Lucene search
K
FreebsdRecent

6578 matches found

FreeBSD
FreeBSD
•added 2025/05/06 12:0 a.m.•10 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 412057896 Medium CVE-2025-4372: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2025-04-20...

8.8CVSS9.4AI score0.00493EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/29 12:0 a.m.•12 views

Mozilla -- memory corruption

[email protected] reports: Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code...

8.1CVSS7.4AI score0.00403EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/29 12:0 a.m.•9 views

Mozilla -- memory corruption

[email protected] reports: Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

6.5CVSS8.8AI score0.00256EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/29 12:0 a.m.•11 views

Mozilla -- XPath parsing undefined behavior

[email protected] reports: A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption...

4.8CVSS6.6AI score0.00267EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/29 12:0 a.m.•20 views

Mozilla -- javascript content execution

[email protected] reports: A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape...

9.1CVSS9.4AI score0.00379EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/29 12:0 a.m.•14 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 8 security fixes: 409911705 High CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11 409342999 Medium CVE-2025-4050: Out of bounds memory access in DevTools. Reported by Anonymous on 2025-04-09 404000989 Medium...

9.8CVSS9.2AI score0.0058EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/29 12:0 a.m.•7 views

Mozilla -- control access bypass

[email protected] reports: Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowin...

8.8CVSS7.4AI score0.00538EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/29 12:0 a.m.•16 views

Mozilla -- memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.1CVSS7.9AI score0.00419EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/29 12:0 a.m.•8 views

Mozilla -- insufficient character escaping

[email protected] reports: Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system...

5.1CVSS7.2AI score0.00154EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/29 12:0 a.m.•7 views

Mozilla -- Cross-Site Request Forgery

[email protected] reports: A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins...

6.5CVSS6.9AI score0.00153EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/29 12:0 a.m.•8 views

Mozilla -- Information leak

[email protected] reports: An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges...

7.1CVSS6.6AI score0.00252EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/29 12:0 a.m.•12 views

dnsdist -- Denial of service via crafted DoH exchange

[email protected] reports: When DNSdist is configured to provide DoH via the nghttp2provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade t...

7.5CVSS6.8AI score0.02068EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/26 12:0 a.m.•10 views

grafana -- XSS vulnerability

[email protected] reports: A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does...

7.6CVSS7AI score0.97809EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2025/04/24 12:0 a.m.•6 views

h11 accepts some malformed Chunked-Encoding bodies

h11 reports: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since...

9.1CVSS9.5AI score0.00527EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/23 12:0 a.m.•5 views

Gimp -- GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

[email protected] reports: GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the...

7.8CVSS8AI score0.01432EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/23 12:0 a.m.•29 views

Gitlab -- Vulnerabilities

Gitlab reports: Cross Site Scripting XSS in Maven Dependency Proxy through CSP directives Cross Site Scripting XSS in Maven dependency proxy through cache headers Network Error Logging NEL Header Injection in Maven Dependency Proxy Allows Browser Activity Monitoring Denial of service DOS via issu...

8.7CVSS5.7AI score0.00522EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2025/04/23 12:0 a.m.•7 views

Gimp -- GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability

[email protected] reports: GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target...

7.8CVSS8.2AI score0.0715EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/23 12:0 a.m.•10 views

redis,valkey -- DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client

Axel Mierczuk reports: By default, the Redis configuration does not limit the output buffer of normal clients see client-output-buffer-limit. Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted and the memory is unavailable. When password...

7.5CVSS7.5AI score0.00824EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/22 12:0 a.m.•9 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 1 security fix...

7.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/16 12:0 a.m.•8 views

ejabberd -- mod_muc_occupantid: Fix handling multiple occupant-id

ejabberd team reports: Fixed issue with handling of user provided occupant-id in messages and presences sent to muc room. Server was replacing just first instance of occupant-id with its own version, leaving other ones untouched. That would mean that depending on order in which clients send...

7.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/16 12:0 a.m.•15 views

Erlang -- Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

[email protected] reports: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protoc...

10CVSS7.6AI score0.97859EPSS
Exploits36References1
FreeBSD
FreeBSD
•added 2025/04/15 12:0 a.m.•7 views

Grafana -- User deletion issue

Grafana Labs reports: On April 15, we discovered a vulnerability that stems from the user deletion logic associated with organization administrators. An organization admin could remove any user from the specific organization they manage. Additionally, they have the power to delete users entirely...

7.6CVSS7.2AI score0.97809EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2025/04/15 12:0 a.m.•10 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 409619251 Critical CVE-2025-3619: Heap buffer overflow in Codecs. Reported by Elias Hohl on 2025-04-09 405292639 High CVE-2025-3620: Use after free in USB. Reported by @retsew0x01 on 2025-03-21...

8.8CVSS8.2AI score0.00366EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/15 12:0 a.m.•9 views

Firefox -- memory corruption due to race condition

[email protected] reports: A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition...

6.5CVSS6.9AI score0.00291EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/14 12:0 a.m.•5 views

sqlite -- integer overflow

[email protected] reports: An integer overflow can be triggered in SQLites concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffe...

9.8CVSS7.8AI score0.00718EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/13 12:0 a.m.•11 views

Perl -- heap buffer overflow when transliterating non-ASCII bytes

9b29abf9-4ab0-4765-b253-1875cd9b441e reports: A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the tr operator, Sdotransinvmap can overflow the destination pointer d. $ perl -e '$ = "\xFF" x 1000000; tr/\xFF/\x100/;' Segmentation...

8.4CVSS8.3AI score0.0052EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/12 12:0 a.m.•7 views

p5-Crypt-CBC -- Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Lib-Crypt-CBC project reports: Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case...

4CVSS7.3AI score0.00176EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/11 12:0 a.m.•5 views

git -- multiple vulnerabilities

Git development team reports: CVE-2025-27613: Gitk: When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of this line...

8.6CVSS7.3AI score0.02775EPSS
Exploits9References6
FreeBSD
FreeBSD
•added 2025/04/10 12:0 a.m.•10 views

SQLite -- application crash

[email protected] reports: In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3dbconfig in the C-language API can cause a denial of service application crash. An sznBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect...

5.6CVSS6.3AI score0.00179EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/10 12:0 a.m.•14 views

libxslt -- multiple vulnerabilities

Alan Coopersmith reports: On 6/16/25 15:12, Alan Coopersmith wrote: BTW, users of libxml2 may also be using its sibling project, libxslt, which currently has no active maintainer, but has three unfixed security issues reported against it according to...

7.8CVSS6.7AI score0.012EPSS
Exploits1References7
FreeBSD
FreeBSD
•added 2025/04/09 12:0 a.m.•33 views

Gitlab -- Vulnerabilities

Gitlab reports: Denial of service via CI pipelines Unintentionally authorizing sensitive actions on users behalf IP Restriction Bypass through GraphQL Subscription Unauthorized users can list the number of confidential issues Debugging Information Disclosed...

7.5CVSS6.8AI score0.00354EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2025/04/08 12:0 a.m.•13 views

libxml2 -- Out-of-bounds memory access

[email protected] reports: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

7.5CVSS6.8AI score0.0033EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/04/08 12:0 a.m.•19 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 405140652 High CVE-2025-3066: Use after free in Site Isolation. Reported by Sven Dysthe @svn-dys on 2025-03-21...

8.8CVSS8AI score0.00342EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/07 12:0 a.m.•8 views

powerdns-recursor -- denial of service

PowerDNS Team reports: PowerDNS Security Advisory 2025-01: A crafted zone can lead to an illegal memory access in the Recursor...

7.5CVSS6.8AI score0.0068EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/07 12:0 a.m.•9 views

sqlite -- integer overflow

[email protected] reports: In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in...

7.5CVSS7.7AI score0.00453EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/05 12:0 a.m.•7 views

Grafana -- DingDing contact points exposed in Grafana Alerting

Grafana Labs reports: An incident occurred where the DingDing alerting integration URL was inadvertently exposed to viewers due to a setting oversight, which we learned about through a bug bounty report. The CVSS 3.0 score for this vulnerability is 4.3 Medium...

4.3CVSS7.1AI score0.0089EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/04 12:0 a.m.•10 views

Grafana -- Bypass Viewer and Editor permissions

Grafana Labs reports: During the development of a new feature in Grafana 11.6.x, a security vulnerability was introduced that allows for Viewers and Editors to bypass dashboard-specific permissions. As a result, users with the Viewer role could view all the dashboards within their org and users...

8.3CVSS6.6AI score0.12241EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/03 12:0 a.m.•7 views

Yelp -- arbitrary file read

[email protected] reports: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

7.4CVSS7.6AI score0.12592EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/04/03 12:0 a.m.•6 views

Yelp -- arbitrary file read

[email protected] reports: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

7.4CVSS7.6AI score0.12592EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/04/02 12:0 a.m.•13 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-3512 / CVE-2025-31720 Missing permission check allows retrieving agent configurations Description Medium SECURITY-3513 / CVE-2025-31721 Missing permission check allows retrieving secrets from agent configurations...

4.3CVSS6.9AI score0.0039EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/01 12:0 a.m.•11 views

Mozilla -- stack memory read

[email protected] reports: An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function...

6.5CVSS7.2AI score0.00282EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/01 12:0 a.m.•14 views

Mozilla -- Memory corruption

[email protected] reports: Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.1CVSS8.1AI score0.0047EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/01 12:0 a.m.•9 views

Mozilla -- URL spoofing attack

[email protected] reports: A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack...

7.3CVSS7.2AI score0.00325EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/01 12:0 a.m.•10 views

Mozilla -- use-after-free error

[email protected] reports: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...

6.5CVSS7.4AI score0.00824EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/04/01 12:0 a.m.•23 views

MongoDB -- crash due to improper validation of explain command

[email protected] reports: When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to...

6.5CVSS6.8AI score0.00387EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/01 12:0 a.m.•22 views

sudo -- privilege escalation vulnerability through host and chroot options

Todd C. Miller reports, crediting Rich Mirch from Stratascale Cyber Research Unit CRU: Sudo 1.9.17p1: Fixed CVE-2025-32462. Sudo's -h --host option could be specified when running a command or editing a file. This could enable a local privilege escalation attack if the sudoers file allows the use...

9.3CVSS7.7AI score0.47467EPSS
Exploits77References3
FreeBSD
FreeBSD
•added 2025/04/01 12:0 a.m.•12 views

Mozilla -- memory corruption

[email protected] reports: Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.1CVSS8.1AI score0.00445EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/01 12:0 a.m.•9 views

Mozilla -- privilege escalation attack

[email protected] reports: Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks...

7.4CVSS7.7AI score0.00375EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/01 12:0 a.m.•14 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 13 security fixes: 376491759 Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer TU Wien on 2024-10-31 401823929 Medium CVE-2025-3068: Inappropriate implementation in Intents. Reported by Simon Rawet on 2025-03-...

8.8CVSS7.5AI score0.00552EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/04/01 12:0 a.m.•10 views

MongoDB -- Malformed wire protocol messages may cause mongos to crash

[email protected] reports: Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to6.0.20 and MongoDB v7...

7.5CVSS7.2AI score0.00414EPSS
Exploits0References1
Total number of security vulnerabilities6578