Lucene search
K
FreebsdRecent

6578 matches found

FreeBSD
FreeBSD
•added 2025/02/14 12:0 a.m.•16 views

qt5-webengine -- Use after free in Compositing

Qt qtwebengine-chromium repo reports: Backports for 1 security bug in Chromium: CVE-2024-12694: Use after free in Compositing...

8.8CVSS7.9AI score0.00303EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/02/13 12:0 a.m.•24 views

PostgreSQL -- PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

The PostgreSQL Project reports: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection...

8.1CVSS8AI score0.89472EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2025/02/12 12:0 a.m.•9 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 391907159 High CVE-2025-0995: Use after free in V8. Reported by Popax21 on 2025-01-24 391788835 High CVE-2025-0996: Inappropriate implementation in Browser UI. Reported by yuki yamaoto on 2025-01-23 391666328 High CVE-2025-0997: Use...

8.8CVSS7.6AI score0.0046EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/02/12 12:0 a.m.•12 views

Gitlab -- Vulnerabilities

Gitlab reports: A CSP-bypass XSS in merge-request page Denial of Service due to Unbounded Symbol Creation Exfiltrate content from private issues using Prompt Injection A custom permission may allow overriding Repository settings Internal HTTP header leak via route confusion in workhorse SSRF via...

8.8CVSS6.2AI score0.00473EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2025/02/11 12:0 a.m.•15 views

Emacs -- Arbitrary code execution vulnerability

Problem Description A shell injection vulnerability exists in GNU Emacs due to improper handling of custom man URI schemes. Impact Initially considered low severity, as it required user interaction with local files, it was later discovered that an attacker could exploit this vulnerability by...

8.8CVSS7.5AI score0.02657EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/02/11 12:0 a.m.•10 views

OpenSSL -- Man-in-the-Middle vulnerability

The OpenSSL project reports: RFC7250 handshakes with unauthenticated servers don't abort as expected High. Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEE...

6.3CVSS4.5AI score0.02357EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/02/11 12:0 a.m.•40 views

vscode -- multiple vulnerabilities

VSCode developers report: The update addresses these issues, including a fix for a security vulnerability. Scope nodemodule binary resolution in js-debug Elevation of Privilege Vulnerability with VS Code server for web UI...

7.3CVSS7.2AI score0.00702EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2025/02/11 12:0 a.m.•9 views

Intel CPUs -- multiple vulnerabilities

Intel reports: A potential security vulnerability in some Intel Processors may allow denial of service. Intel released microcode updates to mitigate this potential vulnerability. A potential security vulnerability in some Intel Software Guard Extensions Intel SGX Platforms may allow denial of...

8.7CVSS6.5AI score0.00259EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/02/05 12:0 a.m.•253 views

nginx-devel -- SSL session reuse vulnerability

The nginx development team reports: This update fixes the SSL session reuse vulnerability...

5.3CVSS7AI score0.02646EPSS
Exploits0
FreeBSD
FreeBSD
•added 2025/02/04 12:0 a.m.•11 views

mozilla -- multiple vulnerabilities

[email protected] reports: Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. The fullscreen notification is prematurely...

9.8CVSS8.2AI score0.00524EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2025/02/04 12:0 a.m.•13 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 12 security fixes: 390889644 High CVE-2025-0444: Use after free in Skia. Reported by Francisco Alonso @revskills on 2025-01-19 392521083 High CVE-2025-0445: Use after free in V8. Reported by 303f06e3 on 2025-01-27 40061026 Medium CVE-2025-0451:...

6.3CVSS6.7AI score0.00338EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/02/04 12:0 a.m.•12 views

mozilla -- multiple vulnerabilities

[email protected] reports: A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have...

9.8CVSS8.2AI score0.00628EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2025/02/04 12:0 a.m.•15 views

MariaDB -- DoS vulnerability in InnoDB

MariaDB reports: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL...

4.9CVSS6.7AI score0.01236EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/02/04 12:0 a.m.•16 views

mozilla -- multiple vulnerabilities

[email protected] reports: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A race during concurrent...

9.8CVSS8.8AI score0.01196EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2025/02/04 12:0 a.m.•15 views

Thundirbird -- unprivileged JavaScript code execution

[email protected] reports: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the Other field of the Instant Messaging section. If another user...

5.4CVSS7.1AI score0.01331EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/02/02 12:0 a.m.•20 views

cacti -- Multiple vulnerabilities

Cacti repo reports: security GHSA-c5j8-jxj3-hh36: Authenticated RCE via multi-line SNMP responses security GHSA-f9c7-7rc3-574c: SQL Injection vulnerability when using tree rules through Automation API security GHSA-fh3x-69rr-qqpp: SQL Injection vulnerability when request automation devices securi...

9.1CVSS8.5AI score0.54024EPSS
Exploits15
FreeBSD
FreeBSD
•added 2025/01/29 12:0 a.m.•7 views

FreeBSD -- Unprivileged access to system files

Problem Description: When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted...

6.5CVSS6.8AI score0.0029EPSS
Exploits0
FreeBSD
FreeBSD
•added 2025/01/29 12:0 a.m.•10 views

postorius -- XSS

NIST reports: Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

7.2CVSS5.8AI score0.00237EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/01/29 12:0 a.m.•15 views

FreeBSD -- Uninitialized kernel memory disclosure via ktrace(2)

Problem Description: In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14...

4.9CVSS6.9AI score0.00348EPSS
Exploits0
FreeBSD
FreeBSD
•added 2025/01/29 12:0 a.m.•8 views

FreeBSD -- Buffer overflow in some filesystems via NFS

Problem Description: In order to export a file system via NFS, the file system must define a file system identifier FID for all exported files. Each FreeBSD file system implements operations to translate between FIDs and vnodes, the kernel's in-memory representation of files. These operations are...

6CVSS7.8AI score0.0042EPSS
Exploits0
FreeBSD
FreeBSD
•added 2025/01/29 12:0 a.m.•15 views

FreeBSD -- OpenSSH Keystroke Obfuscation Bypass

Problem Description: A logic error in the ssh1 ObscureKeystrokeTiming feature on by default rendered this feature ineffective. Impact: A passive observer could detect which network packets contain real keystrokes, and infer the specific characters being transmitted from packet timing...

7.5CVSS6.8AI score0.01634EPSS
Exploits0
FreeBSD
FreeBSD
•added 2025/01/25 12:0 a.m.•6 views

Vaultwarden -- Multiple vulnerabilities

The Vaultwarden project reports: RCE in the admin panel. Getting access to the Admin Panel via CSRF. Escalation of privilege via variable confusion in OrgHeaders trait...

8.1CVSS7AI score0.00996EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2025/01/23 12:0 a.m.•20 views

electron32 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-12693. Security: backported fix for CVE-2024-12694. Security: backported fix for CVE-2024-12695. Security: backported fix for CVE-2025-0434. Security: backported fix for CVE-2025-043...

8.8CVSS8.9AI score0.05945EPSS
Exploits3References6
FreeBSD
FreeBSD
•added 2025/01/22 12:0 a.m.•14 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 386143468 High CVE-2025-0611: Object corruption in V8. Reported by 303f06e3 on 2024-12-26 385155406 High CVE-2025-0612: Out of bounds memory access in V8. Reported by Alan Goodman on 2024-12-20...

8.2CVSS6.9AI score0.00375EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/01/22 12:0 a.m.•28 views

Gitlab -- Vulnerabilities

Gitlab reports: Stored XSS via Asciidoctor render Developer could exfiltrate protected CI/CD variables via CI lint Cyclic reference of epics leads resource exhaustion...

8.7CVSS6AI score0.00692EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2025/01/22 12:0 a.m.•18 views

electron33 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2025-0434. Security: backported fix for CVE-2025-0436. Security: backported fix for CVE-2025-0437...

8.8CVSS7AI score0.05945EPSS
Exploits2References3
FreeBSD
FreeBSD
•added 2025/01/22 12:0 a.m.•10 views

clamav -- Possbile denial-of-service vulnerability

The ClamAV project reports: A possible buffer overflow read bug is found in the OLE2 file parser that could cause a denial-of-service DoS condition...

7.5CVSS5.6AI score0.01509EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/01/21 12:0 a.m.•5 views

py-mysql-connector-python -- Vulnerability in the MySQL Connectors product of Oracle MySQL

Oracle reports: Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

6.4CVSS6.1AI score0.00445EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/01/18 12:0 a.m.•18 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 384844003 Medium CVE-2025-0762: Use after free in DevTools. Reported by Sakana.S on 2024-12-18...

8.8CVSS9.3AI score0.00339EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/01/16 12:0 a.m.•6 views

dendrite -- Server-side request forgery vulnerability

Dendrite team reports: This is a security release, gomatrixserverlib was vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions...

4.3CVSS7AI score0.00332EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/01/14 12:0 a.m.•22 views

rsync -- Multiple security fixes

rsync reports: This update includes multiple security fixes: CVE-2024-12084: Heap Buffer Overflow in Checksum Parsing CVE-2024-12085: Info Leak via uninitialized Stack contents defeats ASLR CVE-2024-12086: Server leaks arbitrary client files CVE-2024-12087: Server can make client write files...

9.8CVSS7.2AI score0.72059EPSS
Exploits8
FreeBSD
FreeBSD
•added 2025/01/14 12:0 a.m.•4 views

oauth2-proxy -- Non-linear parsing of case-insensitive content

Golang reports: This update include security fixes: CVE-2024-45338: Non-linear parsing of case-insensitive content...

5.3CVSS5.8AI score0.00856EPSS
Exploits0
FreeBSD
FreeBSD
•added 2025/01/14 12:0 a.m.•20 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 16 security fixes: 374627491 High CVE-2025-0434: Out of bounds memory access in V8. Reported by ddme on 2024-10-21 379652406 High CVE-2025-0435: Inappropriate implementation in Navigation. Reported by Alesandro Ortiz on 2024-11-18 382786791 High...

8.8CVSS9.3AI score0.05945EPSS
Exploits11References1
FreeBSD
FreeBSD
•added 2025/01/14 12:0 a.m.•18 views

electron31 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-12053. Security: backported fix for CVE-2024-12693. Security: backported fix for CVE-2024-12694...

8.8CVSS7AI score0.00862EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2025/01/13 12:0 a.m.•12 views

keycloak -- Multiple security fixes

Keycloak reports: This update includes 2 security fixes: CVE-2024-11734: Unrestricted admin use of system and environment variables CVE-2024-11736: Denial of Service in Keycloak Server via Security Headers...

6.5CVSS7AI score0.00927EPSS
Exploits0
FreeBSD
FreeBSD
•added 2025/01/10 12:0 a.m.•9 views

fcgi -- Heap-based buffer overflow via crafted nameLen/valueLen in ReadParams

[email protected] reports: FastCGI fcgi2 aka fcgi 2.x through 2.4.4 has an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c...

9.3CVSS7.2AI score0.00566EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2025/01/09 12:0 a.m.•26 views

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 9 security bugs in Chromium: CVE-2024-12693: Out of bounds memory access in V8 CVE-2024-12694: Use after free in Compositing CVE-2025-0436: Integer overflow in Skia CVE-2025-0437: Out of bounds read in Metrics CVE-2025-0438: Stack buffer overflo...

8.8CVSS8.7AI score0.00453EPSS
Exploits5References1
FreeBSD
FreeBSD
•added 2025/01/08 12:0 a.m.•18 views

Gitlab -- Vulnerabilities

Gitlab reports: Possible access token exposure in GitLab logs Cyclic reference of epics leads resource exhaustion Unauthorized user can manipulate status of issues in public projects Instance SAML does not respect externalprovider configuration...

6.5CVSS7.1AI score0.00692EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2025/01/07 12:0 a.m.•13 views

Mozilla -- Memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS7.8AI score0.09348EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/01/07 12:0 a.m.•5 views

Mozilla -- use-after-free while parsing JSON

[email protected] reports: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...

4CVSS7AI score0.00658EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/01/07 12:0 a.m.•15 views

firefox -- authentication bypass

[email protected] reports: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed...

3.3CVSS7.1AI score0.00284EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/01/07 12:0 a.m.•7 views

Mozilla -- redirection to insecure site

[email protected] reports: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...

4CVSS7.1AI score0.00226EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/01/07 12:0 a.m.•11 views

Mozilla -- privilege escalation attack

[email protected] reports: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks...

5.4CVSS6.9AI score0.00593EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/01/07 12:0 a.m.•5 views

go -- multiple vulnerabilities

The Go project reports: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. net/http: sensitive headers incorrectly sent after...

7.2AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2025/01/07 12:0 a.m.•15 views

Mozilla -- DoS via segmentation fault

[email protected] reports: When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash...

7.7CVSS7AI score0.00712EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/01/07 12:0 a.m.•7 views

Mozilla -- Memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

6.5CVSS8AI score0.1307EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/01/07 12:0 a.m.•8 views

Mozilla -- use-after-free after failed memory allocation

[email protected] reports: Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash...

5.3CVSS7AI score0.00797EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/01/07 12:0 a.m.•5 views

Mozilla -- Memory corruption bug

[email protected] reports: Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

5.1CVSS8AI score0.00245EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/01/06 12:0 a.m.•4 views

redis,valkey -- Denial-of-service valnerability due to malformed ACL selectors

Redis core team reports: An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service.The problem exists in Redis 7.0.0 or newer...

4.4CVSS7.2AI score0.00299EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/01/06 12:0 a.m.•14 views

redis,valkey -- Remote code execution valnerability

Redis core team reports: An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting...

9.8CVSS7.8AI score0.07802EPSS
Exploits2References1
Total number of security vulnerabilities6578