Lucene search
K
FreebsdRecent

6579 matches found

FreeBSD
FreeBSD
•added 2024/09/17 12:0 a.m.•31 views

Gitlab -- vulnerabilities

Gitlab reports: SAML authentication bypass...

10CVSS7.6AI score0.10684EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2024/09/16 12:0 a.m.•17 views

SnappyMail -- multiple mXSS in HTML sanitizer

Oskar reports: SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with incorrect markup to trick the browser to "fi...

5CVSS7AI score0.00296EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/09/11 12:0 a.m.•28 views

Gitlab -- vulnerabilities

Gitlab reports: Execute environment stop actions as the owner of the stop action job Prevent code injection in Product Analytics funnels YAML SSRF via Dependency Proxy Denial of Service via sending a large glmsource parameter CIJOBTOKEN can be used to obtain GitLab session token Variables from...

9.9CVSS6.9AI score0.39581EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/09/10 12:0 a.m.•12 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 361461526 High CVE-2024-8636: Heap buffer overflow in Skia. Reported by Renan Rios @hyhy100 on 2024-08-22 361784548 High CVE-2024-8637: Use after free in Media Router. Reported by lime@limeSec from TIANGONG Team of Legendsec at...

8.8CVSS9.5AI score0.00428EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/09/10 12:0 a.m.•14 views

Intel CPUs -- multiple vulnerabilities

Intel reports: A potential security vulnerability in the Running Average Power Limit RAPL interface for some Intel Processors may allow information disclosure. Intel has released firmware updates to mitigate this potential vulnerability. A potential security vulnerability in some Intel Processors...

6.8CVSS6.9AI score0.00209EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/09/10 12:0 a.m.•6 views

mongodb -- MongoDB Server access to non-initialized memory

[email protected] reports: MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage...

9.8CVSS6.6AI score0.00373EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/09/10 12:0 a.m.•18 views

Intel CPUs -- multiple vulnerabilities

Intel reports: A potential security vulnerability in some 4th and 5th Generation Intel Xeon Processors may allow denial of service. Intel released microcode updates to mitigate this potential vulnerability. Potential security vulnerabilities in some Intel Xeon processors using Intel Software Guar...

8.8CVSS7.6AI score0.00256EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/09/08 12:0 a.m.•29 views

netatalk3 -- multiple WolfSSL vulnerabilities

Netatalk release reports: WolfSSL 5.7.0 included in netatalk includes multiple security vulnerabilities...

10CVSS7AI score0.0056EPSS
Exploits0
FreeBSD
FreeBSD
•added 2024/09/06 12:0 a.m.•23 views

firefox -- Potential memory corruption and exploitable crash

[email protected] reports: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash...

7.5CVSS7AI score0.00656EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/09/04 12:0 a.m.•15 views

clamav -- Multiple vulnerabilities

The ClamAV project reports: CVE-2024-20505 A vulnerability in the PDF parsing module of Clam AntiVirus ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could...

7.5CVSS6.9AI score0.00555EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/09/04 12:0 a.m.•23 views

FreeBSD -- Multiple vulnerabilities in libnv

Problem Description: CVE-2024-45287 is a vulnerability that affects both the kernel and userland. A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. CVE-2024-45288 is a...

9.1CVSS7.2AI score0.00511EPSS
Exploits0
FreeBSD
FreeBSD
•added 2024/09/04 12:0 a.m.•34 views

FreeBSD -- umtx Kernel panic or Use-After-Free

Problem Description: Concurrent removals of such a mapping by using the UMTXSHMDESTROY sub-request of UMTXOPSHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. Impact: A malicious code exercizing the UMTXSHMDESTRO...

10CVSS7.4AI score0.00681EPSS
Exploits0
FreeBSD
FreeBSD
•added 2024/09/04 12:0 a.m.•17 views

FreeBSD -- bhyve(8) privileged guest escape via USB controller

Problem Description: bhyve can be configured to emulate devices on a virtual USB controller XHCI, such as USB tablet devices. An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. Impact: A malicious, privileged...

8.2CVSS7.4AI score0.00213EPSS
Exploits0
FreeBSD
FreeBSD
•added 2024/09/04 12:0 a.m.•20 views

FreeBSD -- bhyve(8) privileged guest escape via TPM device passthrough

Problem Description: bhyve can be configured to provide access to the host's TPM device, where it passes the communication through an emulated device provided to the guest. This may be performed on the command-line by starting bhyve with the -l tpm,passthru,/dev/tpmX parameters. The MMIO handler...

8.4CVSS7.5AI score0.00244EPSS
Exploits0
FreeBSD
FreeBSD
•added 2024/09/04 12:0 a.m.•17 views

FreeBSD -- Multiple issues in ctl(4) CAM Target Layer

Problem Description: Several vulnerabilities were found in the ctl subsystem. The function ctlwritebuffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing CVE-2024-45063. The ctlwritebuffer and ctlreadbuffer functions allocated memory to be...

9.8CVSS8.3AI score0.00601EPSS
Exploits0
FreeBSD
FreeBSD
•added 2024/09/03 12:0 a.m.•64 views

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: Possible denial of service in X.509 name checks Moderate severity Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process...

7.5AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2024/09/03 12:0 a.m.•20 views

forgejo -- multiple vulnerabilities

Problem Description: Replace v-html with v-text in search inputbox Upgrade webpack to v5.94.0 as a precaution to mitigate CVE-2024-43788, although we were not yet able to confirm that this can be exploited in Forgejo...

6.4CVSS6.8AI score0.00897EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/09/03 12:0 a.m.•13 views

gitea -- multiple issues

Problem Description: Replace v-html with v-text in search inputbox Fix nuget/conan/container packages upload bugs...

7.4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2024/09/03 12:0 a.m.•23 views

firefox -- multiple vulnerabilities

[email protected] reports: This entry contains 8 vulnerabilities: CVE-2024-8381: A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. CVE-2024-8382: Internal browser event interfaces were exposed to web...

9.8CVSS7.6AI score0.04395EPSS
Exploits1References8
FreeBSD
FreeBSD
•added 2024/09/02 12:0 a.m.•23 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 357391257 High CVE-2024-8362: Use after free in WebAudio. Reported by Cassidy Kim@cassidy6564 on 2024-08-05 358485426 High CVE-2024-7970: Out of bounds write in V8. Reported by Cassidy Kim@cassidy6564 on 2024-08-09...

8.8CVSS7.7AI score0.00526EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2024/08/28 12:0 a.m.•25 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 351865302 High CVE-2024-7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team on 2024-07-09 360265320 High CVE-2024-8193: Heap buffer overflow in Skia. Reported by Renan Rios @hyhy100 on 2024-08-16 360533914 High...

8.8CVSS7.6AI score0.00474EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/08/26 12:0 a.m.•9 views

forgejo -- The scope of application tokens was not verified when writing containers or Conan packages.

The forgejo team reports: The scope of application tokens was not verified when writing containers or Conan packages. This is of no consequence when the user associated with the application token does not have write access to packages. If the user has write access to packages, such a token can be...

7.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2024/08/25 12:0 a.m.•24 views

binutils -- Multiple vulnerabilities

[email protected] reports PR/281070: A new version of devel/binutils has been released fixing CVE-2023-1972, CVE-2023-25585, CVE-2023-25586, and CVE-2023-25588...

6.5CVSS8.3AI score0.00895EPSS
Exploits3
FreeBSD
FreeBSD
•added 2024/08/21 12:0 a.m.•25 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 38 security fixes: 358296941 High CVE-2024-7964: Use after free in Passwords. Reported by Anonymous on 2024-08-08 356196918 High CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog on 2024-07-30 355465305 High CVE-2024-7966: Out of...

9.6CVSS8.4AI score0.19272EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2024/08/21 12:0 a.m.•24 views

Gitlab -- vulnerabilities

Gitlab reports: The GitLab Web Interface Does Not Guarantee Information Integrity When Downloading Source Code from Releases Denial of Service by importing maliciously crafted GitHub repository Prompt injection in "Resolve Vulnerabilty" results in arbitrary command execution in victim's pipeline ...

6.5CVSS8.1AI score0.00462EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/08/19 12:0 a.m.•20 views

frr - BGP

[email protected] reports: An issue was discovered in FRRouting FRR. bgpattrencap in bgpd/bgpattr.c does not check the actual remaining stream length before taking the TLV value...

9.8CVSS6.8AI score0.00641EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/08/16 12:0 a.m.•18 views

electron{29,30} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6776. Security: backported fix for CVE-2024-6778. Security: backported fix for CVE-2024-6777. Security: backported fix for CVE-2024-6773. Security: backported fix for CVE-2024-6774...

9.6CVSS7.4AI score0.00781EPSS
Exploits10References10
FreeBSD
FreeBSD
•added 2024/08/15 12:0 a.m.•24 views

electron31 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6989. Security: backported fix for CVE-2024-6991...

8.8CVSS7.4AI score0.00538EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2024/08/14 12:0 a.m.•475 views

nginx -- Vulnerability in the ngx_http_mp4_module

The nginx development team reports: This update fixes the buffer overread vulnerability in the ngxhttpmp4module...

5.7CVSS7AI score0.0032EPSS
Exploits0
FreeBSD
FreeBSD
•added 2024/08/14 12:0 a.m.•17 views

Dovecot -- DoS

Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers...

7.5CVSS6.7AI score0.01284EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2024/08/13 12:0 a.m.•18 views

Intel CPUs -- multiple vulnerabilities

Intel reports: A potential security vulnerability in SMI Transfer monitor STM may allow escalation of privilege. Intel has released microcode updates to mitigate this potential vulnerability. A potential security vulnerability in some 3rd Generation Intel Xeon Scalable Processors may allow denial...

7.8CVSS7.6AI score0.00285EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/08/11 12:0 a.m.•57 views

Vaultwarden -- Multiple vulnerabilities

The Vaultwarden Team reports: This release has several CVE Reports fixed and we recommend everybody to update to the latest version as soon as possible...

8.8CVSS6.7AI score0.13064EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2024/08/09 12:0 a.m.•6 views

OpenHAB CometVisu addon -- Multiple vulnerabilities

OpenHAB reports: This patch release addresses the following security advisories: SSRF/XSS CometVisu - GHSA-v7gr-mqpj-wwh3 Sensitive information disclosure CometVisu - GHSA-3g4c-hjhr-73rj RCE through path traversal CometVisu - GHSA-f729-58x4-gqgf Path traversal CometVisu - GHSA-pcwp-26pw-j98w All ...

6.9AI score
Exploits0References5
FreeBSD
FreeBSD
•added 2024/08/09 12:0 a.m.•32 views

AMD CPUs -- Guest Memory Vulnerabilities

AMD reports: Researchers from IOActive have reported that it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode SMM even when SMM Lock is enabled. Improper validation in a model specific register MSR could allow a malicious program with ring0...

7.5CVSS7.2AI score0.00622EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/08/08 12:0 a.m.•27 views

PostgreSQL -- Prevent unauthorized code execution during pg_dump

PostgreSQL project reports: An attacker able to create and drop non-temporary objects could inject SQL code that would be executed by a concurrent pgdump session with the privileges of the role running pgdump which is often a superuser. The attack involves replacing a sequence or similar object...

8.8CVSS8.1AI score0.01565EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/08/07 12:0 a.m.•26 views

Gitlab -- Vulnerabilities

Gitlab reports: Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access Cross project access of Security policy bot Advanced search ReDOS in highlight for code results Denial of Service via banzai pipeline Denial of service using adoc files ReDoS in RefMatcher when matching...

8.1CVSS7.3AI score0.00675EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/08/07 12:0 a.m.•37 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Critical SECURITY-3430 / CVE-2024-43044 Arbitrary file read vulnerability through agent connections can lead to RCE Description Medium SECURITY-3349 / CVE-2024-43045 Missing permission check allows accessing other users' "My Views"...

8.8CVSS6.7AI score0.28782EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2024/08/07 12:0 a.m.•14 views

FreeBSD -- ktrace(2) fails to detach when executing a setuid binary

Problem Description: A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. Impact: The bug may be used by an unprivileged user to read the...

7.5CVSS7.4AI score0.00741EPSS
Exploits0
FreeBSD
FreeBSD
•added 2024/08/07 12:0 a.m.•11 views

FreeBSD -- pf incorrectly matches different ICMPv6 states in the state table

Problem Description: In ICMPv6 Neighbor Discovery ND, the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation NS can trigger an Echo Reply. The packet has to come from the same host as the NS and have a ze...

6.3CVSS7.4AI score0.00462EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/08/07 12:0 a.m.•16 views

FreeBSD -- NFS client accepts file names containing path separators

Problem Description: When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir3 and related functions to return filesystem entries with names containing additional path components. Impact: The la...

5.3CVSS7.2AI score0.00676EPSS
Exploits0
FreeBSD
FreeBSD
•added 2024/08/06 12:0 a.m.•27 views

firefox -- multiple vulnerabilities

[email protected] reports: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack...

6.6AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2024/08/06 12:0 a.m.•24 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 5 security fixes: 350528343 Critical CVE-2024-7532: Out of bounds memory access in ANGLE. Reported by wgslfuzz on 2024-07-02 353552540 High CVE-2024-7533: Use after free in Sharing. Reported by lime@limeSec from TIANGONG Team of Legendsec at QI-ANXIN...

8.8CVSS8.5AI score0.00783EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/08/06 12:0 a.m.•363 views

OpenSSH -- Pre-authentication async signal safety issue

The FreeBSD Project reports: A signal handler in sshd8 may call a logging function that is not async- signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds 120 by default. This signal handler executes in the context of the sshd8's...

8.4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2024/08/06 12:0 a.m.•14 views

firefox -- multiple vulnerabilities

[email protected] reports: This update includes 3 CVEs: The contextual menu for links could provide an opportunity for cross-site scripting attacks. Long pressing on a download link could potentially provide a means for cross-site scripting. Long pressing on a download link could potentially...

9.8CVSS6.5AI score0.00255EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2024/08/06 12:0 a.m.•16 views

mozilla products -- spoofing attack

[email protected] reports: Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1...

6.5CVSS7AI score0.0048EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/08/06 12:0 a.m.•34 views

firefox -- multiple vulnerabilities

[email protected] reports: CVE-2024-7531: Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the...

9.8CVSS7.2AI score0.00602EPSS
Exploits0References9
FreeBSD
FreeBSD
•added 2024/08/05 12:0 a.m.•30 views

qt5-webengine -- Multiple vulnerabilities

Backports for 6 security bugs in Chromium: CVE-2024-5496: Use after free in Media Session CVE-2024-5846: Use after free in PDFium CVE-2024-6291: Use after free in Swiftshader CVE-2024-6989: Use after free in Loader CVE-2024-6996: Race in Frames CVE-2024-7536: Use after free in WebAudio...

8.8CVSS7.9AI score0.00819EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2024/08/04 12:0 a.m.•13 views

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009 XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008 information leak access to remote content via insufficient CSS filtering CVE-2024-42010...

9.3CVSS6.9AI score0.83387EPSS
Exploits9References1
FreeBSD
FreeBSD
•added 2024/08/01 12:0 a.m.•14 views

soft-serve -- Remote code execution vulnerability

soft-serve team reports: Arbitrary code execution by crafting git ssh requests It is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git...

8.1CVSS8.4AI score0.00509EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/08/01 12:0 a.m.•28 views

Django -- multiple vulnerabilities

Django reports: CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat. CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize. CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize and AdminURLFieldWidget. CVE-2024-42005:...

9.8CVSS8.4AI score0.01258EPSS
Exploits0References1
Total number of security vulnerabilities6579