Lucene search
K
FreebsdRecent

6580 matches found

FreeBSD
FreeBSD
•added 2024/01/30 12:0 a.m.•29 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 1511567 High CVE-2024-1060: Use after free in Canvas. Reported by Anonymous on 2023-12-14 1514777 High CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim@cassidy6564 on 2023-12-29 1511085 High CVE-2024-1077: Use after...

8.8CVSS7.9AI score0.00936EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/30 12:0 a.m.•46 views

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 3 security bugs in Chromium: 1505080 High CVE-2024-0807: Use after free in WebAudio 1504936 Critical CVE-2024-0808: Integer underflow in WebUI 1496250 Medium CVE-2024-0810: Insufficient policy enforcement in DevTools...

9.8CVSS7.7AI score0.00548EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/30 12:0 a.m.•39 views

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: Excessive time spent checking invalid RSA public keys CVE-2023-6237 PKCS12 Decoding crashes CVE-2024-0727...

5.9CVSS6.9AI score0.03174EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2024/01/25 12:0 a.m.•53 views

Gitlab -- vulnerabilities

Gitlab reports: Arbitrary file write while creating workspace ReDoS in Cargo.toml blob viewer Arbitrary API PUT requests via HTML injection in user's name Disclosure of the public email in Tags RSS Feed Non-Member can update MR Assignees of owned MRs...

9.9CVSS7.1AI score0.04392EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2024/01/24 12:0 a.m.•11 views

gitea -- Prevent anonymous container access

Problem Description: Even with RequireSignInView enabled, anonymous users can use docker pull to fetch public images...

7.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/24 12:0 a.m.•70 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Critical SECURITY-3314 / CVE-2024-23897 Arbitrary file read vulnerability through the CLI can lead to RCE Description High SECURITY-3315 / CVE-2024-23898 Cross-site WebSocket hijacking vulnerability in the CLI...

9.8CVSS7.1AI score0.99999EPSS
Exploits47References1
FreeBSD
FreeBSD
•added 2024/01/23 12:0 a.m.•33 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 17 security fixes: 1484394 High CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous on 2023-09-19 1504936 High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane rebane2001 on 2023-11-24 1496250 Medium...

9.8CVSS7.8AI score0.00579EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/22 12:0 a.m.•24 views

suricata -- multiple vulnerabilities

Suricata team reports: Multiple vulnerabilities fixed in the last release of suricata. No details have been disclosed yet...

8.1CVSS7.6AI score0.01193EPSS
Exploits1
FreeBSD
FreeBSD
•added 2024/01/22 12:0 a.m.•14 views

zeek -- potential DoS vulnerability

Tim Wojtulewicz of Corelight reports: A specially-crafted series of packets containing nested MIME entities can cause Zeek to spend large amounts of time parsing the entities...

7.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/18 12:0 a.m.•32 views

electron26 -- Out of bounds memory access in V8

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-0519...

8.8CVSS7.4AI score0.03769EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/01/17 12:0 a.m.•28 views

electron{26,27} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-0518. Security: backported fix for CVE-2024-0517...

8.8CVSS6.4AI score0.21697EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2024/01/16 12:0 a.m.•20 views

sqlite -- use-after-free bug in jsonparseaddnodearray

[email protected] reports: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading t...

5.5CVSS6.8AI score0.00343EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/01/16 12:0 a.m.•35 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 1515930 High CVE-2024-0517: Out of bounds write in V8. Reported by Toan suto Pham of Qrious Secure on 2024-01-06 1507412 High CVE-2024-0518: Type Confusion in V8. Reported by Ganjiang Zhou@refrainareu of ChaMd5-H1 team on 2023-12-03...

8.8CVSS7.5AI score0.21697EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2024/01/16 12:0 a.m.•37 views

xorg server -- Multiple vulnerabilities

The X.Org project reports: CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255 but the X.Org Server was only...

9.8CVSS7.9AI score0.02106EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/11 12:0 a.m.•42 views

Gitlab -- vulnerabilities

Gitlab reports: Account Takeover via Password Reset without user interactions Attacker can abuse Slack/Mattermost integrations to execute slash commands as another user Bypass CODEOWNERS approval removal Workspaces able to be created under different root namespace Commit signature validation...

10CVSS7.1AI score0.94955EPSS
Exploits16References1
FreeBSD
FreeBSD
•added 2024/01/10 12:0 a.m.•32 views

electron{26,27} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-0224. Security: backported fix for CVE-2024-0225. Security: backported fix for CVE-2024-0223. Security: backported fix for CVE-2024-0222...

8.8CVSS7AI score0.10114EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2024/01/09 12:0 a.m.•51 views

Django -- multiple vulnerabilities

Django reports: CVE-2024-24680:Potential denial-of-service in intcomma template filter...

7.5CVSS7.3AI score0.01606EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/09 12:0 a.m.•39 views

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 1513379 High CVE-2024-0333: Insufficient data validation in Extensions. Reported by Malcolm Stagg @malcolmst of SODIUM-24, LLC on 2023-12-20...

5.3CVSS7.5AI score0.00429EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/09 12:0 a.m.•37 views

OpenSSL -- Vector register corruption on PowerPC

The OpenSSL Team reports: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions...

6.5CVSS7.6AI score0.02323EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2024/01/08 12:0 a.m.•38 views

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 15 security bugs in Chromium: 1505053 High CVE-2023-6345: Integer overflow in Skia 1500856 High CVE-2023-6346: Use after free in WebAudio 1494461 High CVE-2023-6347: Use after free in Mojo 1501326 High CVE-2023-6702: Type Confusion in V8 1502102...

9.6CVSS10AI score0.43238EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2024/01/08 12:0 a.m.•76 views

qt5-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 8 security bugs in Chromium: 1505053 High CVE-2023-6345: Integer overflow in Skia 1501326 High CVE-2023-6702: Type Confusion in V8 1513170 High CVE-2023-7024: Heap buffer overflow in WebRTC 1501798 High CVE-2024-0222: Use after free in ANGLE...

9.6CVSS10AI score0.43238EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2024/01/04 12:0 a.m.•35 views

electron26 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6704. Security: backported fix for CVE-2023-6705. Security: backported fix for CVE-2023-6703. Security: backported fix for CVE-2023-6702...

8.8CVSS7.4AI score0.43238EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2024/01/04 12:0 a.m.•57 views

electron27 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6706. Security: backported fix for CVE-2023-6705. Security: backported fix for CVE-2023-6703. Security: backported fix for CVE-2023-6702. Security: backported fix for CVE-2023-6704...

8.8CVSS7.4AI score0.43238EPSS
Exploits1References5
FreeBSD
FreeBSD
•added 2024/01/03 12:0 a.m.•47 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 6 security fixes: 1501798 High CVE-2024-0222: Use after free in ANGLE. Reported by Toan suto Pham of Qrious Secure on 2023-11-13 1505009 High CVE-2024-0223: Heap buffer overflow in ANGLE. Reported by Toan suto Pham and Tri Dang of Qrious Secure on...

8.8CVSS8.5AI score0.10114EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/12/29 12:0 a.m.•26 views

p5-Spreadsheet-ParseExcel -- Remote Code Execution Vulnerability

Spreadsheet-ParseExcel reports: Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type eval "eval". Specifically, the...

7.8CVSS8AI score0.167EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/12/24 12:0 a.m.•16 views

go-git -- DoS vulnerability

The go-git project reports: See link for details...

5.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2023/12/21 12:0 a.m.•34 views

electron{26,27} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6508. Security: backported fix for CVE-2023-7024...

8.8CVSS7.1AI score0.07356EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2023/12/20 12:0 a.m.•30 views

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 1513170 High CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group on 2023-12-19...

8.8CVSS7.9AI score0.07356EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2023/12/19 12:0 a.m.•11 views

gitea -- Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin

The Gitea team reports: Update golang.org/x/crypto...

7.3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2023/12/19 12:0 a.m.•45 views

FreeBSD -- Prefix Truncation Attack in the SSH protocol

Problem Description: The SSH protocol executes an initial handshake between the server and the client. This protocol handshake includes the possibility of several extensions allowing different options to be selected. Validation of the packets in the handshake is done through sequence numbers...

5.9CVSS7.4AI score0.9378EPSS
Exploits4
FreeBSD
FreeBSD
•added 2023/12/14 12:0 a.m.•22 views

QtNetwork -- potential buffer overflow

Andy Shaw reports: A potential integer overflow has been discovered in Qt's HTTP2 implementation. If the HTTP2 implementation receives more than 4GiB in total headers, or more than 2GiB for any given header pair, then the internal buffers may overflow...

9.8CVSS7.7AI score0.00986EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/12/13 12:0 a.m.•32 views

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.11 Changelog SECURITY - moderate Authenticated SQL Injection CVE-2023-43813 SECURITY - high SQL injection through inventory agent request CVE-2023-46727 SECURITY - high Remote code execution from LDAP server configuration form on PHP 7.4 CVE-2023-46726...

9.8CVSS9.5AI score0.67107EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/12/13 12:0 a.m.•37 views

xorg-server -- Multiple vulnerabilities

The X.Org project reports: CVE-2023-6377/ZDI-CAN-22412/ZDI-CAN-22413: X.Org server: Out-of-bounds memory write in XKB button actions A device has XKB button actions for each button on the device. When a logical device switch happens e.g. moving from a touchpad to a mouse, the server re-calculates...

7.8CVSS7.3AI score0.01631EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/12/13 12:0 a.m.•24 views

Gitlab -- vulnerabilities

Gitlab reports: Smartcard authentication allows impersonation of arbitrary user using user's public certificate When subgroup is allowed to merge or push to protected branches, subgroup members with the Developer role may gain the ability to push or merge The GitLab web interface does not ensure...

8.8CVSS7.8AI score0.00733EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/12/12 12:0 a.m.•41 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 9 security fixes: 1501326 High CVE-2023-6702: Type Confusion in V8. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2023-11-10 1502102 High CVE-2023-6703: Use after free in Blink. Reported by Cassidy...

8.8CVSS7.7AI score0.43238EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2023/12/12 12:0 a.m.•26 views

FreeBSD -- NFS client data corruption and kernel memory disclosure

Problem Description: In FreeBSD 13.2 and 14.0, the NFS client was optimized to improve the performance of IOAPPEND writes, that is, writes which add data to the end of a file and so extend its size. This uncovered an old bug in some routines which copy userspace data into the kernel. The bug also...

6.5CVSS6.8AI score0.00622EPSS
Exploits0
FreeBSD
FreeBSD
•added 2023/12/06 12:0 a.m.•31 views

electron25 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6350. Security: backported fix for CVE-2023-6351...

8.8CVSS7AI score0.01118EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2023/12/05 12:0 a.m.•28 views

FreeBSD -- TCP spoofing vulnerability in pf(4)

Problem Description: As part of its stateful TCP connection tracking implementation, pf performs sequence number validation on inbound packets. This makes it difficult for a would-be attacker to spoof the sender and inject packets into a TCP stream, since crafted packets must contain sequence...

7.5CVSS7AI score0.00742EPSS
Exploits0
FreeBSD
FreeBSD
•added 2023/12/05 12:0 a.m.•35 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 10 security fixes: 1497984 High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy Kim@cassidy6564 on 2023-10-31 1494565 High CVE-2023-6509: Use after free in Side Panel Search. Reported by Khalil Zhani on 2023-10-21 1480152 Medium...

8.8CVSS8AI score0.01268EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/12/01 12:0 a.m.•37 views

electron25 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6345. Security: backported fix for CVE-2023-6346. Security: backported fix for CVE-2023-6347...

9.6CVSS7.4AI score0.1963EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2023/11/30 12:0 a.m.•27 views

electron26 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6345. Security: backported fix for CVE-2023-6346. Security: backported fix for CVE-2023-6347. Security: backported fix for CVE-2023-6350...

9.6CVSS7.4AI score0.1963EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2023/11/30 12:0 a.m.•29 views

Gitlab -- Vulnerabilities

Gitlab reports: XSS and ReDoS in Markdown via Banzai pipeline of Jira Members with admingroupmember custom permission can add members with higher role Release Description visible in public projects despite release set as project members only through atom response Manipulate the repository content...

8.7CVSS6.6AI score0.00579EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/11/29 12:0 a.m.•25 views

slurm-wlm -- Several security issues

Slurm releases notes: Description CVE-2023-49933 through CVE-2023-49938 Slurm versions 23.11.1, 23.02.7, 22.05.11 are now available and address a number of recently-discovered security issues. They've been assigned CVE-2023-49933 through CVE-2023-49938...

9.8CVSS7.4AI score0.01386EPSS
Exploits0
FreeBSD
FreeBSD
•added 2023/11/28 12:0 a.m.•48 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 7 security fixes: 1491459 High CVE-2023-6348: Type Confusion in Spellcheck. Reported by Mark Brand of Google Project Zero on 2023-10-10 1494461 High CVE-2023-6347: Use after free in Mojo. Reported by Leecraso and Guang Gong of 360 Vulnerability Resear...

9.6CVSS7.9AI score0.1963EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/11/28 12:0 a.m.•33 views

rclone -- Multiple vulnerabilities

Multiple vulnerabilities in ssh and golang CVE-2023-45286: HTTP request body disclosure in go-resty disclosure across requests. CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...

5.9CVSS7.5AI score0.9378EPSS
Exploits5References2
FreeBSD
FreeBSD
•added 2023/11/22 12:0 a.m.•32 views

electron{25,26} -- use after free in Garbage Collection

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5997...

8.8CVSS7.1AI score0.00972EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/11/20 12:0 a.m.•35 views

strongSwan -- vulnerability in charon-tkm

strongSwan reports: A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution. All versions since 5.3.0 are affected...

9.8CVSS8.3AI score0.0229EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/11/15 12:0 a.m.•10 views

TinyMCE -- mXSS in multiple plugins

TinyMCE reports: Special characters in unescaped text nodes can trigger mXSS when using TinyMCE undo/redo, getContentAPI, resetContentAPI, and Autosave plugin...

6.1CVSS7AI score0.00715EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2023/11/15 12:0 a.m.•30 views

electron{25,26} -- use after free in WebAudio

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5996...

8.8CVSS7.1AI score0.01976EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2023/11/14 12:0 a.m.•34 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 1497997 High CVE-2023-5997: Use after free in Garbage Collection. Reported by Anonymous on 2023-10-31 1499298 High CVE-2023-6112: Use after free in Navigation. Reported by Sergei Glazunov of Google Project Zero on 2023-11-04...

8.8CVSS7.6AI score0.30339EPSS
Exploits0References1
Total number of security vulnerabilities6580