Lucene search
K
FreebsdRecent

6578 matches found

FreeBSD
FreeBSD
added 2024/11/12 12:0 a.m.15 views

electron31 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-10231. Security: backported fix for CVE-2024-10229. Security: backported fix for CVE-2024-10487...

8.8CVSS7AI score0.00653EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2024/11/12 12:0 a.m.17 views

icinga2 -- TLS Certificate Validation Bypass

The Icinga project reports: Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to...

9.8CVSS7.1AI score0.02934EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2024/11/11 12:0 a.m.4 views

Vaultwarden -- Multiple vulnerabilities

The Vaultwarden project reports: This release further fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible...

7.3AI score
Exploits0References1
FreeBSD
FreeBSD
added 2024/11/10 12:0 a.m.5 views

Vaultwarden -- Multiple vulnerabilities

The Vaultwarden project reports: This release has fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible...

7.4AI score
Exploits0References1
FreeBSD
FreeBSD
added 2024/11/08 12:0 a.m.35 views

electron32 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-10230. Security: backported fix for CVE-2024-10231. Security: backported fix for CVE-2024-10229. Security: backported fix for CVE-2024-10487...

8.8CVSS7.4AI score0.00653EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2024/11/05 12:0 a.m.16 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 370217726 High CVE-2024-10826: Use after free in Family Experiences. Reported by Anonymous on 2024-09-29 375065084 High CVE-2024-10827: Use after free in Serial. Reported by Anonymous on 2024-10-23...

8.8CVSS8AI score0.00637EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/29 12:0 a.m.11 views

FreeBSD -- Certificate revocation list fetch(1) option fails

Problem Description: The fetch3 library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch1 to pass the filename to the library was incorrect, in effect ignoring the option. Impact: Fetch would still...

7.5CVSS7AI score0.00273EPSS
Exploits0
FreeBSD
FreeBSD
added 2024/10/29 12:0 a.m.15 views

xorg server -- _XkbSetCompatMap vulnerability

The X.Org project reports: CVE-2024-9632: Heap buffer Heap-based buffer overflow privilege escalation in XkbSetCompatMap The XkbSetCompatMap function attempts to resize the syminterpret buffer. However, It didn't update its size properly. It updated numsi only, without updating sizesi. This may...

7.8CVSS7.8AI score0.00894EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/29 12:0 a.m.32 views

FreeBSD -- Multiple issues in the bhyve hypervisor

Problem Description: Several vulnerabilities were found in the bhyve hypervisor's device models. The NVMe driver function nvmeopcgetlogpage is vulnerable to a buffer over- read from a guest-controlled value. CVE-2024-51562 The virtiovqrecordon function is subject to a time-of-check to time-of-use...

7.5CVSS7.2AI score0.00438EPSS
Exploits0
FreeBSD
FreeBSD
added 2024/10/29 12:0 a.m.21 views

gstreamer1-rtsp-server -- Potential Denial-of-Service (DoS) with specially crafted client requests

Qingpeng Du reports: A series of specially crafted client requests during streaming setup post client authentication, if any can cause the RTSP server library to abort, if it has been compiled with assertions enabled...

7.5CVSS7.2AI score0.00658EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/29 12:0 a.m.23 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 375123371 Critical CVE-2024-10487: Out of bounds write in Dawn. Reported by Apple Security Engineering and Architecture SEAR on 2024-10-23 374310077 High CVE-2024-10488: Use after free in WebRTC. Reported by Cassidy Kim@cassidy6564 o...

8.8CVSS7.4AI score0.00653EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/29 12:0 a.m.10 views

FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer

Problem Description: The command ctlpersistentreserveout allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator. Impact: A malicious guest could cause a Denial of Service DoS on the host...

5.3CVSS7.2AI score0.00434EPSS
Exploits0
FreeBSD
FreeBSD
added 2024/10/29 12:0 a.m.12 views

git -- multiple vulnerabilities

Git development team reports: CVE-2024-50349: Printing unsanitized URLs when asking for credentials made the user susceptible to crafted URLs e.g. in recursive clones that mislead the user into typing in passwords for trusted sites that would then be sent to untrusted sites instead. CVE-2024-5200...

7.5CVSS6.8AI score0.01019EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2024/10/28 12:0 a.m.7 views

forgejo -- multiple vulnerabilities

Problem Description: Forgejo generates a token which is used to authenticate web endpoints that are only meant to be used internally, for instance when the SSH daemon is used to push a commit with Git. The verification of this token was not done in constant time and was susceptible to timing...

7.2AI score
Exploits0References3
FreeBSD
FreeBSD
added 2024/10/28 12:0 a.m.14 views

openvpn -- too long a username or password from a client can confuse openvpn servers

Frank Lichtenheld reports: OpenVPN v2.6.13 ... improve server-side handling of clients sending usernames or passwords longer than USERPASSLEN - this would not result in a crash, buffer overflow or other security issues, but the server would then misparse incoming IV variables and produce misleadi...

7.9AI score
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/24 12:0 a.m.12 views

qt5-webengine -- Use after free in Serial

Qt qtwebengine-chromium repo reports: Backports for 1 security bug in Chromium: CVE-2024-10827: Use after free in Serial...

8.8CVSS7.9AI score0.00637EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/24 12:0 a.m.26 views

electron31 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-9121. Security: backported fix for CVE-2024-9122. Security: backported fix for CVE-2024-7025. Security: backported fix for CVE-2024-9369. Security: backported fix for CVE-2024-7965...

9.6CVSS9AI score0.17227EPSS
Exploits8References13
FreeBSD
FreeBSD
added 2024/10/23 12:0 a.m.19 views

electron32 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-7966. Security: backported fix for CVE-2024-9370...

8.8CVSS9.1AI score0.00635EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/23 12:0 a.m.17 views

Gitlab -- vulnerabilities

Gitlab reports: HTML injection in Global Search may lead to XSS DoS via XML manifest file import...

8.7CVSS7.6AI score0.00472EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2024/10/22 12:0 a.m.16 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 371011220 High CVE-2024-10229: Inappropriate implementation in Extensions. Reported by Vsevolod Kokorin Slonser of Solidlab on 2024-10-02 371565065 High CVE-2024-10230: Type Confusion in V8. Reported by Seunghyun Lee @0x10n on...

8.8CVSS7.1AI score0.00637EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/16 12:0 a.m.18 views

electron{31,32} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-9602. Security: backported fix for CVE-2024-9603...

8.8CVSS8.9AI score0.00773EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2024/10/16 12:0 a.m.38 views

OpenSSL -- OOB memory access vulnerability

The OpenSSL project reports: Low-level invalid GF2^m parameters lead to OOB memory access CVE-2024-9143 Low Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes...

4.3CVSS6.9AI score0.05966EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/15 12:0 a.m.8 views

element-web -- Potential exposure of access token via authenticated media

Element team reports: Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors...

7CVSS7.1AI score0.00417EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/15 12:0 a.m.12 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 17 security fixes: 367755363 High CVE-2024-9954: Use after free in AI. Reported by DarkNavy on 2024-09-18 370133761 Medium CVE-2024-9955: Use after free in Web Authentication. Reported by anonymous on 2024-09-29 370482421 Medium CVE-2024-9956:...

8.8CVSS7.8AI score0.06295EPSS
Exploits3References1
FreeBSD
FreeBSD
added 2024/10/14 12:0 a.m.17 views

librewolf -- Undefined behavior in selection node cache

[email protected] reports: When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox 131.0.3...

6.5CVSS7AI score0.00258EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/09 12:0 a.m.26 views

Gitlab -- vulnerabilities

Gitlab reports: Run pipelines on arbitrary branches An attacker can impersonate arbitrary user SSRF in Analytics Dashboard Viewing diffs of MR with conflicts can be slow HTMLi in OAuth page Deploy Keys can push changes to an archived repository Guests can disclose project templates GitLab instanc...

9.6CVSS7.3AI score0.02093EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2024/10/09 12:0 a.m.29 views

firefox -- use-after-free code execution

[email protected] reports: An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild...

9.8CVSS7.3AI score0.32568EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2024/10/08 12:0 a.m.17 views

vscode -- Visual Studio Code for Linux Remote Code Execution Vulnerability

VSCode developers report: Visual Studio Code for Linux Remote Code Execution Vulnerability A remote code execution vulnerability exists in VS Code 1.94.0 and earlier versions in the elevated save flow...

7.8CVSS8.4AI score0.01002EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2024/10/08 12:0 a.m.22 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 368241697 High CVE-2024-9602: Type Confusion in V8. Reported by Seunghyun Lee @0x10n on 2024-09-20 367818758 High CVE-2024-9603: Type Confusion in V8. Reported by @WeShotTheMoon and @Nguyen Hoang Thach of starlabs on 2024-09-18...

8.8CVSS7.5AI score0.00773EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2024/10/06 12:0 a.m.7 views

gitea -- token missing access control for packages

Problem Description: Fix bug when a token is given public only...

7.3AI score
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/05 12:0 a.m.8 views

zeek -- potential DoS vulnerability

Tim Wojtulewicz of Corelight reports: Adding to the POP3 hardening in 7.0.2, the parser now simply discards too many pending commands, rather than any attempting to process them. Further, invalid server responses do not result in command completion anymore. Processing out-of-order commands or...

7.6AI score
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/03 12:0 a.m.14 views

powerdns-recursor -- denial of service

PowerDNS Team reports: PowerDNS Security Advisory 2024-04: Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor...

7.5CVSS7.2AI score0.00703EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/03 12:0 a.m.19 views

Unbound -- Denial of service attack

NLnet labs report: A vulnerability has been discovered in Unbound when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to...

5.3CVSS6.8AI score0.00806EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/02 12:0 a.m.24 views

oauth2-proxy -- multiple vulnerabilities

The oauth2-proxy project reports: Vulnerabilities have been addressed: CVE-2024-24786 CVE-2024-24791 CVE-2024-24790 CVE-2024-24784 CVE-2024-28180 CVE-2023-45288...

9.8CVSS8.2AI score0.91969EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2024/10/02 12:0 a.m.18 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-3451 / CVE-2024-47803 Exposure of multi-line secrets through error messages in Jenkins Description Medium SECURITY-3448 / CVE-2024-47804 Item creation restriction bypass vulnerability in Jenkins...

4.3CVSS6.9AI score0.0084EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/02 12:0 a.m.22 views

redis,valkey -- Multiple vulnerabilities

Redis core team reports: CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE. CVE-2024-31227 Potential Denial-of-service due to malformed ACL selectors. CVE-2024-31228 Potential Denial-of-service due to unbounded pattern matching...

8.8CVSS7.2AI score0.04488EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2024/10/01 12:0 a.m.22 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 367764861 High CVE-2024-7025: Integer overflow in Layout. Reported by Tashita Software Security on 2024-09-18 368208152 High CVE-2024-9369: Insufficient data validation in Mojo. Reported by Xiantong Hou and Pisanbao of Wuheng Lab on...

9.6CVSS7.8AI score0.00592EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2024/10/01 12:0 a.m.32 views

firefox -- multiple vulnerabilities

[email protected] reports: CVE-2024-9392: A compromised content process could have allowed for the arbitrary loading of cross-origin pages. CVE-2024-9396: It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to...

9.8CVSS7.9AI score0.00738EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2024/10/01 12:0 a.m.12 views

keycloak -- Missing server identity checks when sending mails via SMTPS

Red Hat reports: A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can all...

7.4CVSS6.9AI score0.01936EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/09/26 12:0 a.m.29 views

cups-filters -- remote code execution

OpenPrinting reports: Due to the service binding to :631 INADDRANY , multiple bugs in cups-browsed can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine withou...

8.6CVSS7.8AI score0.76959EPSS
Exploits5References1
FreeBSD
FreeBSD
added 2024/09/26 12:0 a.m.24 views

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 16 security bugs in Chromium: CVE-2024-9120: Use after free in Dawn CVE-2024-9122: Type Confusion in V8 CVE-2024-9123: Integer overflow in Skia CVE-2024-9369: Insufficient data validation in Mojo CVE-2024-9602: Type confusion in V8 CVE-2024-9603...

9.8CVSS8.4AI score0.05811EPSS
Exploits3References1
FreeBSD
FreeBSD
added 2024/09/26 12:0 a.m.26 views

php -- Multiple vulnerabilities

php.net reports: CVE-2024-8926: CGI: Fixed bug GHSA-9pqp-7h25-4f32 Bypass of CVE-2024-4577, Parameter Injection Vulnerability. CVE-2024-8927: CGI: Fixed bug GHSA-94p6-54jq-9mwp cgi.forceredirect configuration is bypassable due to the environment variable collision. CVE-2024-9026: FPM: Fixed bug...

8.8CVSS10AI score0.03686EPSS
Exploits68References1
FreeBSD
FreeBSD
added 2024/09/25 12:0 a.m.24 views

Gitlab -- vulnerabilities

Gitlab reports: Maintainer can leak Dependency Proxy password by changing Dependency Proxy URL via crafted POST request AI feature reads unsanitized content, allowing for attacker to hide prompt injection Project reference can be exposed in system notes...

5.5CVSS6.8AI score0.00276EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/09/24 12:0 a.m.21 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 5 security fixes: 365254285 High CVE-2024-9120: Use after free in Dawn. Reported by Anonymous on 2024-09-08 363538434 High CVE-2024-9121: Inappropriate implementation in V8. Reported by Tashita Software Security on 2024-09-01 365802567 High...

8.8CVSS7.9AI score0.05811EPSS
Exploits3References1
FreeBSD
FreeBSD
added 2024/09/24 12:0 a.m.4 views

zeek -- potential DoS vulnerability

Tim Wojtulewicz of Corelight reports: The POP3 parser has been hardened to avoid unbounded state growth in the face of one-sided traffic capture or when enabled for non-POP3 traffic...

7.3AI score
Exploits0References1
FreeBSD
FreeBSD
added 2024/09/24 12:0 a.m.35 views

expat -- multiple vulnerabilities

libexpat reports: CVE-2024-45490: Calling function XMLParseBuffer with len 0 without noticing and then calling XMLGetBuffer will have XMLParseBuffer fail to recognize the problem and XMLGetBuffer corrupt memory. With the fix, XMLParseBuffer now complains with error XMLERRORINVALIDARGUMENT just li...

9.8CVSS7.1AI score0.01686EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/09/19 12:0 a.m.9 views

FreeBSD -- bhyve(8) out-of-bounds read access via XHCI emulation

Problem Description: bhyve can be configured to emulate devices on a virtual USB controller XHCI, such as USB tablet devices. An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code...

8.1CVSS7.6AI score0.00776EPSS
Exploits0
FreeBSD
FreeBSD
added 2024/09/19 12:0 a.m.17 views

FreeBSD -- Integer overflow in libnv

Problem Description: A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. The introduced check was incorrect, as it took into account the size of the pointer, not the structure. Thi...

9.1CVSS7.5AI score0.00511EPSS
Exploits0
FreeBSD
FreeBSD
added 2024/09/18 12:0 a.m.21 views

qt5-webengine -- Multiple vulnerabilities

Backports for 15 security bugs in Chromium: CVE-2024-4761: Out of bounds write in V8 CVE-2024-5158: Type confusion in V8 CVE-2024-7532: Out of bounds memory access in ANGLE CVE-2024-7965: Inappropriate implementation in V8 CVE-2024-7967: Heap buffer overflow in Fonts CVE-2024-7971: Type confusion...

9.8CVSS8.4AI score0.19272EPSS
Exploits8References1
FreeBSD
FreeBSD
added 2024/09/17 12:0 a.m.31 views

Gitlab -- vulnerabilities

Gitlab reports: SAML authentication bypass...

10CVSS7.6AI score0.10684EPSS
Exploits3References1
Total number of security vulnerabilities6578