Lucene search
K
FreebsdRecent

6579 matches found

FreeBSD
FreeBSD
•added 2024/03/27 12:0 a.m.•34 views

Gitlab -- vulnerabilities

Gitlab reports: Stored-XSS injected in Wiki page via Banzai pipeline DOS using crafted emojis...

8.7CVSS7.3AI score0.00945EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/03/26 12:0 a.m.•24 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 7 security fixes: 327807820 Critical CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim@cassidy6564 on 2024-03-03 328958020 High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on 2024-03-11 330575496 High CVE-2024-2886: Use...

8.8CVSS7.6AI score0.19883EPSS
Exploits8References1
FreeBSD
FreeBSD
•added 2024/03/25 12:0 a.m.•6 views

phpmyfaq -- multiple vulnerabilities

phpMyFAQ team reports: The phpMyFAQ Team has learned of multiple security issues that'd been discovered in phpMyFAQ 3.2.5 and earlier. phpMyFAQ contains cross-site scripting XSS, SQL injection and bypass vulnerabilities...

8AI score
Exploits0References8
FreeBSD
FreeBSD
•added 2024/03/24 12:0 a.m.•26 views

emacs -- multiple vulnerabilities

GNU Emacs developers report: Emacs 29.3 is an emergency bugfix release intended to fix several security vulnerabilities. Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. This is for security reasons, to avoid evaluating malicious Lisp code. New buffer-local variable...

7.8CVSS7.5AI score0.01108EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/03/20 12:0 a.m.•11 views

security/shibboleth-idp -- CAS service SSRF

Shibboleth Developers report: The Identity Provider's CAS support relies on a function in the Spring Framework to parse CAS service URLs and append the ticket parameter...

7.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2024/03/20 12:0 a.m.•34 views

jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty

Jenkins Security Advisory: Description High SECURITY-3379 / CVE-2024-22201 HTTP/2 denial of service vulnerability in bundled Jetty...

7.5CVSS7.2AI score0.01433EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/03/20 12:0 a.m.•25 views

jose -- DoS vulnerability

[email protected] reports: latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

7.5CVSS6.9AI score0.01383EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/03/19 12:0 a.m.•27 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 12 security fixes: 327740539 High CVE-2024-2625: Object lifecycle issue in V8. Reported by Ganjiang Zhou@refrainareu of ChaMd5-H1 team on 2024-03-01 40945098 Medium CVE-2024-2626: Out of bounds read in Swiftshader. Reported by Cassidy Kim@cassidy6564 ...

8.8CVSS7.7AI score0.01044EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/03/15 12:0 a.m.•9 views

mediawiki -- multiple vulnerabilities

Mediawiki reports: T355538, CVE-2024-PENDING SECURITY: XSS in edit summary parser. T357760, CVE-2024-PENDING SECURITY: Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages...

6.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2024/03/14 12:0 a.m.•47 views

amavisd-new -- multipart boundary confusion

The Amavis project reports: Emails which consist of multiple parts Content-Type: multipart/ incorporate boundary information stating at which point one part ends and the next part begins. A boundary is announced by an Content-Type header's boundary parameter. To our current knowledge, RFC2046 and...

7.4CVSS6.9AI score0.00826EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/03/13 12:0 a.m.•21 views

electron{27,28} -- Out of bounds memory access in V8

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-2173...

8.8CVSS7AI score0.13556EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/03/13 12:0 a.m.•40 views

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.13 Changelog SECURITY - high SQL Injection in through the search engine CVE-2024-27096 SECURITY - moderate Blind SSRF using Arbitrary Object Instantiation CVE-2024-27098 SECURITY - moderate Stored XSS in dashboards CVE-2024-27104 SECURITY - moderate Reflected XSS in...

9.6CVSS7.6AI score0.58818EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2024/03/12 12:0 a.m.•49 views

quiche -- Multiple Vulnerabilities

Quiche Releases reports: This release includes 2 security fixes: CVE-2024-1410: Unbounded storage of information related to connection ID retirement, in quiche. Reported by Marten Seeman @marten-seeman CVE-2024-1765: Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche. Reported...

7.5CVSS6.9AI score0.01175EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/03/07 12:0 a.m.•47 views

databases/mongodb* -- Improper Certificate Validation

MongoDB, Inc. reports: A security vulnerability was found where a server process running MongoDB 3.2.6 or later will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled net.tls.mode set to allowTLS, preferTLS, or requireTLS and without...

9.8CVSS7.3AI score0.005EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/03/07 12:0 a.m.•23 views

Unbound -- Denial-of-Service vulnerability

NLNet Labs reports: Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an...

7.5CVSS6.9AI score0.02516EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/03/06 12:0 a.m.•27 views

electron{27,28} -- vulnerability in libxml2

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-25062...

7.5CVSS7.4AI score0.01364EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2024/03/06 12:0 a.m.•30 views

Gitlab -- Vulnerabilities

Gitlab reports: Bypassing CODEOWNERS approval allowing to steal protected variables Guest with manage group access tokens can rotate and see group access token with owner permissions...

8CVSS7.3AI score0.00706EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/03/05 12:0 a.m.•42 views

go -- multiple vulnerabilities

The Go project reports reports: crypto/x509: Verify panics on certificates with an unknown public key algorithm Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. net/http: memory exhaustion in...

7.5CVSS6.7AI score0.01165EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/03/05 12:0 a.m.•34 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 325893559 High CVE-2024-2173: Out of bounds memory access in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-02-19 325866363 High CVE-2024-2174: Inappropriate implementation in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be...

8.8CVSS7.7AI score0.13556EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2024/02/28 12:0 a.m.•32 views

electron{27,28} -- Use after free in Mojo

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-1670...

8.8CVSS7AI score0.08994EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/02/27 12:0 a.m.•50 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 324596281 High CVE-2024-1938: Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-11 323694592 High CVE-2024-1939: Type Confusion in V8. Reported by Bohan Liu @P4nda20371774 of Tencent Security Xuanwu Lab on...

8.8CVSS7.1AI score0.02557EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2024/02/26 12:0 a.m.•15 views

null -- Routinator terminates when RTR connection is reset too quickly after opening

[email protected] reports: Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening...

7.5CVSS7AI score0.01004EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/25 12:0 a.m.•29 views

Django -- multiple vulnerabilities

Django reports: CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words...

5.3CVSS7.1AI score0.01854EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/23 12:0 a.m.•28 views

dns/c-ares -- malformatted file causes application crash

c-ares project reports: Reading malformatted /etc/resolv.conf, /etc/nsswitch.conf or the HOSTALIASES file could result in a crash...

5.5CVSS7AI score0.00349EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/23 12:0 a.m.•12 views

gitea -- Fix XSS vulnerabilities

Problem Description: The Wiki page did not sanitize author name the reviewer name on a "dismiss review" comment is also affected the migration page has some spots...

7.3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/21 12:0 a.m.•30 views

electron27 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-1283. Security: backported fix for CVE-2024-1284...

9.8CVSS7.4AI score0.0152EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2024/02/21 12:0 a.m.•24 views

Gitlab -- Vulnerabilities

Gitlab reports: Stored-XSS in user's profile page User with "admingroupmembers" permission can invite other groups to gain owner access ReDoS issue in the Codeowners reference extractor LDAP user can reset password using secondary email and login using direct authentication Bypassing group ip...

8.7CVSS7.7AI score0.51467EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/20 12:0 a.m.•27 views

null -- null

[email protected] reports: On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node....

7.8CVSS7.4AI score0.00562EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/20 12:0 a.m.•30 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 12 security fixes: 41495060 High CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous on 2024-01-26 41481374 High CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim@cassidy6564 on 2023-12-06 41487933 Medium...

9.8CVSS7AI score0.18552EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2024/02/14 12:0 a.m.•74 views

nginx-devel -- Multiple Vulnerabilities in HTTP/3

The nginx development team reports: When using HTTP/3 a segmentation fault might occur in a worker process while processing a specially crafted QUIC session...

7.5CVSS6.8AI score0.01061EPSS
Exploits0
FreeBSD
FreeBSD
•added 2024/02/14 12:0 a.m.•59 views

powerdns-recursor -- Multiple Vulnerabilities

[email protected] reports: CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3"...

7.5CVSS7.4AI score0.99995EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2024/02/14 12:0 a.m.•24 views

FreeBSD -- jail(2) information leak

Problem Description: The jail2 system call has not limited a visiblity of allocated TTYs the kern.ttys sysctl. This gives rise to an information leak about processes outside the current jail. Impact: Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the...

3.3CVSS6.8AI score0.00181EPSS
Exploits0
FreeBSD
FreeBSD
•added 2024/02/14 12:0 a.m.•53 views

NodeJS -- Vulnerabilities

Node.js reports: Code injection and privilege escalation through Linux capabilities- High http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- High Path traversal by monkey-patching Buffer internals- High setuid does not drop all privileges due to iouring - Hi...

9.8CVSS7.9AI score0.03168EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/14 12:0 a.m.•22 views

FreeBSD -- bhyveload(8) host file access

Problem Description: bhyveload -h may be used to grant loader access to the directory tree on the host. Affected versions of bhyveload8 do not make any attempt to restrict loader's access to , allowing the loader to read any file the host user has access to. Impact: In the bhyveload8 model, the...

6.3CVSS5.9AI score0.00506EPSS
Exploits0
FreeBSD
FreeBSD
•added 2024/02/13 12:0 a.m.•37 views

typo3-{11,12} -- multiple vulnerabilities

Typo3 developers reports: All versions are security releases and contain important security fixes - read the corresponding security advisories here: Path Traversal in TYPO3 File Abstraction Layer Storages CVE-2023-30451 Code Execution in TYPO3 Install Tool CVE-2024-22188 Information Disclosure of...

7.2CVSS7.1AI score0.02017EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2024/02/13 12:0 a.m.•9 views

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix...

7.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/12 12:0 a.m.•29 views

Grafana -- Data source permission escalation

Grafana Labs reports: The vulnerability impacts Grafana Cloud and Grafana Enterprise instances, and it is exploitable if a user who should not be able to access all data sources is granted permissions to create a data source. By default, only organization Administrators are allowed to create a da...

8.8CVSS6.7AI score0.00802EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/08 12:0 a.m.•37 views

postgresql-server -- non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL

PostgreSQL Project reports: One step of a concurrent refresh command was run under weak security restrictions. If a materialized view's owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view's owner could control code executed with th...

8CVSS7.7AI score0.01465EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/08 12:0 a.m.•27 views

Composer -- Code execution and possible privilege escalation

Copmposer reports: Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php. Several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions...

8.8CVSS8.2AI score0.00273EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/07 12:0 a.m.•44 views

clamav -- Multiple vulnerabilities

The ClamAV project reports: CVE-2024-20290 A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during...

7.5CVSS8.1AI score0.84841EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/07 12:0 a.m.•32 views

Gitlab -- vulnerabilities

Gitlab reports: Restrict group access token creation for custom roles Project maintainers can bypass group's scan result policy blockbranchmodification setting ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax Resource exhaustion using GraphQL vulnerabilitiesCountByDay...

7.5CVSS7.4AI score0.00631EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/06 12:0 a.m.•25 views

Libgit2 -- multiple vulnerabilities

Git community reports: A bug in gitrevparsesingle is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application A bug in gitrevparsesingle is fixed that could have caused the function to...

9.8CVSS7.1AI score0.01546EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/06 12:0 a.m.•32 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 41494539 High CVE-2024-1284: Use after free in Mojo. Reported by Anonymous on 2024-01-25 41494860 High CVE-2024-1283: Heap buffer overflow in Skia. Reported by Jorge Buzeti @r3tr074 on 2024-01-25...

9.8CVSS8.5AI score0.0152EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/02/06 12:0 a.m.•107 views

DNSSEC validators -- denial-of-service/CPU exhaustion from KeyTrap and NSEC3 vulnerabilities

Simon Kelley reports: If DNSSEC validation is enabled, then an attacker who can force a DNS server to validate a specially crafted signed domain can use a lot of CPU in the validator. This only affects dnsmasq installations with DNSSEC enabled. Stichting NLnet Labs reports: The KeyTrap...

7.5CVSS7.1AI score0.99995EPSS
Exploits1References5
FreeBSD
FreeBSD
•added 2024/02/05 12:0 a.m.•13 views

phpmyfaq -- multiple vulnerabilities

phpMyFAQ team reports: phpMyFAQ doesn't implement sufficient checks to avoid XSS when storing on attachments filenames. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. phpMyFAQ's user removal...

6.6AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2024/02/01 12:0 a.m.•23 views

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.12 Changelog SECURITY - moderate Reflected XSS in reports pages CVE-2024-23645 SECURITY - moderate LDAP Injection during authentication CVE-2023-51446...

8.1CVSS7AI score0.00886EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/31 12:0 a.m.•55 views

curl -- OCSP verification bypass with TLS session reuse

Hiroki Kurosawa reports: curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS6.8AI score0.01102EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/01/31 12:0 a.m.•41 views

electron{26,27,28} -- Use after free in Web Audio

Electron developers reports: This update fixes the following vulnerability: Security: backported fix for CVE-2024-0807...

8.8CVSS7.4AI score0.0048EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/31 12:0 a.m.•14 views

minio -- privilege escalation via permissions inheritance

Minio security advisory GHSA-xx8w-mq23-29g4 ports: When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be...

8.8CVSS6.9AI score0.34086EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2024/01/30 12:0 a.m.•29 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 1511567 High CVE-2024-1060: Use after free in Canvas. Reported by Anonymous on 2023-12-14 1514777 High CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim@cassidy6564 on 2023-12-29 1511085 High CVE-2024-1077: Use after...

8.8CVSS7.9AI score0.00936EPSS
Exploits0References1
Total number of security vulnerabilities6579