Lucene search
K
FreebsdRecent

6579 matches found

FreeBSD
FreeBSD
added 2024/07/30 12:0 a.m.23 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 353034820 Critical CVE-2024-6990: Uninitialized Use in Dawn. Reported by gelatin dessert on 2024-07-15 352872238 High CVE-2024-7255: Out of bounds read in WebTransport. Reported by Marten Richter on 2024-07-13 354748060 High...

8.8CVSS7.2AI score0.00865EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2024/07/26 12:0 a.m.14 views

Mailpit -- Content Security Policy XSS

Mailpit developer reports: A vulnerability was discovered which allowed a bad actor with SMTP access to Mailpit to bypass the Content Security Policy headers using a series of crafted HTML messages which could result in a stored XSS attack via the web UI...

6.1AI score
Exploits0References1
FreeBSD
FreeBSD
added 2024/07/24 12:0 a.m.28 views

Gitlab -- Vulnerabilities

Gitlab reports: XSS via the Maven Dependency Proxy Project level analytics settings leaked in DOM Reports can access and download job artifacts despite use of settings to prevent it Direct Transfer - Authorised project/group exports are accessible to other users Bypassing tag check and branch che...

6.8AI score
Exploits0References1
FreeBSD
FreeBSD
added 2024/07/23 12:0 a.m.28 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 22 security fixes: 349198731 High CVE-2024-6988: Use after free in Downloads. Reported by lime@limeSec from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-25 349342289 High CVE-2024-6989: Use after free in Loader. Reported by Anonymous on...

8.8CVSS8.2AI score0.00538EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/07/17 12:0 a.m.24 views

electron29 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6291. Security: backported fix for CVE-2024-6293. Security: backported fix for CVE-2024-6290. Security: backported fix for CVE-2024-6292...

8.8CVSS7AI score0.00546EPSS
Exploits4References4
FreeBSD
FreeBSD
added 2024/07/17 12:0 a.m.91 views

Apache httpd -- Source code disclosure with handlers configured via AddType

The Apache httpd project reports: source code disclosure with handlers configured via AddType CVE-2024-40725 Important: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar...

6.2CVSS6.8AI score0.04134EPSS
Exploits3References1
FreeBSD
FreeBSD
added 2024/07/16 12:0 a.m.34 views

MySQL -- Multiple vulnerabilities

Oracle reports: 36 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 9.8...

7.2AI score
Exploits0References1
FreeBSD
FreeBSD
added 2024/07/11 12:0 a.m.22 views

electron29 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6291. Security: backported fix for CVE-2024-6293. Security: backported fix for CVE-2024-6290. Security: backported fix for CVE-2024-6292...

8.8CVSS8.8AI score0.00546EPSS
Exploits4References4
FreeBSD
FreeBSD
added 2024/07/10 12:0 a.m.43 views

Gitlab -- vulnerabilities

Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with admincomplianceframework permission can change group URL Admin push rules custom role allows creation of project level deploy token Package registry vulnerable to manifest confusion User with admingroupmemb...

9.8CVSS7AI score0.06036EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2024/07/10 12:0 a.m.36 views

electron30 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-5493. Security: backported fix for CVE-2024-5831. Security: backported fix for CVE-2024-5832. Security: backported fix for CVE-2024-6100. Security: backported fix for CVE-2024-6101...

8.8CVSS7.8AI score0.01123EPSS
Exploits5References10
FreeBSD
FreeBSD
added 2024/07/04 12:0 a.m.43 views

Apache httpd -- source code disclosure

The Apache httpd project reports: isource code disclosure with handlers configured via AddType CVE-2024-39884 Important. A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under so...

6.2CVSS6.9AI score0.00889EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/07/03 12:0 a.m.12 views

znc -- remote code execution vulnerability

Mitre reports: In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK...

9.8CVSS8.2AI score0.03862EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2024/07/02 12:0 a.m.13 views

traefik -- Bypassing IP allow-lists via HTTP/3 early data requests

The traefik authors report: There is a vulnerability in Traefik that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses...

7.5CVSS6.9AI score0.00594EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/07/02 12:0 a.m.38 views

go -- net/http: denial of service due to improper 100-continue handling

The Go project reports: net/http: denial of service due to improper 100-continue handling The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a clien...

7.5CVSS6.9AI score0.01414EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/07/01 12:0 a.m.23 views

Django -- multiple vulnerabilities

Django reports: CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize. CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords. CVE-2024-39330: Potential directory-traversal in django.core.files.storage.Storage.save. CVE-2024-39614:...

7.5CVSS6.9AI score0.28637EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/07/01 12:0 a.m.478 views

OpenSSH -- Race condition resulting in potential remote code execution

The OpenSSH project reports: A race condition in sshd8 could allow remote code execution as root on non-OpenBSD systems...

8.1CVSS8.5AI score0.99506EPSS
Exploits68References1
FreeBSD
FreeBSD
added 2024/07/01 12:0 a.m.72 views

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: DoS by Null pointer in websocket over HTTP/2 CVE-2024-36387 Low. Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. Proxy encoding problem...

9.8CVSS7.2AI score0.99957EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2024/06/27 12:0 a.m.28 views

electron29 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-5499. Security: backported fix for CVE-2024-5493. Security: backported fix for CVE-2024-5494. Security: backported fix for CVE-2024-5495. Security: backported fix for CVE-2024-5496...

8.8CVSS7.4AI score0.01123EPSS
Exploits9References14
FreeBSD
FreeBSD
added 2024/06/27 12:0 a.m.9 views

security/openvpn-auth-ldap -- Fix buffer overflow in challenge/response

Graham Northup reports: A buffer overflow in extractopenvpncr allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this field and cause a buffer overflow...

6.3CVSS7.5AI score0.00421EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/06/26 12:0 a.m.49 views

Gitlab -- Vulnerabilities

Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's mer...

9.6CVSS6AI score0.32784EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2024/06/24 12:0 a.m.26 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 5 security fixes: 342428008 High CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz on 2024-05-23 40942995 High CVE-2024-6291: Use after free in Swiftshader. Reported by Cassidy Kim@cassidy6564 on 2023-11-15 342545100 High CVE-2024-6292: Use...

8.8CVSS7.6AI score0.00546EPSS
Exploits4References1
FreeBSD
FreeBSD
added 2024/06/22 12:0 a.m.8 views

emacs -- Arbitrary shell code evaluation vulnerability

GNU Emacs developers report: Emacs 29.4 is an emergency bugfix release intended to fix a security vulnerability. Arbitrary shell commands are no longer run when turning on Org mode in order to avoid running malicious code...

7.5AI score
Exploits0References1
FreeBSD
FreeBSD
added 2024/06/18 12:0 a.m.21 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 6 security fixes: 344608204 High CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee @0x10n participating in SSD Secure Disclosure's TyphoonPWN 2024 on 2024-06-04 343748812 High CVE-2024-6101: Inappropriate implementation in WebAssembly...

8.8CVSS7.6AI score0.01123EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/06/16 12:0 a.m.27 views

netatalk3 -- Multiple vulnerabilities

[email protected] reports: This entry documents the following three vulnerabilities: Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuflen to '\0' in FPMapName in afpmapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions...

9.8CVSS7.6AI score0.00931EPSS
Exploits3References3
FreeBSD
FreeBSD
added 2024/06/12 12:0 a.m.26 views

Gitlab -- Vulnerabilities

Gitlab reports: ReDoS in gomod dependency linker ReDoS in CI interpolation fix bypass ReDoS in Asana integration issue mapping when webhook is called XSS and content injection when viewing raw XHTML files on iOS devices Missing agentk request validation could cause KAS to panic...

6.5CVSS6.6AI score0.00575EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/06/11 12:0 a.m.32 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 21 security fixes: 342456991 High CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-05-24 339171223 High CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz on 2024-05-07 340196361 High CVE-2024-5832: U...

8.8CVSS8.4AI score0.00924EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2024/06/11 12:0 a.m.22 views

firefox -- Multiple vulnerabilities

[email protected] reports: CVE-2024-5697: A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. CVE-2024-5698: By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box ove...

6.1CVSS6.7AI score0.00395EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2024/06/11 12:0 a.m.21 views

mozilla firefox -- protocol information guessing

[email protected] reports: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

4.3CVSS7AI score0.00736EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/06/11 12:0 a.m.21 views

traefik -- Azure Identity Libraries Elevation of Privilege Vulnerability

The traefik authors report: There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...

5.5CVSS6.9AI score0.00788EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/06/10 12:0 a.m.22 views

Composer -- Multiple command injections via malicious git/hg branch names

Composer project reports: The status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. The composer install command running inside a git/hg repository which has specially crafted bran...

8.8CVSS7.4AI score0.03255EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2024/06/06 12:0 a.m.24 views

kanboard -- Project Takeover via IDOR in ProjectPermissionController

[email protected] reports: Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser. The users permission to add users to a project only get checked on the URL parameter projectid. I...

8.2CVSS8AI score0.00353EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2024/06/05 12:0 a.m.21 views

traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses

The traefik authors report: There is a vulnerability in Go managing various Is methods IsPrivate, IsLoopback, etc for IPv4-mapped IPv6 addresses. They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms...

9.8CVSS6.9AI score0.01952EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/06/04 12:0 a.m.28 views

go -- multiple vulnerabilities

The Go project reports: archive/zip: mishandling of corrupt central directory record The archive/zip package's handling of certain types of invalid zip files differed from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary...

5.5CVSS6.8AI score0.00446EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/06/03 12:0 a.m.30 views

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.16 Changelog SECURITY - high Account takeover via SQL Injection in AJAX scripts CVE-2024-37148 SECURITY - high Remote code execution through the plugin loader CVE-2024-37149 SECURITY - moderate Authenticated file upload to restricted tickets CVE-2024-37147...

8.8CVSS9AI score0.21078EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2024/05/31 12:0 a.m.30 views

qt5-webengine -- Multiple vulnerabilities

Backports for 5 security bugs in Chromium: CVE-2024-3837: Use after free in QUIC CVE-2024-3839: Out of bounds read in Fonts CVE-2024-3914: Use after free in V8 CVE-2024-4058: Type confusion in ANGLE CVE-2024-4558: Use after free in ANGLE...

9.6CVSS7.9AI score0.08875EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2024/05/31 12:0 a.m.31 views

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 7 security bugs in Chromium: CVE-2024-4948: Use after free in Dawn CVE-2024-5274: Type Confusion in V8 CVE-2024-5493: Heap buffer overflow in WebRTC CVE-2024-5494: Use after free in Dawn CVE-2024-5495: Use after free in Dawn CVE-2024-5496: Use...

9.6CVSS8.6AI score0.1002EPSS
Exploits9References1
FreeBSD
FreeBSD
added 2024/05/31 12:0 a.m.19 views

plasma[56]-plasma-workspace -- Unauthorized users can access session manager

David Edmundson reports: KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature ...

7.8CVSS7.4AI score0.00293EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/05/30 12:0 a.m.28 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 11 security fixes: 339877165 High CVE-2024-5493: Heap buffer overflow in WebRTC. Reported by Cassidy Kim@cassidy6564 on 2024-05-11 338071106 High CVE-2024-5494: Use after free in Dawn. Reported by wgslfuzz on 2024-05-01 338103465 High CVE-2024-5495: U...

8.8CVSS7.5AI score0.00892EPSS
Exploits7References1
FreeBSD
FreeBSD
added 2024/05/29 12:0 a.m.224 views

nginx -- Multiple Vulnerabilities in HTTP/3

The nginx development team reports: This update fixes the following vulnerabilities: Stack overflow and use-after-free in HTTP/3 Buffer overwrite in HTTP/3 Memory disclosure in HTTP/3 NULL pointer dereference in HTTP/3...

6.5CVSS5.6AI score0.00917EPSS
Exploits0
FreeBSD
FreeBSD
added 2024/05/28 12:0 a.m.44 views

OpenSSL -- Use after free vulnerability

The OpenSSL project reports: Use After Free with SSLfreebuffers low. Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations...

7.5CVSS6.9AI score0.02945EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/05/28 12:0 a.m.21 views

minio -- unintentional information disclosure

Minio security advisory GHSA-95fr-cm4m-q5p9 reports: when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information...

5.3CVSS7AI score0.00549EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/05/23 12:0 a.m.21 views

python -- several vulnerabilities

Hugo van Kemenade reports: Python 3.14.2 and 3.13.11 are now available ... and come with some bonus security fixes. gh-142145: Remove quadratic behavior in node ID cache clearing CVE-2025-12084 gh-119451: Fix a potential denial of service in http.client only in 3.13; CVE-2025-13836 gh-119452: Fix...

7.5CVSS6.8AI score0.01525EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2024/05/23 12:0 a.m.26 views

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 341663589 High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20...

9.6CVSS7.1AI score0.1002EPSS
Exploits3References1
FreeBSD
FreeBSD
added 2024/05/22 12:0 a.m.32 views

electron29 -- use after free in Dawn

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-4948...

8.8CVSS7.4AI score0.00939EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2024/05/22 12:0 a.m.40 views

Gitlab -- Vulnerabilities

Gitlab reports: 1-click account takeover via XSS in the code editor in gitlab.com A DOS vulnerability in the 'description' field of the runner CSRF via K8s cluster-integration Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipelineid did not match Redos o...

8.8CVSS6AI score0.72648EPSS
Exploits18References1
FreeBSD
FreeBSD
added 2024/05/22 12:0 a.m.29 views

electron28 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-4948. Security: backported fix for CVE-2024-3914. Security: backported fix for CVE-2024-4060. Security: backported fix for CVE-2024-4058. Security: backported fix for CVE-2024-4558...

9.6CVSS7AI score0.08875EPSS
Exploits4References5
FreeBSD
FreeBSD
added 2024/05/21 12:0 a.m.32 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 15 security fixes: 336012573 High CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang on 2024-04-21 338908243 High CVE-2024-5158: Type Confusion in V8. Reported by Zhenghang Xiao @Kipreyyy on 2024-05-06 335613092 High CVE-2024-5159:...

9.6CVSS8.1AI score0.15111EPSS
Exploits9References1
FreeBSD
FreeBSD
added 2024/05/19 12:0 a.m.15 views

Roundcube -- Cross-site scripting vulnerabilities

The Roundcube project reports: cross-site scripting XSS vulnerability in handling SVG animate attributes. cross-site scripting XSS vulnerability in handling list columns from user preferences...

6.3AI score
Exploits0References1
FreeBSD
FreeBSD
added 2024/05/16 12:0 a.m.30 views

openvpn -- two security fixes

Gert Doering reports that OpenVPN 2.6.11 fixes two security bugs three on Windows: CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. Reynir Björnss...

9.1CVSS6.8AI score0.00805EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/05/16 12:0 a.m.24 views

OpenSSL -- Denial of Service vulnerability

The OpenSSL project reports: Excessive time spent checking DSA keys and parameters Low Checking excessively long DSA keys or parameters may be very slow...

5.3CVSS6.4AI score0.01131EPSS
Exploits0References1
Total number of security vulnerabilities6579