds access in X Rendering extension Animated cursors The X Rendering extension allows creating animated cursors providing a list of cursors. By default, the Xserver assumes at least one cursor is provided while a client may actually pass no...

7.8CVSS7.6AI score0.00369EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/17 12:0 a.m.•10 views

xorg server -- Multiple vulnerabilities

The X.Org project reports: CVE-2025-49176: Integer overflow in Big Requests Extension The Big Requests extension allows requests larger than the 16-bit length limit. It uses integers for the request length and checks for the size not to exceed the maxBigRequestSize limit, but does so after...

7.3CVSS7.5AI score0.00306EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/17 12:0 a.m.•6 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 420697404 High CVE-2025-6191: Integer overflow in V8. Reported by Shaheen Fazim on 2025-05-27 421471016 High CVE-2025-6192: Use after free in Profiler. Reported by Chaoyuan Peng @ret2happy on 2025-05-31...

8.8CVSS8.2AI score0.08794EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/16 12:0 a.m.•5 views

Erlang - Absolute Path in Zip Module

https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc reports: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program...

4.8CVSS6.9AI score0.00226EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/12 12:0 a.m.•8 views

PostgreSQL JDBC library -- Improper Authentication

PostgreSQL JDBC Driver project reports: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore...

8.2CVSS8.3AI score0.00461EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/11 12:0 a.m.•7 views

Firefox -- Multiple vulnerabilities

[email protected] reports: CVE-2025-49709: Certain canvas operations could have lead to memory corruption. CVE-2025-49710: An integer overflow was present in OrderedHashTable used by the JavaScript engine...

9.8CVSS7.4AI score0.00651EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2025/06/11 12:0 a.m.•7 views

Gitlab -- Vulnerabilities

Gitlab reports: HTML injection impacts GitLab CE/EE Cross-site scripting issue impacts GitLab CE/EE Missing authorization issue impacts GitLab Ultimate EE Denial of Service impacts GitLab CE/EE Denial of Service via unbounded Webhook token names impacts GitLab CE/EE Denial of Service via unbounde...

9.9CVSS6.9AI score0.07524EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2025/06/10 12:0 a.m.•4 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: $8000420150619 High CVE-2025-5958: Use after free in Media. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2025-05-25 NA422313191 High CVE-2025-5959: Type Confusion in V8. Reported by Seunghyun Lee as part of...

8.8CVSS8AI score0.10666EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/04 12:0 a.m.•10 views

electron{34,35,36} -- Out of bounds read and write in V8

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-5419...

8.8CVSS8.9AI score0.06463EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2025/06/03 12:0 a.m.•11 views

Chrome -- Out of bounds read

[email protected] reports: Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS8.8AI score0.06463EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2025/06/02 12:0 a.m.•7 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 420636529 High CVE-2025-5419: Out of bounds read and write in V8. Reported by Clement Lecigne and Benoît Sevens of Google Threat Analysis Group on 2025-05-27. This issue was mitigated on 2025-05-28 by a configuration change pushed ou...

8.8CVSS7.8AI score0.06463EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2025/06/02 12:0 a.m.•9 views

ModSecurity -- possible DoS vulnerability

[email protected] reports: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg -...

6.7AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2025/06/01 12:0 a.m.•22 views

Post-Auth Remote Code Execution found in Roundcube Webmail

Roundcube Webmail reports: Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v...

9.9CVSS7.1AI score0.89462EPSS
Exploits29References1
FreeBSD
FreeBSD
•added 2025/05/29 12:0 a.m.•4 views

navidrome -- transcoding permission bypass vulnerability

Deluan Quintão reports: A permission verification flaw in Navidrome allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings...

8.7CVSS7.2AI score0.00398EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/05/29 12:0 a.m.•5 views

Navidrome -- SQL Injection via role parameter

Deluan reports: This vulnerability arises due to improper input validation on the role parameter within the API endpoint /api/artist. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user...

9.8CVSS7.7AI score0.00423EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/29 12:0 a.m.•18 views

electron{34,35} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-4609. Security: backported fix for CVE-2025-4664...

9.6CVSS7.2AI score0.05329EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2025/05/28 12:0 a.m.•10 views

curl -- Multiple vulnerabilities

curl security team reports: CVE-2025-5025: No QUIC certificate pinning with wolfSSL CVE-2025-4947: QUIC certificate check skip with wolfSSL...

6.5CVSS7.4AI score0.00253EPSS
Exploits3References2
FreeBSD
FreeBSD
•added 2025/05/28 12:0 a.m.•4 views

redis,valkey -- {redis,valkey}-check-aof may lead to stack overflow and potential RCE

Simcha Kosman & CyberArk Labs reports: A user can run the redis,valkeyu-check-aof cli and pass a long file path to trigger a stack buffer overflow, which may potentially lead to remote code execution...

9.8CVSS7.2AI score0.00797EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/28 12:0 a.m.•7 views

ISC KEA -- Multiple vulnerabilities

Internet Systems Consortium, Inc. reports: Loading a malicious hook library can lead to local privilege escalation https://kb.isc.org/docs/cve-2025-32801 Insecure handling of file paths allows multiple local attacks https://kb.isc.org/docs/cve-2025-32802 Insecure file permissions can result in...

7.8CVSS6.7AI score0.00235EPSS
Exploits0
FreeBSD
FreeBSD
•added 2025/05/27 12:0 a.m.•11 views

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 25 security bugs in Chromium: CVE-2025-5063: Use after free in Compositing CVE-2025-5064: Inappropriate implementation in Background Fetch CVE-2025-5065: Inappropriate implementation in FileSystemAccess API CVE-2025-5068: Use after free in Blink...

8.8CVSS8.9AI score0.09185EPSS
Exploits8References1
FreeBSD
FreeBSD
•added 2025/05/27 12:0 a.m.•9 views

Mozilla -- clickjacking vulnerability

[email protected] reports: A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page...

5.4CVSS6.8AI score0.00227EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/27 12:0 a.m.•8 views

Mozilla -- XS-leak attack

[email protected] reports: Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks...

4.3CVSS6.6AI score0.00275EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/27 12:0 a.m.•9 views

Mozilla -- local code execution

[email protected] reports: Due to insufficient escaping of the newline character in the Copy as cURL feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system...

4.8CVSS7.1AI score0.00136EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/27 12:0 a.m.•13 views

Chrome -- Heap corruption exploitation

[email protected] reports: Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.9AI score0.03073EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/27 12:0 a.m.•9 views

Mozilla -- memory corruption

[email protected] reports: Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code...

8.1CVSS7AI score0.0039EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/27 12:0 a.m.•3 views

Firefox -- unencrypted SNI

[email protected] reports: In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled...

7.5CVSS7AI score0.00241EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/27 12:0 a.m.•12 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 11 security fixes: 411573532 High CVE-2025-5063: Use after free in Compositing. Reported by Anonymous on 2025-04-18 417169470 High CVE-2025-5280: Out of bounds write in V8. Reported by pwn2car on 2025-05-12 40058068 Medium CVE-2025-5064: Inappropriate...

8.8CVSS6.6AI score0.03073EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/27 12:0 a.m.•8 views

libxml2 -- multiple vulnerabilities

Alan Coopersmith reports: As discussed in https://gitlab.gnome.org/GNOME/libxml2/-/issues/913 the security policy of libxml2 has been changed to disclose vulnerabilities before fixes are available so that people other than the maintainer can contribute to fixing security issues in this library. A...

9.1CVSS7.6AI score0.01437EPSS
Exploits1References9
FreeBSD
FreeBSD
•added 2025/05/27 12:0 a.m.•9 views

Mozilla -- cross-origin leak attack

[email protected] reports: Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks...

4.3CVSS7AI score0.00213EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/27 12:0 a.m.•12 views

Mozilla -- Memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.1CVSS7.4AI score0.00412EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/27 12:0 a.m.•4 views

Firefox -- content injection attack

[email protected] reports: Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks...

6.5CVSS7.1AI score0.00257EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/27 12:0 a.m.•9 views

Mozilla -- Memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

7.3CVSS7.7AI score0.00274EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/27 12:0 a.m.•14 views

traefik -- Path traversal vulnerability

The traefik project reports: There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it...

9.1CVSS6.6AI score0.00784EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/23 12:0 a.m.•12 views

OpenSSL -- Inverted security logic in x509 app

The OpenSSL project reports: The x509 application adds trusted use instead of rejected use low...

6.5CVSS6.9AI score0.00306EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/21 12:0 a.m.•8 views

ModSecurity -- possible DoS vulnerability

[email protected] reports: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content...

7.5CVSS7.2AI score0.00586EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/05/21 12:0 a.m.•10 views

ModSecurity -- Possible DoS Vulnerability

[email protected] reports: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content...

7.5CVSS7.8AI score0.00586EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/05/21 12:0 a.m.•25 views

Gitlab -- vulnerabilities

Gitlab reports: Unprotected large blob endpoint in GitLab allows Denial of Service Improper XPath validation allows modified SAML response to bypass 2FA requirement A Discord webhook integration may cause DoS Unbounded Kubernetes cluster tokens may lead to DoS Unvalidated notes position may lead ...

7.5CVSS6.7AI score0.00484EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/05/17 12:0 a.m.•24 views

firefox -- out-of-bounds read/write

[email protected] reports: An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...

9.8CVSS8.6AI score0.08917EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2025/05/17 12:0 a.m.•7 views

py-setuptools -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf reports: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An...

8.8CVSS7.3AI score0.01479EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2025/05/15 12:0 a.m.•12 views

cpython -- Use-after-free in "unicode_escape" decoder with error handler

[email protected] reports: There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap t...

5.9CVSS5.4AI score0.00171EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/14 12:0 a.m.•21 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 415810136 High CVE-2025-4664: Insufficient policy enforcement in Loader. Source: X post from @slonser on 2025-05-05 412578726 High CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo. Reported by Micky on...

9.6CVSS7.6AI score0.05329EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2025/05/13 12:0 a.m.•10 views

vscode -- security feature bypass vulnerability

VSCode developers report: A security feature bypass vulnerability exists in VS Code 1.100.0 and earlier versions where a maliciously crafted URL could be considered trusted when it should not have due to how VS Code handled glob patterns in the trusted domains feature. When paired with the fetch...

7.1CVSS6.9AI score0.00629EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2025/05/12 12:0 a.m.•11 views

www/varnish7 -- Request Smuggling Attack

The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish Cache and Varnish Enterprise. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 requests. An attacker can abuse a flaw in Varnish's handling of chunked...

7.1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/12 12:0 a.m.•9 views

screen -- multiple vulnerabilities

The screen project reports: Multiple security issues in screen...

7.8CVSS7.1AI score0.00213EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/11 12:0 a.m.•3 views

WeeChat -- Multiple vulnerabilities

The Weechat project reports: Multiple integer and buffer overflows in WeeChat core...

7.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/08 12:0 a.m.•15 views

PostgreSQL -- PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

PostgreSQL project reports: A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before...

5.9CVSS7AI score0.00612EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/05/07 12:0 a.m.•27 views

Gitlab -- vulnerabilities

Gitlab reports: Partial Bypass for Device OAuth flow using Cross Window Forgery Denial of service by abusing Github import API Group IP restriction bypass allows disclosing issue title of restricted project...

6.8CVSS7AI score0.0033EPSS
Exploits1References1
Total number of security vulnerabilities6578